IBM WebSphere Application Server v7.0 Security
By Omar Siliceo
()
About this ebook
Related to IBM WebSphere Application Server v7.0 Security
Related ebooks
WebSphere Application Server 7.0 Administration Guide Rating: 0 out of 5 stars0 ratingsVMware Horizon View High Availability Rating: 0 out of 5 stars0 ratingsOpenStack Object Storage (Swift) Essentials Rating: 0 out of 5 stars0 ratingsLearning VMware App Volumes Rating: 0 out of 5 stars0 ratingsBuilding Websites with VB.NET and DotNetNuke 4 Rating: 1 out of 5 stars1/5Getting Started with Citrix XenApp 6.5 Rating: 0 out of 5 stars0 ratingsSecuring Windows Server 2008: Prevent Attacks from Outside and Inside Your Organization Rating: 0 out of 5 stars0 ratingsMastering SaltStack Rating: 0 out of 5 stars0 ratingsIBM BigFix A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsDB2 9 for Developers Rating: 0 out of 5 stars0 ratingsObject storage A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 Systems Rating: 0 out of 5 stars0 ratingsTerraform for Developers: Essentials of Infrastructure Automation and Provisioning Rating: 0 out of 5 stars0 ratingsWildFly Cookbook Rating: 0 out of 5 stars0 ratingsOpenShift A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsSOA for the Business Developer: Concepts, BPEL, and SCA Rating: 0 out of 5 stars0 ratingsBizTalk Server 2010 Cookbook Rating: 0 out of 5 stars0 ratingsSetup of a Graphical User Interface Desktop for Linux Virtual Machine on Cloud Platforms Rating: 0 out of 5 stars0 ratingsLearning SaltStack Rating: 4 out of 5 stars4/5Windows Server 2008 For Dummies Rating: 0 out of 5 stars0 ratingsKubernetes A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCitrix XenApp Performance Essentials Rating: 0 out of 5 stars0 ratingsDriving the Power of AIX: Performance Tuning on IBM Power Rating: 0 out of 5 stars0 ratingsRed Hat Ansible A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft BizTalk 2010: Line of Business Systems Integration Rating: 0 out of 5 stars0 ratingsOracle Solaris 11 System Virtualization Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsStorage area network The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsWebSphere Application Server: Step by Step Rating: 4 out of 5 stars4/5VMware vRealize Operations Essentials Rating: 0 out of 5 stars0 ratings
Computers For You
The Invisible Rainbow: A History of Electricity and Life Rating: 4 out of 5 stars4/5Slenderman: Online Obsession, Mental Illness, and the Violent Crime of Two Midwestern Girls Rating: 4 out of 5 stars4/5The ChatGPT Millionaire Handbook: Make Money Online With the Power of AI Technology Rating: 0 out of 5 stars0 ratingsElon Musk Rating: 4 out of 5 stars4/5The Professional Voiceover Handbook: Voiceover training, #1 Rating: 5 out of 5 stars5/5CompTIA Security+ Practice Questions Rating: 2 out of 5 stars2/5Mastering ChatGPT: 21 Prompts Templates for Effortless Writing Rating: 5 out of 5 stars5/5Procreate for Beginners: Introduction to Procreate for Drawing and Illustrating on the iPad Rating: 0 out of 5 stars0 ratings101 Awesome Builds: Minecraft® Secrets from the World's Greatest Crafters Rating: 4 out of 5 stars4/5Standard Deviations: Flawed Assumptions, Tortured Data, and Other Ways to Lie with Statistics Rating: 4 out of 5 stars4/5How to Create Cpn Numbers the Right way: A Step by Step Guide to Creating cpn Numbers Legally Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Alan Turing: The Enigma: The Book That Inspired the Film The Imitation Game - Updated Edition Rating: 4 out of 5 stars4/5Ultimate Guide to Mastering Command Blocks!: Minecraft Keys to Unlocking Secret Commands Rating: 5 out of 5 stars5/5Master Builder Roblox: The Essential Guide Rating: 4 out of 5 stars4/5Deep Search: How to Explore the Internet More Effectively Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Dark Aeon: Transhumanism and the War Against Humanity Rating: 5 out of 5 stars5/5The Designer's Web Handbook: What You Need to Know to Create for the Web Rating: 0 out of 5 stars0 ratingsGrokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Learning the Chess Openings Rating: 5 out of 5 stars5/5People Skills for Analytical Thinkers Rating: 5 out of 5 stars5/5Web Designer's Idea Book, Volume 4: Inspiration from the Best Web Design Trends, Themes and Styles Rating: 4 out of 5 stars4/5What Video Games Have to Teach Us About Learning and Literacy. Second Edition Rating: 4 out of 5 stars4/5CompTIA IT Fundamentals (ITF+) Study Guide: Exam FC0-U61 Rating: 0 out of 5 stars0 ratings
Reviews for IBM WebSphere Application Server v7.0 Security
0 ratings0 reviews
Book preview
