Where can I find 000-371 Actual Questions questions?

000-371 practice test | 000-371 exam results | 000-371 brain dump | 000-371 sample questions | 000-371 practice questions - Killexams.com



000-371 - Web Services Development for IBM WebSphere Application Server V7.0 - Dump Information

Vendor : IBM
Exam Code : 000-371
Exam Name : Web Services Development for IBM WebSphere Application Server V7.0
Questions and Answers : 116 Q & A
Updated On : September 22, 2017
PDF Download Mirror : 000-371 Brain Dump
Get Full Version : Pass4sure 000-371 Full Version


Got no problem! 3 days preparation of 000-371 Latest Braindumps is required.

I purchased this because of the 000-371 questions, I thought I could do the QAs part just based on my prior experience. Yet, the 000-371 questions provided by Killexams were just as useful. so you really need targeted prep materials, I passed easily, all thanks to Killexams.

Party is over! Time to study and pass the exam.

I still remember the tough time I had while learning for the 000-371 exam. I used to seek assistance from friends, but I felt most of the material was vague and overwhelmed. Later, I found Killexams and its Q&A material. Through the valuable material I learned everything from top to bottom of the provided material. It was so precise. In the given questions, I answered all questions with perfect option. Thanks for brining all the countless happiness in my career.

Right place to find 000-371 Latest Braindumps paper.

I just required telling you that I have topped in 000-371 exam. All the questions on exam table were from Killexams. It is said to be the genuine helper for me on the 000-371 exam bench. All praise of my achievement goes to this guide. This is the actual reason behind my success. It guided me in the correct way for attempting 000-371 exam questions. With the help of this study stuff I was talented to effort to all the questions in 000-371 exam. This study stuff guides a person in the right way and guarantees you 100% accomplishment in exam.

Observed maximum 000-371 Questions in Latest Braindumps that I prepared.

I asked my brother to give me some advice regarding my 000-371 test and he told me to buckle up since I was in for a great ride. He gave me this Killexamss address and told me that was all I needed in order to make sure that I clear my 000-371 test and that too with good marks. I took his advice and signed up and Im so happy that I did it since my 000-371 test went amazing and I passed with good score. It was like a dream come true so thank you.

What is needed to pass 000-371 exam?

Thank You Killexams for full support by providing this question bank. I scored 78% in 000-371 Exam.

Got no problem! 3 days preparation of 000-371 Latest Braindumps is required.

As a guaranteed authority, I knew I need to take assistance from Dumps on the off chance that I need to clear the intense exam like 000-371. Furthermore I was correct. The Killexams Dumps have an interesting approach to make the hard subjects simple. They manage them in short, simple and exact way. Straight forward and remember them. I did so and could answer all the questions in half time. Incredible, Killexams dumpss a genuine companion in need.

Worked hard on 000-371 books, but everything was in the Q&A.

Im so glad I purchased 000-371 exam prep. The 000-371 exam is tough since its very broad, and the questions cover everything you see in the blueprint. Killexams was my main preparation source, and they cover everything perfectly, and there have been tons of related questions on the exam.

Worked hard on 000-371 books, but everything was in the Q&A.

We all know that clearing the 000-371 test is a big deal. I got my 000-371 test cleared that I was so content just due to Killexams that gave me 87% marks.

What is easiest way to pass 000-371 exam?

I had taken the 000-371 preparation from the Killexams as that was a nice platform for the preparation and that had ultimately given me the best level of the preparation to get the best scores in the 000-371 test exams. I really enjoyed the way I got the things done in the interesting way and through the help of the same; I had finally got the thing on the line. It had made my preparation much easier and with the help of the Killexams I had been able to grow well in the life.

How much salary for 000-371 certified?

I prepare people for 000-371 exam subject and refer all to your site for further developed preparing. This is positively the best site that gives solid exam material. This is the best asset I know of, as I have been going to numerous locales if not all, and I have presumed that Killexams Dumps for 000-371 is truly up to the mark. Much obliged Killexams and the exam simulator.

Latest Exams added on Killexams

1Z0-453 | 210-250 | 300-210 | 500-205 | 500-210 | 70-765 | 9A0-409 | C2010-555 | C2090-136 | C9010-260 | C9010-262 | C9020-560 | C9020-568 | C9050-042 | C9050-548 | C9050-549 | C9510-819 | C9520-911 | C9520-923 | C9520-928 | C9520-929 | C9550-512 | CPIM-BSP | C_TADM70_73 | C_TB1200_92 | C_TBW60_74 | C_TPLM22_64 | C_TPLM50_95 | DNDNS-200 | DSDPS-200 | E20-562 | E20-624 | E_HANABW151 | E_HANAINS151 | JN0-1330 | JN0-346 | JN0-661 | MA0-104 | MB2-711 | NSE6 | OMG-OCRES-A300 | P5050-031 |

See more dumps on Killexams

NO0-002 | 1Y1-A19 | 70-347 | P2060-017 | COG-142 | 000-564 | HP2-T18 | VCPD510 | 000-056 | 1D0-61A | 000-868 | 648-232 | 700-038 | C2090-303 | 190-720 | HDPCD | A2180-270 | VMCE_V9 | EX0-104 | ST0-153 | EX0-101 | 00M-647 | MOS-W3C | HP0-A16 | 250-511 | 311-019 | 000-139 | A2010-565 | 70-122 | 000-200 | 00M-242 | 650-395 | 000-630 | 225-020 | MB6-884 | 000-029 | E20-537 | 050-691 | 920-259 | 70-642 | C2010-505 | 000-641 | HP0-J45 | E20-368 | LOT-409 | E20-260 | 00M-234 | HP0-M33 | CABA | JN0-531 |

000-371 Questions and Answers

000-371

When choosing to encrypt a SOAP message using policy sets in IBM Web Sphere Application Server V7.0, the options a developer has are:


  1. Body,XPath expression

  2. Body, Header,Qname

  3. Body,Qname, XPath expression

  4. Header,Qname, XPath expression


Answer: C


QUESTION: 103

In IBM Web Sphere Application Server V7.0, 'trust method' is part of which collection?


  1. Caller

  2. Add timestamp

  3. Required Integrity

  4. Required Confidentiality


Answer: A


QUESTION: 104

A developer needs to ensure message integrity and confidentiality of a Web service deployed on IBM Web Sphere Application Server V7.0. Which of the following policy sets could be used?


