WAS v8.5 > Secure applications > Secure web applications > Web application security components and settings

Web component security

A web module consists of servlets, JSP files, server-side utility classes, static web content, which includes HTML, images, sound files, cascading style sheets (CSS), and client-side classes or applets. We can use development tools such as Rational Application Developer to develop a web module and enforce security at the method level of each web resource.

We can identify a web resource by its URI pattern. A web resource method can be any HTTP method (GET, POST, DELETE, PUT, for example). We can group a set of URI patterns and a set of HTTP methods together and assign this grouping a set of roles. When a web resource method is secured by associating a set of roles, grant a user at least one role in that set to access that method. We can exclude anyone from accessing a set of web resources by assigning an empty set of roles. A servlet or a JSP file can run as different identities before invoking another enterprise bean component. All the secured web resources require the user to log in using a configured login mechanism. Three types of web login authentication mechanisms are available: basic authentication, form-based authentication and client certificate-based authentication.

In WebSphere Application Server v6.1, a portlet resource that is part of a web module can also be protected when it is accessed directly through URL. The protection is similar to other web based resources. For more information, see Portlet URL security.

For more detailed information on web security, see the product architectural overview article.


Related concepts:

Portlet URL security


Related


Assemble web applications
Secure web applications using an assembly tool


+

Search Tips   |   Advanced Search