Start of Content Area

Background documentationCommunication Channel Security  Locate the document in its SAP Library structure

Communication Flow

The J2EE Engine is an application middleware component in your system landscape and communicates with a number of communication partners. Deployed applications and the components of the J2EE Engine can negotiate communication using several protocols, depending on the J2EE Engine container where they reside. The primary communication protocols include HTTP, Telnet, P4 and IIOP, as well as, LDAP, JDBC and RFC for SAP specific communications. P4 and IIOP are the protocols that are used for Java specific Remote Method Invocations communication. In addition, the J2EE Engine supports SOAP for Web Services communication.


The J2EE Engine containers represent an abstract logical grouping of runtime services and life cycle management functions for J2EE application components. The J2EE Engine containers include the Web Container, EJB Container, Web Services Container and Persistence Container. For more information, see J2EE Engine System Architecture in the Architecture Manual.

Communication Security

In the following topics we describe in more detail the relevant security considerations for each of the communication channels for the AS-Java:

        Using and Intermediary Server to Connect to the J2EE Engine

Gives an overview of the security aspects associated with using intermediary devices such as the SAP Web Dispatcher, Microsoft IIS with IIS proxy module and other devices, for example, the Apache reverse proxy.

        Communication Security for the Web Container

Presents an overview of the security aspects of the communication between the J2EE Engine and Web clients, for example Web browsers and Web Dynpro applications.

        Communication Security for the EJB Container

Discusses the security aspects of the communication between application servers acting as clients or servers and the J2EE Engine.

        Communication Security for Web Services

Provides an overview of the security aspects of the communication channels relevant to Web Services.

        Communication Security for Persistence Layer

Provides an overview of the security aspects of connecting the J2EE Engine to backend systems and user persistency stores.

        Communication Security for the Software Deployment Manager

Provides an overview of the communication channel security when deploying applications on the J2EE Engine using the Software Deployment Manager.

See also:

Data integrity

        Transport Layer Security on the SAP J2EE Engine in the Administration Manual

        Specifying Security Constraints for J2EE applications in the Development Manual

Communication Security

        Security Guide for Connectivity with the J2EE Engine in the SAP NetWeaver Security Guide



End of Content Area