IBM WebSphere Application Server v7.0 Security - Omar Siliceo
Table of Contents
IBM WebSphere Application Server v7.0 Security
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Instant Updates on New Packt Books
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. A Threefold View of WebSphere Application Server Security
Enterprise Application-server infrastructure architecture view
Simple infrastructure architecture characteristics
Branded infrastructure elements
Generic infrastructure components
Using the infrastructure architecture view
WebSphere architecture view
WebSphere Application Server simplified architecture
WebSphere node component
WebSphere JVM component
Using the WebSphere architecture view
WebSphere technology stack view
OS platform security
Java technology security
WebSphere security
Using the technology stack view
Summary
2. Securing the Administrative Interface
Information needed: Planning for security
The LDAP and security table
Enabling security
Setting the domain name
Starting at the console
Continuing with the global security page
Onto the SSO page
Setting the SSO domain name
Applying and saving your changes
Configuring the user registry
Locating the user registry configuration area
Registry type selection
Federated repository
Local operating system
LDAP
Standalone custom registry
LDAP—the preferred choice
Reviewing the resulting standalone LDAP registry page
Defining the WebSphere administrative ID
Setting the type of LDAP server
Entering the LDAP server parameters
Providing the LDAP bind identity parameters
Confirming other miscellaneous LDAP server parameters
Applying and saving the standalone LDAP configuration
Confirming the configuration
Enabling the administrative security
Locating the administrative security section
Performing the administrative security configuration steps
Applying and saving your changes
Propagating new configuration
Logging off from the console
Restarting the deployment manager
Logging in to the deployment manager console
Administrative roles
Disabling security
Summary
3. Configuring User Authentication and Access
Security domains
What is a security domain
Scope of security domains
Benefits of multiple security domains
Limitations of security domains
Administrative security domain
Configuring security domains based on global security
Creating a global security domain clone
Creating a security domain using scripting
User registry concepts
What is a user registry
WebSphere use of user repositories
Authentication
Authorization
Supported user registry types
Local operating system
Standalone LDAP
Standalone custom registry
Federated repositories
Protecting application servers
WebSphere environment assumptions
Prerequisites
Creating an application server
Creating a virtual host
Creating application JDBC Provider and DataSource
Configuring the global security to use the federated user registry
Creating a security domain for the application server
Configuring user authentication
Creating groups
Creating users
Assigning users to groups
Configuring access to resources
Testing the secured application server environment
Deploying and securing an enterprise application
Accessing the secured enterprise application
Summary
4. Front-End Communication Security
Front-end enterprise application infrastructure architectures
WebSphere horizontal cluster classic architecture
WebSphere horizontal cluster using dual-zone architecture
WebSphere horizontal cluster using multi-zone architecture
SSL configuration and management
What is SSL
How SSL works
Certificates and CAs
Securing front-end components communication
Securing the IBM HTTP Server
Environment assumptions
SSL configuration prerequisites
Add SSL ports to WebSphere employees_vh virtual server
Creating the SSL system components
Create the IHS SSL keystore
List built-in CA certificates included in keystore
Create self-signed certificate
Confirm the creation of self-signed certificate
Configuring IHS for SSL
Modifications to httpd.conf
Extract the WebSphere CA certificate
Add WAS self-signed certificate to the plug-in
Validation of the SSL configuration
Summary
5. Securing Web Applications
Securing web applications concepts
Developer view of web application security
Administrator view of web application security
Securing a web application
Project objectives
Assumptions
Prerequisites
Enterprise application architecture
Application groups
Application users
Application memberships
ACLs based on user registry groups
ACLs based on application roles
Dynamic web modules
Securing a J2EE web application
Creating the enterprise application project
Creating the dynamic web application projects
