+

Search Tips   |   Advanced Search


Secure applications during assembly and deployment


Overview

Use assembly tools to secure enterprise and Java EE applications. For Web modules we can enforce security on an HTML page, a JSP file, or servlet. For EJB modules we can enforce security at the EJB method level.

After securing an application, the resulting .ear file contains security information in the deployment descriptor. EJB module security information is stored in ejb-jar.xml. Web module security information is stored in web.xml. The application.xml file of the application EAR file contains the roles used in the application. User and group-to-roles mapping is stored in ibm-application-bnd.xmi.

The was.policy file of the application EAR contains the permissions granted for the application to access system resources protected by Java 2 security.

 

Procedure

  1. Secure EJB applications
  2. Secure Web apps
  3. Add users and groups-to-roles
  4. Map users to RunAs roles
  5. Add the was.policy file to applications for Java 2 security.
  6. Assemble the application components
  7. Install the application

 

Related tasks

Assign users and groups to roles
Update and redeploy secured applications
Deploy secured applications
Secure enterprise bean applications
Secure Web apps using an assembly tool
Assemble applications
Add users and groups to roles using an assembly tool
Map users to RunAs roles using an assembly tool
Add was.policy to applications for Java 2 security
Task overview: Deploy Web apps

 

Related

Java 2 security policy files