IBM WebSphere Application Server v7.0 Security -- IBM WebSphere Application Server v7.0 Security -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Instant Updates on New Packt Books -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- 1. A Threefold View of WebSphere Application Server Security -- Enterprise Application-server infrastructure architecture view -- Simple infrastructure architecture characteristics -- Branded infrastructure elements -- Generic infrastructure components -- Using the infrastructure architecture view -- WebSphere architecture view -- WebSphere Application Server simplified architecture -- WebSphere node component -- WebSphere JVM component -- Using the WebSphere architecture view -- WebSphere technology stack view -- OS platform security -- Java technology security -- WebSphere security -- Using the technology stack view -- Summary -- 2. Securing the Administrative Interface -- Information needed: Planning for security -- The LDAP and security table -- Enabling security -- Setting the domain name -- Starting at the console -- Continuing with the global security page -- Onto the SSO page -- Setting the SSO domain name -- Applying and saving your changes -- Configuring the user registry -- Locating the user registry configuration area -- Registry type selection -- Federated repository -- Local operating system -- LDAP -- Standalone custom registry -- LDAP-the preferred choice -- Reviewing the resulting standalone LDAP registry page -- Defining the WebSphere administrative ID -- Setting the type of LDAP server -- Entering the LDAP server parameters.

Providing the LDAP bind identity parameters -- Confirming other miscellaneous LDAP server parameters -- Applying and saving the standalone LDAP configuration -- Confirming the configuration -- Enabling the administrative security -- Locating the administrative security section -- Performing the administrative security configuration steps -- Applying and saving your changes -- Propagating new configuration -- Logging off from the console -- Restarting the deployment manager -- Logging in to the deployment manager console -- Administrative roles -- Disabling security -- Summary -- 3. Configuring User Authentication and Access -- Security domains -- What is a security domain -- Scope of security domains -- Benefits of multiple security domains -- Limitations of security domains -- Administrative security domain -- Configuring security domains based on global security -- Creating a global security domain clone -- Creating a security domain using scripting -- User registry concepts -- What is a user registry -- WebSphere use of user repositories -- Authentication -- Authorization -- Supported user registry types -- Local operating system -- Standalone LDAP -- Standalone custom registry -- Federated repositories -- Protecting application servers -- WebSphere environment assumptions -- Prerequisites -- Creating an application server -- Creating a virtual host -- Creating application JDBC Provider and DataSource -- Configuring the global security to use the federated user registry -- Creating a security domain for the application server -- Configuring user authentication -- Creating groups -- Creating users -- Assigning users to groups -- Configuring access to resources -- Testing the secured application server environment -- Deploying and securing an enterprise application -- Accessing the secured enterprise application -- Summary.

4. Front-End Communication Security -- Front-end enterprise application infrastructure architectures -- WebSphere horizontal cluster classic architecture -- WebSphere horizontal cluster using dual-zone architecture -- WebSphere horizontal cluster using multi-zone architecture -- SSL configuration and management -- What is SSL -- How SSL works -- Certificates and CAs -- Securing front-end components communication -- Securing the IBM HTTP Server -- Environment assumptions -- SSL configuration prerequisites -- Add SSL ports to WebSphere employees_vh virtual server -- Creating the SSL system components -- Create the IHS SSL keystore -- List built-in CA certificates included in keystore -- Create self-signed certificate -- Confirm the creation of self-signed certificate -- Configuring IHS for SSL -- Modifications to httpd.conf -- Extract the WebSphere CA certificate -- Add WAS self-signed certificate to the plug-in -- Validation of the SSL configuration -- Summary -- 5. Securing Web Applications -- Securing web applications concepts -- Developer view of web application security -- Administrator view of web application security -- Securing a web application -- Project objectives -- Assumptions -- Prerequisites -- Enterprise application architecture -- Application groups -- Application users -- Application memberships -- ACLs based on user registry groups -- ACLs based on application roles -- Dynamic web modules -- Securing a J2EE web application -- Creating the enterprise application project -- Creating the dynamic web application projects -- Configuring dynamic web applications -- Defining welcome files -- Adding log in information -- Defining protected URI patterns and methods -- Creating application roles -- Assigning the application role -- Defining client-server transport type -- Mapping web modules to employees_vh.

Configuring enterprise applications -- Defining roles -- Mapping groups to roles -- Adding content to dynamic web applications -- Adding web files -- Adding Java components -- Completing the Java code -- Analysis of the initial servlet code -- Completing the servlet code -- Packaging an enterprise application -- Deploying the enterprise application -- Testing the enterprise application -- Summary -- 6. Securing Enterprise Java Beans Applications -- EJB application security concepts -- Declarative security -- Programmatic security -- EJB project design -- EJB application du jour -- Objective-security -- Objective-functional -- Project design-UI aspect -- Project design-programming component -- Project design-implementation phase -- EJB project prerequisites and assumptions -- Project assumptions -- Project prerequisites -- Creating an Enterprise Application Project -- Creating the project workspace -- Enterprise application project requirements -- EAR version -- Target runtime -- Creating the enterprise application project -- Selecting the project EAR version -- Creating a target runtime -- Creating the deployment descriptor -- Creating the portal Dynamic Web Project -- Creating the portal DWP -- Defining the DWP context root -- Creating the DWP deployment descriptor -- Configuring the portal DWP deployment descriptor -- Defining the welcome pages suite -- Adding login information -- Securing protected URI patterns and HTTP methods -- Defining security constraints -- Defining resource collections -- Defining application roles -- Defining the client-server transport type -- Mapping module to virtual host -- Creating content for the portal DWP -- Location of files within the project -- Logical file organization -- Creating the common HTML files -- Creating the custom HTML files -- Creating the JSP files -- Pagelet selector JSP files.

Portal home selector JSP files -- Creating the Servlet PortalHomeSelectorServlet -- Creating a Java package -- Creating the Servlet -- Creating the code for PortalHomeSelectorServlet -- Package definition and import statements -- Declaration of class constants and variables -- HTTP methods -- Getting parameters -- Communicating with EJB -- Forwarding control to another component -- Creating an EJB project -- Creating the initial project -- Creating the Java packages -- Creating the EJB interfaces -- Creating IPortalSelectorSessionBean interface -- Creating the local and remote EJB interfaces -- Creating the EJB -- Creating the code for PortalSelectorSessionBean -- Package definition and import statements -- Class definition -- Instance variables -- Linking to the user context -- Programmatic security -- Declarative security -- The grand finale -- Packaging the enterprise project as an EAR -- Deploying the EAR -- Testing the application -- Summary -- 7. Securing Back-end Communication -- LDAP: Uses of encryption -- Securing the LDAP channel -- Protocol: LDAP and the Internet Protocol Suite -- The importance of securing the LDAP channel -- Choices in securing the LDAP channel -- Enabling SSL for LDAP -- Creating a key ring for storing key stores -- JCE Policy files -- Creating a trust db for storing trust stores -- Creating a key store for use with LDAP -- Creating a trust store to use with LDAP -- Creating an SSL configuration for LDAP -- Obtaining the LDAP server SSL certificate -- Configuring LDAP for SSL -- JDBC: WebSphere-managed authentication -- Protocol(s) -- The JDBC API -- Connection/Driver Manager and Data Source/JDBC provider -- The JDBC Application Layer -- Choices to secure the database channel -- Examples of securing the JDBC connection -- Defining a new JDBC provider -- Defining a new Data Source -- Summary.

8. Secure Enterprise Infrastructure Architectures.