Configuring dynamic web applications
Defining welcome files
Adding log in information
Defining protected URI patterns and methods
Creating application roles
Assigning the application role
Defining client-server transport type
Mapping web modules to employees_vh
Configuring enterprise applications
Defining roles
Mapping groups to roles
Adding content to dynamic web applications
Adding web files
Adding Java components
Completing the Java code
Analysis of the initial servlet code
Completing the servlet code
Packaging an enterprise application
Deploying the enterprise application
Testing the enterprise application
Summary
6. Securing Enterprise Java Beans Applications
EJB application security concepts
Declarative security
Programmatic security
EJB project design
EJB application du jour
Objective—security
Objective—functional
Project design—UI aspect
Project design—programming component
Project design—implementation phase
EJB project prerequisites and assumptions
Project assumptions
Project prerequisites
Creating an Enterprise Application Project
Creating the project workspace
Enterprise application project requirements
EAR version
Target runtime
Creating the enterprise application project
Selecting the project EAR version
Creating a target runtime
Creating the deployment descriptor
Creating the portal Dynamic Web Project
Creating the portal DWP
Defining the DWP context root
Creating the DWP deployment descriptor
Configuring the portal DWP deployment descriptor
Defining the welcome pages suite
Adding login information
Securing protected URI patterns and HTTP methods
Defining security constraints
Defining resource collections
Defining application roles
Defining the client-server transport type
Mapping module to virtual host
Creating content for the portal DWP
Location of files within the project
Logical file organization
Creating the common HTML files
Creating the custom HTML files
Creating the JSP files
Pagelet selector JSP files
Portal home selector JSP files
Creating the Servlet PortalHomeSelectorServlet
Creating a Java package
Creating the Servlet
Creating the code for PortalHomeSelectorServlet
Package definition and import statements
Declaration of class constants and variables
HTTP methods
Getting parameters
Communicating with EJB
Forwarding control to another component
Creating an EJB project
Creating the initial project
Creating the Java packages
Creating the EJB interfaces
Creating IPortalSelectorSessionBean interface
Creating the local and remote EJB interfaces
Creating the EJB
Creating the code for PortalSelectorSessionBean
Package definition and import statements
Class definition
Instance variables
Linking to the user context
Programmatic security
Declarative security
The grand finale
Packaging the enterprise project as an EAR
Deploying the EAR
Testing the application
Summary
7. Securing Back-end Communication
LDAP: Uses of encryption
Securing the LDAP channel
Protocol: LDAP and the Internet Protocol Suite
The importance of securing the LDAP channel
Choices in securing the LDAP channel
Enabling SSL for LDAP
Creating a key ring for storing key stores
JCE Policy files
Creating a trust db for storing trust stores
Creating a key store for use with LDAP
Creating a trust store to use with LDAP
Creating an SSL configuration for LDAP
Obtaining the LDAP server SSL certificate
Configuring LDAP for SSL
JDBC: WebSphere-managed authentication
Protocol(s)
The JDBC API
Connection/Driver Manager and Data Source/JDBC provider
The JDBC Application Layer
Choices to secure the database channel
Examples of securing the JDBC connection
Defining a new JDBC provider
Defining a new Data Source
Summary
8. Secure Enterprise Infrastructure Architectures
The enterprise infrastructure
An Enterprise Application in relation to an Application Server
WAS infrastructure and EA's application server interactions
Securing the enterprise infrastructure using LTPA
Why use the LTPA mechanism
How the LTPA authentication mechanism works
The main use for LTPA in a WebSphere environment
Securely enhancing the user experience with SSO
Required conditions to implement SSO
Implementing SSO in WebSphere
Fine-tuning authorization at the HTTP server level
Why use an external access management solution
How it works
What tool to use
Configuring the HTTP server to use an external access management solution
Fine-tuning authorization at the WAS level
When to use TAI
Configuring SiteMinder ASA for WebSphere (TAI)
Summary
9. WebSphere Default Installation Hardening
Engineering the how and where of an installation
Appreciating the importance of location, location, location!
