WAS Security Architecture
We assume that you are familiar with J2EE security and the basics of security. If you are not, refer to the J2EE specification for details on how to secure J2EE applications as well as [Botzum 2000]. Here, we are concerned with how WAS implements security. We will not delve into low-level details, as they are generally irrelevant, but it is helpful to understand at a high level how the WAS security infrastructure works. This will aid in defining a secure infrastructure and in troubleshooting.
As with any secure system, WAS provides functions for authentication, authorization, and data protection. WAS provides for three forms of authentication: user ID/password, client certificates, and identity assertion. WAS implements ...
Get IBM WebSphere: Deployment and Advanced Configuration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.