Application Security 2.0
This feature enables support for securing the server runtime environment and applications; it includes a basic user registry. This feature supersedes appSecurity-1.0 and does not include servlet-3.0 or support for the LDAP user registry. To secure web applications, add the servlet-3.0 feature. To secure EJB applications, add the ejbLite-3.1 feature. To use LDAP, add the ldapRegistry-3.0 feature. When we add the appSecurity-2.0 feature to the server, we need to configure a user registry, such as the basic user registry or the LDAP user registry.
Enable this feature
To enable the Application Security 2.0 feature, add the following element declaration into the server.xml file, inside the featureManager element:
<feature>appSecurity-2.0</feature>
Feature configuration elements
- administrator-role
- authCache
- authentication
- basicRegistry
- cache
- cacheManager
- cachingProvider
- classloader
- classloading
- jaasLoginContextEntry
- jaasLoginModule
- kerberos
- library
- ltpa
- quickStartSecurity
- reader-role
- trustAssociation
Standard API packages provided by this feature
- javax.servlet
- javax.servlet.annotation
- javax.servlet.descriptor
- javax.servlet.http
Liberty API packages provided by this feature
- com.ibm.websphere.security.auth.callback
- com.ibm.wsspi.security.auth.callback
- com.ibm.wsspi.security.common.auth.module
- com.ibm.wsspi.security.tai
- com.ibm.wsspi.security.token
Features that this feature enables
Supported Java versions
- JavaSE-1.8
- JavaSE-11.0
- JavaSE-17.0
- JavaSE-21.0
- JavaSE-24.0
Platform Versions
- javaee-6.0
- javaee-7.0
Features that enable this feature
- appSecurity-1.0
- audit-1.0
- audit-2.0
- constrainedDelegation-1.0
- jacc-1.5
- jaspic-1.1
- jwtSso-1.0
- mpJwt-1.0
- mpJwt-1.1
- oauth-2.0
- openid-2.0
- passwordUtilities-1.1
- samlWeb-2.0
- spnego-1.0
- webProfile-6.0
- webProfile-7.0
- wsSecurity-1.1
Develop a feature that depends on this feature
If we are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.
com.ibm.websphere.appserver.appSecurity-2.0; type="osgi.subsystem.feature"