Customizing the executable files location
Customizing the configuration files location
Customizing the log files location
Camouflaging the entrance points
Understanding why it's important
Methodology choices
Identifying what needs to be configured
Getting started
Picking a good attorney
Ensuring good housekeeping of an installation
Keeping your secrets safe
Using key stores and trust stores
Storing passwords in configuration files
Adding passwords to properties files
Manually adding a password - a bonus tip
Summary
10. Platform Hardening
Identifying where to focus
Exploring the operating system
Appreciating OS interfaces
Understanding user accounts
Understanding service accounts
Using kernel modules
Creating the file system
Influencing permission and ownership using process execution
Running single execution mode
Using executables
Configuring
Setting ownerships and permissions on log files
Running multiple execution mode
Safeguarding the network system
Establishing network connections
Communicating from process to process
Summary
11. Security Tuning and Troubleshooting
Tuning WebSphere security
Tuning general security
Tightening security using the administrative connector
Disabling security attribute propagation
Using unrestricted Java Cryptographic Extensions
Obtaining the Unrestricted JCE policy files
Installing the Unrestricted JCE policy files
Tuning CSIv2 connectivity
Using Active Authentication Protocol: Set it only to CSI
Enforcing client certificates using SSL
Enabling stateful sessions
Configuring the server
Configuring the client
Tuning user directories and user permissions
Configuring LDAP
Reusing the established connection
Ignoring case during authorization
Tuning user authentication
Increasing authentication cache timeout
Enabling SSO
Troubleshooting WebSphere security-related issues
Troubleshooting general security configuration exceptions
Identifying problems with the Deployment Manager—node agent communication blues
Receiving the message HMGR0149E: node agent rejected
Receiving the message ADMS0005E: node agent unable to synchronize
Troubleshooting runtime security exceptions
Troubleshooting HTTPS communication between WebSphere Plug-in and Application Server
Receiving the message SSL0227E: SSL handshake fails
Receiving ws_config_parser errors while loading the plug-in configuration file
Receiving the message GSK_ERROR_BAD_CERT: No suitable certificate found
Receiving the message GSK_KEYFILE_IO_ERROR: No access to key file
Receiving the message WSVR0009E / ORBX0390E: JVM does not start due to org.omg.CORBA.INTERNAL error
Concluding WebSphere security-related tips
Using wildcards in virtual hosts: never do it!
Ensuring best practice: set tracing from wide to specific search pattern
Using a TAI such as SiteMinder: remove existing interceptors
Summary
Index
IBM WebSphere Application Server v7.0 Security
IBM WebSphere Application Server v7.0 Security
Copyright © 2011 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: February 2011
Production Reference: 1180211
Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK.
ISBN 978-1-849681-48-3
www.packtpub.com
Cover Image by David Guettirrez (<bilbaorocker@yahoo.co.uk> )
Credits
Author
Omar Siliceo
Reviewers
Domenico Cantatore
Ty Lim
Jose Mariano Ruiz Martin
Development Editor
Susmita Panda
Technical Editors
Neha Damle
Erika Fernandes
Gaurav Datar
Indexer
Monica Ajmera Mehta
Editorial Team Leader
Vinodhan Nair
Project Team Leader
Priya Mukherji
Project Coordinator
Sneha Harkut
Proofreaders
Aaron Nash
Steve Maguire
Graphics
Geetanjali Sawant
Production Coordinator
Alwin Roy
Cover Work
Alwin Roy
About the Author
Omar Siliceo, a professional Systems Engineer with a Master of Science degree in Electrical Engineering, started his IT career in the year 1991 as a Research Specialist, performing the roles of systems specialist, Internet and Unix systems administrator, and Internet systems consultant, when he was invited to join the Computer Center group at Vanderbilt University. In 1994, he joined the information technology team as a consultant, performing systems integration at the King Faisal Specialist Hospital and Research Centre in Saudi Arabia. After returning to the United States of America in 1997, he launched his IT consulting practice, creating partnerships with companies such as CTG and Ajilon. During the period from 1997-2004 he spent most of it (1997-2002) working with IBM in finding e-commerce solutions for customers such as Macy's, the NBA Store and Blair, and event Cybercast Infrastructure Administration for customers such as The Wimbledon Championships and The Masters Golf Tournament. It was during this period that he became exposed to early WebSphere technologies, including but not limited to WebSphere Application Server, WebSphere Commerce Suite, WebSphere Portal, and WebSphere Everyplace Suite.
