JEE security

WebSphere security is based on the JEE application programming model. The JEE security model is designed to separate the application’s need for security and administration of security, allowing applications to be portable between vendors who have a slightly different implementation of the JEE security model. There are two aspects of security which need to be explained:

  • Authentication is essentially asking, “Are you who you say you are?”
  • Authorisation is simply a case of, once we know who you are, “What are you allowed to do?”

WebSphere employs user/group registries which store users and groups and uses these fro Authentication and Authorisation. Groups organize users together for a common action and users are assigned as members of groups. Knowing this, we will now move on to learn how to secure our WebSphere Application Server.

Global security

As documented in the WAS 8.5.5.x Profile Management Guide, we opted to turn on Global Security by supplying a username and password during profile creation. Once the Application Server was started, and we tried to access the WebSphere Integrated Solutions Console (Administrative Console) and we were prompted to enter a username and password. This means that Global Security is turned on. As an Administrator, we need to login with a user that exists in the user registry that WAS is currently using and we need to belong to certain Administrative Roles that allow the use to perform certain Administrative actions in the Administrative Console.

A question that is forth coming is, what kind of user registry is WAS using by default? This then also raises another question, why bother? When we do secure WAS, what kind of User Registries are available? I will now begin to answer these questions in this guide.

As administrators, it is important to secure the administration of WebSphere Application Server even if the applications being installed are not using security. It is paramount to ensure we have control of our WebSphere environments. The larger your team is the more important this becomes. In time, other people in your organization will get to know the console URLs of your WebSphere Application Servers and if they are not secured, you do not really know who is making changes without your approval. Securing the console stops inadvertent access and can ensure that only trained administrators are sanctioned to access and make configurations to environments. This is integral to keeping your WebSphere environment stable.

 


INTRODUCTION
JEE SECURITY
GLOBAL SECURITY
UNSECURE CONSOLE
TURNING ON GLOBAL SECURITY
Security Configuration Wizard
Virtual Member Manager
ROLE MANAGEMENT
Administrative roles
DISABLING GLOBAL SECURITY
SETTING THE INTERNAL REPOSITORY USING SCRIPTING
APACHEDS
Installing ApacheDS
Adding a new partition
ADDING LDAP TO A FEDERATED REPOSITORY
FEDERATED REPOSITORIES RECAP
Security settings
Wimconfig.xml

CHANGING THE OU FOR LDAP BIND
Looking at User Groups

STANDALONE LDAP
CONFIGURING THE STANDALONE LDAP SERVER
TESTING THE CONNECTION
REVIEW OF SECURITY.XML

SUMMARY

To learn more about the courses available from The Middleware Shop, please go to http://www.themiddlewareshop.com/products to see a full list of the current courses available.

Consulting

If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.

About Steve

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

Key Skills

• Leadership (Team, Project, Business, People).

• Architecture (Solutions, Information, Technical, Applications).

Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation

Specific IBM WebSphere skills:

WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)

  • Automation
  • Security, SSL
  • Dev Ops
  • Architecture
  • Performance Tuning

Middleware Integration Skills:

  • .NET programming, and Architecture
  • Java Programming, and Architecture
  • SOA, SOAP and XML messaging
  • JBoss Fuse, WMQ, IIB, Mule

Integration Skills:

  • SOA
  • Process Improvement
  • ICD’s
  • Messaging Architecture
  • Governance

General Digital Architecture & Governance

  • Lightweight Architectures
  • Digital Strategy, platform stacks for example IAAS, PAAS, SAAS
  • PCI DSS

Industry Qualifications & Recognition

  • TOGAF 9.1
  • IBM Champion 2013
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply