WAS v8.5 > Develop applications > Develop security

Develop extensions to the WebSphere security infrastructure

WebSphere Application Server provides various plug points so that we can extend the security infrastructure. Extending this security infrastructure involves several activities including: Developing custom user registries, developing applications that use programmatic security, and customizing web application login forms.

The following topics are covered in this section:

• Developing custom user registries
• Developing applications that use programmatic security
• Customizing web application login forms
• Customizing application login forms with JAAS
• Securing transports with Java Secure Sockets Extension (JSSE) and Java Cryptography Extension (JCE) programming interfaces
• Implementing tokens for security attribute propagation
• Implementing a custom authentication provider using JASPI

Subtopics

• Develop stand-alone custom registries
  This development provides considerable flexibility in adapting WAS security to various environments where some notion of a user registry, other than LDAP or Local OS, already exists in the operational environment.
• Implement custom password encryption
  WAS supports the use of custom password encryption.
• Develop applications that use programmatic security
  For some applications, declarative security is not sufficient to express the security model of the application. Use this topic to develop applications that use programmatic security.
• Customize web application login
  We can create a form login page and an error page to authenticate a user.
• Secure transports with JSSE and JCE programming interfaces
  This topic provides detailed information about transport security using JSSE and Java Cryptography Extension (JCE) programming interfaces. Within this topic, there is a description of the IBM version of the Java Cryptography Extension Federal Information Processing Standard (IBMJCEFIPS).
• Configure Federal Information Processing Standard Java Secure Socket Extension files
  Use this topic to configure Federal Information Processing Standard Java Secure Socket Extension files.
• Implement tokens for security attribute propagation
  As part of an extensible architecture, WAS enables you to implement our own tokens in which to propagate security attributes.
• Develop a custom interceptor for trust associations
  We can define the interceptor class method to use. WAS supports two trust association interceptor interfaces: com.ibm.wsspi.security.TrustAssociationInterceptor and com.ibm.wsspi.security.tai.TrustAssociationInterceptor.
• Enable a plugpoint for custom password encryption
  Two properties govern the protection of passwords. By configuring these two properties, we can enable a plugpoint for custom password encryption.
• Implement a custom authentication provider using JASPI
  We can implement a custom authentication provider using Java Authentication SPI for Containers (JASPI, or sometimes called JASPIC) to handle the Java EE authentication of HTTP request and response messages destined for web applications.
• Develop stand-alone custom registries
  This development provides considerable flexibility in adapting WAS security to various environments where some notion of a user registry, other than LDAP or Local OS, already exists in the operational environment.
• Implement custom password encryption
  WAS supports the use of custom password encryption.
• Develop applications that use programmatic security
  For some applications, declarative security is not sufficient to express the security model of the application. Use this topic to develop applications that use programmatic security.
• Customize web application login
  We can create a form login page and an error page to authenticate a user.
• Secure transports with JSSE and JCE programming interfaces
  This topic provides detailed information about transport security using JSSE and Java Cryptography Extension (JCE) programming interfaces. Within this topic, there is a description of the IBM version of the Java Cryptography Extension Federal Information Processing Standard (IBMJCEFIPS).
• Configure Federal Information Processing Standard Java Secure Socket Extension files
  Use this topic to configure Federal Information Processing Standard Java Secure Socket Extension files.
• WAS security standards configurations
  WAS can be configured to work with various security standards, which are typically used to meet security requirements required by the government.
• Configure WAS for the Suite B security standard
  We can configure WAS to use the new Suite B security standard.
• Transitioning WAS to the SP800-131 security standard
  The National Institute of Standards and Technology (NIST) Special Publications 800-131 standard strengthens algorithms and increases the key lengths to improve security. The standard also provides for a transition period to move to the new standard. We can configure WAS for SP800-131 standard transition mode.
• Configure WAS for SP800-131 standard strict mode
  We can configure WAS to use the SP800-131 standard strict mode.
• Implement tokens for security attribute propagation
  As part of an extensible architecture, WAS enables you to implement our own tokens in which to propagate security attributes.
• Develop a custom interceptor for trust associations
  We can define the interceptor class method to use. WAS supports two trust association interceptor interfaces: com.ibm.wsspi.security.TrustAssociationInterceptor and com.ibm.wsspi.security.tai.TrustAssociationInterceptor.
• Enable a plugpoint for custom password encryption
  Two properties govern the protection of passwords. By configuring these two properties, we can enable a plugpoint for custom password encryption.
• Implement a custom authentication provider using JASPI
  We can implement a custom authentication provider using Java Authentication SPI for Containers (JASPI, or sometimes called JASPIC) to handle the Java EE authentication of HTTP request and response messages destined for web applications.

Related

Create a CA client in SSL

+

Search Tips   |   Advanced Search