IBM WebSphere Application Server V6.1 Security Handbook

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

Published 28 December 2006, updated 15 June 2009

cover image

ISBN-10: 0738496707
ISBN-13: 9780738496702
IBM Form #: SG24-6316-01
(588 pages)

More options

Rate and comment

Authors: Rufus Credle, Tony Chen, Asish Kumar, James Walton, Paul Winters


This IBM® Redbooks® publication is part of the IBM WebSphere® V6.1 series. It focuses on security and related topics, as well as provides technical details for designing and implementing secure solutions with WebSphere. Designed for IT architects, IT specialists, application designers, application developers, application assemblers, application deployers, and consultants, this book provides information about designing, developing, and deploying secure e-business applications using IBM WebSphere Application Server V6.1. It discusses theory and presents proven exercises performed in our lab by using sample applications.

Part 1 discusses security for the application server and its components, including enterprise applications. It focuses on administrative security and application security, which were previously known as global security. It includes essential information about how to secure Web and Enterprise JavaBeans™ (EJB™) applications and how to develop a Java™ client using security.

Part 2 introduces additional components from the enterprise environment and discusses security beyond the application server. External components include third-party security servers, messaging clients and servers, and database servers.

Part 3 provides a short introduction to development environment security. It includes guidelines and best practices that are applicable to a secure development environment.

Table of contents

Part 1. Application server security
Chapter 1. Introduction to this book
Chapter 2. Configuring the user registry
Chapter 3. Administrative security
Chapter 4. SSL administration and configuration management
Chapter 5. JAAS for authentication in WebSphere Application Server
Chapter 6. Application security
Chapter 7. Securing a Web application
Chapter 8. Securing an EJB application
Chapter 9. Client security
Chapter 10. Securing the service integration bus

Part 2. Extending security beyond the application server
Chapter 11. Security attribute propagation
Chapter 12. Securing a WebSphere application using Tivoli Access Manager
Chapter 13. Trust Association Interceptors and third-party software integration
Chapter 14. Externalizing authorization with JACC
Chapter 15. Web services security
Chapter 16. Securing access to WebSphere MQ
Chapter 17. J2EE Connector security
Chapter 18. Securing the database connection

Part 3. Development environment
Chapter 19. Development environment security
Appendix A. Additional configurations
Appendix B. Additional material

Others who read this publication also read

Follow IBM Redbooks

Follow IBM Redbooks