Web application security components and settings

Subtopics

• Web component security
  A web module consists of servlets, JSP files, server-side utility classes, static web content, which includes HTML, images, sound files, cascading style sheets (CSS), and client-side classes or applets. We can use development tools such as Rational Application Developer to develop a web module and enforce security at the method level of each web resource.

• Secure web applications using an assembly tool
  We can use three types of web login authentication mechanisms to configure a web application: basic authentication, form-based authentication and client certificate-based authentication. Protect web resources in a web application by assigning security roles to those resources.

• Security constraints in web applications
  Security constraints determine how web content is to be protected.

• Security settings
  Use the console to modify the security settings for all applications.

• Assigning users and groups to roles
  We can assign users and groups to roles if you are using WebSphere Application Server authorization for Java EE roles.

• Secure applications during assembly and deployment
  Several assembly tools exist that are GUIs for assembling enterprise or Java EE applications. We can use these tools to assemble an application and secure EJB and web modules in that application.

• (iseries) User profiles and authorities
  WAS uses two OS/400 user profiles by default, QEJB and QEJBSVR.