Secure the Liberty profile and its applications

Secure the Liberty profile and its applications

Liberty profile security supports Servlet 3.0 security features, and secured Java JMX connections.
The following Liberty features apply to Liberty profile security:

appSecurity-2.0 Security for web applications when the servlet-3.0 feature is present, and for EJBs when the ejbLite-3.1 feature is present.
ssl-1.0 Enable SSL connections using HTTPS.
restConnector-1.0 Enable remote access by JMX client through a REST-based connector.
oauth-2.0 Enable authorization to resources using the OAuth 2.0 protocol.
ldapRegistry-3.0 Provide support for the LDAP user registry.

There are several security configuration examples on the WASdev.net website for reference when configuring security for the applications on the Liberty profile. If you see any differences in the configuration created by the developer tools and the examples, modify the configuration to fit the configuration in the examples for that feature.

Subtopics

Get started with security
Secure communications with the Liberty profile
Authenticate users
Authorizing access to resources

Configure Java Servlet 3.1 support for security
Configure secure JMX connection to the Liberty profile
Configure web security related properties
Configure authentication aliases
Develop extensions to the Liberty profile security infrastructure
Security considerations

Concepts:
Security
Reference:
Security considerations

appSecurity-2.0	Security for web applications when the servlet-3.0 feature is present, and for EJBs when the ejbLite-3.1 feature is present.
ssl-1.0	Enable SSL connections using HTTPS.
restConnector-1.0	Enable remote access by JMX client through a REST-based connector.
oauth-2.0	Enable authorization to resources using the OAuth 2.0 protocol.
ldapRegistry-3.0	Provide support for the LDAP user registry.