+

Search Tips   |   Advanced Search

Develop applications that use programmatic security

For some applications, declarative security is not sufficient to express the security model of the application. Use this topic to develop applications that use programmatic security.

IBM WebSphere Application Server provides security components that provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. WebSphere Application Server also supports the security features described in the Java EE specification. An application goes through three stages before it is ready to run:

Most of the security for an application is configured during the assembly stage. The security configured during the assembly stage is called declarative security because the security is declared or defined in the deployment descriptors. The declarative security is enforced by the security runtime. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, we can use programmatic security.

  1. Develop secure web applications. For more information, see Develop with programmatic security APIs for web applications.

  2. Develop servlet filters for form login processing. For more information, see Develop servlet filters for form login processing.

  3. Develop form login pages. For more information, see Customize web application login.

  4. Develop enterprise bean component applications. For more information, see Develop with programmatic APIs for EJB applications.

  5. Develop with Java Authentication and Authorization Service to log in programmatically.

    For more information, see Develop programmatic logins with the Java Authentication and Authorization Service.

  6. Develop our own Java EE security mapping module.

    For more information, see Configure programmatic logins for Java Authentication and Authorization Service.

  7. Develop custom user registries. For more information, see Develop stand-alone custom registries.

  8. Develop a custom interceptor for trust associations.


Subtopics


Related concepts

  • Web component security
  • Trust associations
  • Java Authentication and Authorization Service
  • Java EE connector security
  • Multiple security domains


    Related tasks

  • Develop extensions to the WebSphere security infrastructure
  • Develop programmatic logins with the Java Authentication and Authorization Service
  • Secure enterprise bean applications

  • Customize a server-side Java Authentication and Authorization Service authentication and login configuration
  • J2C principal mapping modules