  1. WSHTTPS default

  2. SSLWSTransaction

  3. Secure Conversation

  4. WSReliableMessaging default

  5. Username Secure Conversation

  6. WS-I Reliable Secure Profile (RSP) default


Answer: C, E, F


QUESTION: 105

A developer is creating a JAX-WS client application. In what ways can the developer enable Web service security?


  1. Bindings

  2. Policy sets

  3. XML Encryption

  4. Secure Conversation

  5. Web Services Security API


Answer: B, E


QUESTION: 106

The web service is implemented as EJB and authorization is enabled at EJB method level, and Caller configuration is enabled for Web Service Security. Which identity is used for authorization check?


  1. Transport level identity is always used

  2. Message level identity is always used

  3. Both transport level and message identities

  4. Either transport level identity or message level identity


Answer: B


QUESTION: 107

A developer would like to restrict access to some operations of a Web service to a certain group of users. Which is the most appropriate implementation choice for the Web service?


  1. JavaBean

  2. Entity Bean

  3. Message Driven Bean

  4. Stateful Session Bean

  5. Stateless Session Bean


Answer: E


QUESTION: 108

Which of the following situations is the best candidate for message-level security?


  1. Basic authentication is required

  2. Untrusted intermediaries are involved

  3. Confidentiality of the message is only required from point-to-point

  4. Client-side and server-side authentication through certificates is required


Answer: B


QUESTION: 109

For a Web service request passing through multiple SOAP intermediaries, how would end-to-end security be provided?


  1. SSL

  2. Mutual Authentication

  3. WS-Security standards

  4. HTTP Basic Authentication


Answer: C


QUESTION: 110

A developer is designing a Web service which must ensure the integrity and confidentiality of the message from the provider to the consumer. The SOAP message will be routed by an Enterprise Service Bus (ESB) to reach its final destination. What should the developer use to complete the task?


  1. WS-Security

  2. Federated Trust

  3. Secure Socket Layer

  4. Asymmetric key encryption


Answer: A


QUESTION: 111

Developer is designing a Web service. The message will contain sensitive data which must only be processed by the final destination. The SOAP message will be routed through an external organization Enterprise Service Bus (ESB) to reach its final destination. What level of security is required?


  1. Federated Trust

  2. Message-level security

  3. Transport-level security

  4. Secure Socket Layer (SSL)


Answer: B


QUESTION: 112

Which of the following characteristic is NOT true forWS-SecureConversation?


  1. It uses derived keys to sign and encrypt the message

  2. It uses asymmetric cryptography to encrypt a message

  3. It uses a Security Context Token which contains a timeout

  4. It uses WS-Trust protocol to establish a security context between the consumer and provider


Answer: B


QUESTION: 113

Which of the following statements most appropriately describe WS-Secure Conversation?


  1. Context and secret must be established (authenticated) for every message exchange

  2. It is mutually exclusive to SSL

  3. It replaces the OASIS Web Services Security: SOAP Message Security 1.1 standard

  4. It defines extensions to allow security context establishment and sharing, and session key derivation

  5. It allows contexts to be established and potentially more efficient keys or new key material to be exchanged


Answer: D, E


QUESTION: 114

Which of the following scenarios are typical for usingWS-Security Kerberos Token Profile?


  1. Social networking

  2. End-to-end security

  3. Internet Single Sign On

  4. Intranet Single Sign On


Answer: B, D


QUESTION: 115

Which statement is true for WS-Security Kerberos Token Profile?


  1. It leverages the SPNEGO protocol

  2. It can only be used for authentication

  3. It can be used to provide session-based security

  4. It can be used to provide asymmetric cryptography protection


Answer: C


QUESTION: 116

Which of the following is a valid timestamp to use in a SOAP header according to the Basic Security Profile (BSP) v1.0?


A. 2009-06-24T08:42:00Z 2009-06-24T09:00:00Z B. 2009-06-24T09:00:00Z

C. 2009-06-24T08:42:00Z

D. 2009-06-24T08:42:00Z 2009-06-24T10:00:00Z true


Answer: A


IBM 000-371 Exam (Web Services Development for IBM WebSphere Application Server V7.0) Detailed Information

IBM Professional Certification Program
How can we help you
The IBM Certification Program will assist in laying the groundwork for your personal journey to become a world-class resource to your customers, colleagues, and company, by providing you with the appropriate skills and accreditation needed to succeed.
Spotlight
Getting Started
Explore all available IBM Professional Certifications and their added value today.
Member Site
Access your certification history, request certificates, and more Sign In Now
Test Registration
Register for an IBM Certification test at Pearson VUE and take a step into your future.
Transcripts
Share your IBM Certification Transcripts with others.
Sign Up Today
IBM Badges
A new way showcase your accomplishments. Learn about the IBM Open Badge Program
Latest News
premium cert
Get Your Premium Certificate, Now! Impress your Clients and Colleagues!
IBM Professional Certification is pleased to announce our Premium Certificates are available, once again. These prestigious certificates have always been a popular item with IBM Certified Professionals. And now, the Premium Certificates are available exclusively from the IBM Professional Certification Marketplace.
Each Premium Certificate is printed on an ultra-fine parchment paper and officially embossed with the platinum seal of the Professional Certification Program from IBM.
Also included, is the attractive Premium Wallet Card. The wallet card is personalized with the name of the IBM certified professional and the certification title earned. The card design has a sleek & stylish look that can be proudly presented to clients and peers to authenticate the certification achievement.
Visit the IBM Certification Marketplace to purchase the Premium Certificate, as well as test vouchers discount offerings, and other items of interest.
IBM Certification Programs
IBM Business Analytics Certification provides an industry standard benchmark for technical competence, and offers validation for professionals who work with IBM Business Analytics technologies.
Our Value
We provide a way for professionals to demonstrate their competence in a competitive marketplace.
We offer you a range of certifications across BA products.
IBM Certification is highly recognized in the industry.
Your Benefits
Demonstrated professional credibility as a certified IBM Business Analytics practitioner
Professional advantage derived from validation
Enhanced career advancement and opportunities
Increased self-sufficiency with IBM Business Analytics technologies
What We Offer
IBM Business Analytics Certification offers the only authorized accreditation in the industry for benchmarking and validating your expertise with Cognos or SPSS products.
Certification by product area, developed in alignment with prescriptive IBM BA training paths.
Proctored and non-proctored tests and examinations administered by Pearson VUE.

