Securing applications and their environments

 

Overview

WebSphere Application Server supports the Java 2 Platform, Enterprise Edition (J2EE) model for creating, assembling, securing, and deploying applications. This article provides a high-level description of what is involved in securing resources in a J2EE environment. Applications are often created, assembled, and deployed in different phases and by different teams.

Consult the J2EE specifications for complete details.

 

Procedure

1. Plan to secure your applications and environment. For more information, see Planning to secure your environment. Complete this step before you install the WebSphere Application Server.

2. Consider pre-installation and post-installation requirements. For more information, see Implementing security considerations at installation time. For example, during this step, you learn how to protect security configurations after you install the product.

3. Migrate your existing security systems. For more information, see Migrating security configurations from previous releases.

4. Develop secured applications. For more information, see Developing secured applications.

5. Assemble secured applications. For more information, see Assembling secured applications. Development tools, such as the Assembling applications, are used to assemble J2EE modules and to set the attributes in the deployment descriptors.

   Most of the steps in assembling J2EE applications involve deployment descriptors; deployment descriptors play a central role in application security in a J2EE environment.

   Application assemblers combine J2EE modules, resolve references between them, and create from them a single deployment unit, typically an Enterprise Archive (EAR) file. Component providers and application assemblers can be represented by the same person but do not have to be.

6. Deploy secured applications. For more information, see Deploying secured applications.

   Deployer link entities referred to in an enterprise application are mapped to the runtime environment. The deployer:

   • Maps actual users and groups to application roles

   • Installs the enterprise application into the environment

   • Makes the final adjustments needed to run the application

7. Test secured applications. For more information, see Testing security.

8. Manage security configurations. For more information, see Administering security.

9. Improve performance by tuning security configurations. For more information, see Tuning security configurations.

10. Troubleshoot security configurations. For more information, see Troubleshooting security configurations.

 

Result

Your applications and production environment are secured.

 

ExampleSecurity: Resources for learning

 

See also

Integrating IBM WAS security with existing security systems
Planning to secure your environment
Implementing security considerations at installation time
Migrating security configurations from previous releases
Developing secured applications
Assembling secured applications
Deploying secured applications
Testing security
Administering security
Tuning security configurations
Troubleshooting security configurations

 

See Also

Introduction: Security

 

---