This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.
Securing Liberty and its applications
This information applies to all types of applications that are deployed on Liberty.
About this task
Security in Liberty supports all the Servlet 3.0 security features and secured Java™ JMX connections. The following Liberty features are applicable to
security in Liberty:
- appSecurity-2.0 enables security for for web applications when the servlet-3.0 feature is present and for EJB components when the ejbLite-3.1 feature is present.
- ssl-1.0 enables SSL connections using HTTPS.
- restConnector-1.0 enables remote access by JMX client through a REST-based connector.
- oauth-2.0 enables authorization to resources by using the OAuth 2.0 protocol.
- ldapRegistry-3.0 provides support for the LDAP user registry.
To learn about how security works in Liberty, see Security.
Best practice: There are several security configuration examples on the WASdev.net website for reference when configuring security for your applications on Liberty. If you see any
differences in the configuration created by the developer tools and the examples, modify the
configuration to fit the configuration in the examples for that feature.