WebSphere Application Server for z/OS V5 and J2EE 1.3 Security Handbook
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 14 June 2005, updated 22 June 2005
IBM Form #: SG24-6086-01
Authors: Tamas Vilaghy, Holger Wunderlich, Theo Antoff, Maria Clarke, Jorge Diaz, Ami Ehlenberger, Marcelo Eliseu, Stéphane Faure, Tom Hackett, Andrew J. Hoyt, Patrick Kappeler, Michael Kearney, Sébastien Llaurency, Edward McCarthy, Hong Min, Mark Nelson, Alain Roessle, Karl-Erik Stenfors, Dinkar Tiwari, Jason Williams, Julieta Bianchi, Michael Daubman, Steve Allison, Kevin J. Senior, Theresa Tai and Foulques de Valence
What do you think of when someone mentions z/OS security? Probably of something that is trustworthy, or even impenetrable. Perhaps you also think of something that is a little complex and challenging to administer.
What comes to mind when someone mentions Internet security? Perhaps you think of prominent Web sites that have been maliciously "hacked" or credit card numbers that have been stolen.
Using working examples of code and configuration files, in this IBM Redbooks publication, we explain how you can run your Web-enabled applications with as high a level of security as other z/OS applications and subsystems, even if those applications were written or originally deployed on another platform, by using the Java 2 Platform Enterprise Edition (J2EE) programming model and IBM WebSphere Application Server for z/OS and OS/390.
This book will help architects, application programmers, WebSphere and security administrators, and application and network architects to understand and use these products.
Part 1. Introduction to WebSphere and J2EE security
Chapter 1. WebSphere Application Server V5 security overview
Chapter 2. Security design
Chapter 3. J2EE 1.3 and WebSphere Application Server V5 security concepts
Chapter 4. WebSphere Application Server application security
Chapter 5. WebSphere application migration security aspects
Part 2. SWIPE and our testing infrastructure
Chapter 6. The sandbox infrastructure
Chapter 7. The security investigation application
Chapter 8. The security investigation applications for EIS
Part 3. Cryptography
Chapter 9. Using cryptographic services
Part 4. WebSphere Application Server for z/OS security infrastructure
Chapter 10. WebSphere Application Server runtime security
Chapter 11. Registries
Chapter 12. Local operating system registries
Chapter 13. Remote registries
Chapter 14. IBM Tivoli Access Manager and WebSphere Application Server integration
Chapter 15. WebSphere administration and administrative security
Chapter 16. Web container security
Chapter 17. Security integration with the WebSphere HTTP plug-in
Chapter 18. EJB container security
Chapter 19. WebSphere Application Server logging and auditing
Chapter 20. Web services security
Appendix A. Setup and debugging guides
Appendix B. Additional material