Global security applies to all applications running in the environment and determines whether security is used at all, the type of registry against which authentication takes place, and other values, many of which act as defaults.
The term global security represents the security configuration that is effective for the entire security domain. A security domain consists of all servers configured with the same user registry realm name.
In some cases, the realm can be the machine name of a Local OS user registry. In this case, all application servers must reside on the same physical machine.
In other cases, the realm can be the machine name of an LDAP user registry. Since LDAP is a distributed user registry, a multiple node configuration is supported, such as the case for a Network Deployment environment.
The basic requirement for a security domain is that the access ID returned by the registry from one server within the security domain is the same access ID as that returned from the registry on any other server within the same security domain. The access ID is the unique identification of a user and is used during authorization to determine if access is permitted to the resource.
Configuration of global security for a security domain consists of configuring the common user registry, the authentication mechanism, and other security information, including...
- Java 2 Security Manager
- J2C authentication data entries
- CSIv2 authentication protocol
- SAS authentication protocol
The global security configuration usually applies to every server within the security domain.