Setting up, enabling and migrating security

You must address several issues prior to authenticating users, authorizing access to resources, securing applications, and securing communications. These security issues include migration, interoperability, and installation.

About this task

After installing WebSphere® Application Server, you can determine the proper level of security that is needed for your environment. By default, administrative security is enabled and provides the authentication of users using the WebSphere administration functions, the use of Secure Sockets Layer (SSL), and the choice of user account repository.

You can also use the following permissions to enhance security:
  • Use the getSSLConfig permission to give your application code the ability to call several of the JSSEHelper methods. For more information about these methods, see the description of the com.ibm.websphere.ssl.JSSEHelper API in the Programming interfaces section of the documentation.
  • Use the AdminPermission permission to give your application code the ability to call WebSphere Application Server administrative APIs. See the topic Setting Java 2 security permissions for an example of how to set this permission.
  • Use the accessRuntimeClasses permission to give your application code the ability to load classes that are included with the product. If you are operating in an environment that normally restricts access to these classes, this permission enables your application code to bypass this restriction during class loading. See the topic Global security settings for a description of how to set this permission.

The following information is covered in this section:

Procedure

What to do next

After installing WebSphere Application Server and securing your environment, you must authenticate users. For more information, see Authenticating users.