WebSphere WebSphere Enterprise Service Bus, Version 6.0.1 Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Developing secured applications

To enable applications to run in a secure environment, you must configure security aspects when developing applications, before you deploy it into WebSphere ESB.

Why and when to perform this task

WebSphere ESB exploits the security provided by the underlying WebSphere Application Server:

Most of the security for an application is configured during the assembly stage. The security that is configured during the assembly stage is called declarative security, because the security is declared in the deployment descriptors for the application. The declarative security is enforced by the security components in the run time. For some applications, declarative security is not sufficient to express the security model of the application. For these applications, you can use programmatic security, which specify within the code for the application.

This set of topics provide information about developing secured applications, and therefore are of interest mainly to developers of service applications.

If you have a secured application to deploy, you can find information about security stages of deployment in Installing a mediation module EAR file with the console.

Steps for this task

  1. Develop secure Web applications. For more information, see Developing with programmatic security APIs for Web applications .
  2. Develop servlet filters for form login processing. For more information, see Developing servlet filters for form login processing.
  3. Develop form login pages. For more information, see Developing form login pages.
  4. Develop enterprise bean component applications. For more information, see Developing with programmatic APIs for EJB applications.
  5. Develop with Java Authentication and Authorization Service to log in programmatically. For more information, see Developing programmatic logins with the Java Authentication and Authorization Service.
  6. Develop your own Java 2 security mapping module. For more information, see Configuring application logins for Java Authentication and Authorization Service.
  7. Develop custom user registries. For more information, see Developing custom user registries.
  8. Develop a custom interceptor for trust associations. For more information, see Trust association interceptor support for Subject creation
Related concepts
Access control
Related tasks
Developing service applications
Related reference
Access control in Common Event Infrastructure applications

Task topic

Terms of Use | Rate this page

Timestamp iconLast updated: 13 Dec 2005
http://publib.boulder.ibm.com/infocenter/dmndhelp/v6rxmx/index.jsp?topic=/com.ibm.websphere.wesb.doc\ae\tsec_design.html

(C) Copyright IBM Corporation 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)