IBM WebSphere Application Server v7.0 Security. For IBM WebSphere users, this is the complete guide to securing your applications with Java EE and JAAS security standards. From a far-ranging overview to the fundamentals of data encryption, all the essentials are here

Spis treści książki

• IBM WebSphere Application Server v7.0 Security
  • Table of Contents
  • IBM WebSphere Application Server v7.0 Security
  • Credits
  • About the Author
  • About the Reviewers
  • www.PacktPub.com
    • Support files, eBooks, discount offers and more
      • Why Subscribe?
      • Free Access for Packt account holders
      • Instant Updates on New Packt Books
  • Preface
    • What this book covers
    • What you need for this book
    • Who this book is for
    • Conventions
    • Reader feedback
    • Customer support
      • Errata
      • Piracy
      • Questions
  • 1. A Threefold View of WebSphere Application Server Security
    • Enterprise Application-server infrastructure architecture view
      • Simple infrastructure architecture characteristics
      • Branded infrastructure elements
      • Generic infrastructure components
      • Using the infrastructure architecture view
    • WebSphere architecture view
      • WebSphere Application Server simplified architecture
      • WebSphere node component
      • WebSphere JVM component
      • Using the WebSphere architecture view
    • WebSphere technology stack view
      • OS platform security
      • Java technology security
      • WebSphere security
      • Using the technology stack view
    • Summary
  • 2. Securing the Administrative Interface
    • Information needed: Planning for security
      • The LDAP and security table
    • Enabling security
      • Setting the domain name
        • Starting at the console
        • Continuing with the global security page
        • Onto the SSO page
        • Setting the SSO domain name
        • Applying and saving your changes
      • Configuring the user registry
        • Locating the user registry configuration area
        • Registry type selection
          • Federated repository
          • Local operating system
          • LDAP
          • Standalone custom registry
        • LDAPthe preferred choice
        • Reviewing the resulting standalone LDAP registry page
        • Defining the WebSphere administrative ID
        • Setting the type of LDAP server
        • Entering the LDAP server parameters
        • Providing the LDAP bind identity parameters
        • Confirming other miscellaneous LDAP server parameters
        • Applying and saving the standalone LDAP configuration
        • Confirming the configuration
      • Enabling the administrative security
        • Locating the administrative security section
        • Performing the administrative security configuration steps
        • Applying and saving your changes
        • Propagating new configuration
        • Logging off from the console
        • Restarting the deployment manager
        • Logging in to the deployment manager console
    • Administrative roles
    • Disabling security
    • Summary
  • 3. Configuring User Authentication and Access
    • Security domains
      • What is a security domain
      • Scope of security domains
      • Benefits of multiple security domains
      • Limitations of security domains
    • Administrative security domain
      • Configuring security domains based on global security
        • Creating a global security domain clone
        • Creating a security domain using scripting
    • User registry concepts
      • What is a user registry
      • WebSphere use of user repositories
        • Authentication
        • Authorization
    • Supported user registry types
      • Local operating system
      • Standalone LDAP
      • Standalone custom registry
      • Federated repositories
    • Protecting application servers
      • WebSphere environment assumptions
      • Prerequisites
        • Creating an application server
        • Creating a virtual host
        • Creating application JDBC Provider and DataSource
        • Configuring the global security to use the federated user registry
        • Creating a security domain for the application server
      • Configuring user authentication
        • Creating groups
        • Creating users
        • Assigning users to groups
      • Configuring access to resources
      • Testing the secured application server environment
        • Deploying and securing an enterprise application
        • Accessing the secured enterprise application
    • Summary
  • 4. Front-End Communication Security
    • Front-end enterprise application infrastructure architectures
      • WebSphere horizontal cluster classic architecture
      • WebSphere horizontal cluster using dual-zone architecture
      • WebSphere horizontal cluster using multi-zone architecture
    • SSL configuration and management
      • What is SSL
      • How SSL works
      • Certificates and CAs
    • Securing front-end components communication
      • Securing the IBM HTTP Server
        • Environment assumptions
        • SSL configuration prerequisites
          • Add SSL ports to WebSphere employees_vh virtual server
        • Creating the SSL system components
