Managing Security With the Administration Console

The Administration Console provides the means to manage the following aspects of security:

• Server Security Settings

• Realms and file Realm Users

• JACC Providers

• Audit Modules

• Message Security

• HTTP and IIOP Listener Security

• Admin Service Security

• Security Maps

Server Security Settings

On the Security Settings page, set properties for the entire server, including specifying the default realm, the anonymous role, and the default principal user name and password.

Realms and file Realm Users

The concept of realms is introduced in Understanding Users, Groups, Roles, and Realms.

• Create a new realm

• Delete an existing realm

• Modify the configuration of an existing realm

• Add, modify, and delete users in the file realm

• Set the default realm

JACC Providers

JACC providers is introduced in Specifying JACC Providers. Use the Administration Console to perform the following tasks:

• Add a new JACC provider

• Delete or modify an existing JACC provider

Audit Modules

Audit modules is introduced in Auditing Authentication and Authorization Decisions. Auditing is the method by which significant events, such as errors or security breaches, are recorded for subsequent examination. All authentication events are logged to the Application Server logs. A complete access log provides a sequential trail of Application Server access events.

Use the Administration Console to perform the following tasks:

• Add a new audit module

• Delete or modify an existing audit module

Message Security

The concept of message security is introduced in Configuring Message Security. Use the Administration Console to perform the following tasks:

• Enable message security

• Configure a message security provider

• Delete or configure an existing message security configuration or provider

See the Administration Console online help for details on these tasks.

HTTP and IIOP Listener Security

Each virtual server in the HTTP service provides network connections through one or more HTTP listeners.

The Application Server supports CORBA (Common Object Request Broker Architecture) objects, which use the Internet Inter-Orb Protocol (IIOP) to communicate across the network. An IIOP listener accepts incoming connections from remote clients of EJB components and from other CORBA-based clients. For general information on IIOP listeners, see IIOP Listeners.

With the Administration Console, perform the following tasks:

• Create a new HTTP or IIOP listener, and specify the security it uses.

• Modify the security settings for an existing HTTP or IIOP listener.

Admin Service Security

The Admin Service determines whether the server instance is a regular instance, a domain administration server (DAS), or a combination. Use the Admin Service to configure a JSR-160 compliant remote JMX connector, which handles communication between the domain administration server and the node agents, which manage server instances on a host machine, for remote server instances.

With the Administration Console, perform the following tasks:

• Manage the Admin Service

• Edit the JMX connector

• Modify the security settings of the JMX connector

Security Maps

Use the Administration Console to perform the following security mapping tasks:

• Add a security map to an existing connector connection pool

• Delete or configure an existing security map