Develop secured applications

 

+

Search Tips   |   Advanced Search

 

 

Overview

IBM WAS provides security components that provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. WAS also supports the security features described in the J2EE specification.

Most of the security for an application is configured during the assembly stage. The security configured during the assembly stage is called declarative security because the security is declared or defined in the deployment descriptors. The declarative security is enforced by the security run time. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, we can use programmatic security.

 

Procedure

  1. Develop secure Web applications.

  2. Develop servlet filters for form login processing.

  3. Develop form login pages.

  4. Develop enterprise bean component applications.

  5. Develop with Java Authentication and Authorization Service to log in programmatically.

  6. Develop your own Java 2 security mapping module.

  7. Develop custom user registries.

  8. Develop a custom interceptor for trust associations.

 

See also


Developing with programmatic security APIs for Web applications
Develop form login pages
Develop with programmatic APIs for EJB applications
Programmatic login
Develop programmatic logins with the Java Authentication and Authorization Service
Custom login module development for a system login configuration
Example: Customize a server-side Java Authentication and Authorization Service authentication and login configuration
Example: Get the Caller Subject from the Thread
Example: Get the RunAs Subject from the Thread
Example: Override the RunAs Subject on the Thread
Example: User revocation from a cache
Develop J2C principal mapping module
Develop registries
Trust association interceptor support for Subject creation

 

See Also


Web component security
Enterprise bean component security
Trust associations
Java Authentication and Authorization Service
J2EE Connector security
Custom user registries