AquinasTraining.co.uk - training courses. Home  -  FAQ  -  Corporate Plans

IBM WebSphere Application Server (WAS) V6.1: Securing WebSphere on z/OS

OZ66GB      Course duration (days): 4
Talk to a Training Advisor
Tel. 0800 652 0202
Availability (sort by: location | date)
Request availability by clicking a date.
Europe / International
TBA (EC4) 20/09/10 £ 1,800
Prices exc. VAT.  Courses are vendor approved.
Need help? Contact us now.

Also known as: OZ66GBGB

About this class

WebSphere Application Server (WAS) Version 6.1 (V6) for z/OS provides a Java 2 Enterprise Edition (J2EE) runtime environment for Enterprise JavaBeans (EJB), along with servlets and Java Server Pages (JSP) in Web applications.

This course focuses on security and security-related topics and provides technical details to design and implement secure solutions with WebSphere. It will provide information technology (IT) Architects, IT Specialists, application designers, application developers, application assemblers, application deployers, and consultants with information necessary to design, develop, and deploy secure e-business applications using IBM WebSphere Application Server V6.1.

This course not only discusses theory but also provides exercises and sample applications that you will use during the labs.

Implementing security in a WebSphere environment requires that security administration, systems programming, and WebSphere application development staff work closely together.

Learn how to secure the WebSphere V6.1 for z/OS infrastructure, and how to secure EJB applications and Web applications.

Reinforce the concepts you learn in lectures with extensive hands-on laboratory exercises.

Note: This course does not address Java application development for z/OS, and it and does not teach the use of programming tools such as IBM Rational Application Developer 7.0 . However we will use the ASTK to change the deployment descriptors of the applications we will install in order to set the security artifacts.

This training may be available onsite; please contact us if you are interested.

Who will the lesson benefit?

This course is intended for experienced z/OS system programmers responsible for securing the infrastructure of WAS V6, along with Information Technology (IT) professionals responsible for the secure deployment of EJB and Web applications into WAS V6 on z/OS.

It is recommended that teams of two or three individuals from an enterprise attend this course. Teams should include the z/OS system programmer responsible for the installation of WAS V6, an application assembler responsible for deploying EJB and Web applications, and possibly a WAS specialist. The range of skills needed for securing WebSphere e-business applications is such that it is rare for one IT professional to have expertise in all areas of WebSphere and RACF.

What delegates will learn

  • Plan for the modification of the installation security configuration necessary to support J2EE application security
  • Describe the security options available for WebSphere V6 client authentication/identification, secure communications, and authorizing access to resources
  • Describe what is involved in securing resources in a J2EE environment. Applications are often created, assembled, and deployed in different phases, by people in different roles
  • Compare the various J2EE client authentication options including options usable across multiple platform types
  • Assist developers by implementing infrastructure for the following J2EE authorization techniques
  • EJB roles
  • RunAs
  • resauth
  • Synch to OS thread
  • Assist developers by implementing infrastructure for the following web client authentication options
  • Basic authentication
  • Forms-based authentication
  • Client certificates

What prerequisites are required

Students should have:

  • experience with the installation and customization of z/OS and its subsystems, including the Security Server (Resource Access Control Facility (RACF)), or equivalent product
  • experience with the administration of WebSphere on z/OS, including the usage of the admin console to deploy applications

This course assumes that the initial zWebSphere installation and customization have already been implemented in a network deployment cell configuration, including a Deployment Manager, Node Agent, and Application server. The basic implementation of zWebSphere is not covered in this course. Individuals who need training in the implementation of WebSphere on z/OS should consider completing other appropriate courses in the curriculum prior to attending this course.

Contents of this class

Day 1

  • Welcome
  • Unit 1: Overview of WebSphere for z/OS version 6
  • Unit 2: WebSphere and J2EE security overview
  • Unit 3: WebSphere infrastructure and SAF security: Initial RACF setup
  • Lab 1: WAS security setup, enabling administrative and application security

Day 2

  • Lab 1 (Continued)
  • Unit 4: WebSphere and SSL
  • Unit 5: J2EE security

Day 3

  • Unit 6: Enabling basic authentication
  • Lab 2: Enabling HTTP basic authentication
  • Lab 3: Exploring WebSphere bindings
  • Unit 7: Enabling form based authentication
  • Lab 4: Enabling SSL client authentication
  • Unit 8: Enabling EJB authorization and RunAs
  • Lab 5: Enabling form based authentication
  • Lab 6: EJB security
  • Lab 7: runas and sync to os thread (optional)
  • Lab 9: Java 2 security (optional)

Day 4

  • Unit 9: Connector security J2C connectors
  • Unit 10: Connector security JDBC
  • Unit 11: Web Services Security (WS-Security)
  • Lab 8: Connector security (optional)
  • Lab 10: LDAP security (optional)
(C) AquinasTraining.co.uk - Contact Us