In his last year with IBM, he focused on providing design, programming consultation, and problem solving to Fortune 500 software vendors and software integrators who were IBM's business partners. Between 2002 and 2004, he served as a consultant to The World Bank Group and Blue Cross Blue Shield of Florida. His role was the administration of WebSphere environments including some special projects such as the rollout of the latest version of their WebSphere environments. In 2004, he interrupted his consulting practice when he was invited to join the IT engineering team at Cummins, Inc. He served as Senior Web Technologies Engineer and later on as the Web Deployment team manager. As Senior Engineer, he architected the infrastructure environment for WebSphere 5.1, defining standards for platform creation, WAS deployment, and integration with existing enterprise technologies and services. In 2008, he resumed his consulting practice, supporting WebSphere Application Server, WebSphere Portal, and WebSphere Edge Components efforts and initiatives with Bank of America (2008), Blue Cross Blue Shield of Florida (2008 2009), and The World Bank Group, where he is currently Senior WebSphere Suite consultant.
First and foremost, I would like to thank the Lord for providing this unique, challenging, and rewarding opportunity as well as the resources to complete this fun project. Secondly, I would also like to thank my wife, Melissa, for her love, support, and encouragement throughout this undertaking. In addition, I wish to extend my gratitude to my sons, Tano and Chago, for allowing me to give up time that otherwise I would have spent with them.
Furthermore, I would like to express my appreciation to Packt for having reached out to me to propose this project. In particular, I thank my editorial team and their management for all the support provided in order to make this project a reality. I also would like to thank the technical team of experts who painstakingly reviewed each of the chapters for their corrections, observations, and most welcomed suggestions to improve the quality of this work.
Finally, I want to thank the folks at The World Bank Group, in particular Srini, Balaji, Suresh, and Ajay, for their encouragement during this project. I think they promised to buy a copy each.
About the Reviewers
Domenico Cantatore is a senior IT Specialist working for IBM Software Group in Dublin.
His areas of expertise include infrastructure architecture design, implementation, problem determination and performance, analysis, and tuning on WebSphere and Tivoli® products. These products include WebSphere Application Server, WebSphere Portal Server, WebSphere Process Server, WebSphere Commerce Server, WebSphere MQ, WebSphere Message Broker, and ITCAM. He has 10 years of experience in IT and various industry certifications.
Ty Lim has worked for various software startup companies, consulting firms, and was working in the Healthcare IT field for the last eight years. He now works in the telecommunications industry.
Ty Lim has been in the IT industry for more than 15 years. He started out using WebSphere Application Server back in 2003 and has been utilizing the technology ever since. He has a background in JAVA programming, Unix/Linux Systems administration and he keeps up to date with the latest open source technology. He holds a degree in Computer Science from the University of the Pacific, and is currently pursuing his Masters Degree in Information Systems at Boston University. He has interests in application server technology, open source technology, network security, and Java programming.
I would like to thank my parents (Lina and Roland) for giving me what I needed growing up so that I could achieve what I needed to accomplish thus far in my career. (A good home, a great education, and a drive to keep going.) I love you guys so much. 'Thank you' does not quite show the magnitude of what I owe you.
To Mike and Penny, both of you have shown me a lot over the last several years. Thank you so much for being my friends. Both of you have achieved what I have always sought. I hope this rolling stone can someday put up roots somewhere. Give a big hug to my god daughter Sophia for me. Tell her, her god father loves her very much.