A Web Service Gateway for SMS- based Services. Giuseppe Attardi, Daniele Picciaia, Antonio Zoglio Dipartimento di Informatica Università di Pisa

Size: px

Start display at page:

Download "A Web Service Gateway for SMS- based Services. Giuseppe Attardi, Daniele Picciaia, Antonio Zoglio Dipartimento di Informatica Università di Pisa"

  • Archibald White
  • 1 years ago
  • Views:
  • 1 A Web Service Gateway for SMS- based Services Giuseppe Attardi, Daniele Picciaia, Antonio Zoglio Dipartimento di Informatica Università di Pisa

    2 Motivation! bridge between telephony applications and Web applications! expose telephony services as XML Web Services

    3 Protocols! Parlay X Web Services! SMS Forum SMPP (Short Message Peer to Peer) MMAP (Mobile Message Access Protocol)! Vodafone service: Vodafone service: MAM (Messaggistica Aziendale Mobile)

    4 Network setting GSM Operator Message Center Application Servers Clients MAM Protocol SOAP User MAM Server Private IP connection Parlay SMS Gateway

    5 Software architecture! XML Web Service! WSDL! SOAP! Pattern subscribenotify

    6 Two-way way Web Services! Send Service: RequestIdentifier sendsms(destaddressset, sendername, charging, message)! Notify Service: void notifysmsreception(registrationidentifier, smsserviceactivationnumber, SenderAddress, message)

    7 Web Service Architecture Interactions: SOAP Data: XML Service Provider Communication: HTTP Publish UDDI Bind SOAP Service Broker UDDIWSDL Find Service User

    8 Web Services Protocols Web Service Consumer Find a Service Link to discovery document Discovery HTML with link to WSDL How do we talk? (WSDL) return service descriptions (XML) Let me talk to you (SOAP) return service response (XML) UDDI Web Service

    9 Interoperability Application Servers HTML any browser MAM Protocol SOAP C++ Linux Parlay SMS Gateway C# Windows

    10 gsoap! C++ SOAP compiler! From WSDL to.h headers and stubproxy code! Utilities: wsdl2h (generates.h from WSDL) soapcpp2 (generates stubskeleton from.h)! High performance: 1500 callsec (gsoap, C++) 370 reqsec (Apache Axis, Java)

    11 WSDL <message name="sendsmsrequest sendsmsrequest"> <part name="destaddressset destaddressset" element="tns:destaddressset tns:destaddressset"> <part name="sendername sendername" element="tns:sendername tns:sendername"> <part name="charging" element="tns:charging tns:charging"> <part name="message" element="tns:message tns:message"> <message> <message name="sendsmsresponse sendsmsresponse"> <part name="result" element="tns:smsidentifier tns:smsidentifier"> <message>

    12 wsdl2h output int sendsms(arrayofenduseridentifier* destaddressset, string sendername, string charging, string message, string& SmsIdentifier);

    13 Client application

    14 Service application

    15 SMS Gateway Architecture Client Application smsnotify smssend MAM Server! Receiver thread 000-371! Web Server thread 000-371 ClientRegistration Management Clients DB Undeliered SMS

    16 Application: Exam registration! Paper forms, scanned with OCR! Issue: exams each year! errors! Average delay: 3 months

    17 Exam Registration Service Statini Service smsnotify MAM Server SMS Gateway smssend Statini Web Service Web Admin Interface Statini DB University DB

    18 Database schema

    19 DB Object Interface! Generated using Raptier,, a template- based code generator! Two classes for each table Docente DocentiCollection

    20 DB access example get collection of all teachers docenti = new DocentiCollection(db); get Docente with given codice Docente d = docenti[codice]; get courses taught by given teacher cmdmmandtext Insegnamenti.* FROM WHERE (DocentiInsegnamenti.Docente = '" + codice + "')"; IDataread 000-371er rdr = cmd.executeread 000-371er(); ArrayList courses = new ArrayList(); while (rdr.read 000-371( rdr.read 000-371()) { Insegnamento course = new Insegnamento(rdr); courses.add(course); }

    21

    22 AA

    23 Corso: Analisi Studente: Aldo Busi Voto: 28 Data: 12052005 Conferma: sì

    24 Benefits! Cheap deployment: no special hardware no software installation on clients! real-time feedback! Immediate data validation! Eliminate all paperwork

    25 Issues! Security SMS travels on SS7 signaling network One time passwords! Legal validity Signature by professors Signature by students

    26 Conclusion! SMS gateway! Future MMS! Security enabled through embedded Java on cell phones

    Creating Web Services in NetBeans

    Creating Web Services in NetBeans Fulvio Frati fulvio.fratiunimi.it Sesar Lab

    More information About Contract Management

    Contract Management System Architecture Data Sheet June 2015 About Contract Management Oracle Primavera Contract Management is a multi-user, multi-project Web-based application that manages all aspects

    More information ISMISC Middleware Module

    ISMISC Middleware Module Lecture 14: Web Services and Service Oriented Architecture Dr Geoff Sharman ing Professor in Computer Science Birkbeck College Geoff Sharman Sept 07 Lecture 14 Aims to: Introduce

    More information support.oraclem

    Contract Management System Architecture Data Sheet October 2012 Legal Notices 1997, 2012, Oracle andor its affiliates. . Oracle and Java are registered trademarks of Oracle

    More information Session: What to do with the data?

    Session: What to do with the data? Proceedings Paper Prepared for: Business s Management Association 2006 Symposium Presented By Microsoft & Avanade Session 43 Proceedings Paper 2 Introduction For several

    More information Developing Java Web Services

    Page 1 of 5 Developing Java Web Services Hands On 35 Hours Online 5 Days In-Classroom A comprehensive look at the state of the art in developing interoperable web services on the Java EE platform. Students

    More information A Generic Database Web Service

    A Generic Database Web Service Erdogan Dogdu TOBB Economics and Technology University Computer Engineering Department Ankara, Turkey edogduetu.edu.tr Yanchao Wang and Swetha Desetty Georgia State University

    More information Classic Grid Architecture

    Peer-to to-peer Grids Classic Grid Architecture Resources Database Database Netsolve Collaboration Composition Content Access Computing Security Middle Tier Brokers Service Providers Middle Tier becomes

    More information Introduction to Testing Webservices

    Introduction to Testing Webservices : Vinod R Patil Abstract Internet revolutionized the way informationdata is made available to general public or business partners. Web services complement this

    More information WEB SERVICES. Revised 9292015

    WEB SERVICES Revised 9292015 This Page Intentionally Left Blank Table of Contents Web Services using WebLogic... 1 Developing Web Services on WebSphere... 2 Developing RESTful Services in Java v1.1...

