Develop extensions to the WebSphere security infrastructure

WebSphere Application Server provides various plug points so that we can extend the security infrastructure. Extending this security infrastructure involves several activities including: Developing custom user registries, developing applications that use programmatic security, and customizing web application login forms.

The following topics are covered in this section:

• Develop custom user registries

• Develop applications that use programmatic security

• Customize web application login forms

• Customize application login forms with JAAS

• Secure transports with Java Secure Sockets Extension (JSSE) and Java Cryptography Extension (JCE) programming interfaces

• Implement tokens for security attribute propagation

• Implement a custom authentication provider using JASPI

Subtopics

• Develop stand-alone custom registries
  This development provides considerable flexibility in adapting WAS security to various environments where some notion of a user registry, other than LDAP or Local OS, already exists in the operational environment.

• (zos) Develop a custom SAF EJB role mapper
  WebSphere Application Server for z/OS allows an installation to map Java EE role names to SAF EJBRole profile names.

• Implement custom password encryption
  WebSphere Application Server supports the use of custom password encryption.

• Develop applications that use programmatic security
  For some applications, declarative security is not sufficient to express the security model of the application. Use this topic to develop applications that use programmatic security.

• Customize web application login
  We can create a form login page and an error page to authenticate a user.

• Secure transports with JSSE and JCE programming interfaces
  We can learn more detailed information about transport security using Java Secure Socket Extension (JSSE) and Java Cryptography Extension (JCE) programming interfaces. Within this topic, there is a description of the IBM version of the Java Cryptography Extension Federal Information Processing Standard (IBMJCEFIPS).

• (zos) Use System Authorization Facility keyrings with Java Secure Sockets Extension
  WebSphere Application Server for z/OS customers running server W50100x or later, with Java Development Kit 1.3 level SR20 or later, can modify their WebSphere Application Server systems to use System Authorization Facility (SAF) for Java Secure Sockets Extension (JSSE) as well as SSL, which eliminates the need to maintain duplicate certificates in the hierarchical file system (HFS).

• Configure Federal Information Processing Standard Java Secure Socket Extension files
  Use this topic to configure Federal Information Processing Standard Java Secure Socket Extension files.

• WAS security standards configurations
  WAS can be configured to work with various security standards, which are typically used to meet security requirements required by the government.

• Configure WebSphere Application Server for the Suite B security standard
  We can configure WebSphere Application Server to use the new Suite B security standard.

• Transition WebSphere Application Server to the SP800-131 security standard
  The National Institute of Standards and Technology (NIST) Special Publications 800-131 standard strengthens algorithms and increases the key lengths to improve security. The standard also provides for a transition period to move to the new standard. We can configure WebSphere Application Server for SP800-131 standard transition mode.

• Configure WebSphere Application Server for SP800-131 standard strict mode
  We can configure WebSphere Application Server to use the SP800-131 standard strict mode.

• (dist) Implement tokens for security attribute propagation
  As part of an extensible architecture, WebSphere Application Server enables you to implement our own tokens in which to propagate security attributes.

• Develop a custom interceptor for trust associations
  We can define the interceptor class method to use. WebSphere Application Server supports two trust association interceptor interfaces: com.ibm.wsspi.security.TrustAssociationInterceptor and com.ibm.wsspi.security.tai.TrustAssociationInterceptor.

• Enable a plugpoint for custom password encryption
  Two properties govern the protection of passwords. By configuring these two properties, we can enable a plugpoint for custom password encryption.

• Implement a custom authentication provider using JASPI
  We can implement a custom authentication provider using Java Authentication SPI for Containers (JASPI, or sometimes called JASPIC) to handle the Java EE authentication of HTTP request and response messages destined for web applications.

Related tasks

Create a CA client in SSL