- Default Security Settings: Some of the default settings have been changed in the new version:
- Administrative security is enabled automatically during installation.
- All internal transports are authenticated by default.
- Most internal transports are encrypted by default.
- The default encryption keys are eliminated. A cell-specific set of keys is created automatically.
- JNDI is read-only by default to all.
- Messaging limits connections to only authenticated users granted the bus connect role by default. AllAuthenticated no longer has that role by default.
- Simplified certificate and key management.
- The admin client can query the server and automatically import the server's signing certificate
- The admin tools can be used to generate certificates and certificate requests, import keys and certificates, manage certificates and keys, and even share them across the cell.
- Programmatic APIs for applications to obtain URLStreamHandlers, SSLContext instances, and SSLSocketFactories, based on the WebSphere Application Server-managed SSL configuration.
- LTPA encryption keys are automatically changed at regular intervals. To avoid outages, multiple key versions are simultaneously supported.
- Support for federated repositories.
- Support for file registry
- Support for multiple LDAP registries.
- Support for LDAP failover.
- Fine-grained authorization control (below cell level) for administrative users.
- Single Sign-On from windows desktops to intranet applications.
Monday, June 12, 2006
Security Enhancements in WebSphere 6.1
In his latest article, Keys Botzum gives an overview of the the security enhancements to WebSphere Application Server 6.1. Here is a a list of the enhancements, for more details, read the article.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
This post will describe how to create and deploy a Java Web Application war to Heroku using Heroku CLI. You will need a basic understanding ...
-
In this post we will see how to do an offline install Jenkins and required plugins on a Red Hat Enterprise Linux Server release 7.3. This is...
-
Update: A new post for validation in struts with annotation is available at: Struts 2 Validation: Annotations . Struts 2.0 relies on a val...
-
The previous post described the Strategy pattern in brief. I listed out where and why the strategy pattern may be used. This post describes...
-
Google has opensourced it's Google Web Toolkit . The project is now fully opensource under the Apache 2.0 license . The new 1.3 RC has...
-
Previously, I wrote a post describing the use of Apache Axis to create and consume Web Services from Java . In this post, I will describe ho...
-
Big Faceless Report Generator is a commercial Java API for generating PDF files from XML input . The report generator is built on the Big F...
-
iText is a Java API for reading, writing, and editing PDF documents and PDF forms. The latest release (v1.4.7) adds support for AES encrypti...
-
The Observer pattern allows an object (an Observer) to watch another object (a Subject). The subject and observer to have a publish/subscrib...
-
Just moved to blogger beta. Testing the changes.
I have 2 WAS 6.1 servers in 2 boxes and am trying to communicate with EJB's on downstream server by using the JNDI name look up over RMI/IIOP with machine name and port num.
ReplyDeleteIt is giving me org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No
I have enabled global security and application security,and am using CSIV2 outbound[upstream server], CSIV2 inbound [downstream server].
Is there any thing i have to take care.
Any help appriciated.