To my sister Eileen and my brother-in-law Nguyen. Both of you have been an inspiration to me over the last several years. I wish both of you complete happiness.
To my colleagues in New York and New Jersey (BrianK, GeorgeT, TomB, DonN, JonL, JohnW, MikeR, GregM, MarkD, JohnH, VinceH), guys you're the best in the business. I can't be more prouder to call both a colleague and a friend. Keep up the great work.
To Jenny, thank you for being my friend all these years, I cherish our friendship very much.
To my friends and colleagues in CA and overseas, I hope to see all of you soon (or someday). All of you have been my inspiration for working my way back home.
To Geri, I just wanted you to know, that your happiness has always meant very much to me. I hope you find happiness wherever you go.
Jose Mariano Ruiz Martin is a Computing Science Engineer and senior specialist at Technologies of Information. He has worked at some of the most important Spanish companies including Telefónica Spain, Vodafone Spain, Caja Madrid, and Mapfre as systems engineer and technical leader.
After finishing his degree in Computing Science and completing a Master's in Computer Networking and Communications, he has specialized in systems engineering, obtaining several certifications such as Sun Certified Security Administrator, Sun Certified System Administrator for Solaris 9, BEA Certified WebLogic 9 Administrator, BEA Certified WebLogic 8.1 Administrator, and Cisco Certified Network Associate. Besides this he has been a professor at several courses on Information Systems Administration.
He is now working at IBM Spain on electronic commerce infrastructures and SOA/BPM technologies as IT specialist on the IBM's WebSphere platform.
I would like to dedicate this book to all those who do not resign themselves to be mere spectators in life, and work resolutely to achieve their own goals; with a special mention to my father, who is still the best example for both my brother and me, and has resisted all the difficulties he has had to face.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Fully searchable across every book published by Packt
Copy & paste, print and bookmark content
On demand and accessible via web browser
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Instant Updates on New Packt Books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter, or the Packt Enterprise Facebook page.
Preface
IBM WebSphere Application Server Network Deployment is IBM's flagship J2EE application server platform. It implements the J2EE technology stack. This stack enables the WebSphere Application Server platform to execute the user's Java enterprise applications that perform business functions. There are several roles who use this platform such as architects, developers, and administrators, to mention a few. Within the administrator role, in turn, there are several functions such as installation, performance, security, and so on.
This book starts with an in-depth analysis of the global and administrative security features of WebSphere Application Server v7.0, followed by comprehensive coverage of user registries for user authentication and authorization information. Moving on you will build on the concepts introduced and get hands-on with a mini project. In the next chapter, you work with the different front-end architectures of WAS along with the Secure Socket Layer protocol, which offer transport layer security through data encryption.
You can learn user authentication and data encryption, which demonstrate how a clear text channel can be made safer, by using SSL transport to encrypt its data. This book will show you how to enable an enterprise application hosted in a WebSphere Application Server environment to interact with other applications, resources, and services available in a corporate infrastructure. Platform hardening, tuning parameters for tightening security, and troubleshooting are some of the aspects of WebSphere Application Server v7.0 security that are explored in the book. Every chapter builds strong security foundations, by demonstrating concepts and practicing them through the use of dynamic, web-based mini projects.
What this book covers
Chapter 1, A Threefold View of WebSphere Application Server Security, uses a novel approach to compare ways in which WebSphere security elements are perceived, usually according to the role of the individual working with the technology. These ways or views help you understand the foundations of WebSphere security, providing multiple angles from where to analyze this set of technologies and communicate in their language with different functional teams within your organization.
Chapter 2, Securing the Administrative Interface, walks you through the necessary steps to secure access to the WebSphere graphical interface, known as the ISC (Integrated Solutions Console). As a prerequisite to securing the ISC, you must first enable the WebSphere Application Server platform security, known as global security. During these processes, the chapter succinctly describes relevant security topics (for example, user registries) and highlights what parameters are required in order to perform each step.
Chapter 3, Configuring User Authentication and Access, provides concise technical background on the security topics related to setting up user authentication (validation of presented user credentials) and user access—determining if an authenticated user has rights