Overview: Securing
- What is new for security specialists
An overview of new and changed features in security is provided.
- Security
IBM WebSphere Application Server provides security infrastructure and mechanisms to protect sensitive Java EE resources and administrative resources, and addresses enterprise end-to-end security requirements on authentication, resource access control, data integrity, confidentiality, privacy, and secure interoperability.
- Security planning overview
Several communication links are provided from a browser on the Internet, through web servers and product servers, to the enterprise data at the back-end. Some typical configurations and common security practices are examined. WAS security is built on a layered security architecture. The security protection offered by each security layer and common security practice for good quality of protection in end-to-end security is also examined.
Samples
The Samples documentation offers:
- Login - Form Login
The Form Login Sample demonstrates a very simple example of how to use the login facilities for WebSphere Application Server to implement and configure login applications. The Sample uses the Java EE form-based login technology to customize the look and feel of the login screens. It uses servlet filters to log the user information and the date information. The Sample finishes the session using the form-based logout function, an IBM extension to the Java EE specification.
- Login - JAAS Login
The JAAS Login Sample demonstrates how to use the JAAS with WebSphere Application Server. The Sample uses server-side login with JAAS to authenticate a real user to the WebSphere security run time. Based upon a successful login, the WebSphere security run time uses the authenticated Subject to perform authorization checks on a protected stateless session enterprise bean. If the Sample runs successfully, it displays all the principals and public credentials of the authenticated user.
Subtopics
- Security
- Security planning overview
- Security considerations when registering a base Application Server node with the administrative agent
- Security considerations when adding a base Application Server node to WebSphere Application Server Network Deployment
- Security considerations for WebSphere Application Server for z/OS
- Security: Resources for learning
- Common Criteria (EAL4) support
- Federal Information Processing Standard support
Related concepts
What is new for security specialists
Related tasks
Task overview: Securing resources