WebSphere application server for z/OS V5 and J2EE 1.3 security handbook
What do you think of when someone mentions z/OS security? Probably of something that is trustworthy, or even impenetrable. Perhaps you also think of something that is a little complex and challenging to administer. What comes to mind when someone mentions Internet security? Perhaps you think of prom...
| Autor principal: | |
|---|---|
| Autor Corporativo: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Poughkeepsie, N.Y. :
IBM Corp., International Technical Support Organization
c2005.
|
| Edición: | 2nd ed |
| Colección: | IBM redbooks.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009626903206719 |
Tabla de Contenidos:
- Front cover
- Contents
- Notices
- Trademarks
- Preface
- The team that wrote this redbook
- Become a published author
- Who should read this book
- Comments welcome
- Summary of changes
- New and revised cryptographic information
- Securing the file system
- Security domains
- Java 2 security
- Enhanced support for Tivoli Access Manager
- Other enhancements
- Information removed or relocated
- Part 1 Introduction to WebSphere and J2EE security
- Chapter 1. WebSphere Application Server V5 security overview
- 1.1 WebSphere Application Server for z/OS Version 5 infrastructure overview and terminology
- 1.2 WebSphere Application Server V5 security features
- 1.3 J2EE 1.3 compliance features
- 1.4 WebSphere Network Deployment family compliance features at interface layer
- 1.5 Support of WebSphere family security configurations
- 1.6 J2EE 1.3-compliant security enhancements
- 1.6.1 Java 2 security
- 1.6.2 J2EE role-based authorization enhancements
- 1.6.3 WebSphere Application Server V5 and JAAS
- 1.6.4 Java 2 security, J2EE security, and JAAS feature comparison
- 1.6.5 z/OS Java security components
- 1.6.6 JSSE security
- 1.6.7 CSIv2 security protocol
- 1.6.8 Pluggable authentication security
- 1.6.9 Security configuration in z/OS and OS/390
- 1.6.10 Enabling global security
- 1.7 Comparisons between WebSphere Application Server for z/OS and OS/390 V4.0.1 and V5
- 1.8 Key differences between WebSphere Application Server for z/OS and distributed platforms
- 1.8.1 Two types of SSL on z/OS
- 1.8.2 "Deprecated" V4 Advanced interfaces
- 1.8.3 z/OS security properties
- 1.9 Summary
- Chapter 2. Security design
- 2.1 Overview of security challenges
- 2.1.1 Assessing and managing security risks
- 2.1.2 Evolving with emerging technologies and trends
- 2.2 Finding the right level of security for your enterprise.
- 2.2.1 Evaluate security elements in each layer
- 2.2.2 Ask the key questions
- 2.3 Making some key decisions
- 2.3.1 Intranet or Internet?
- 2.3.2 Where will authentication take place?
- 2.3.3 How will authorization to resources be determined?
- 2.3.4 What other resources need to be accessed?
- 2.4 Finding the right balance for your application
- 2.4.1 Container-managed security
- 2.4.2 Application-managed security
- 2.5 Topological view of security
- 2.5.1 Base topological view
- 2.5.2 Encryption
- 2.5.3 User registries and authorization databases
- 2.5.4 Identity flow
- 2.6 Summary
- Chapter 3. J2EE 1.3 and WebSphere Application Server V5 security concepts
- 3.1 Overview
- 3.1.1 Security server topology
- 3.1.2 Terminology used for J2EE security
- 3.1.3 User registries
- 3.1.4 Global security
- 3.2 J2EE container-based security
- 3.2.1 Role-based authorization
- 3.2.2 Web container authentication and authorization
- 3.2.3 EJB container authentication and authorization
- 3.2.4 RunAs versus run-as: Identity propagation
- 3.3 Resource authentication
- 3.4 Security interoperability using IIOP
- 3.5 Additional security capabilities
- 3.5.1 Authentication mechanism and single sign-on (SSO)
- 3.5.2 Java 2 security
- 3.5.3 Java Authentication and Authorization Service (JAAS)
- 3.5.4 Additional programmatic login/logout capabilities
- 3.5.5 Cryptographic application and data security
- Chapter 4. WebSphere Application Server application security
- 4.1 Programmatic security
- 4.1.1 J2EE APIs
- 4.1.2 Programmatic authentication to resources
- 4.2 JAAS for application security
- 4.2.1 JAAS login verification using SWIPE
- 4.2.2 Your own JAAS application login configuration
- Chapter 5. WebSphere application migration security aspects
- 5.1 Application migration security aspect checklist.
- 5.2 Application migration strategies
- 5.3 Migrating IBM HTTP Server thread level-based security
- 5.3.1 Affected environments
- 5.3.2 What is causing this problem?
- 5.3.3 How can you make it work again?
- 5.4 Migrating WebSphere Application Server thread level-based security
- 5.5 Security aspects when migrating Common Connector Framework (CCF) connectors
- 5.5.1 Affected environments
- 5.5.2 What is causing this problem?
- 5.5.3 How can you make it work again?
- 5.6 Security aspects when migrating J2CA connectors
- 5.6.1 Affected environments
- 5.6.2 What is causing this problem?
- 5.6.3 How can you make it work again?
