| Title | Description |
|---|
|
Tactics and tradeoffs in a large shared topology (November 2007)
| The challenges of managing a large scale topology are best addressed through planning, proactive actions, and strategic decisions, as opposed to attempting to deploy and manage in a reactive manner. This article will help you identify some of the tactics, trade offs, and critical issues that stand between your infrastructure and large scale success. |
|
Fine-grained Java EE authorization using Enum-based access control lists with EAz: Part 1: The problem space and EAz architecture (October 2007)
| With the advent of the Java 5 ENumSet and Enum-based Authorization (EAz), it is now possible to implement an efficient and easy-to-maintain Java access control list framework for fine-grained control over application resources. |
|
Achieve dynamic authentication in a Web services client using a custom JAAS callback handler (July 2007)
| It is often the case that a statically defined username and password in the Web services deployment descriptor is not appropriate. With the Java Authentication and Authorization Service (JAAS) callback handler described in this article, you have the option of using a properties file (or some other source) for dynamically setting username and password at run time for UsernameToken (UNT) authentication in a Web services client. This article describes a sample application that uses such a custom callback handler, enabling you to send a different username and password for each client application user. |
|
The top Java EE best practices (updated January 2007)
| This is an updated version of a similarly-named article published in the IBM WebSphere Developer Technical Journal in 2004, The top 10 (more or less) J2EE best practices. This revision takes into account changing technology trends and, more importantly, recommends certain practices that the authors assumed would be commonly followed, but, as they have learned, are not.
|
|
SSL, certificate, and key management enhancements for even stronger security in WebSphere Application Server V6.1 (December 2006)
| Exciting changes have been made to the SSL, certificate, and key management infrastructure in WebSphere Application Server V6.1. This article touches on how these changes will improve security, provide management flexibility and simplification, and maintain a consistent SSL runtime that is tightly integrated with the new configuration. |
|
WebSphere Application Server V6.1: What's new in security? (June 2006) | Dramatic improvements have been made to many aspects of security management in IBM WebSphere Application Server V6.1. This summary introduces new security features and enhancements and explains how they can make your environment more secure and easier to maintain.
|
|
Comment lines: Botzum, Brown, Hambrick: Why do non-functional requirements matter? (January 2006) | Functionality is important, of course. But if you don't consider non-functional
requirements, then your solution could very well be practically useless. |
|
IBM WebSphere Developer Technical Journal: WebSphere Application Server V6 advanced
security hardening - Part 2: Advanced security considerations (December 2005) | Security consists of more than just some firewalls at the edge of your network
protecting you from the outside. It is a difficult and complex set of actions and
procedures that strive to strengthen your systems as much as is appropriate. This
article covers many aspects of security in general, details the WebSphere
Application Server security architecture, and discusses hardening a WebSphere
Application Server environment. Part 2 of 2.
|
|
IBM WebSphere Developer Technical Journal: WebSphere Application Server V6 advanced
security hardening - Part 1: Overview and approach to security hardening (December 2005) | Security consists of more than just some firewalls at the edge of your network
protecting you from the outside. It is a difficult and complex set of actions and
procedures that strive to strengthen your systems as much as is appropriate. This
article covers many aspects of security in general, details the WebSphere
Application Server security architecture, and discusses hardening a WebSphere
Application Server environment. Part 1 of 2.
|
|
IBM WebSphere Developer Technical Journal: Exploring new network topologies made possible by
WebSphere XD and the On Demand Router (September 2005) | Autonomic computing and an array of unprecedented operational features make
WebSphere Extended Deployment a revolutionary product. Even more impressive, WebSphere XD
and its intelligent new routing engine, the On Demand Router, offer network designers
amazing new topology options that were previously unavailable. This article describes
how WebSphere XD exceeds the current expectations of a highly available environment.
|
|
IBM WebSphere Developer Technical Journal: Advanced authentication in WebSphere
Application Server (August 2005) | The advanced authentication features in WebSphere Application Server V6 support
a more flexible authentication model with a new, highly customizable authentication
framework that is based upon, and extends, Java™ Authentication and Authorization
Service (JAAS). This article describes these new features in detail.
|
|
Database identity propagation in WebSphere Application Server V6 (June 2005) |
This article describes how to get major security benefits by developing code that lets your
J2EE applications transparently send identity information to your database. |
|
Using the Java Secure Socket Extension in WebSphere Application Server: What is the JSSE all about?
(February 2005)
| This article addresses the configuration
of the IBM JSSE (Java Secure Socket Extension), discusses aspects of keystore and truststore,
and offers recommendations for handling these important elements of the JSSE in the
WebSphere Application Server environment.
|
|
Using URL resources to manage J2EE property files in WebSphere Application Server V5 (February 2005) | This article discusses the technique of using
a J2EE-compliant way of making a user-editable properties file available to a J2EE
application, and also outlines the WebSphere-centric implementation tasks from a
component developer and deployer perspective. |
|
Meet the experts: Keys Botzum on WebSphere security (October 2004) | Keys answers questions about WebSphere Application Server and WebSphere Portal security. |
|
WebSphere Application Server security: Presentation series (September 2004)
| Several presentations that discuss key aspects
of WebSphere security, summarizing in one place information that is often difficult to find
elsewhere. Previously presented and well-received at numerous IBM conferences.
|
|
WebSphere Application Server V5 advanced security and system hardening (June 2004)
| This book excerpt covers many aspects of
security in general, details the WebSphere Application Server security architecture,
discusses hardening a WebSphere Application Server environment, and provides tips for
security troubleshooting.
|
|
Configuring single sign-on using Tivoli Access Manager and WebSphere Portal (June 2004)
| This article describes how to integrate
IBM Tivoli® Access Manager for e-business V5.1 or V4.1 with WebSphere Portal V5.0.2
so you can provide authentication to a portal through Single Sign-On (SSO).
|
|
The Ideal WebSphere Development Environment (December 2003)
| This article discusses the various stages that
are appropriate when developing complex systems using enterprise class software, describing why
each stage is necessary, and ways of reducing costs when appropriate.
|
|
Best Practice: Improving HttpSession performance with smart serialization (November 2003)
| This best practice provides a solution that
allows large HttpSession objects, while avoiding the serialization overhead of these large
objects.
|
|
Deploying multiple applications in J2EE 1.2 (January 2003)
| If you are developing with EJB technology, you are creating potentially reusable components.
Unfortunately, plans to deal with reuse are often not put into place until it's too late.
This article examines a common reuse scenario and explores some considerations that arise from it.
|
|
Handling Static Content in WebSphere Application Server V4 (November 2002)
| This article evaluates several different scenarios for deploying static and dynamic content to a Web server and an application server,
such as WebSphere Application Server Advanced Edition 4.0.
|
|
J2EE Packaging and Common Code (July 2002)
| This article discusses the benefits, challenges and risks of run-time sharing, and of providing J2EE applications with their
own local copies of common code binaries. |
|
Single Sign On -- A Contrarian View (August 2001)
| This article presents the issues, costs, and benefits of various SSO methods, as well as an alternative approach that uses a single
registry. |
