Web component security


 

+

Search Tips   |   Advanced Search

 

A Web module consists of...

Use development tools such as Rational Application Developer to develop a Web module and enforce security at the method level of each Web resource.

We can identify a Web resource by its URI pattern. A Web resource method can be any HTTP method (GET, POST, DELETE, PUT, for example).

We can group a set of URI patterns and a set of HTTP methods together and assign this grouping a set of roles. When a Web resource method is secured by associating a set of roles, grant a user at least one role in that set to access that method. We can exclude anyone from accessing a set of Web resources by assigning an empty set of roles. A servlet or a JSP file can run as different identities before invoking another enterprise bean component.

All the secured Web resources require the user to log in by using a configured login mechanism. Three types of Web login authentication mechanisms are available:

In WAS V6.1, a portlet resource that is part of a web module can also be protected when it is accessed directly through URL. The protection is similar to other Web based resources.



 

Related concepts

Portlet URL security

 

Related tasks


Secure Web apps using an assembly tool
Assemble Web apps