websphere security overview
Download
Skip this Video
Download Presentation
Websphere - Security Overview

Loading in 2 Seconds...

play fullscreen
1 / 17

Websphere - Security Overview - PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on

Websphere - Security Overview. Jonathan Yip. Terms. Websphere Application Developer(WSAD) -- It is a By-product of Eclipse -- Eclipse is an Open Source Development Tool J2EE 1.2 -- It is a Platform Enables Developers to Create Different parts of their

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Websphere - Security Overview' - york


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
terms

Terms

Websphere Application Developer(WSAD)

-- It is a By-product of Eclipse

-- Eclipse is an Open Source Development Tool

J2EE 1.2

-- It is a Platform Enables Developers to Create Different parts of their

Applications as Reusable Components.

Application Assembly Tool (AAT)

-- A Utility to Assist the J2EE Provider or J2E Deployer with the Generation

of J2EE-compliant Deployment Descriptors and Binding Attributes.

security architecture
Security Architecture
  • J2EE 1.2 compliant Java application server
  • Security Server
  • Security Collaborator
  • Security Policy
  • Security Information
security architecture 2
Security Architecture (2)
  • Security server
  • -- Authentication; Authorization; Delegation Policies
  • Security Collaborator
  • -- Web Collaborator
  •  Checks the authentication if not provided
  •  Performs the authorization check
  •  Logs security tracing information
  • – EJB (Enterprise JavaBeans) Collaborator
  • Check authorization.
  • Support user registries.
  • Log security tracing information.
security architecture 3
Security Architecture (3)
  • Security Policies

Attributes to Record:

 Role and method permission

 Run-as mode or delegation policy

 Login configuration or challenge type

 Data protection (confidentiality and integrity) settings

  • Security Information

-- Global security (All applications)

-- Application security (Can specify on each application)

security architecture 4
Security Architecture (4)

Overview of the Security Architecture:

PlugIn

websphere security implementation
Websphere Security Implementation
  • How to Secure an Application
  • The WebSphere Authentication Model
  • User Registry
  • Security Center
securing application
Securing Application
  • Application Assembly Tool (AAT)
  • Create an Application
  • Create an EJB Module
  • Create a Web Module
  • Create an Application Client
securing application 2
Securing Application (2)

1.) Define Business Role

2.) Create Security Constraints for Web Resources

3.) Define the Web Component Authentication for the Web Module

4.) Define Security Constraints and Assign them to Roles.

5.) Configure Delegation Role Policy

6.) Relate Roles to Users

Table Showing some Role and the Description

websphere authentication model
Websphere Authentication Model
  • HTTP Basic authentication
  • -- Acquired Password from Users and Validate; Not secured.
  • HTTPS Client Certificate authentication
  • -- Requres Public Key Certificate; HTTPS is Used to Transmit
  • Form-Based authentication
  • -- Permits a Site-specific Login Through an HTML Page or a JSP form.
  • The password is not encrypted and the target server is not authenticated,
  • (SSL should be added)
user registry
User Registry
  • It is a Repository that Contains Users and Groups.
  • The Administrator can have Users or Groups Authenticated against the Local Operating System User Registry
security center
Security Center
  • It is Part of the Administrator’s Console (AC) Focusing on Configuration in Security Matters
websphere security and the operating environment
Websphere Security and the Operating Environment

WebSphere security relies on and enhances all of the above security levels.

other security features of websphere

Other Security Features of Websphere

  • Encoded Passwords
  • WebSphere Stores Passwords for:
  •  Accessing the Administration Repository
  •  The Administration ID to Access the Administrator’s Console
  •  Accessing Key Stores and Trust Stores
  • Security interoperability with z/OS
  • -- Allows Application Servers on the UNIX or NT Side to Authenticate
  • to the Application Server on the z/OS Side and Communicate securely.
programmatic security
Programmatic Security
  • Use to Secure Artifacts and Resources Beyond Checking the Role of an Authenticated User
  • Implemented by Creating a Generic Login Page Once User logs in, FormLoginServlet Authenticates and Place a SSO (Single Sign On) Token in a Cookie.
  • Advantages
    • Limiting the Number of Invalid Password Attempts
    • Checking that the User’s Subscription has not Expired
    • Logging Information about a User’s Visit
slide16
References:
  • IBM Redbook
  • Websphere Application Server Bible
ad