Cette page n'est pas disponible en français. Veuillez-nous en excuser.

Securing your WebSphere applications

This is the definitive course for all those who will be dealing with the security aspects that are critical for web applications running in a WebSphere Application Server V7 (WAS) environment.

On successful completion of this course, attendees will be able to:

  • describe the set-up of global security, administrative security, application security and Java 2 security
  • configure administrative security for particular users to gain different access to the admin console
  • set up security domains for admin security and application security
  • set up the security cache and security auditing features
  • create a secure web application using security constraints and security roles and mapping to specific groups and users
  • configure the VMM
  • explain the Public Key Infrastructure
  • describe digital certificates and digital signatures using both Certificate Authorities and Self Signed Certificates
  • configure SSL for JDBC connections and within the cell
  • understand and setup cross cell authentication
  • explain the new application policy sets that can be installed to define the integrity and confidentiality of messages and transactions for Web Services
  • understand the use of CSIv2 when securing client to server applications
  • use logs and traces to recognise problems
  • use performance tools, recognise performance problems and tune accordingly.


Il n'y a pas de sessions publiques à ce moment. Nous organisons volontiers un cours en entreprise ou une session publique supplémentaire (en cas d'un nombre suffisant de participants). Intéressé? Contactez-nous.

Intended for

Webmasters, application administrators and system administrators who are going to install, configure and secure web-oriented applications on a WebSphere Application Server runtime.

This course is also suitable for developers who want to test thoroughly for a WebSphere Application Server roll-out. System architects and developer/deployers will get to know the runtime context for the enterprise applications that they build.


Attendees should have experience in WebSphere Application Server (see WebSphere Application Server V8.5 administration) and now want to engage in all aspects of security within WAS.

Main topics

  • Security in the WebSphere J2EE Environment

Objectives & topics; WAS security implementation; Administrative security; Secure System Administration; Federated repositories feature; Simplified certificate and key management; Tips for configuring default security; Secure processes; Extensible, layered security infra-architecture; J2EE security features compared; Java2 security; JAAS (Java Authentication and Authorization Service; J2EE security roles; J2EE security the full picture explained; SSL - Secure Sockets Layer; Authentication; External WAS security components; JACC - Java Authorization Contract for Containers; J2EE Application Security (focus on); Security roles; Taken from EJB specification; EJB specification translated; J2EE container based security; Configuring application security; handling security role mappings from Admin console; Securing J2EE components in practice; Web components; Web module; Securing EJBs; Security Cache, Multiple Security Domains; Different application security realms.

  • Virtual Member Manager

Objectives & topics; How does it work; different types of VMM; configuring the VMM using default adapters; configuring VMM with Property Extension Repository (PER) and Entry Mapping Repository (EMR); configuring database repository in VMM.

  • SSL and Encryption

Objectives and Topics; Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; CA and self signed certificates; Auto replacement of certificates; autosecurity and privacy; firewalls and encryption; Secure Sockets Layer; Secure communications using SSL; SSL administration.

  • CSIv2

Objectives and Topics; Overview of CSIv2; the protocol; three layers of authentication; identity assertion and mapping; security attribute propagation; configuration on the client and the server,

  • Troubleshooting Made Easy?

Objectives & topics; Resources for problem determination; Console messages; Log Files; WAS logs overview; Basic format for log/trace entry; If logs are not enough; To trace or not to trace; Trace strings; Web Server - Web container: mind the gap!; HTTP Server logs; Dump Name Space; Thread analyzer; Collector tool; First Failure Data Capture logs; HTTP session monitoring; Product installation information; Log and Trace analyzer for Autonomic Computing.

  • Security Performance

Objectives & topics; Performance enhancing technologies; Performance data; Transaction oriented; Built-in performance booster; Performance data and tools; PMI overview; PMI data; Performance data hierarchy; PMI data organization; Tivoli Performance Viewer; Performance Advisors; Performance (PMI) Servlet; JVMPI facility; PMI request metrics; Request Metrics functionality; What's the point?; Current architecture; Configuring Request Metrics; Limit the monitoring; Request Metrics output; Application Response Measurement (ARM); Dynamic Cache (optional section); Dynamic Cache functionality; What can be cached?; How it works; Dynamic Cache setup; Dynamic Cache monitoring; Security Cache and Auditing.

Training method

The course combines formal classroom teaching with numerous practical, hands-on sessions.


3 days.

Course leader

RSM Technology.