This is the definitive course for all those who will be dealing with the security aspects that are critical for web applications running in a WebSphere Application Server environment.<br> The course introduces and explains global security, administrative security, application security and Java 2 security, using the features of security domains and cell-wide security that have been available since V7. This includes defining security constraints and security roles for web applications. Different repositories can be used, including federated, local and custom repositories, which are all explained and configured in detail. together with the VMM (Virtual Member Manager) which allows security to function with or without all of its repositories available.<br><br>Following on from this, SSL, Encryption , Digital Signatures and certificates are explained in great detail plus SSL Cell configuration, including trust stores, keystores, plugin keystores, expiration of certificates and replacement. In addition, SSL between WebSphere and DB2 and single sign on is explained.<br><br>Secruity must be hardened by addressing different areas, such as web server, configuration files, SSL, etc. However, problems will occur and, by looking at logs and traces, these problems can be resolved quickly.<br>Performance tools are also explained, so that secure applications can be fine-tuned to run more smoothly.<br><br>The course combines formal classroom teaching with numerous practical, hands-on sessions.
Read more


Attendees should have experience in WebSphere Application Server (WAS) and now want to engage in all aspects of security within WAS.
Read more

Delegates will learn how to

  • describe the set-up of global security, administrative security, application security and Java 2 security
  • configure administrative security for particular users to gain different access to the admin console
  • set up security domains for admin security and application security
  • set up the security cache and security auditing features
  • create a secure web application using security constraints and security roles and mapping to specific groups and users
  • configure the VMM
  • explain the Public Key Infrastructure
  • describe digital certificates and digital signatures using both Certificate Authorities and Self Signed Certificates
  • configure SSL for JDBC connections and within the cell
  • understand and setup cross cell authentication
  • explain the new application policy sets that can be installed to define the integrity and confidentiality of messages and transactions for Web Services
  • understand the use of CSIv2 when securing client to server applications
  • use logs and traces to recognise problems
  • use performance tools, recognise performance problems and tune accordingly.
Read more


Security in the WebSphere J2EE Environment

Objectives & topics; WAS security implementation; Administrative security; Secure System Administration; Federated repositories feature; Simplified certificate and key management; Tips for configuring default security; Secure processes; Extensible, layered security infra-architecture; J2EE security features compared; Java2 security; JAAS (Java Authentication and Authorization Service; J2EE security roles; J2EE security the full picture explained; SSL - Secure Sockets Layer; Authentication; External WAS security components; JACC - Java Authorization Contract for Containers; J2EE Application Security (focus on); Security roles; Taken from EJB specification; EJB specification translated; J2EE container based security; Configuring application security; handling security role mappings from Admin console; Securing J2EE components in practice; Web components; Web module; Securing EJBs; Security Cache, Multiple Security Domains; Different application security realms.

Virtual Member Manager

Objectives & topics; How does it work; different types of VMM; configuring the VMM using default adapters; configuring VMM with Property Extension Repository (PER) and Entry Mapping Repository (EMR); configuring database repository in VMM.

SSL and Encryption

Objectives and Topics; Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; CA and self signed certificates; Auto replacement of certificates; autosecurity and privacy; firewalls and encryption; Secure Sockets Layer; Secure communications using SSL; SSL administration.


Objectives and Topics; Overview of CSIv2; the protocol; three layers of authentication; identity assertion and mapping; security attribute propagation; configuration on the client and the server,

Troubleshooting Made Easy?

Objectives & topics; Resources for problem determination; Console messages; Log Files; WAS logs overview; Basic format for log/trace entry; If logs are not enough; To trace or not to trace; Trace strings; Web Server - Web container: mind the gap!; HTTP Server logs; Dump Name Space; Thread analyzer; Collector tool; First Failure Data Capture logs; HTTP session monitoring; Product installation information; Log and Trace analyzer for Autonomic Computing.

Security Performance

Objectives & topics; Performance enhancing technologies; Performance data; Transaction oriented; Built-in performance booster; Performance data and tools; PMI overview; PMI data; Performance data hierarchy; PMI data organization; Tivoli Performance Viewer; Performance Advisors; Performance (PMI) Servlet; JVMPI facility; PMI request metrics; Request Metrics functionality; What's the point?; Current architecture; Configuring Request Metrics; Limit the monitoring; Request Metrics output; Application Response Measurement (ARM); Dynamic Cache (optional section); Dynamic Cache functionality; What can be cached?; How it works; Dynamic Cache setup; Dynamic Cache monitoring; Security Cache and Auditing.

Read more

Why choose QA

Dates & Locations

Frequently asked questions

See all of our FAQs

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please contact us for more information