The J2EE Engine is an application middleware component in your system landscape and communicates with a number of communication partners. Deployed applications and the components of the J2EE Engine can negotiate communication using several protocols, depending on the J2EE Engine container where they reside. The primary communication protocols include HTTP, Telnet, P4 and IIOP, as well as, LDAP, JDBC and RFC for SAP specific communications. P4 and IIOP are the protocols that are used for Java specific Remote Method Invocations communication. In addition, the J2EE Engine supports SOAP for Web Services communication.
The J2EE Engine containers represent an abstract logical grouping of runtime services and life cycle management functions for J2EE application components. The J2EE Engine containers include the Web Container, EJB Container, Web Services Container and Persistence Container. For more information, see J2EE Engine System Architecture in the Architecture Manual.
In the following topics we describe in more detail the relevant security considerations for each of the communication channels for the AS-Java:
Gives an overview of the security aspects associated with using intermediary devices such as the SAP Web Dispatcher, Microsoft IIS with IIS proxy module and other devices, for example, the Apache reverse proxy.
Presents an overview of the security aspects of the communication between the J2EE Engine and Web clients, for example Web browsers and Web Dynpro applications.
Discusses the security aspects of the communication between application servers acting as clients or servers and the J2EE Engine.
Provides an overview of the security aspects of the communication channels relevant to Web Services.
Provides an overview of the security aspects of connecting the J2EE Engine to backend systems and user persistency stores.
Provides an overview of the communication channel security when deploying applications on the J2EE Engine using the Software Deployment Manager.
· Transport Layer Security on the SAP J2EE Engine in the Administration Manual
· Specifying Security Constraints for J2EE applications in the Development Manual
· Security Guide for Connectivity with the J2EE Engine in the SAP NetWeaver Security Guide