« October 2007 | Main | October 2008 »

December 04, 2007

Security Handbook for WebSphere Application Server

[This article is sponsored by Peningo Systems, Inc., a provider of WebSphere Consulting Services on a nationwide basis. For more information on Peningo Systems, please go to the Peningo WebSphere Consultants page ]

IBM has released a Redbook titled “IBM WebSphere Application Server V6.1 Security Handbook”, which is part of the IBM WebSphere V6.1 series. The Redbook focuses on security and security-related topics and provides technical details to design and implement secure solutions with WebSphere.

We at Peningo Systems strongly recommend this RedBook for any WebSphere Consultant / WebSphere Architect / WebSphere Developer who are involved in designing, developing, and deploying secure e-business applications using IBM WebSphere Application Server V6.1.

This Book Consists of 4 Parts:

  • Part 1 discusses security for the application server and its components, including enterprise applications. Note that global security has now become known as administrative security and application security. You find essential information on how to secure Web and EJB applications and how to develop a Java client using security.
  • Part 2 introduces additional components from the enterprise environment and discusses security beyond the application server.
  • External components include third-party security servers, messaging clients and servers, and database servers.
  • Part 3 is a short introduction to development environment security. Here you can read about guidelines and best practices that are applicable to a secure development environment.
  • Part 4 provides additional information related to chapters in the previous parts.

The following is the Table of Contents for this Redbook Draft:


  • Part 1. Application server security
    Chapter 1. Introduction
    Chapter 2. Configuring the user registry
    Chapter 3. Administrative security
    Chapter 4. SSL administration
    Chapter 5. JAAS for authentication in WebSphere Application Server
    Chapter 6. Application security
    Chapter 7. Securing a Web application
    Chapter 8. Securing an EJB application
    Chapter 9. Client security
    Chapter 10. Securing the service integration bus
  • Part 2. Extending security beyond the Application Server
    Chapter 11. Security attribute propagation
    Chapter 12. Securing a WebSphere application using Tivoli Access Manager
    Chapter 13. Trust Association Interceptors and third party software integration
    Chapter 14. Externalizing authorization with JACC
    Chapter 15. Web services security
    Chapter 16. Securing access to WebSphere MQ
    Chapter 17. J2EE Connector security
    Chapter 18. Securing the database connection
  • Part 3. Development environment
    Chapter 19. Development environment security
  • Appendix A. Additional configurations
    Appendix B. Additional material

To view and download the RedBook Draft in PDF, please go to the link below:

The IBM WebSphere Application Server V6.1 Security Handbook

If you are an "End Client" looking for a WebSphere Consulting Service provider to support your WebSphere Applications, Peningo Systems provides Consultants with expertise in many areas including:

WebSphere Portal

WebSphere Commerce

WebSphere Eclipse Development

WebSphere MQ

System Security Architecture

Tivoli Access Manager

Tivoli Identity Manager

DB2 – UDB, 



Peregrine / HP Openview AssetCenter and ServiceCenter

J2EE based systems architecture and development.

To see Peningo Systems areas of expertise, please go to the Peningo Technical Areas page or go to the Peningo WebSphere Consultants page.

  To see Peningo's other Blogs please go to

 Peningo's Blog

The Peningo Opinion Blog 

Add to Technorati Favorites