WAS v8.5 > Secure applications > Authorizing access to resources

Authorization technology

Authorization information determines whether a user or group has the necessary privileges to access resources.

WebSphere Application Server supports many authorization technologies including the following:

• Authorization involving the web container and Java EE technology
• Authorization involving an enterprise bean application and Java EE technology
• Authorization involving web services and Java EE technology
• JMS
• Java Authorization Contract for Containers (JACC)

  WAS supports both a default authorization provider and an authorization provider based on the Java Authorization Contract for Containers (JACC) specification. The JACC-based authorization provider enables third-party security providers to handle the Java EE authorization. For more information, see JACC support in WAS.

• Java Authentication and Authorization Service (JAAS)

  For more information, see Java Authentication and Authorization Service.

• Java 2 security

  For more information, see Java 2 security.

• Naming and administrative authorization
• Pluggable authorization

  WAS supports an authorization infrastructure that enables you to plug in an external authorization provider. For more information, see Enable an external JACC provider.

Subtopics

• Administrative roles and naming service authorization
  WAS extends the Java EE security role-based access control to protect the product administrative and naming subsystems.
• Role-based authorization
  Use authorization information to determine whether a caller has the necessary privileges to request a service.
• Administrative roles
  The Java EE role-based authorization concept is extended to protect the WAS administrative subsystem.
• Authorization providers
  WAS supports authorization based on the Java Authorization Contract for Containers (JACC) specification in addition to the default authorization.
• Delegations
  Delegation is a process security identity propagation from a caller to a called object. As per the Java EE specification, a servlet and enterprise beans can propagate either the client or remote user identity when invoking enterprise beans, or they can use another specified identity as indicated in the corresponding deployment descriptor.
• Administrative roles and naming service authorization
  WAS extends the Java EE security role-based access control to protect the product administrative and naming subsystems.
• Role-based authorization
  Use authorization information to determine whether a caller has the necessary privileges to request a service.
• Administrative roles
  The Java EE role-based authorization concept is extended to protect the WAS administrative subsystem.
• Authorization providers
  WAS supports authorization based on the Java Authorization Contract for Containers (JACC) specification in addition to the default authorization.
• Delegations
  Delegation is a process security identity propagation from a caller to a called object. As per the Java EE specification, a servlet and enterprise beans can propagate either the client or remote user identity when invoking enterprise beans, or they can use another specified identity as indicated in the corresponding deployment descriptor.

Related concepts:

Web component security
Java 2 security
Multiple security domains

Related

Secure enterprise bean applications

Reference:

Naming roles

+

Search Tips   |   Advanced Search