22-12-2012, 06:51 PM
WebSphere security
WebSphere.ppt (Size: 4.26 MB / Downloads: 40)
WebSphere security service - Big picture
● Security service runs locally in each process (Deployment Manager, Node Agent, and Application Server)
- Security service failure only affects a single process
● Separation of authentication mechanism and user registry
- Only one authentication mechanism and registry can be enabled at a time
J2EE security roles: Application authorization
●Authorization is performed using the J2EE
●Security roles are then applied to the Web and EJB application components
●Binding of the users and groups to the J2EE security roles is usually done at the
How does SSL work?
●SSL uses a combination of asymmetric and symmetric encryption to create a session between the client and server.
• Asymmetric encryption is slow but does not require a shared secret
• Symmetric encryption is fast but requires a shared secret