Integrating Security Functions
The following topics describe how to include security functions in your SAP applications:
· Authentication for Web Applications Users on the AS Java
This section describes how the authentication process works on the AS Java. In particular, it describes how the AS Java supports the Java Authentication and Authorization Service (JAAS) and how you can use the JAAS modules to authenticate users.
· Using Security Roles or UME Permissions in Applications
This section provides the background information needed when deciding how to use security roles (and security role references) to protect your applications. Both the standard J2EE roles and role references as well as the UME (User Management Engine) permissions are included.
This section describes the UME APIs in more detail and provides programming examples for using the functions such as authentication or access control lists.
· Security Methods to Use for Applications
The procedures used to assign the security roles and the authentication modules to your applications depend on the type of application that you are developing. This topic provides a list of links to the appropriate location in the documentation that applies to the designated application type.
· Digital Signatures and Document Encryption API
You can use these interfaces in your applications to create or verifying digital signatures or to encrypt or decrypt digital documents.
● Secure Connection Factory API for HTTPS Clients
You can use the interfaces and classes available with the secure connection factory to establish HTTPS connections when the AS Java is the client component for the connection.
As an alternative, you can use the Destination service API to establish HTTP(S) connections within your applications.
You can use the interfaces and classes available with the virus scan provider API to include external virus scanners in the SAP system to increase the security of your system.