- 5.7 Migrating SOMDOBJS to EJBROLE
- 5.7.1 Using SOMDOBJS with WebSphere simple configuration option
- 5.7.2 Migrating from SOMDOBJS to the Web container and the EJBROLE profiles
- Part 2 SWIPE and our testing infrastructure
- Chapter 6. The sandbox infrastructure
- 6.1 Physical integration into the network infrastructure
- 6.2 System setup and service levels
- 6.2.1 Operating system and program products
- 6.2.2 Distributed environments
- 6.2.3 Development environment
- 6.3 Naming conventions
- 6.3.1 WebSphere cells
- 6.3.2 Naming convention variables
- 6.3.3 Data sets and files
- 6.3.4 Component trace procedure names
- 6.3.5 Configuration objects
- 6.3.6 Development base servers started tasks and user IDs
- 6.3.7 Deployment manager started tasks and user IDs
- 6.3.8 Node agent started tasks and user IDs
- 6.3.9 Managed servers started tasks and user IDs
- 6.3.10 TCP/IP ports
- 6.3.11 Common information
- 6.3.12 Starting servers
- Chapter 7. The security investigation application
- 7.1 The SWIPE application
- 7.1.1 SWIPE application structure
- 7.1.2 SWIPE application architecture and description
- 7.2 SWIPE authentication features
- 7.3 Authorization features.
- 7.3.1 Web container authentication and authorization
- 7.3.2 EJB container authorization: EJBRoles
- 7.3.3 EJB container: Declarative security
- 7.3.4 EJB container: Programmatic security
- 7.3.5 EJB: RunAs concept
- 7.3.6 Servlet run-as example
- 7.3.7 The "Sync to OS Thread" concept
- 7.4 The downloadable SWIPE package
- 7.5 Deploying SWIPE
- 7.5.1 SWIPE: JVM property for location discovery
- 7.5.2 SWIPE and Java 2 security
- 7.5.3 Setting the IBMEBizEnv environment variable
- 7.6 SWIPE: Running EJBCaller
- 7.6.1 SWIPE: EJBCaller - Input Part A
- 7.6.2 SWIPE: EJBCaller - Input Part B
- 7.6.3 SWIPE: EJBCaller - Input Part C, JAAS
- 7.6.4 SWIPE: RunAsServlet
- 7.6.5 SWIPE: index.html
- 7.6.6 Remote JNDI example
- 7.7 RACF definitions
- 7.7.1 Overview
- 7.7.2 Define user IDs
- 7.7.3 Define a group
- 7.7.4 Define EJBRoles
- 7.7.5 Define GEJBROLE
- 7.7.6 Permit access
- 7.7.7 Verify security using SWIPE
- Chapter 8. The security investigation applications for EIS
- 8.1 The SWIPE application for CICS, IMS, and DB2
- 8.1.1 How SWIPE for EIS works
- 8.1.2 SWIPE EIS application structure
- 8.1.3 Define security roles for SWIPE/EIS
- 8.1.4 Prepare WebSphere security to run the samples
- 8.1.5 Plan resource reference to connection factory bindings
- 8.2 Define J2CA connection factories and data sources
- 8.2.1 Suggested scenarios for security verification
- 8.2.2 Set up JAAS authentication aliases
- 8.2.3 Set up connection factories and data sources for SWIPE/EIS
- 8.3 Install SWIPE for CICS, IMS, and DB2
- 8.4 Install the CICS components of SWIPECICS
- 8.5 Start SWIPE for CICS, IMS, and DB2
- 8.6 Run SWIPE for CICS, IMS, and DB2
- 8.7 Debug SWIPE for CICS, IMS, and DB2
- 8.8 The SWIPE application for JMS
- 8.8.1 Invoke the JMS sample
- 8.8.2 SWIPE application for JMS contents
- 8.8.3 Security roles in the samples.
- 8.8.4 WebSphere MQ
- 8.8.5 Prepare WebSphere security to run the samples
- 8.8.6 WebSphere MQ: Queue definitions
- 8.8.7 WebSphere MQ: RACF resource profiles
- 8.8.8 J2C authentication data entries
- 8.8.9 JMS queue connection factory definitions
- 8.8.10 Queue destination definitions
- 8.8.11 SWIPE JMS: Logical resources
- 8.8.12 Install the SWIPE JMS application
- 8.8.13 Run the SWIPE JMS application
- 8.8.14 RACF messages
- 8.8.15 Check the user ID that flows to WebSphere MQ
- Part 3 Cryptography
- Chapter 9. Using cryptographic services
- 9.1 Cryptographic support
- 9.2 How WebSphere fits in z/OS and zSeries cryptographic infrastructure
- 9.2.1 Supported J2EE APIs
- 9.2.2 SSL overview
- 9.3 Hardware cryptography support for zSeries 2084 or 2086 engines
- 9.4 Activation of hardware cryptography support for zSeries 2084, 2086, 9672, 2064, 2066, or 7060 engines
- 9.4.1 Verify that your processor has Cryptographic Coprocessor
- 9.4.2 Obtain the correct configuration enablement diskette or diskettes for your processor
- 9.4.3 Load the configuration enablement diskette(s)
- 9.4.4 Assign Cryptographic Coprocessors to LPARs
- 9.4.5 Additional instruction for assigning the PCI crypto features to LPARs with a 2084 or 2086 engine
- 9.4.6 Install and initialize Integrated Cryptographic Service Facility
- 9.4.7 Initialize the CKDS and PKDS and load your master key
- 9.5 Configure WebSphere to use hardware cryptographic services
- 9.5.1 Configure WebSphere to use hardware cryptography for SSL
- 9.5.2 Configure WebSphere to use hardware cryptography in support of the ICSF authentication mechanism
- 9.6 Securing and maintaining cryptography
- 9.6.1 RACF protection for ICSF
- 9.6.2 RACF setup to secure OCSF and OCEP
- 9.7 Create RACF keyrings and certificates
- 9.8 Set up Secure Sockets Layer (SSL) for WebSphere for z/OS.
- 9.8.1 Certificates in WebSphere and RACF.
