WAS v8.5 > Secure applicationsNew features overview for securing applications and their environment
Use the links provided in this topic to learn more about the security infrastructure.
- What is new for security specialists
This topic provides an overview of new and changed features in security.
- Security
This topic describes how IBM WAS provides security infrastructure and mechanisms to protect sensitive Java EE resources and administrative resources and to address enterprise end-to-end security requirements on authentication, resource access control, data integrity, confidentiality, privacy, and secure interoperability.
- Security planning overview
Several communication links are provided from a browser on the Internet, through web servers and product servers, to the enterprise data at the back-end. This topic examines some typical configurations and common security practices. WAS security is built on a layered security architecture. This section also examines the security protection offered by each security layer and common security practice for good quality of protection in end-to-end security.
Samples
The Samples documentation offers:
- Login - Form Login
The Form Login Sample demonstrates a very simple example of how to use the login facilities for WAS to implement and configure login applications. The Sample uses the Java EE form-based login technology to customize the look and feel of the login screens. It uses servlet filters to log the user information and the date information. The Sample finishes the session using the form-based logout function, an IBM extension to the Java EE specification.
- Login - JAAS Login
The JAAS Login Sample demonstrates how to use the JAAS with WAS. The Sample uses server-side login with JAAS to authenticate a real user to the WebSphere security run time. Based upon a successful login, the WebSphere security run time uses the authenticated Subject to perform authorization checks on a protected stateless session enterprise bean. If the Sample runs successfully, it displays all the principals and public credentials of the authenticated user.
Subtopics
- Security planning overview
When you access information on the Internet, you connect through web servers and product servers to the enterprise data at the back end. This section examines some typical configurations and common security practices.- Security considerations when registering a base Application Server node with the administrative agent
You might decide to centralize the control of your stand-alone base application servers by registering them with the administrative agent. If your base application server is currently configured with security, some issues require consideration. These security considerations apply to the use of the registerNode command and the deregisterNode command.- Security: Resources for learning
Use the following links to find relevant supplemental information about Secure applications. The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.- Common Criteria (EAL4) support
- Federal Information Processing Standard support
Federal Information Processing Standards (FIPS) are standards and guidelines issued by the United States National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS can be enabled for WAS.- Security
The following information provides an overview of security in WAS.- What is new for security specialists
This version contains many new and changed features for those who are responsible for securing applications and the application serving environment.- What is new for securing web services
In WAS, there are many security enhancements for web services. The enhancements include supporting sections of the Web Services Security (WS-Security) specifications and providing architectural support for plugging in and extending the capabilities of security tokens.- Security planning overview
When you access information on the Internet, you connect through web servers and product servers to the enterprise data at the back end. This section examines some typical configurations and common security practices.- Security considerations when registering a base Application Server node with the administrative agent
You might decide to centralize the control of your stand-alone base application servers by registering them with the administrative agent. If your base application server is currently configured with security, some issues require consideration. These security considerations apply to the use of the registerNode command and the deregisterNode command.- Security: Resources for learning
Use the following links to find relevant supplemental information about Secure applications. The information resides on IBM and non-IBM Internet sites, whose sponsors control the technical accuracy of the information.- Common Criteria (EAL4) support
- Federal Information Processing Standard support
Federal Information Processing Standards (FIPS) are standards and guidelines issued by the United States National Institute of Standards and Technology (NIST) for federal government computer systems. FIPS can be enabled for WAS.- Security planning overview
When you access information on the Internet, you connect through web servers and product servers to the enterprise data at the back end. This section examines some typical configurations and common security practices.
Related concepts:
What is new for security specialists
Related
Tasks: Securing resources