z/OS WebSphere and J2EE Security Handbook

An IBM Redbooks publication


What do you think of when someone mentions z/OS security? Probably of something that is trustworthy, or even impenetrable. Perhaps you also think of something that is a little complex and challenging to administer.
What comes to mind when someone mentions Internet security? Perhaps you think of prominent Web sites that have been "hacked" or credit card numbers that have been stolen.
Using working examples of code and configuration files, in this IBM Redbooks publication we explain how you can run your Web-enabled applications with as high a level of security as other z/OS applications and subsystems--even if those applications were written or originally deployed on another platform--by using the Java TM 2 Platform Enterprise Edition (J2EE) programming model and the IBM WebSphere Application Server for z/OS and OS/390.
This book will help application programmers, WebSphere and security administrators, and application and network architects to understand and use these products.
This is the second edition of this book and covers in addition HTTP Plug-in security, mutual SSL authentication with the Transport Handler and Form-based authentication enhancements.

Table of contents

Chapter 1. Security design
Chapter 2. The security investigation application
Chapter 3. The sandbox infrastructure
Chapter 4. Introduction to J2EE and WebSphere Application Server for z/OS and OS/390 runtime concepts
Chapter 5. Introduction to J2EE security concepts
Chapter 6. WebSphere and J2EE security
Chapter 7. Beginner's guide to z/OS security
Chapter 8. z/OS security - advanced topics
Chapter 9. Integration of WebSphere into z/OS security mechanisms
Chapter 10. Securing WebSphere using RACF
Chapter 11. Securing WebSphere using eTrust CA-ACF2
Chapter 12. Securing WebSphere using eTrust CA-Top Secret Security for z/OS and OS/390
Chapter 13. Introduction to authentication and authorization
Chapter 14. Authentication - details
Chapter 15. Authentication flow
Chapter 16. Authorization - details
Chapter 17. Cross-platform security
Chapter 18. Security for Enterprise Integration Systems
Chapter 19. Dials and knobs for setting security
Chapter 20. Setting up the security investigation application
Chapter 21. Jump start - a security bootstrap
Chapter 22. Hands-on cross-platform authentication 1
Chapter 23. Hands-on cross-platform authentication 2
Chapter 24. Hands-on cross-platform authentication: IIOP
Chapter 25. Authentication test cases
Chapter 26. Hands-on Authorization
Chapter 27. Hands-on EIS 1
Chapter 28. Hands-on EIS 2
Chapter 29. Hands-on EIS 3
Appendix A. Debugging, logging, and auditing

Contact IBM


Publish Date
29 July 2003

Last Update
05 August 2003

(based on 3 reviews)




IBM Form Number

Number of pages