Applications running on J2EE Engine have two options for authenticating users:
· Container-based authentication: The container (in this case, SAP J2EE Engine) handles authentication. Applications running on the SAP J2EE Engine run in anonymous mode and assume that the container takes care of authentication.
· UME-based authentication: Applications running on J2EE Engine authenticate directly against SAP User Management Engine (UME) using the UME API.
We support an integration of these two types of authentication, so that, if an application uses UME-based authentication to authenticate its users, the container (J2EE Engine) is also aware that the users are authenticated. Inversely, if an application uses container-based authentication to authenticate its users, UME is also aware that the users are authenticated. Calls to the APIs of both the container and UME return the authenticated user. For more information, see Using Logon Tickets for Single Sign-On.
An application uses container-based authentication. The application itself does not authenticate users. Users are authenticated by the container and are issued a logon ticket. The application can get the current user through either a call to the container API or to the UME API.