IBM WebSphere Application Server V6.1 Security Handbook
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 28 December 2006, updated 15 June 2009
ISBN-10: 0738496707
ISBN-13: 9780738496702
IBM Form #: SG24-6316-01
Authors: Rufus Credle, Tony Chen, Asish Kumar, James Walton and Paul Winters
This IBM® Redbooks® publication is part of the IBM WebSphere® V6.1 series. It focuses on security and related topics, as well as provides technical details for designing and implementing secure solutions with WebSphere. Designed for IT architects, IT specialists, application designers, application developers, application assemblers, application deployers, and consultants, this book provides information about designing, developing, and deploying secure e-business applications using IBM WebSphere Application Server V6.1. It discusses theory and presents proven exercises performed in our lab by using sample applications.
Part 1 discusses security for the application server and its components, including enterprise applications. It focuses on administrative security and application security, which were previously known as global security. It includes essential information about how to secure Web and Enterprise JavaBeans™ (EJB™) applications and how to develop a Java™ client using security.
Part 2 introduces additional components from the enterprise environment and discusses security beyond the application server. External components include third-party security servers, messaging clients and servers, and database servers.
Part 3 provides a short introduction to development environment security. It includes guidelines and best practices that are applicable to a secure development environment.
Part 1. Application server security
Chapter 1. Introduction to this book
Chapter 2. Configuring the user registry
Chapter 3. Administrative security
Chapter 4. SSL administration and configuration management
Chapter 5. JAAS for authentication in WebSphere Application Server
Chapter 6. Application security
Chapter 7. Securing a Web application
Chapter 8. Securing an EJB application
Chapter 9. Client security
Chapter 10. Securing the service integration bus
Part 2. Extending security beyond the application server
Chapter 11. Security attribute propagation
Chapter 12. Securing a WebSphere application using Tivoli Access Manager
Chapter 13. Trust Association Interceptors and third-party software integration
Chapter 14. Externalizing authorization with JACC
Chapter 15. Web services security
Chapter 16. Securing access to WebSphere MQ
Chapter 17. J2EE Connector security
Chapter 18. Securing the database connection
Part 3. Development environment
Chapter 19. Development environment security
Appendix A. Additional configurations
Appendix B. Additional material