          • Create the IHS SSL keystore
          • List built-in CA certificates included in keystore
          • Create self-signed certificate
          • Confirm the creation of self-signed certificate
        • Configuring IHS for SSL
          • Modifications to httpd.conf
          • Extract the WebSphere CA certificate
          • Add WAS self-signed certificate to the plug-in
          • Validation of the SSL configuration
    • Summary
  • 5. Securing Web Applications
    • Securing web applications concepts
      • Developer view of web application security
      • Administrator view of web application security
    • Securing a web application
      • Project objectives
      • Assumptions
      • Prerequisites
      • Enterprise application architecture
        • Application groups
        • Application users
        • Application memberships
          • ACLs based on user registry groups
          • ACLs based on application roles
        • Dynamic web modules
      • Securing a J2EE web application
        • Creating the enterprise application project
        • Creating the dynamic web application projects
        • Configuring dynamic web applications
          • Defining welcome files
          • Adding log in information
          • Defining protected URI patterns and methods
          • Creating application roles
          • Assigning the application role
          • Defining client-server transport type
          • Mapping web modules to employees_vh
        • Configuring enterprise applications
          • Defining roles
          • Mapping groups to roles
        • Adding content to dynamic web applications
          • Adding web files
          • Adding Java components
          • Completing the Java code
            • Analysis of the initial servlet code
            • Completing the servlet code
        • Packaging an enterprise application
        • Deploying the enterprise application
        • Testing the enterprise application
    • Summary
  • 6. Securing Enterprise Java Beans Applications
    • EJB application security concepts
      • Declarative security
      • Programmatic security
    • EJB project design
      • EJB application du jour
        • Objectivesecurity
        • Objectivefunctional
      • Project designUI aspect
      • Project designprogramming component
      • Project designimplementation phase
    • EJB project prerequisites and assumptions
      • Project assumptions
      • Project prerequisites
    • Creating an Enterprise Application Project
      • Creating the project workspace
      • Enterprise application project requirements
        • EAR version
        • Target runtime
      • Creating the enterprise application project
        • Selecting the project EAR version
        • Creating a target runtime
        • Creating the deployment descriptor
    • Creating the portal Dynamic Web Project
      • Creating the portal DWP
        • Defining the DWP context root
        • Creating the DWP deployment descriptor
      • Configuring the portal DWP deployment descriptor
        • Defining the welcome pages suite
        • Adding login information
        • Securing protected URI patterns and HTTP methods
          • Defining security constraints
          • Defining resource collections
        • Defining application roles
        • Defining the client-server transport type
        • Mapping module to virtual host
    • Creating content for the portal DWP
      • Location of files within the project
      • Logical file organization
      • Creating the common HTML files
      • Creating the custom HTML files
      • Creating the JSP files
        • Pagelet selector JSP files
        • Portal home selector JSP files
      • Creating the Servlet PortalHomeSelectorServlet
        • Creating a Java package
        • Creating the Servlet
      • Creating the code for PortalHomeSelectorServlet
        • Package definition and import statements
        • Declaration of class constants and variables
        • HTTP methods
        • Getting parameters
        • Communicating with EJB
        • Forwarding control to another component
    • Creating an EJB project
      • Creating the initial project
      • Creating the Java packages
      • Creating the EJB interfaces
        • Creating IPortalSelectorSessionBean interface
        • Creating the local and remote EJB interfaces
      • Creating the EJB
      • Creating the code for PortalSelectorSessionBean
        • Package definition and import statements
        • Class definition
        • Instance variables
        • Linking to the user context
        • Programmatic security
        • Declarative security
    • The grand finale
      • Packaging the enterprise project as an EAR
      • Deploying the EAR
      • Testing the application
    • Summary
  • 7. Securing Back-end Communication
    • LDAP: Uses of encryption
      • Securing the LDAP channel
        • Protocol: LDAP and the Internet Protocol Suite
        • The importance of securing the LDAP channel
        • Choices in securing the LDAP channel
      • Enabling SSL for LDAP
        • Creating a key ring for storing key stores
          • JCE Policy files
        • Creating a trust db for storing trust stores
