Develop applications that use programmatic security
For some applications, declarative security is not sufficient to express the security model of the application. Use this topic to develop applications that use programmatic security.
IBM WebSphere Application Server provides security components that provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. WAS also supports the security features described in the Java EE specification. An application goes through three stages before it is ready to run:
- Development
- Assembly
- Deployment
Most of the security for an application is configured during the assembly stage. The security configured during the assembly stage is called declarative security because the security is declared or defined in the deployment descriptors. The declarative security is enforced by the security runtime. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, we can use programmatic security.
Tasks
- Develop secure web applications.
- Develop servlet filters for form login processing.
- Develop form login pages.
- Develop enterprise bean component applications.
- Develop with JAAS to log in programmatically.
- Develop our own Java EE security mapping module.
- Develop custom user registries.
- Develop a custom interceptor for trust associations.
Subtopics
- Protecting system resources and APIs (Java 2 security) for developing applications
- Develop with programmatic security APIs for web applications
- Develop with programmatic APIs for EJB applications
Related:
Web component security Trust associations JAAS Java EE connector security Multiple security domains Developing extensions to the WebSphere security infrastructure Developing programmatic logins with the JAAS Secure enterprise bean applications Customize a server-side JAAS authentication and login configuration J2C principal mapping modules