IBM WebSphere Application Server v7.0 Security


IBM WebSphere Application Server v7.0 Security
eBook: $32.99
Formats: PDF, PacktLib, ePub and Mobi formats
$28.04
save 15%!
Print + free eBook + free PacktLib access to the book: $87.98    Print cover: $54.99
$54.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Discover the salient and new security features offered by WebSphere Application Server version 7.0 to create secure installations
  • Explore and learn how to secure Application Servers, Java Applications, and EJB Applications along with setting up user authentication and authorization
  • With the help of extensive hands-on exercises and mini-projects, explore the various aspects needed to produce secure IBM WebSphere Application Server Network Deployment v7.0 infrastructures
  • A practical reference with ready-to-implement best practices and tricks for configuring, hardening, tuning, and troubleshooting secure IBM WebSphere Application Server Network Deployment v7.0 environments

Book Details

Language : English
Paperback : 312 pages [ 235mm x 191mm ]
Release Date : February 2011
ISBN : 1849681481
ISBN 13 : 9781849681483
Author(s) : Omar Siliceo
Topics and Technologies : All Books, Enterprise Products and Platforms, Enterprise, IBM

Table of Contents

Preface
Chapter 1: A Threefold View of WebSphere Application Server Security
Chapter 2: Securing the Administrative Interface
Chapter 3: Configuring User Authentication and Access
Chapter 4: Front-End Communication Security
Chapter 5: Securing Web Applications
Chapter 6: Securing Enterprise Java Beans Applications
Chapter 7: Securing Back-end Communication
Chapter 8: Secure Enterprise Infrastructure Architectures
Chapter 9: WebSphere Default Installation Hardening
Chapter 10: Platform Hardening
Chapter 11: Security Tuning and Troubleshooting
Index
  • Chapter 1: A Threefold View of WebSphere Application Server Security
    • Enterprise Application-server infrastructure architecture view
      • Simple infrastructure architecture characteristics
      • Branded infrastructure elements
      • Generic infrastructure components
      • Using the infrastructure architecture view
    • WebSphere architecture view
      • WebSphere Application Server simplified architecture
      • WebSphere node component
      • WebSphere JVM component
      • Using the WebSphere architecture view
    • WebSphere technology stack view
      • OS platform security
      • Java technology security
      • WebSphere security
      • Using the technology stack view
    • Summary
    • Chapter 2: Securing the Administrative Interface
      • Information needed: Planning for security
        • The LDAP and security table
      • Enabling security
        • Setting the domain name
          • Starting at the console
          • Continuing with the global security page
          • Onto the SSO page
          • Setting the SSO domain name
          • Applying and saving your changes
        • Configuring the user registry
          • Locating the user registry configuration area
          • Registry type selection
          • LDAP—the preferred choice
          • Reviewing the resulting standalone LDAP registry page
          • Defining the WebSphere administrative ID
          • Setting the type of LDAP server
          • Entering the LDAP server parameters
          • Providing the LDAP bind identity parameters
          • Confirming other miscellaneous LDAP server parameters
          • Applying and saving the standalone LDAP configuration
          • Confirming the configuration
        • Enabling the administrative security
          • Locating the administrative security section
          • Performing the administrative security configuration steps
          • Applying and saving your changes
          • Propagating new configuration
          • Logging off from the console
          • Restarting the deployment manager
          • Logging in to the deployment manager console
      • Administrative roles
      • Disabling security
      • Summary
      • Chapter 3: Configuring User Authentication and Access
        • Security domains
          • What is a security domain
          • Scope of security domains
          • Benefits of multiple security domains
          • Limitations of security domains
        • Administrative security domain
          • Configuring security domains based on global security
            • Creating a global security domain clone
            • Creating a security domain using scripting
        • User registry concepts
          • What is a user registry
          • WebSphere use of user repositories
            • Authentication
            • Authorization
        • Supported user registry types
          • Local operating system
          • Standalone LDAP
          • Standalone custom registry
          • Federated repositories
        • Protecting application servers
          • WebSphere environment assumptions
          • Prerequisites
            • Creating an application server
            • Creating a virtual host
            • Creating application JDBC Provider and DataSource
            • Configuring the global security to use the federated user registry
            • Creating a security domain for the application server
          • Configuring user authentication
            • Creating groups
            • Creating users
            • Assigning users to groups
          • Configuring access to resources
          • Testing the secured application server environment
            • Deploying and securing an enterprise application
            • Accessing the secured enterprise application
        • Summary
        • Chapter 4: Front-End Communication Security
