J2EE security
WebSphere security is based on the J2EE application programming model. The J2EE security model is designed to separate the application's need for security and administration of security, allowing applications to be portable between vendors who have a slightly different implementation of the J2EE security model. There are two aspects of security which need to be explained, which are authentication and authorisation. Authentication is essentially asking, "Are you who you say you are?" Authorization is simply a case of, once we know who you are, "What are you allowed to do?". WebSphere employs repositories to register and store users and groups. Groups organize users together for a common action and users are assigned as members of groups. Knowing this, we will now move on to learn how to secure our WebSphere server.