Assembling secured applications

The Assembly Toolkit is a graphical user interface for assembling enterprise (J2EE) applications. Use this tool to assemble an application and secure EJB and Web modules in that application. An EJB module consists of one or more beans. You can enforce security at the EJB method level. A Web module consists of one or more Web resources (an HTML page, a JSP file or a servlet). You can also enforce security for each Web resource. Use the assembly tool to secure an EJB module (JAR file) or a Web module Web archive((WAR) file) or an application (enterprise archive (EAR) file). You can create an application, an EJB module, or a Web Module and secure them using the Assembly Toolkit or development tools like the IBM WebSphere Studio Application Developer.

  1. Secure EJB applications using the Assembly Toolkit .

  2. Secure web application (.war)s using the Assembly Toolkit .

  3. Add users and groups to roles while assembling secured application using the Assembly Toolkit .

  4. Map users to RunAs role using the Assembly Toolkit .

  5. Add the was.policy file to applications for Java 2 security.

  6. Assemble the application components that you just secured using the Assembly Toolkit .

After securing an application, the resulting .ear file contains security information in its deployment descriptor. The EJB module security information is stored in the ejb-jar.xml file and the Web module security information is stored in the web.xml file. The application.xml file of the application EAR file contains all the roles used in the application. The user and group to roles mapping is stored in the ibm-application-bnd.xmi file of the application EAR file. The was.policy file of the application EAR contains the permissions granted for the application to access system resources.

This task is required to secure EJB modules and Web modules in an application. This task is also required for applications to run properly when Java 2 security is enabled. If the was.policy file is not created and it does not contain required permissions, the application might not be able to access system resources.

After securing an application, you can install an application using the administrative console. When you install a secured application, refer to the Deploying secured applications article to complete this task.

 

See Also

Enterprise bean component security
Web component security
Java 2 security policy files
Assembling applications with the Assembly Toolkit
Adding the was.policy file to applications