Security for clustered resources
Workload management has its own built-in security that works with the WebSphere Application Server security service to protect clustered resources. When you create cluster members of application servers, enable security before you create the cluster which is based on the application server. This enables security for all of the application server cluster members created based on that application server.
Protect clustered enterprise beans
Enterprise beans that are clustered in the context of clustering an application server are protected under the security of the application server. Enterprise bean instances and their cluster members have separate identities, although workload management treats them as being identical. Therefore, protect every clustered enterprise bean by configuring resource security for the enterprise bean and including it in a secured enterprise application.
Protect clustered servlets
Servlets that are clustered in the context of clustering an application server are not treated as separate resources by WebSphere Application Server security. When the original servlet is protected, its cluster members are protected too, with no additional steps required by the administrator. To secure a servlet, add its Web resource configuration (URI) to a secured enterprise application.