PacktLib: IBM WebSphere Application Server v7.0 Security

IBM WebSphere Application Server v7.0 Security

Credits

About the Author

About the Reviewers

www.PacktPub.com

Preface

A Threefold View of WebSphere Application Server Security

Enterprise Application-server infrastructure architecture view

WebSphere architecture view

WebSphere technology stack view

Summary

Securing the Administrative Interface

Information needed: Planning for security

Enabling security

Administrative roles

Disabling security

Summary

Configuring User Authentication and Access

Security domains

Administrative security domain

User registry concepts

Supported user registry types

Protecting application servers

Summary

Front-End Communication Security

Front-end enterprise application infrastructure architectures

SSL configuration and management

Securing front-end components communication

Summary

Securing Web Applications

Securing web applications concepts

Securing a web application

Summary

Securing Enterprise Java Beans Applications

EJB application security concepts

EJB project design

EJB project prerequisites and assumptions

Creating an Enterprise Application Project

Creating the portal Dynamic Web Project

Creating content for the portal DWP

Creating an EJB project

The grand finale

Summary

Securing Back-end Communication

LDAP: Uses of encryption

JDBC: WebSphere-managed authentication

Summary

Secure Enterprise Infrastructure Architectures

The enterprise infrastructure

Securing the enterprise infrastructure using LTPA

Securely enhancing the user experience with SSO

Fine-tuning authorization at the HTTP server level

Fine-tuning authorization at the WAS level

Summary

WebSphere Default Installation Hardening

Engineering the how and where of an installation

Ensuring good housekeeping of an installation

Summary

Platform Hardening

Identifying where to focus

Exploring the operating system

Creating the file system

Safeguarding the network system

Summary

Security Tuning and Troubleshooting

Tuning WebSphere security

Troubleshooting WebSphere security-related issues

Concluding WebSphere security-related tips

Summary