    More information 1. Introduction 1.1 Methodology

    Table of Contents 1. Introduction 1.1 Methodology 3 1.2 Purpose 4 1.3 Scope 4 1.4 Definitions, Acronyms and Abbreviations 5 1.5 Tools Used 6 1.6 References 7 1.7 Technologies to be used 7 1.8 Overview

    More information 2sms SMS API Overview

    2sms SMS API Overview Do you, or your customers, use any of the following software solutions in your business? If the answer is Yes, then 2sms provides the extensive SMS API Library that gives your software

    More information AquaLogic Service Bus

    AquaLogic Bus Wolfgang Weigend Principal Systems Engineer BEA Systems 1 What to consider when looking at ESB? Number of planned business access points Reuse across organization Reduced cost of ownership

    More information Middleware and the Internet

    Middleware and the Internet Middleware today Designed for special purposes (e.g. DCOM) or with overloaded specification (e.g. CORBA) Specifying own protocols integration in real world network? Non-performant

    More information Brekeke PBX Web Service

    Brekeke PBX Web Service User Guide Brekeke Software, . Version Brekeke PBX Web Service User Guide Revised October 16, 2006 This document is copyrighted by Brekeke Software, .

    More information 1 What Are Web Services?

    Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1) E14294-04 January 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include: What

    More information Apigee Gateway Specifications

    Apigee Gateway Specifications Logging and Auditing Data Selection Requestresponse messages HTTP headers Simple Object Access Protocol (SOAP) headers Custom fragment selection via XPath Data Handling Encryption

    More information 1 What Are Web Services?

    Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1.6) E14294-06 November 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include:

    More information MX Platform Architecture Overview

    MX Platform Architecture Overview Table of Contents MTHIX MX PLATFORM: OVERVIEW...1 Open Architecture...1 Transitioning to VoIP?...1 MX PLATFORM MULTI-TIERED ARCHITECTURE...1 Key Architectural Interfaces...2

    More information WEB SERVICES SECURITY

    WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

    More information Accessing Data with ADOBE FLEX 4.6

    Accessing Data with ADOBE FLEX 4.6 Legal notices Legal notices For legal notices, see

    More information IT6503 WEB PROGRAMMING. Unit-I

    Handled By, VALLIAMMAI ENGINEERING COLLEGE SRM Nagar, Kattankulathur-603203. Department of Information Technology Question Bank- Odd Semester 2015-2016 IT6503 WEB PROGRAMMING K. Ravindran, A.P(Sr.G)

    More information

  • Download Ibm000 PDF.

    NetBackup Commands for Windows View PDF

    IBM 000-258 Practice Questions and Answers By: Self Exam Engine View PDF

    IBM 000-856 Practice Exams View PDF

    IBM 000-424 View PDF

    IBM 000-842 View PDF

    IBM 000-114 View PDF

    Exam : IBM 000-974 Title : Power Systems Technical Support for i ... View PDF

    IBM 000-011 Practice Exam View PDF

    IBM 000-734 Practice Exam View PDF

    Two–Dimensional Adaptive Simulation of Dopant Diffusion in Silicon View PDF

    Ꮵᮤ View PDF

    Ꮵᮤ View PDF

    Pass4Side study 000-371 Guides View PDF

    Testinside study 000-371 Guides View PDF

    Testinside study 000-371 Guides View PDF

    Testinside study 000-371 Guides View PDF

    Testinside study 000-371 Guides View PDF

    Q&A View PDF

    CertInside study 000-371 Guides View PDF

    CertInside study 000-371 Guides View PDF

    Авторизованный Prometric™ Центр Тестирования О нашем центре View PDF

    IBM 000-371 exams View PDF

    Based on the Real Exam Questions. Exhibits, Drag&Drop and ... View PDF

    Exam : IBM 000-209 Title :SVCVIrtullization V.1 Version : Demo View PDF

    Exam :IBM 000-445 Title : IBM Certified System Administrator ... View PDF

    ExamSavior study 000-371 Guides - IBM 000-899 View PDF

    ExamSavior study 000-371 Guides - IBM 000-996 View PDF

    IT Certification Braindumps - ExamSoon View PDF

    IT Certification Braindumps - ExamSoon View PDF

    IBM.000-960 View PDF

    TODAY ON THE RADIO View PDF

    IBM 000-377 Practice Exams View PDF

    IBM 000-438 Practice Exams View PDF

    IBM 000-223 View PDF

    IBM 000-268 View PDF

    IBM 000-974 View PDF

    Vortrag zum Leitthema: Web 2.0 am Beispiel XING View PDF

    MadeCert study 000-371 Guides - IBM 000-M07 View PDF

    IBM 000-314 Braindumps View PDF

    IT Training and study 000-371 Guide - PassQuick View PDF

    IT Training and study 000-371 Guide - PassQuick View PDF

    VERITAS NetBackupâ„¢ System Administrator's Guide Window NT Server View PDF

    Pass4Side,Easiest Way to Pass IT Exams View PDF

    TestInside,help you pass any IT exam! View PDF

    IBM 000-070 View PDF

    IBM 000-083 study 000-371 guide View PDF

    IBM 000-M17 study 000-371 guide View PDF

    IBM 000-445 study 000-371 guide View PDF

    IBM 000-253 study 000-371 guide View PDF

    IBM 000-P02 study 000-371 guide View PDF

    VisualExams IBM 000-M06 Dumps View PDF

    VisualExams IBM 000-M14 Dumps View PDF

    Visualexams-Your wise choice!

    A professional pre-sale and post-sale team is waiting for you in hoping that we can provide you with the convenience and help for the preparation of examination.

    We guarantee that by using our exams training materials - you will be prepared for your upcoming 4cert Microsoftproduct Exam, and will pass on your first attempt. Our products are top quality and will assist you in gaining a true understanding of technologies, without resorting to 4cert 70-573 VB product.