          • Front-end enterprise application infrastructure architectures
            • WebSphere horizontal cluster classic architecture
            • WebSphere horizontal cluster using dual-zone architecture
            • WebSphere horizontal cluster using multi-zone architecture
          • SSL configuration and management
            • What is SSL
            • How SSL works
            • Certificates and CAs
          • Securing front-end components communication
            • Securing the IBM HTTP Server
              • Environment assumptions
              • SSL configuration prerequisites
              • Creating the SSL system components
              • Configuring IHS for SSL
          • Summary
          • Chapter 5: Securing Web Applications
            • Securing web applications concepts
              • Developer view of web application security
              • Administrator view of web application security
            • Securing a web application
              • Project objectives
              • Assumptions
              • Prerequisites
              • Enterprise application architecture
                • Application groups
                • Application users
                • Application memberships
                • Dynamic web modules
              • Securing a J2EE web application
                • Creating the enterprise application project
                • Creating the dynamic web application projects
                • Configuring dynamic web applications
                • Configuring enterprise applications
                • Adding content to dynamic web applications
                • Packaging an enterprise application
                • Deploying the enterprise application
                • Testing the enterprise application
            • Summary
            • Chapter 6: Securing Enterprise Java Beans Applications
              • EJB application security concepts
                • Declarative security
                • Programmatic security
              • EJB project design
                • EJB application du jour
                  • Objective–security
                  • Objective–functional
                • Project design–UI aspect
                • Project design–programming component
                • Project design–implementation phase
              • EJB project prerequisites and assumptions
                • Project assumptions
                • Project prerequisites
              • Creating an Enterprise Application Project
                • Creating the project workspace
                • Enterprise application project requirements
                  • EAR version
                  • Target runtime
                • Creating the enterprise application project
                  • Selecting the project EAR version
                  • Creating a target runtime
                  • Creating the deployment descriptor
              • Creating the portal Dynamic Web Project
                • Creating the portal DWP
                  • Defining the DWP context root
                  • Creating the DWP deployment descriptor
                • Configuring the portal DWP deployment descriptor
                  • Defining the welcome pages suite
                  • Adding login information
                  • Securing protected URI patterns and HTTP methods
                  • Defining application roles
                  • Defining the client-server transport type
                  • Mapping module to virtual host
              • Creating content for the portal DWP
                • Location of files within the project
                • Logical file organization
                • Creating the common HTML files
                • Creating the custom HTML files
                • Creating the JSP files
                  • Pagelet selector JSP files
                  • Portal home selector JSP files
                • Creating the Servlet PortalHomeSelectorServlet
                  • Creating a Java package
                  • Creating the Servlet
                • Creating the code for PortalHomeSelectorServlet
                  • Package definition and import statements
                  • Declaration of class constants and variables
                  • HTTP methods
                  • Getting parameters
                  • Communicating with EJB
                  • Forwarding control to another component
              • Creating an EJB project
                • Creating the initial project
                • Creating the Java packages
                • Creating the EJB interfaces
                  • Creating IPortalSelectorSessionBean interface
                  • Creating the local and remote EJB interfaces
                • Creating the EJB
                • Creating the code for PortalSelectorSessionBean
                  • Package definition and import statements
                  • Class definition
                  • Instance variables
                  • Linking to the user context
                  • Programmatic security
                  • Declarative security
              • The grand finale
                • Packaging the enterprise project as an EAR
                • Deploying the EAR
                • Testing the application
              • Summary
              • Chapter 7: Securing Back-end Communication
                • LDAP: Uses of encryption
                  • Securing the LDAP channel
                    • Protocol: LDAP and the Internet Protocol Suite
                    • The importance of securing the LDAP channel
                    • Choices in securing the LDAP channel
                  • Enabling SSL for LDAP
                    • Creating a key ring for storing key stores
