You are previewing IBM WebSphere V5.0 Security: WebSphere Handbook Series.
O'Reilly logo
IBM WebSphere V5.0 Security: WebSphere Handbook Series

Book Description

This IBM Redbook provides IT Architects, IT Specialists, application designers, application developers, application assemblers, application deployers and consultants with information necessary to design, develop and deploy secure e-business applications using WebSphere Application Server V5.

Part 1, WebSphere security provides a detailed overview of WebSphere Application Server V5 Security. It starts with J2EE security, then goes into details about the modules and components of a J2EE enterprise application; it also covers programmatic security techniques. The last chapter in this part shows all the security-related administrative items in WebSphere Application Server V5.

Part 2, End-to-end security offers details about end-to-end security solutions where WebSphere Application Server V5 is part of an enterprise solution. You will find an introduction to Patterns for e-business, in which security is in focus. A very important chapter in this part will discuss the integration between WebSphere Application Server V5 and Tivoli Access Manager.

Finally, the Appendixes provide additional information related to chapters in the previous two parts and also describe the sample application available with the book.

Table of Contents

  1. Copyright
  2. Preface
  3. WebSphere security
    1. Introduction
      1. How to read this book
    2. Security fundamentals
      1. Security
      2. Security fundamentals
      3. Security in use
    3. J2EE application security
      1. J2EE application
      2. Security roles
      3. J2EE Container-based security
      4. Application deployment descriptor
      5. J2EE application security configuration
      6. Modifying applications
    4. Securing Web components
      1. Static components
      2. Web module security
      3. Securing Web components
      4. Security role reference
      5. Login facilities
      6. Additional security guidelines
      7. Where to find more information
    5. Securing EJBs
      1. Securing EJBs
      2. Defining J2EE roles for EJB modules
      3. Assigning EJB method permissions
      4. Security role references
      5. Delegation policy
      6. Run-as mapping
      7. Where to find more information
    6. Securing Java clients
      1. Java clients
      2. CSIv2 and SAS
      3. Configuring the Java client
      4. Identity Assertion
      5. J2EE application client
      6. Java thin application client
      7. Where to find more information
    7. Securing Enterprise Integration components
      1. Web Services security
      2. Messaging security
      3. J2C security
      4. Where to find more information
    8. Programmatic security
      1. Programmatic security
      2. J2EE API
      3. CustomRegistry SPI
      4. Custom Trust Association Interceptor
      5. Java 2 security
      6. JAAS
      7. Programmatic login
      8. Where to find more information
    9. WebSphere Application Server security
      1. WebSphere security model
      2. WebSphere Application Server security architecture
      3. Performance considerations
      4. Authentication summary
    10. Administering WebSphere security
      1. Administration tools
      2. WebSphere Global Security
      3. Administrative roles
      4. Configuring a user registry
      5. SWAM
      6. LTPA
      7. JAAS configuration
      8. Configuring SSL
      9. Demo keyfile
      10. SSL between the Web client and the Web server
      11. SSL between the Web server and WebSphere
      12. SSL between the Java client and WebSphere
      13. Connecting to directory servers (LDAP)
      14. JMX MBean security
      15. Cell Security
  4. End-to-end security
    1. Security in Patterns for e-business
      1. Patterns for e-business
      2. Selecting Application patterns for ITSOBank
      3. Creating the Runtime pattern for the ITSOBank application
      4. Product mappings
      5. Security guidelines in Patterns for e-business
      6. More information on Patterns for e-business
    2. Tivoli Access Manager
      1. End-to-end security
      2. Network identity and centralized security services
      3. Tivoli Access Manager
      4. Scenario 1: Shared user registries
      5. Scenario 2: Protecting Web resources
      6. Scenario 3: Tivoli’s WebSphere plug-in
      7. Scenario 4: Using the aznAPI
  5. Appendixes
    1. Sample application
      1. Sample application
      2. Security roles
      3. Deploying the sample application
      4. Importing the sample application into the development environment
      5. Where to find more information
    2. LDAP configurations
      1. SecureWay Directory Server
      2. IBM Directory Server
      3. Lotus Domino
      4. iPlanet Directory Server
      5. Microsoft Active Directory
      6. Testing LDAP connections
    3. Single Sign-On with Lotus Domino
      1. WebSphere-Domino SSO scenarios
      2. Using SecureWay Directory Server for user registry
      3. Using Domino LDAP for user registry
    4. Using wsadmin scripting for security configuration
      1. wsadmin scripting
      2. Preparing and testing the wsadmin client
      3. Sample scripts
    5. Additional material
      1. Locating the Web material
      2. Using the Web material
    6. Abbreviations and acronyms
    7. Related publications
      1. IBM Redbooks
      2. Referenced Web sites
      3. How to get IBM Redbooks
  6. Back cover
  7. Index