Task overview: Securing resources

WebSphere® Application Server supports the Java™ Platform, Enterprise Edition (Java EE) model for creating, assembling, securing, and deploying applications. Applications are often created, assembled, and deployed in different phases and by different teams.

About this task

You can secure resources in a Java EE environment by following the required high-level steps. Consult the Java EE specifications for complete details.

Procedure

  • Set up and enable security.
    You must address several issues prior to authenticating users, authorizing access to resources, securing applications, and securing communications. These security issues include migration, interoperability, and installation. After installing WebSphere Application Server, you must determine the proper level of security that is needed for your environment.
  • Configure multiple domains.
    Security domains enable you to define multiple security configurations for use in your environment. For example, you can define different security (such as a different user registry) for user applications than for administrative applications. You can also define separate security configurations for user applications deployed to different servers and clusters.
  • Authenticate users.
    The process of authenticating users involves a user registry and an authentication mechanism. Optionally, you can define trust between WebSphere Application Server and a proxy server, configure single sign-on capability, and specify how to propagate security attributes between application servers.
  • Authorize access to resources.
    WebSphere Application Server provides many different methods for authorizing accessing resources. For example, you can assign roles to users and configure a built-in or external authorization provider.
  • Secure communications.
    WebSphere Application Server provides several methods to secure communication between a server and a client.
  • Develop extensions to the WebSphere security infrastructure.
    WebSphere Application Server provides various plug points so that you can extend the security infrastructure.
  • Use the Auditing Facility to report and track auditable events to ensure the integrity of your system.
  • Secure various types of WebSphere applications.
    See Securing WebSphere applications for tasks involving developing, deploying, and administering secure applications, including web applications, web services, and many other types. This section highlights the security concerns and tasks that are specific to each type of application.
  • Tune, harden, and maintain security configurations.
    After you have installed WebSphere Application Server, there are several considerations for tuning, strengthening, and maintaining your security configuration.
  • Troubleshoot security configurations.

Results

Your applications and production environment are secured.