Enable WAS security

You can enable WAS security, which includes two orthogonal components: WebSphere global security, Java 2 security.

• WebSphere global security

  This represents the security configuration that is effective for the entire security domain. It includes the configuration of the common user registry, authentication mechanism, J2EE role-based authorization, the Common Secure Interoperability V2 (CSIv2) authentication protocol, and the SSL configuration. In particular, J2EE role-based authorization guards access to Web resources such as servlets, JSP files, and EJB methods.

  Global security controls both administrative security and application server security. Due to the fact that WebSphere Commerce has its own authentication and authorization structure, you may disable server level security if WebSphere Commerce is deployed in a trusted zone behind a firewall. This configuration will allow you to enable the single sign-on capability and secure WAS administrative functions without exercising any J2EE security checks on the application. Disabling server level security has the added advantage of better performance when compared to running with server level security enabled.

  For more information, see the Global security topic in the WebSphere Application Server Information documentation.

• Java 2 security

  Provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.

 

Related Concepts

WebSphere Commerce security model
WebSphere Commerce authentication model

 

Related tasks

Disable WAS security
Configure security for the Dynamic Cache Monitor