Global security

Global security applies to all applications running in the environment and determines whether security is used at all, the type of registry against which authentication takes place, and other values, many of which act as defaults.

The term global security represents the security configuration that is effective for the entire security domain. A security domain consists of all of the servers that are configured with the same user registry realm name. In some cases, the realm can be the machine name of a Local OS user registry. In this case, all of the application servers must reside on the same physical machine. In other cases, the realm can be the machine name of a Lightweight Directory Access Protocol (LDAP) user registry. Because LDAP is a distributed registry, a multiple node configuration is supported. The basic requirement for a security domain is that the access ID that is returned by the user registry from one server within the security domain is the same access ID as that returned from the user registry on any other server within the same security domain. The access ID is the unique identification of a user and is used during authorization to determine if access is permitted to the resource.

The configuration of global security for a security domain involves configuring the following technologies:

The common user registry
The authentication mechanism
Other security information that defines the behavior of a security domain includes:
- Java 2 Security Manager
- Java Authentication and Authorization Service (JAAS)
- Java 2 Connector authentication data entries Common Secure Interoperability Version 2 (CSIv2) or Security Authentication Service (SAS)
- The authentication protocol (Remote Method Invocation over the Internet Inter-ORB Protocol (RMI/IIOP) security)
- Other miscellaneous attributes

The global security configuration applies to every server within the security domain.