To enable applications to run in a secure environment, you must
configure security aspects when developing applications, before you deploy
it into WebSphere ESB.
Why and when to perform this task
WebSphere ESB exploits
the security provided by the underlying
WebSphere Application Server:
- Components that provide or collaborate with other services to provide
authentication, authorization, delegation, and data protection.
- Supports the security features that are described in the Java 2 Platform,
Enterprise Edition (J2EE) specification.
Most of the security for an application is configured during the
assembly stage. The security that is configured during the assembly stage
is called declarative security, because the security is declared in
the deployment descriptors for the application. The declarative security is
enforced by the security components in the run time. For some applications,
declarative security is not sufficient to express the security model of the
application. For these applications, you can use programmatic security,
which specify within the code for the application.
This set of topics
provide information about developing secured applications, and therefore are
of interest mainly to developers of service applications.
If you have
a secured application to deploy, you can find information about security stages
of deployment in Installing a mediation module EAR file with the console.
Steps for this task
- Develop secure Web applications. For more information,
see Developing with programmatic security APIs for Web applications .
- Develop servlet filters for form login processing. For
more information, see Developing servlet filters for form login processing.
- Develop form login pages. For more information, see Developing form login pages.
- Develop enterprise bean component applications. For
more information, see Developing with programmatic APIs for EJB applications.
- Develop with Java Authentication and Authorization Service to log
in programmatically. For more information, see Developing programmatic logins with the Java Authentication
and Authorization Service.
- Develop your own Java 2 security mapping module. For
more information, see Configuring application logins for Java Authentication
and Authorization Service.
- Develop custom user registries. For more information,
see Developing custom user registries.
- Develop a custom interceptor for trust associations. For
more information, see Trust association
interceptor support for Subject creation