Web component security

 

A Web module consists of...

• servlets
• JavaServer Pages
• server-side utility classes
• static web content
  • HTML
  • images
  • sound files
  • cascading style sheets
  • client-side classes
  • client-side applets

You can use development tools such as Rational Application Developer to develop a Web module and enforce security at the method level of each Web resource.

You can identify a Web resource by its URI pattern. A Web resource method can be any HTTP method...

• GET
• POST
• DELETE
• PUT

You can group a set of URI patterns and a set of HTTP methods together and assign this grouping a set of roles. When a Web resource method is secured by associating a set of roles, grant a user at least one role in that set to access that method. You can exclude anyone from accessing a set of Web resources by assigning an empty set of roles. A servlet or a JavaServer Pages file can run as different identities before invoking another enterprise bean component. All the secured Web resources require the user to log in by using a configured login mechanism.

Three types of Web login authentication mechanisms are available...

• basic authentication
• form-based authentication
• client certificate-based authentication

In WAS V6.1, a portlet resource that is part of a web module can also be protected when it is accessed directly through URL. The protection is similar to other Web based resources. For more information, see Portlet URL security.

For more detailed information on Web security, see the product architectural overview article.

---

 

Related concepts

Portlet URL security

 

Related tasks

Securing Web applications using an assembly tool
Assembling Web applications