    Candidates can decide any of the obtainable method to get read 000-371y for this certification exam by means of BrainDumps and attain the passing score.

    These existing methods consist of boot camps, related books, practice exams, Ucertify Microsoft test 70-573 VB Exam Dumps questions, exam notes, tutorials any many other resources or tools. Your training is made a lot easier as you can download 70-573VB free dumps, test dump exams and testing software from the site.

    You will receive the most reliable and up-to-date information available anywhere on the market, so you can be sure to walk into the testing room with the confidence and knowledge to pass your exam on your very first attempt.

    In fact, 4cert GUARANTEES that you will pass your Microsoft exam on your first try after using one of our 70-573 VB dumps training products. That's right, with the 100% pass rate, the exam tools that we have created for you are so good - we guarantee your results.

    Jump-start your career and earning potential with a new Microsoft certification.Purchase the 70-573VB 4cert products today and take the fast lane on the road to success.

    If you're considering pursuing a Microsoft certification, you may alread 000-371y have discovered that the number of Microsoft 70-573 VB certifications is legion. This has come about because Microsoft has redesigned the structure of its certification program several times as it worked to come up with a sustainable, straight forward structure.

    However, each certification in the latest crop comes in a wide array of variations, and on top of that, the old certifications never went away, and some of them are 70-573 VB in fact still relevant to IT professionals today. All of this makes the menu of choices a little overwhelming.