                    • Creating a trust db for storing trust stores
                    • Creating a key store for use with LDAP
                    • Creating a trust store to use with LDAP
                    • Creating an SSL configuration for LDAP
                    • Obtaining the LDAP server SSL certificate
                    • Configuring LDAP for SSL
                • JDBC: WebSphere-managed authentication
                  • Protocol(s)
                    • The JDBC API
                    • Connection/Driver Manager and Data Source/JDBC provider
                    • The JDBC Application Layer
                  • Choices to secure the database channel
                  • Examples of securing the JDBC connection
                    • Defining a new JDBC provider
                    • Defining a new Data Source
                • Summary
                • Chapter 8: Secure Enterprise Infrastructure Architectures
                  • The enterprise infrastructure
                    • An Enterprise Application in relation to an Application Server
                    • WAS infrastructure and EA's application server interactions
                  • Securing the enterprise infrastructure using LTPA
                    • Why use the LTPA mechanism
                    • How the LTPA authentication mechanism works
                    • The main use for LTPA in a WebSphere environment
                  • Securely enhancing the user experience with SSO
                    • Required conditions to implement SSO
                    • Implementing SSO in WebSphere
                  • Fine-tuning authorization at the HTTP server level
                    • Why use an external access management solution
                    • How it works
                    • What tool to use
                    • Configuring the HTTP server to use an external access management solution
                  • Fine-tuning authorization at the WAS level
                    • When to use TAI
                    • Configuring SiteMinder ASA for WebSphere (TAI)
                  • Summary
                  • Chapter 9: WebSphere Default Installation Hardening
                    • Engineering the how and where of an installation
                      • Appreciating the importance of location, location, location!
                        • Customizing the executable files location
                        • Customizing the configuration files location
                      • Camouflaging the entrance points
                        • Understanding why it's important
                        • Methodology choices
                        • Identifying what needs to be configured
                        • Getting started
                      • Picking a good attorney
                    • Ensuring good housekeeping of an installation
                      • Keeping your secrets safe
                        • Using key stores and trust stores
                        • Storing passwords in configuration files
                        • Adding passwords to properties files
                    • Summary
                    • Chapter 10: Platform Hardening
                      • Identifying where to focus
                      • Exploring the operating system
                        • Appreciating OS interfaces
                        • Understanding user accounts
                        • Understanding service accounts
                        • Using kernel modules
                      • Creating the file system
                        • Influencing permission and ownership using process execution
                        • Running single execution mode
                          • Using executables
                          • Configuring
                          • Setting ownerships and permissions on log files
                        • Running multiple execution mode
                      • Safeguarding the network system
                        • Establishing network connections
                        • Communicating from process to process
                      • Summary
                      • Chapter 11: Security Tuning and Troubleshooting
                        • Tuning WebSphere security
                          • Tuning general security
                            • Tightening security using the administrative connector
                            • Disabling security attribute propagation
                            • Using unrestricted Java Cryptographic Extensions
                          • Tuning CSIv2 connectivity
                            • Using Active Authentication Protocol: Set it only to CSI
                            • Enforcing client certificates using SSL
                            • Enabling stateful sessions
                          • Tuning user directories and user permissions
                            • Configuring LDAP
                            • Tuning user authentication
                        • Troubleshooting WebSphere security-related issues
                          • Troubleshooting general security configuration exceptions
                            • Identifying problems with the Deployment Manager—node agent communication blues
                          • Troubleshooting runtime security exceptions
                            • Troubleshooting HTTPS communication between WebSphere Plug-in and Application Server
                            • Receiving the message WSVR0009E / ORBX0390E: JVM does not start due to org.omg.CORBA.INTERNAL error
                        • Concluding WebSphere security-related tips
                          • Using a TAI such as SiteMinder: remove existing interceptors
                      • Summary

