Skip to main content

IBM WebSphere Application Server V6.1 Security Handbook

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 28 December 2006, updated 15 June 2009

  1. .PDF (9.2 MB)

Share this page:   

ISBN-10: 0738496707
ISBN-13: 9780738496702
IBM Form #: SG24-6316-01

Authors: Rufus Credle, Tony Chen, Asish Kumar, James Walton and Paul Winters

    menu icon


    This IBM® Redbooks® publication is part of the IBM WebSphere® V6.1 series. It focuses on security and related topics, as well as provides technical details for designing and implementing secure solutions with WebSphere. Designed for IT architects, IT specialists, application designers, application developers, application assemblers, application deployers, and consultants, this book provides information about designing, developing, and deploying secure e-business applications using IBM WebSphere Application Server V6.1. It discusses theory and presents proven exercises performed in our lab by using sample applications.

    Part 1 discusses security for the application server and its components, including enterprise applications. It focuses on administrative security and application security, which were previously known as global security. It includes essential information about how to secure Web and Enterprise JavaBeans™ (EJB™) applications and how to develop a Java™ client using security.

    Part 2 introduces additional components from the enterprise environment and discusses security beyond the application server. External components include third-party security servers, messaging clients and servers, and database servers.

    Part 3 provides a short introduction to development environment security. It includes guidelines and best practices that are applicable to a secure development environment.

    Table of Contents

    Part 1. Application server security

    Chapter 1. Introduction to this book

    Chapter 2. Configuring the user registry

    Chapter 3. Administrative security

    Chapter 4. SSL administration and configuration management

    Chapter 5. JAAS for authentication in WebSphere Application Server

    Chapter 6. Application security

    Chapter 7. Securing a Web application

    Chapter 8. Securing an EJB application

    Chapter 9. Client security

    Chapter 10. Securing the service integration bus

    Part 2. Extending security beyond the application server

    Chapter 11. Security attribute propagation

    Chapter 12. Securing a WebSphere application using Tivoli Access Manager

    Chapter 13. Trust Association Interceptors and third-party software integration

    Chapter 14. Externalizing authorization with JACC

    Chapter 15. Web services security

    Chapter 16. Securing access to WebSphere MQ

    Chapter 17. J2EE Connector security

    Chapter 18. Securing the database connection

    Part 3. Development environment

    Chapter 19. Development environment security

    Appendix A. Additional configurations

    Appendix B. Additional material


    Others who read this also read