Security for Java applications

You can secure Java™ applications to ensure that only authorized users can deploy and install applications, and access those applications from the web or through CICS®. You can also use a Java security manager to protect the Java application from performing potentially unsafe actions.

You can add security at different points in the Java application lifecycle:

• Implement security checking for defining and installing Java application resources. Java applications are packaged in CICS bundles, so you must ensure that users who are allowed to install applications in the JVM server can install this type of resource.
• Implement security checking for application users to ensure that only authorized users can access an application.
• Implement security checking for CICS Java tasks that are started using the CICSExecutorService. All such CICS tasks run under the CJSA transaction and the default user ID.
• Implement security restrictions on the Java API by using a Java security manager.

Java applications can run in an OSGi framework or a Liberty server. Liberty is designed to host web applications and includes an OSGi framework. The security configuration for a Liberty server is different, because Liberty has its own security model.

To configure security for OSGi applications, use CICS resource security to authorize which users can manage the lifecycle of the JVMSERVER and the Java applications. Use CICS transaction security to determine who can access the application.