                        Omar Siliceo

                        Omar Siliceo, a professional Systems Engineer with a Master of Science degree in Electrical Engineering, started his IT career in the year 1991 as a Research Specialist, performing the roles of systems specialist, Internet and Unix systems administrator, and Internet systems consultant, when he was invited to join the Computer Center group at Vanderbilt University. In 1994 he joined the information technology team as a consultant, performing systems integration at the King Faisal Specialist Hospital and Research Centre in Saudi Arabia. After returning to the United States of America in 1997, he launched his IT consulting practice, creating partnerships with companies such as CTG and Ajilon. He spent the period from 1997 to 2002 working with IBM in finding e-commerce solutions for customers such as Macy's, the NBA Store, and Blair; and event cybercast infrastructure administration for customers such as The Wimbledon Championships and The Masters golf tournament. It was during that period that he became exposed to early WebSphere technologies, including but not limited to WebSphere Application Server, WebSphere Commerce Suite, WebSphere Portal, and WebSphere Everyplace Suite. In his last year with IBM he focused on providing design, programming consultation, and problem solving to Fortune 500 software vendors and software integrators who were IBM's business partners. Between the years of 2002 and 2004, he served as a consultant to The World Bank Group and Blue Cross Blue Shield of Florida. His role was the administration of WebSphere environments including some special projects such as the rollout of the latest version of their WebSphere environments. In 2004, he interrupted his consulting practice when he was invited to join the IT engineering team at Cummins, Inc. He served as Senior Web Technologies Engineer and later on as the Web Deployment team manager. As Senior Engineer, he architected the infrastructure environment for WebSphere 5.1, defining standards for platform creation, WAS deployment, and integration with existing enterprise technologies and services. In 2008, he resumed his consulting practice, supporting WebSphere Application Server, WebSphere Portal, and WebSphere Edge Components efforts and initiatives with Bank of America (2008), Blue Cross Blue Shield of Florida (2008 2009), and The World Bank Group, where he is currently Senior WebSphere Suite consultant.
                        Sorry, we don't have any reviews for this title yet.

                        Code Downloads

                        Download the code and support files for this book.


                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        IBM WebSphere Application Server v7.0 Security +    Liferay Portal Enterprise Intranets =
                        50% Off
                        the second eBook
                        Price for both: £30.05

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Create security domains using the wsadmin scripting tool
                        • Get hands-on experience working with a mini-project to protect a Java EE Application Server
                        • Secure your frontend with Secure Socket Layer Protocol and IBM HTTP Server
                        • Get to grips with user authentication and authorization by building a multi-module Enterprise Web Application; packaging, deploying, and testing it
                        • Work around to secure an EJB application by building on the existing mini-project
                        • Configure authentication and resource access (authorization) using user registry groups and application-defined roles
                        • Configure WebSphere Application Server v7.0 for SSO and LTPA and work across remote servers
                        • Explore the powerful concepts of data encryption and SSL certificates practically
                        • Practice platform hardening with respect to the Operating System, File System, and network configuration

                        In Detail

                        In these days of high-profile hacking, server security is no less important than securing your application or network. In addition many companies must comply with government security regulations. No matter how secure your application is, your business is still at risk if your server is vulnerable. Here is how you solve your WebSphere server security worries in the best possible way.

                        This tutorial is focused towards ways in which you can avoid security loop holes. You will learn to solve issues that can cause bother when getting started with securing your IBM WebSphere Application Server v7.0 installation. Moreover, the author has documented details in an easy-to-read format, by providing engaging hands-on exercises and mini-projects.

                        The book starts with an in-depth analysis of the global and administrative security features of WebSphere Application Server v7.0, followed by comprehensive coverage of user registries for user authentication and authorization information. Moving on you will build on the concepts introduced and get hands-on with a mini project. From the next chapter you work with the different front-end architectures of WAS along with the Secure Socket Layer protocol, which offer transport layer security through data encryption.

                        You learn user authentication and data encryption, which demonstrate how a clear text channel can be made safer by using SSL transport to encrypt its data. The book will show you how to enable an enterprise application hosted in a WebSphere Application Server environment to interact with other applications, resources, and services available in a corporate infrastructure. Platform hardening, tuning parameters for tightening security, and troubleshooting are some of the aspects of WebSphere Application Server v7.0 security that are explored in the book. Every chapter builds strong security foundations, by demonstrating concepts and practicing them through the use of dynamic, web-based mini-projects.

                        A practical approach to implementing secure Java EE Server infrastructures using WebSphere

                        Approach

                        With this book you will explore WebSphere Application Server security concepts, which you can expand upon while working on mini-projects. With the author's style of writing you will gain the knowledge and confidence needed to implement WebSphere Application Servers securely. Right from the basics of securing your WebSphere Application Server to advanced security features, the author utilizes exercises, screenshots, and clear instructions.

                        Who this book is for

                        If you are a system administrator or an IT professional who wants to learn about the security side of the IBM WebSphere Application Server v7.0, this book will walk you through the key aspects of security and show you how to implement them. You do not need any previous experience in WebSphere Application Server, but some understanding of Java EE technologies will be helpful. In addition, Java EE application developers and architects who want to understand how the security of a WebSphere environment affects Java EE enterprise applications will find this book useful.

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Resources
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software