    IBM WebSphere application server

    Text

    Front cover IBM WebSphere Application Server V6.1 Security Handbook J2EE application server and enterprise application security Additional security components including Tivoli Access Manager Sample code and applications for security examples Rufus Credle Tony Chen Asish Kumar James Walton Paul Winters ibmmredbooks International Technical Support Organization WebSphere Application Server V6.1 Security Handbook December 2006 SG24-6316-01 Note: Before using this information and the product it supports, read 000-371 the information in “Notices” on page xiii. Second Edition (December 2006) This book was updated on June 15, 2009. This edition applies to WebSphere Application Server V6.1 (base) on IBM AIX V5.2, Red Hat Enterprise Linux V3, Microsoft Windows 2000; WebSphere Application Server V6.1 Network Deployment on IBM AIX V5.2, Red Hat Enterprise Linux V3, Windows 2000; and Tivoli Access Manager V5.1 on IBM AIX V5.2, Red Hat Enterprise Linux V3, and Windows 2000. International Business Machines Corporation 2005, 2006. . Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv The team that wrote this IBM Redbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Part 1. Application server security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Chapter 1. Introduction to this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 A focus on security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Scenario-based chapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 Sample applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4 WebSphere Information Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Chapter 2. Configuring the user registry . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1 User registries and repositories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2 Stand-alone LDAP registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2.1 Stand-alone LDAP registry for WebSphere Application Server V6.1 14 2.2.2 Configuring the advanced LDAP user registry . . . . . . . . . . . . . . . . . 19 2.3 Local OS registry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2.3.1 Configuring WebSphere Application Server V6.1 . . . . . . . . . . . . . . . 24 2.3.2 Stand-alone custom registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4 Federated repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 2.4.1 Connecting WebSphere Application Server to a federated repository40 2.4.2 Configuring supported entity types in a federated repository . . . . . . 42 2.4.3 Configuring an entry mapping repository in a federated repository . 43 2.4.4 Configuring a property extension repository in a federated repository44 Chapter 3. Administrative security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.1 Enabling administrative security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.1.1 Main components of WebSphere security . . . . . . . . . . . . . . . . . . . . 51 3.1.2 Security Configuration Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.1.3 Other security properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.1.4 Stopping the application server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 3.2 Disabling administrative security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.3 Administrative roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 3.3.1 Mapping a user to an administrative role . . . . . . . . . . . . . . . . . . . . . 61 IBM Corp. 2006. . iii 3.3.2 Mapping a group to an administrative role . . . . . . . . . . . . . . . . . . . . 62 3.3.3 Fine-grained administrative security . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.4 Naming service security: CosNaming roles. . . . . . . . . . . . . . . . . . . . . . . . 64 3.4.1 Mapping a user or a group to a CosNaming role . . . . . . . . . . . . . . . 65 3.4.2 Applying CosNaming security: An example . . . . . . . . . . . . . . . . . . . 65 Chapter 4. SSL administration and configuration management . . . . . . . 69 4.1 Creating a new SSL key store entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 4.2 Managing SSL certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 4.2.1 Expiring certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 4.2.2 Managing Web server and plug-in certificates . . . . . . . . . . . . . . . . . 74 4.3 Creating a new SSL configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 4.4 Additional SSL configuration attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 4.4.1 Federal Information Processing Standard. . . . . . . . . . . . . . . . . . . . . 78 4.4.2 Dynamic SSL configuration updates . . . . . . . . . . . . . . . . . . . . . . . . . 78 4.5 Trust managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 4.5.1 Custom trust managers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 4.6 Key managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.6.1 Custom key managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Chapter 5. JAAS for authentication in WebSphere Application Server . . 85 5.1 The importance of JAAS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.2 JAAS in WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.3 Custom JAAS login in WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 5.3.1 Callback handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 5.3.2 Login module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 5.3.3 Principal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 5.3.4 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 5.3.5 Viewing the sample JAAS module in action . . . . . . . . . . . . . . . . . . . 99 5.3.6 Programming authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.4 J2C authentication data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Chapter 6. Application security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 6.1 Application security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 6.1.1 Enabling application security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 6.1.2 Testing application security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 6.1.3 Application considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 6.2 Deploying a secured enterprise application . . . . . . . . . . . . . . . . . . . . . . 105 6.2.1 Role mapping during application installation . . . . . . . . . . . . . . . . . . 105 6.2.2 Role mapping after installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Chapter 7. Securing a Web application . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 7.1 Transport channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 7.2 Securing the static content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 iv WebSphere Application Server V6.1 Security Handbook 7.2.1 Securing the transport channel between the Web browser and Web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 7.2.2 Authentication by using a Web server. . . . . . . . . . . . . . . . . . . . . . . 113 7.2.3 ization by uisng aWeb server . . . . . . . . . . . . . . . . . . . . . . . . 116 7.3 Securing the Web server plug-in for WebSphere . . . . . . . . . . . . . . . . . . 117 7.3.1 Securing the transport channel between the Web server and WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 7.3.2 Testing the secure connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 7.4 Securing the Web container of the application server. . . . . . . . . . . . . . . 126 7.4.1 Securing the transport channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 7.4.2 Authentication by using the Web container . . . . . . . . . . . . . . . . . . . 127 7.4.3 ization by using the Web container. . . . . . . . . . . . . . . . . . . . 132 7.4.4 Programmatic security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 7.5 Additional transport security, authentication, and authorization options . 147 7.5.1 Configuring LDAP authentication with IBM HTTP Server . . . . . . . . 147 7.5.2 Configuring SSL certificate-based client authentication for the IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 7.5.3 Configuring SSL certificate-based client authentication for WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 Chapter 8. Securing an EJB application . . . . . . . . . . . . . . . . . . . . . . . . . . 171 8.1 Programmatic login (server-side) using JAAS. . . . . . . . . . . . . . . . . . . . . 173 8.2 Declarative J2EE security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 8.2.1 Defining J2EE security roles for EJB modules . . . . . . . . . . . . . . . . 174 8.2.2 Security role references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 8.2.3 Configuring method access control. . . . . . . . . . . . . . . . . . . . . . . . . 180 8.2.4 Enterprise JavaBeans Run-As delegation policy . . . . . . . . . . . . . . 186 8.2.5 Bean-level delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 8.2.6 Method-level delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 8.2.7 Run-as mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 8.3 Programmatic J2EE security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 8.4 EJB container access security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 8.4.1 CSIV2 and Secure Authentication Service . . . . . . . . . . . . . . . . . . . 199 8.4.2 Container authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 8.4.3 RMIIIOP transport channel protection . . . . . . . . . . . . . . . . . . . . . . 204 Chapter 9. Client security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 9.1 Application clients in WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 9.1.1 Developing and securing the J2EE application client . . . . . . . . . . . 209 9.1.2 Deploying an application client by using the Java Web Start tool . . 209 9.1.3 Thin application client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 9.1.4 Itsohello client example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 9.2 Java client authentication protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Contents v 9.2.1 CSIV2 Security Attribute Service . . . . . . . . . . . . . . . . . . . . . . . . . . 217 9.2.2 Authentication process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 9.3 Java client configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 9.4 J2EE application client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 9.4.1 Itsohello unsecure J2EE client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 9.4.2 Itsohello secure J2EE client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 9.5 Thin application client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 9.5.1 Running a thin application client . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 9.5.2 Itsohello unsecure thin client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 9.5.3 Itsohello secure thin client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 9.6 Programmatic login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 9.6.1 JAAS login module in WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . 233 9.6.2 Programmatic login process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 9.6.3 Client-side programmatic login using JAAS . . . . . . . . . . . . . . . . . . 236 9.7 Securing the connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 9.7.1 IIOP over SSL: A thin client example . . . . . . . . . . . . . . . . . . . . . . . 242 Chapter 10. Securing the service integration bus . . . . . . . . . . . . . . . . . . 247 10.1 Messaging components of the service integration bus . . . . . . . . . . . . . 248 10.1.1 Service integration bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 10.1.2 Messaging engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 10.1.3 Foreign bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 10.1.4 Bus destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 10.2 An overview of service integration bus security . . . . . . . . . . . . . . . . . . 250 10.2.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 10.2.2 ization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 10.2.3 Transport security: Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . 253 10.3 Administering service integration bus security . . . . . . . . . . . . . . . . . . . 253 10.3.1 Administering the Bus Connector role in the Administrative Console . 254 10.3.2 Administering the Bus Connector role by using the wsadmin tool 256 10.4 Administering destination security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 10.4.1 Default roles for bus destinations . . . . . . . . . . . . . . . . . . . . . . . . . 257 10.4.2 Destination specific roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 10.5 Administering topic space root roles and topic roles . . . . . . . . . . . . . . . 259 Part 2. Extending security beyond the application server . . . . . . . . . . . . . . . . . . . . . . . . 263 Chapter 11. Security attribute propagation. . . . . . . . . . . . . . . . . . . . . . . . 265 11.1 Initial Login versus Propagation Login . . . . . . . . . . . . . . . . . . . . . . . . . 267 11.2 Token framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268 11.3 Custom implementation of tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 11.3.1 Writing custom implementations of tokens . . . . . . . . . . . . . . . . . . 271 11.3.2 Common token functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 vi WebSphere Application Server V6.1 Security Handbook 11.3.3 Interaction of the login module and the token modules. . . . . . . . . 275 11.3.4 ization token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 11.3.5 Single Sign-On token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 11.3.6 Propagation token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 11.3.7 Authentication token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 11.3.8 Changing the token factory associated with the default token . . . 283 11.4 Horizontal propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 11.4.1 Horizontal propagation using Dynacache . . . . . . . . . . . . . . . . . . . 285 11.4.2 Horizontal propagation using JMX . . . . . . . . . . . . . . . . . . . . . . . . 