- Default Security Settings: Some of the default settings have been changed in the new version:
- Administrative security is enabled automatically during installation.
- All internal transports are authenticated by default.
- Most internal transports are encrypted by default.
- The default encryption keys are eliminated. A cell-specific set of keys is created automatically.
- JNDI is read-only by default to all.
- Messaging limits connections to only authenticated users granted the bus connect role by default. AllAuthenticated no longer has that role by default.
- Simplified certificate and key management.
- The admin client can query the server and automatically import the server's signing certificate
- The admin tools can be used to generate certificates and certificate requests, import keys and certificates, manage certificates and keys, and even share them across the cell.
- Programmatic APIs for applications to obtain URLStreamHandlers, SSLContext instances, and SSLSocketFactories, based on the WebSphere Application Server-managed SSL configuration.
- LTPA encryption keys are automatically changed at regular intervals. To avoid outages, multiple key versions are simultaneously supported.
- Support for federated repositories.
- Support for file registry
- Support for multiple LDAP registries.
- Support for LDAP failover.
- Fine-grained authorization control (below cell level) for administrative users.
- Single Sign-On from windows desktops to intranet applications.
Monday, June 12, 2006
Security Enhancements in WebSphere 6.1
In his latest article, Keys Botzum gives an overview of the the security enhancements to WebSphere Application Server 6.1. Here is a a list of the enhancements, for more details, read the article.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
This post will describe how to create and deploy a Java Web Application war to Heroku using Heroku CLI. You will need a basic understanding ...
-
The previous post described how to implement a JMS messaging client using Spring JMS . This post will describe how to implement the Message ...
-
JUnit 4 introduces a completely different API to the older versions. JUnit 4 uses Java 5 annotations to describe tests instead of using in...
-
Last week, I described how to implement JMS, using a stand-alone client and a Message Driven Bean . In this post and the next, I will descr...
-
In the previous post, I described the use of Displaytag to implement paging in a simple JSP. In this example, I describe the use of Displayt...
-
The previous post described the Command pattern in brief. I listed out where and why the command pattern may be used. This post describes h...
-
LOBs (Large OBjects) are are designed to support large unstructured data such as text, images, video etc. Oracle supports the following two...
-
Java 8 introduces default static methods that enable you to add new functionality to the interfaces of your libraries and ensure binary comp...
-
In the past, I wrote a post on how to implement Web Services using JAX-WS on Glassfish, and Apache Axis. In this post I will describe how to...
-
This post applies to integrating Spring framework 2.5.3 and Hibernate 3.0 . The Spring framework provides extensive support for data access...
I have 2 WAS 6.1 servers in 2 boxes and am trying to communicate with EJB's on downstream server by using the JNDI name look up over RMI/IIOP with machine name and port num.
ReplyDeleteIt is giving me org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No
I have enabled global security and application security,and am using CSIV2 outbound[upstream server], CSIV2 inbound [downstream server].
Is there any thing i have to take care.
Any help appriciated.