WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Developing secured applications

Why and when to perform this task

IBM WebSphere Application Server provides security components that provide or collaborate with other services to provide authentication, authorization, delegation, and data protection. WebSphere Application Server also supports the security features described in the Java 2 Platform, Enterprise Edition (J2EE) specification. An application goes through three stages before it is ready to run:
  • Development
  • Assembly
  • Deployment
Most of the security for an application is configured during the assembly stage. The security configured during the assembly stage is called declarative security because the security is declared or defined in the deployment descriptors. The declarative security is enforced by the security run time. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, you can use programmatic security.

Steps for this task

  1. Develop secure Web applications. For more information, see Developing with programmatic security APIs for Web applications.
  2. Develop servlet filters for form login processing. For more information, see Developing servlet filters for form login processing.
  3. Develop form login pages. For more information, see Developing form login pages.
  4. Develop enterprise bean component applications. For more information, see Developing with programmatic APIs for EJB applications.
  5. Develop with Java Authentication and Authorization Service to log in programmatically. For more information, see Developing programmatic logins with the Java Authentication and Authorization Service.
  6. Develop your own Java 2 security mapping module. For more information, see Configuring application logins for Java Authentication and Authorization Service.
  7. Develop custom user registries. For more information, see Developing custom user registries.
  8. Develop a custom interceptor for trust associations. For more information, see Trust association interceptor support for Subject creation



Sub-topics
Developing with programmatic security APIs for Web applications
Developing form login pages
Developing with programmatic APIs for EJB applications
Programmatic login
Developing programmatic logins with the Java Authentication and Authorization Service
Custom login module development for a system login configuration
Example: Customizing a server-side Java Authentication and Authorization Service authentication and login configuration
Example: Getting the Caller Subject from the Thread
Example: Getting the RunAs Subject from the Thread
Example: Overriding the RunAs Subject on the Thread
Example: User revocation from a cache
Developing your own J2C principal mapping module
Developing custom user registries
Trust association interceptor support for Subject creation

Related concepts
Web component security
Enterprise bean component security
Trust associations
Java Authentication and Authorization Service
J2EE connector security
Custom user registries

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_design.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)