        • Creating a key store for use with LDAP
        • Creating a trust store to use with LDAP
        • Creating an SSL configuration for LDAP
        • Obtaining the LDAP server SSL certificate
        • Configuring LDAP for SSL
    • JDBC: WebSphere-managed authentication
      • Protocol(s)
        • The JDBC API
        • Connection/Driver Manager and Data Source/JDBC provider
        • The JDBC Application Layer
      • Choices to secure the database channel
      • Examples of securing the JDBC connection
        • Defining a new JDBC provider
        • Defining a new Data Source
    • Summary
  • 8. Secure Enterprise Infrastructure Architectures
    • The enterprise infrastructure
      • An Enterprise Application in relation to an Application Server
      • WAS infrastructure and EAs application server interactions
    • Securing the enterprise infrastructure using LTPA
      • Why use the LTPA mechanism
      • How the LTPA authentication mechanism works
      • The main use for LTPA in a WebSphere environment
    • Securely enhancing the user experience with SSO
      • Required conditions to implement SSO
      • Implementing SSO in WebSphere
    • Fine-tuning authorization at the HTTP server level
      • Why use an external access management solution
      • How it works
      • What tool to use
      • Configuring the HTTP server to use an external access management solution
    • Fine-tuning authorization at the WAS level
      • When to use TAI
      • Configuring SiteMinder ASA for WebSphere (TAI)
    • Summary
  • 9. WebSphere Default Installation Hardening
    • Engineering the how and where of an installation
      • Appreciating the importance of location, location, location!
        • Customizing the executable files location
        • Customizing the configuration files location
          • Customizing the log files location
      • Camouflaging the entrance points
        • Understanding why it's important
        • Methodology choices
        • Identifying what needs to be configured
        • Getting started
      • Picking a good attorney
    • Ensuring good housekeeping of an installation
      • Keeping your secrets safe
        • Using key stores and trust stores
        • Storing passwords in configuration files
        • Adding passwords to properties files
          • Manually adding a password - a bonus tip
    • Summary
  • 10. Platform Hardening
    • Identifying where to focus
    • Exploring the operating system
      • Appreciating OS interfaces
      • Understanding user accounts
      • Understanding service accounts
      • Using kernel modules
    • Creating the file system
      • Influencing permission and ownership using process execution
      • Running single execution mode
        • Using executables
        • Configuring
        • Setting ownerships and permissions on log files
      • Running multiple execution mode
    • Safeguarding the network system
      • Establishing network connections
      • Communicating from process to process
    • Summary
  • 11. Security Tuning and Troubleshooting
    • Tuning WebSphere security
      • Tuning general security
        • Tightening security using the administrative connector
        • Disabling security attribute propagation
        • Using unrestricted Java Cryptographic Extensions
          • Obtaining the Unrestricted JCE policy files
          • Installing the Unrestricted JCE policy files
      • Tuning CSIv2 connectivity
        • Using Active Authentication Protocol: Set it only to CSI
        • Enforcing client certificates using SSL
        • Enabling stateful sessions
          • Configuring the server
          • Configuring the client
      • Tuning user directories and user permissions
        • Configuring LDAP
          • Reusing the established connection
          • Ignoring case during authorization
        • Tuning user authentication
          • Increasing authentication cache timeout
          • Enabling SSO
    • Troubleshooting WebSphere security-related issues
      • Troubleshooting general security configuration exceptions
        • Identifying problems with the Deployment Managernode agent communication blues
          • Receiving the message HMGR0149E: node agent rejected
          • Receiving the message ADMS0005E: node agent unable to synchronize
      • Troubleshooting runtime security exceptions
        • Troubleshooting HTTPS communication between WebSphere Plug-in and Application Server
          • Receiving the message SSL0227E: SSL handshake fails
          • Receiving ws_config_parser errors while loading the plug-in configuration file
          • Receiving the message GSK_ERROR_BAD_CERT: No suitable certificate found
          • Receiving the message GSK_KEYFILE_IO_ERROR: No access to key file
        • Receiving the message WSVR0009E / ORBX0390E: JVM does not start due to org.omg.CORBA.INTERNAL error
    • Concluding WebSphere security-related tips
      • Using wildcards in virtual hosts: never do it!
      • Ensuring best practice: set tracing from wide to specific search pattern
      • Using a TAI such as SiteMinder: remove existing interceptors
    • Summary
  • Index

pokaż cały spis treści

ukryj recenzje