286 11.5 Downstream propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 11.5.1 Downstream propagation scenario . . . . . . . . . . . . . . . . . . . . . . . . 290 11.6 Enabling security attribute propagation . . . . . . . . . . . . . . . . . . . . . . . . . 292 11.6.1 Configuring security attribute propagation for horizontal propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 11.6.2 Enabling downstream propagation . . . . . . . . . . . . . . . . . . . . . . . . 293 11.7 Advantages of security attribute propagation . . . . . . . . . . . . . . . . . . . . 295 Chapter 12. Securing a WebSphere application using Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 12.1 Introduction to Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . . . . . . 298 12.1.1 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 12.1.2 When to use Tivoli Access Manager for e-Business in conjunction with WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 12.1.3 Reverse proxies for authentication . . . . . . . . . . . . . . . . . . . . . . . . 301 12.1.4 Access Manager Secure Domain . . . . . . . . . . . . . . . . . . . . . . . . . 301 12.1.5 Tivoli Access Manager auditing . . . . . . . . . . . . . . . . . . . . . . . . . . 305 12.1.6 Access Manager and WebSphere integration. . . . . . . . . . . . . . . . 306 12.1.7 Reverse proxy authenticators and the extended WebSphere trust domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 12.1.8 Challenges with reverse proxy authenticators . . . . . . . . . . . . . . . 309 12.2 IBM Tivoli Access Manager security model. . . . . . . . . . . . . . . . . . . . . . 315 12.2.1 User registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 12.2.2 Master authorization (policy) database . . . . . . . . . . . . . . . . . . . . . 316 12.3 Summary of Access Manager deployment for integration with WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 12.4 Lab environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 12.5 The role of Tivoli Access Manager inside WebSphere Application Server V6.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 12.5.1 Embedded Tivoli Access Manager client architecture . . . . . . . . . 323 12.5.2 High-level components of the integration . . . . . . . . . . . . . . . . . . . 325 12.6 WebSEAL authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 12.6.1 Basic authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 12.6.2 Form-based authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Contents vii 12.6.3 Client certificate-based authentication . . . . . . . . . . . . . . . . . . . . . 329 12.6.4 Token authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 12.6.5 HTTP header authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 12.6.6 Kerberos and SPNEGO authentication . . . . . . . . . . . . . . . . . . . . . 332 12.6.7 External authentication interface. . . . . . . . . . . . . . . . . . . . . . . . . . 333 12.6.8 Combining authentication types using step-up authentication . . . 333 12.7 WebSEAL junctions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 12.7.1 Simple junctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 12.7.2 Trust Association Interceptors and LT Junctions . . . . . . . . . . . 338 12.7.3 Single sign-on junctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 12.8 Integrating IBM WebSphere Application Server and Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 12.8.1 aznAPI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 12.8.2 Tivoli Access Manager and J2EE security . . . . . . . . . . . . . . . . . . 345 12.8.3 Embedded Tivoli Access Manager in WebSphere Application Server V6.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Chapter 13. Trust Association Interceptors and third-party software integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 13.1 Trust Association Interceptor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 13.1.1 The relatively new, enhanced TAI interface . . . . . . . . . . . . . . . . . 355 13.2 Windows desktop single sign-on using SPNEGO . . . . . . . . . . . . . . . . . 356 13.2.1 Lab scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358 13.2.2 Configuring the WebSphere Application Server environment to use SPNEGO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 13.2.3 Troubleshooting SPNEGO environments . . . . . . . . . . . . . . . . . . . 376 13.3 IBM WebSphere Application Server and WebSEAL integration . . . . . . 378 13.3.1 Integration options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 13.3.2 Configuration for the Trust Association Interceptor approach . . . . 380 13.3.3 Configuration for the LT approach . . . . . . . . . . . . . . . . . . . . . . 396 13.3.4 Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Chapter 14. Externalizing authorization with JACC . . . . . . . . . . . . . . . . . 403 14.1 Deployment tools contract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 14.2 Container contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 14.3 Provider contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.4 Why JACC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.5 JACC in WebSphere Application Server V6.1. . . . . . . . . . . . . . . . . . . . 14.5.1 JACC access decisions in WebSphere Application Server V6.1 . 410 14.5.2 JACC policy context identifiers in WebSphere Application Server V6.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 14.5.3 WebSphere extensions to the JACC specification . . . . . . . . . . . . 414 14.5.4 JACC policy propagation in WebSphere Application Server V6.1 415 viii WebSphere Application Server V6.1 Security Handbook 14.5.5 Manual policy propagation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 14.5.6 Dynamic module updates in WebSphere Application Server V6.1 for JACC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420 14.6 Integrating Tivoli Access Manager as an external JACC provider . . . . 420 14.6.1 Disabling the embedded Tivoli Access Manager . . . . . . . . . . . . . 426 14.6.2 Reconfiguring the JACC provider by using wsadmin . . . . . . . . . . 427 14.7 Sample application for JACC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427 Chapter 15. Web services security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 15.1 Web services security exposures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430 15.2 WS-Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 15.2.1 WS-Security concepts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 15.2.2 Evolution of the WS-Security specification . . . . . . . . . . . . . . . . . . 434 15.2.3 WS-Security roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 15.2.4 Example of WS-Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 15.2.5 Development of WS-Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 15.2.6 Hardware cryptographic device support for WS-Security . . . . . . . 444 15.3 Transport-level security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 15.3.1 SOAP over HTTP transport-level security. . . . . . . . . . . . . . . . . . . 447 15.4 WS-I Basic Security Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 15.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 15.6 More information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449 Chapter 16. Securing access to WebSphere MQ . . . . . . . . . . . . . . . . . . . 451 16.1 Application server and WebSphere MQ . . . . . . . . . . . . . . . . . . . . . . . . 452 16.1.1 WebSphere MQ messaging components . . . . . . . . . . . . . . . . . . . 452 16.1.2 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 16.1.3 ization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455 16.1.4 Transport security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 16.1.5 Administering foreign service integration bus security . . . . . . . . . 458 16.1.6 Administering WebSphere MQ security . . . . . . . . . . . . . . . . . . . . 459 16.2 Sample application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 16.3 Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461 Chapter 17. J2EE Connector security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 17.1 The J2EE Connector Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464 17.1.1 Connector security architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 465 17.2 Securing the J2EE Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 17.2.1 Component-managed authentication . . . . . . . . . . . . . . . . . . . . . . 466 17.2.2 Container-managed authentication . . . . . . . . . . . . . . . . . . . . . . . . 468 17.3 JCA authentication mechanism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470 17.3.1 Role-based authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 17.3.2 Topic security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 17.3.3 Messaging security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471 Contents ix 17.3.4 Enable bus security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 17.3.5 Inter-engine authentication alias . . . . . . . . . . . . . . . . . . . . . . . . . . 472 17.4 Mediations security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 17.5 Transport security in service integration bus . . . . . . . . . . . . . . . . . . . . . 474 17.5.1 Destination security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 17.6 Securing Web services by using service integration technologies . . . . 476 17.7 Additional information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Chapter 18. Securing the database connection . . . . . . . . . . . . . . . . . . . . 479 18.1 Securing the connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480 18.1.1 JDBC type 2 driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 18.1.2 JDBC type 4 driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 18.2 Securing access to database data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Part 3. Development environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 Chapter 19. Development environment security . . . . . . . . . . . . . . . . . . . 487 19.1 Rational Application Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 19.1.1 Securing the workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 19.2 WebSphere test environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 19.2.1 Creating a new test server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 19.2.2 Enabling security for the WebSphere Test Server V6.1 . . . . . . . . 494 19.3 Administering and configuring the WebSphere test servers . . . . . . . . . 496 19.4 Enterprise application security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 19.4.1 Configuring enterprise application security during the development phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 19.4.2 JAAS entries in the deployment descriptor . . . . . . . . . . . . . . . . . . 500 19.5 Creating a new profile for the WebSphere test server . . . . . . . . . . . . . 501 19.5.1 Advantages of multiple profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 19.5.2 Creating a new profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 19.6 Application Server Toolkit 6.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 Appendix A. Additional configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Sample application for client security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510 Installing and testing Itsohello application . . . . . . . . . . . . . . . . . . . . . . . . . 511 Sample application for testing JACC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 Web module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 EJB module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Deploying the sample application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Verifying the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 Testing the application installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 Configuring the service integration bus and default messaging provider . . . . 516 Creating a service integration bus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 Adding an application server or server cluster to the bus . . . . . . . . . . . . . 518 x WebSphere Application Server V6.1 Security Handbook Defining a queue destination on the bus. . . . . . . . . . . . . . . . . . . . . . . . . . Defining a JMS connection factory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522 Defining a JMS queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525 Configuring WebSphere MQ as a foreign bus . . . . . . . . . . . . . . . . . . . . . . . . 526 Defining a foreign bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Defining an MQ link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528 Defining a foreign destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529 Defining a JMS queue for a foreign destination . . . . . . . . . . . . . . . . . . . . 530 Sample application for messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530 Configuring the application server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531 Optional: Configuring WebSphere MQ . . . . . . . . . . . . . . . . . . . . . . . . . . . 536 Installing the sample application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 Testing the sample application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538 Appendix B. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543 System requirements for downloading the Web material . . . . . . . . . . . . . 544 How to use the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544 Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 developerWorks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548 How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551 Contents xi xii WebSphere Application Server V6.1 Security Handbook Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A RTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements andor changes in the product(s) andor the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. IBM Corp. 2006. . xiii Trademarks IBM, the IBM logo, and ibmm are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at



