Security for Java applications

You can secure Java™ applications to ensure that only authorized users can deploy and install applications, and access those applications from the web or through CICS®. You can also use a Java security manager to protect the Java application from performing potentially unsafe actions.

You can add security at different points in the Java application lifecycle:

• Implement security checking for defining and installing Java application resources. Java applications are packaged in CICS bundles, so you must ensure that users who are allowed to install applications in the JVM server can install this type of resource.
• Implement security checking for application users to ensure that only authorized users can access an application.
• Implement security checking for CICS Java tasks that are started using the CICSExecutorService. All such CICS tasks run under the CJSA transaction and the default user ID.
• Implement security restrictions on the Java API by using a Java security manager.

Java applications can run in an OSGi framework or a Liberty profile server. The Liberty profile is designed to host web applications and includes an OSGi framework. The security configuration for a Liberty profile server is different, because the Liberty profile has its own security model.