This section provides interoperability information. WebSphere Application
Server security is an integral part of your multiple-tier enterprise computing
framework. WebSphere Application Server adopts the open architecture paradigm
and provides many plug-in points to integrate with enterprise software components
to provide end-to-end security. WebSphere Application Server plug-in points
are based on standard J2EE specifications wherever applicable. WebSphere Application
Server is actively involved in various standard bodies to externalize and
to standardize plug-in interfaces.
This section examines some typical configuration and common security practices.
There are several communication links from a browser on the Internet, through
Web servers and product servers, to the enterprise data at the back end. WebSphere
Application Server security is built on a layered security architecture. This
section also examines the security protection offered by each security layer
and common security practice for good quality of protection in end-to-end
security.
This section describes how to implement declarative and programmatic security
while developing, assembling, and deploying your applications. The product
security components provide or collaborate with other services to provide
authentication, authorization, delegation, and data protection. The product
also supports the security features described in the Java 2 Enterprise Edition
(J2EE) specification.
This section describes security tasks and considerations as you are deploying
applications onto the application server and testing that users can access
the secured applications.
Last updated: Mar 17, 2005 4:28:29 AM CST http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/welc_concepts_csec.html