This section provides interoperability information. WebSphere Application Server security is an integral part of your multiple-tier enterprise computing framework. WebSphere Application Server adopts the open architecture paradigm and provides many plug-in points to integrate with enterprise software components to provide end-to-end security. WebSphere Application Server plug-in points are based on standard J2EE specifications wherever applicable. WebSphere Application Server is actively involved in various standard bodies to externalize and to standardize plug-in interfaces.
This section examines some typical configuration and common security practices.
There are several communication links from a browser on the Internet, through Web servers and product servers, to the enterprise data at the back end. WebSphere Application Server security is built on a layered security architecture. This section also examines the security protection offered by each security layer and common security practice for good quality of protection in end-to-end security.
This section describes how to implement declarative and programmatic security while developing, assembling, and deploying your applications. The product security components provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. The product also supports the security features described in the Java 2 Enterprise Edition (J2EE) specification.
This section describes security tasks and considerations as you are deploying applications onto the application server and testing that users can access the secured applications.