Maintain and strengthen the security of your WebSphere Application
Server environment
Security is a critical element of every IBM® WebSphere®
Application Server environment. This page of essential resources
contains hints, tips, and valuable guidance to help you configure and use
WebSphere Application Server security more effectively, and to design and
develop your WebSphere Application Server solutions in ways that will make
them more secure. Also included is information on the
security environment in which WebSphere Application Server resides.
Included here: Security hardening information for
strengthening your overall WebSphere Application Server environment,
hints and tips with general security-related
information and guidance for using specific features,
hints and tips for z/OS® to address System
z®-specific security topics, reference books
that include IBM Redbooks® and other reference texts so you can
explore security topics even further,
security
bulletins and updates to keep you
updated on product fixes and critical APARs, and
discussion resources to connect you with
experts, colleagues, and other users.
Hopefully, you will find the information on this page interesting,
educational, and ultimately practical. Please bookmark it and check back
for updates often.
This support page is your technical resource gateway to
troubleshooting documentation, support tools, news, user
communities, and a vast range of other support-related
resources.
More than just firewalls, security is a difficult and complex set
of actions and procedures that strive to strengthen your systems
as much as is appropriate. This two-part article covers many
aspects of security in general, including the WebSphere
Application Server security architecture and how to harden this
environment.
Secure the connection path between your WebSphere MQ and WebSphere
Application Server environments The two-part article describes two
popular scenarios.
A community focused on improving application software security by
making security visible, and enabling you to make informed
decisions about true application security risks.
A conceptual overview and possible solutions for the challenges
associated with configuring Microsoft® Active Directory with
a WebSphere Application Server standalone LDAP configuration.
The advanced authentication features in WebSphere Application
Server V6 support a flexible authentication model with a highly
customizable authentication framework that is based upon (and
extends) Java™ Authentication and Authorization Service
(JAAS).
Discussion of the IBM Java Secure Socket Extension (JSSE), aspects
of keystore and truststore, and recommendations for handling these
important elements of the JSSE in a WebSphere Application Server
environment.
This summary introduces new security features and enhancements
introduced in WebSphere Application Server V6.1, and explains how
they can make your environment more secure and easier to
maintain.
Explanation of how changes made to the SSL, certificate, and key
management infrastructure in WebSphere Application Server V6.1 can
improve security, provide management flexibility and
simplification, and maintain a consistent SSL runtime that is
tightly integrated with the new configuration
A new federated user repository feature makes it easy for you to
access and maintain user data in multiple repositories,
particularly since this capability is achieved by configuration
(instead of coding) with the Virtual Member Manager utility
The Java Authentication and Authorization Service (JAAS) callback
handler give you the option of using a properties file (or some
other source) for dynamically setting username and password at run
time for UsernameToken (UNT) authentication in a Web services
client.
Multiple presentations discuss key aspects of WebSphere Application
Server security, summarizing in one place information that is
often difficult to find elsewhere.
Best practices for configuring service principal names when using
Microsoft Active Directory and the WebSphere Application Server
Simple and Protected GSS-API Negotiation (SPNEGO) trust
association interceptor (TAI) to achieve a seamless single sign-on
environment.
Learn about the mechanism that enables you to login and logout of
IBM WebSphere Portal V6, as well as how to configure and customize
login and logout behavior.
Resources for portlet developers, portal administrators, IT
security professionals, and portal developers who need to
configure, administer, or use WebSphere Portal security
features.
What you need to know about transports, port assignments, and other
elements of WebSphere Application Server V5 so you can maintain
the level of system security you need when migrating.
Java 5 ENumSet and Enum-based Authorization (EAz) makes it possible
to implement an efficient and easy-to-maintain Java access control
list framework for fine-grained control over application
resources.
Get the steps that are necessary to enable and configure hardware
cyrptography with WebSphere Application Server and the IBM HTTP
Server on Linux® for System z hardware.
The purpose of this project was to provide a fundamental "proof
point" for an SOA solution on z/OS for a single realization,
demonstrating the inherent value the z/OS platform provides for
deploying SOA based applications.
This document presents different options for configuring JSSE in
WebSphere Application Server with the intention of exploiting the
cryptographic hardware associated with a z9 processor.
Rather than deleting and redefining the default RACF certs used by
your WebSphere Application Server for z/OS cell when they expire,
it takes fewer steps just re-sign them in place with new
expiration dates.
This document describes an alternative method for defining the RACF
profiles that allows expansion of your WebSphere Application
Server configuration without subsequent involvement of the
security administration personnel.
(IBM Redbooks) Provides information about designing, developing,
and deploying secure e-business applications using WebSphere
Application Server V6.1, discusses theory, and presents proven
exercises using sample applications.
(IBM Redbooks) Provides information needed to implement secure
solutions with WebSphere Application Server V7.0, focusing on
security for the application server and its components, including
enterprise applications.
WebSphere Application Server security experts blog about current issues,
practical tips, new technologies, and more, as they all relate to
WebSphere Application Server security.