    References:


    Pass4sure Exam Study Notes
    Pass4sure Certification Exam Study Notes
    Pass4sure Certification Exam Study Notes
    Pass4sure Certification Exam Study Notes
    Pass4sure Certification Exam Study Notes
    Pass4sure Study Guides and Exam Simulator - shadowNET
    Killexams Study Guides and Exam Simulator - simepe.com.br
    Download Hottest Pass4sure Certification Exams - CSCPK
    Complete Pass4Sure Collection of Exams - BDlisting
    Latest Exam Questions and Answers - Ewerton.me
    Here you will find Real Exam Questions and Answers of every exam - dinhvihaiphong.net
    Practice questions and Cheat Sheets for Certification Exams at linuselfberg
    Study Guides, Practice questions and Cheat Sheets for Certification Exams at brondby
    Study Guides, Study Tools and Cheat Sheets for Certification Exams at assilksel.com
    Study Guides, Study Tools and Cheat Sheets for Certification Exams at brainsandgames
    Study notes to cover complete exam syllabus - crazycatladies
    Study notes, boot camp and real exam Q&A to cover complete exam syllabus - brothelowner.com
    Study notes to cover complete exam syllabus - Killexams.com
    Study Guides, Practice Exams, Questions and Answers - cederfeldt
    Study Guides, Practice Exams, Questions and Answers - chewtoysforpets
    Study Guides, Practice Exams, Questions and Answers - Cogo
    Study Guides, Practice Exams, Questions and Answers - cozashop
    Study Guides, Study Notes, Practice Test, Questions and Answers - cscentral
    Study Notes, Practice Test, Questions and Answers - diamondlabeling
    Syllabus, Study Notes, Practice Test, Questions and Answers - diamondfp
    Updated Syllabus, Study Notes, Practice Test, Questions and Answers - freshfilter.cl
    New Syllabus, Study Notes, Practice Test, Questions and Answers - ganeshdelvescovo.eu
    Syllabus, Study Notes, Practice Test, Questions and Answers - ganowebdesign.com
    Study Guides, Practice Exams, Questions and Answers - Gimlab
    Latest Study Guides, Practice Exams, Real Questions and Answers - GisPakistan
    Latest Study Guides, Practice Exams, Real Questions and Answers - Health.medicbob
    Killexams Certification Training, Q&A, Dumps - kamerainstallation.se
    Killexams Syllabus, Killexams Study Notes, Killexams Practice Test, Questions and Answers - komsilanbeagle.info
    Pass4sure Brain Dump, Study Notes, Pass4sure Practice Test, Killexams Questions and Answers - levantoupoeira
    Pass4sure Braindumps, Study Notes, Pass4sure Practice Test, Killexams Questions and Answers - mad-exploits.net
    Pass4sure Braindumps, Study Notes, Pass4sure Practice Test, Killexams Questions and Answers - manderije.nl
    Pass4sure study guides, Braindumps, Study Notes, Pass4sure Practice Test, Killexams Questions and Answers - manderije.nl
    Pass4sure Exams List - mida12.com.br
    Braindumps and Pass4sure Exams Download Links - milehighmattress
    Exams Study Guides Download Links - morganstudioonline
    Study Guides Download Links - n1estudios.com
    Pass4sure Study Guides Download Links - netclique.pt
    Killexams Exams Download Links - nrnireland.org
    Study Guides Download Links - partillerocken.com
    Certification Exams Download Links - pixelcoding
    Certificaiton Exam Braindumps Download Links - porumbeinunta
    Brain Dumps and Study Guides Links - prematurisinasce.it
    Pass4sure Brain Dumps - nicksmagic.com
    Quesitons and Answers - recuperacion-disco-duro.com
    Exam Questions and Answers with Simulator - redwest.se
    Study Guides and Exam Simulator - sarkic.com
    Pass4sure Study Guides and Exam Simulator - shadowNET
    Killexams Study Guides and Exam Simulator - simepe.com.br
    Killexams Study Guides and Exam Simulator - skinlove.nl
    Pass4Sure Study Guides and Exam Simulator - marinedubai.com/
    Pass4Sure QA and Exam Simulator - brandtsleeper/
    Pass4Sure Q&A and Exam Simulator - risingeagleproductions/
    VCE examcollection and Exam Simulator - starvinmarv/
    Collection of Certification Exam Study Guides - studyguidecourses


    Speed Marketing India (c) 2017