IBM WebSphere Application Server v7.0 Security
eBook - ePub

IBM WebSphere Application Server v7.0 Security

  1. 312 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

IBM WebSphere Application Server v7.0 Security

About this book

In Detail

In these days of high-profile hacking, server security is no less important than securing your application or network. In addition many companies must comply with government security regulations. No matter how secure your application is, your business is still at risk if your server is vulnerable. Here is how you solve your WebSphere server security worries in the best possible way.

This tutorial is focused towards ways in which you can avoid security loop holes. You will learn to solve issues that can cause bother when getting started with securing your IBM WebSphere Application Server v7.0 installation. Moreover, the author has documented details in an easy-to-read format, by providing engaging hands-on exercises and mini-projects.

The book starts with an in-depth analysis of the global and administrative security features of WebSphere Application Server v7.0, followed by comprehensive coverage of user registries for user authentication and authorization information. Moving on you will build on the concepts introduced and get hands-on with a mini project. From the next chapter you work with the different front-end architectures of WAS along with the Secure Socket Layer protocol, which offer transport layer security through data encryption.

You learn user authentication and data encryption, which demonstrate how a clear text channel can be made safer by using SSL transport to encrypt its data. The book will show you how to enable an enterprise application hosted in a WebSphere Application Server environment to interact with other applications, resources, and services available in a corporate infrastructure. Platform hardening, tuning parameters for tightening security, and troubleshooting are some of the aspects of WebSphere Application Server v7.0 security that are explored in the book. Every chapter builds strong security foundations, by demonstrating concepts and practicing them through the use of dynamic, web-based mini-projects.

A practical approach to implementing secure Java EE Server infrastructures using WebSphere

Approach

With this book you will explore WebSphere Application Server security concepts, which you can expand upon while working on mini-projects. With the author's style of writing you will gain the knowledge and confidence needed to implement WebSphere Application Servers securely. Right from the basics of securing your WebSphere Application Server to advanced security features, the author utilizes exercises, screenshots, and clear instructions.

Who this book is for

If you are a system administrator or an IT professional who wants to learn about the security side of the IBM WebSphere Application Server v7.0, this book will walk you through the key aspects of security and show you how to implement them. You do not need any previous experience in WebSphere Application Server, but some understanding of Java EE technologies will be helpful. In addition, Java EE application developers and architects who want to understand how the security of a WebSphere environment affects Java EE enterprise applications will find this book useful.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Packt Publishing
Year
2011
eBook ISBN
9781849681483
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

IBM WebSphere Application Server v7.0 Security

Table of Contents

IBM WebSphere Application Server v7.0 Security
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Instant Updates on New Packt Books
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. A Threefold View of WebSphere Application Server Security
Enterprise Application-server infrastructure architecture view
Simple infrastructure architecture characteristics
Branded infrastructure elements
Generic infrastructure components
Using the infrastructure architecture view
WebSphere architecture view
WebSphere Application Server simplified architecture
WebSphere node component
WebSphere JVM component
Using the WebSphere architecture view
WebSphere technology stack view
OS platform security
Java technology security
WebSphere security
Using the technology stack view
Summary
2. Securing the Administrative Interface
Information needed: Planning for security
The LDAP and security table
Enabling security
Setting the domain name
Starting at the console
Continuing with the global security page
Onto the SSO page
Setting the SSO domain name
Applying and saving your changes
Configuring the user registry
Locating the user registry configuration area
Registry type selection
Federated repository
Local operating system
LDAP
Standalone custom registry
LDAP—the preferred choice
Reviewing the resulting standalone LDAP registry page
Defining the WebSphere administrative ID
Setting the type of LDAP server
Entering the LDAP server parameters
Providing the LDAP bind identity parameters
Confirming other miscellaneous LDAP server parameters
Applying and saving the standalone LDAP configuration
Confirming the configuration
Enabling the administrative security
Locating the administrative security section
Performing the administrative security configuration steps
Applying and saving your changes
Propagating new configuration
Logging off from the console
Restarting the deployment manager
Logging in to the deployment manager console
Administrative roles
Disabling security
Summary
3. Configuring User Authentication and Access
Security domains
What is a security domain
Scope of security domains
Benefits of multiple security domains
Limitations of security domains
Administrative security domain
Configuring security domains based on global security
Creating a global security domain clone
Creating a security domain using scripting
User registry concepts
What is a user registry
WebSphere use of user repositories
Authentication
Authorization
Supported user registry types
Local operating system
Standalone LDAP
Standalone custom registry
Federated repositories
Protecting application servers
WebSphere environment assumptions
Prerequisites
Creating an application server
Creating a virtual host
Creating application JDBC Provider and DataSource
Configuring the global security to use the federated user registry
Creating a security domain for the application server
Configuring user authentication
Creating groups
Creating users
Assigning users to groups
Configuring access to resources
Testing the secured application server environment
Deploying and securing an enterprise application
Accessing the secured enterprise application
Summary
4. Front-End Communication Security
Front-end enterprise application infrastructure architectures
WebSphere horizontal cluster classic architecture
WebSphere horizontal cluster using dual-zone architecture
WebSphere horizontal cluster using multi-zone architecture
SSL configuration and management
What is SSL
How SSL works
Certificates and CAs
Securing front-end components communication
Securing the IBM HTTP Server
Environment assumptions
SSL configuration prerequisites
Add SSL ports to WebSphere employees_vh virtual server
Creating the SSL system components
Create the IHS SSL keystore
List built-in CA certificates included in keystore
Create self-signed certificate
Confirm the creation of self-signed certificate
Configuring IHS for SSL
Modifications to httpd.conf
Extract the WebSphere CA certificate
Add WAS self-signed certificate to the plug-in
Validation of the SSL configuration
Summary
5. Securing Web Applications
Securing web applications concepts
Developer view of web application security
Administrator view of web application security
Securing a web application
Project objectives
Assumptions
Prerequisites
Enterprise application architecture
Application groups
Application users
Application memberships
ACLs based on user registry groups
ACLs based on application roles
Dynamic web modules
Securing a J2EE web application
Creating the enterprise application project
Creating the dynamic web application projects
Configuring dynamic web applications
Defining welcome files
Adding log in information
Defining protected URI patterns and methods
Creating application roles
Assigning the application role
Defining client-server transport type
Mapping web modules to employees_vh
Configuring enterprise applications
Defining roles
Mapping groups to roles
Adding content to dynamic web applications
Adding web files
Adding Java components
Completing the Java code
Analysis of the initial servlet code
Completing the servlet code
Packaging an enterprise application
Deploying the enterprise application
Testing the enterprise application
Summary
6. Securing Enterprise Java Beans Applications
EJB application security concepts
Declarative security
Programmatic security
EJB project design
EJB application du jour
Objective—security
Objective—functional
Project design—UI aspect
Project design—programming component
Project design—implementation phase
EJB project prerequisites and assumptions
Project assumptions
Project prerequisites
Creating an Enterprise Application Project
Creating the project workspace
Enterprise application project requirements
EAR version
Target runtime
Creating the enterprise application project
Selecting the project EAR version
Creating a target runtime
Creating the deployment descriptor
Creating the portal Dynamic Web Project
C...

Table of contents

  1. IBM WebSphere Application Server v7.0 Security

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access IBM WebSphere Application Server v7.0 Security by Omar Siliceo in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.