About the Book
For IBM WebSphere users, this is the complete guide to securing your applications with Java EE and JAAS security standards. From a far-ranging overview to the fundamentals of data encryption, all the essentials are here.
Key Features
Discover the salient and new security features offered by WebSphere Application Server version 7.0 to create secure installations
Explore and learn how to secure Application Servers, Java Applications, and EJB Applications along with setting up user authentication and authorization
With the help of extensive hands-on exercises and mini-projects, explore the various aspects needed to produce secure IBM WebSphere Application Server Network Deployment v7.0 infrastructures
A practical reference with ready-to-implement best practices and tricks for configuring, hardening, tuning, and troubleshooting secure IBM WebSphere Application Server Network Deployment v7.0 environments
Book DescriptionIn these days of high-profile hacking, server security is no less important than securing your application or network. In addition many companies must comply with government security regulations. No matter how secure your application is, your business is still at risk if your server is vulnerable. Here is how you solve your WebSphere server security worries in the best possible way.
This tutorial is focused towards ways in which you can avoid security loop holes. You will learn to solve issues that can cause bother when getting started with securing your IBM WebSphere Application Server v7.0 installation. Moreover, the author has documented details in an easy-to-read format, by providing engaging hands-on exercises and mini-projects.
The book starts with an in-depth analysis of the global and administrative security features of WebSphere Application Server v7.0, followed by comprehensive coverage of user registries for user authentication and authorization information. Moving on you will build on the concepts introduced and get hands-on with a mini project. From the next chapter you work with the different front-end architectures of WAS along with the Secure Socket Layer protocol, which offer transport layer security through data encryption.
You learn user authentication and data encryption, which demonstrate how a clear text channel can be made safer by using SSL transport to encrypt its data. The book will show you how to enable an enterprise application hosted in a WebSphere Application Server environment to interact with other applications, resources, and services available in a corporate infrastructure. Platform hardening, tuning parameters for tightening security, and troubleshooting are some of the aspects of WebSphere Application Server v7.0 security that are explored in the book. Every chapter builds strong security foundations, by demonstrating concepts and practicing them through the use of dynamic, web-based mini-projects.What you will learn
Create security domains using the wsadmin scripting tool
Get hands-on experience working with a mini-project to protect a Java EE Application Server
Secure your frontend with Secure Socket Layer Protocol and IBM HTTP Server
Get to grips with user authentication and authorization by building a multi-module Enterprise Web Application; packaging, deploying, and testing it
Work around to secure an EJB application by building on the existing mini-project
Configure authentication and resource access (authorization) using user registry groups and application-defined roles
Configure WebSphere Application Server v7.0 for SSO and LTPA and work across remote servers
Explore the powerful concepts of data encryption and SSL certificates practically
Practice platform hardening with respect to the Operating System, File System, and network configuration
Who this book is forIf you are a system administrator or an IT professional who wants to learn about the security side of the IBM WebSphere Application Server v7.0, this book will walk you through the key aspects of security and show you how to implement them. You do not need any previous experience in WebSphere Application Server, but some understanding of Java EE technologies will be helpful. In addition, Java EE application developers and architects who want to understand how the security of a WebSphere environment affects Java EE enterprise applications will find this book useful.
Table of Contents:
Table of Contents
About the Author :
Omar Siliceo, a professional Systems Engineer with a Master of Science degree in Electrical Engineering, started his IT career in the year 1991 as a Research Specialist, performing the roles of systems specialist, Internet and Unix systems administrator, and Internet systems consultant, when he was invited to join the Computer Center group at Vanderbilt University. In 1994 he joined the information technology team as a consultant, performing systems integration at the King Faisal Specialist Hospital and Research Centre in Saudi Arabia. After returning to the United States of America in 1997, he launched his IT consulting practice, creating partnerships with companies such as CTG and Ajilon. He spent the period from 1997 to 2002 working with IBM in finding e-commerce solutions for customers such as Macy's, the NBA Store, and Blair; and event cybercast infrastructure administration for customers such as The Wimbledon Championships and The Masters golf tournament. It was during that period that he became exposed to early WebSphere technologies, including but not limited to WebSphere Application Server, WebSphere Commerce Suite, WebSphere Portal, and WebSphere Everyplace Suite. In his last year with IBM he focused on providing design, programming consultation, and problem solving to Fortune 500 software vendors and software integrators who were IBM's business partners. Between the years of 2002 and 2004, he served as a consultant to The World Bank Group and Blue Cross Blue Shield of Florida. His role was the administration of WebSphere environments including some special projects such as the rollout of the latest version of their WebSphere environments. In 2004, he interrupted his consulting practice when he was invited to join the IT engineering team at Cummins, Inc. He served as Senior Web Technologies Engineer and later on as the Web Deployment team manager. As Senior Engineer, he architected the infrastructure environment for WebSphere 5.1, defining standards for platform creation, WAS deployment, and integration with existing enterprise technologies and services. In 2008, he resumed his consulting practice, supporting WebSphere Application Server, WebSphere Portal, and WebSphere Edge Components efforts and initiatives with Bank of America (2008), Blue Cross Blue Shield of Florida (2008 2009), and The World Bank Group, where he is currently Senior WebSphere Suite consultant.
