Show TOC Start of Content Area

Background documentation Overview of the Tutorials  Locate the document in its SAP Library structure

Because of these numerous possibilities for using roles and permissions, in the following tutorials we concentrate only on the most frequently used scenarios. See the sections below:

Tutorial 1: Protecting Access to the J2EE-Based Application Using J2EE Security Roles

In this tutorial, you will protect access to the J2EE-based car rental application using authentication mechanisms and J2EE security roles. The Web client for this application is a JSP and servlet application; the business logic is implemented using entity beans. The table below shows the protection used for each component.

Protection Used for Tutorial 1

 

Component

Protection

Presentation Layer

JSP and servlet

Authentication

J2EE security roles

Business Logic

EJB

J2EE security roles

Tutorial 2: Protecting Access to the J2EE-Based Application Using UME Permissions and Actions

In this tutorial, you will protect access to the J2EE-based car rental application using authentication mechanisms and UME permissions and actions. The Web client for this application is the same JSP and servlet used in the first tutorial; the business logic is also implemented using entity beans. The table below shows the protection used for each component.

Protection Used for Tutorial 2

 

Component

Protection

Presentation Layer

JSP and servlet

Authentication

UME permissions

Business Logic

EJB

UME permissions

Tutorial 3: Protecting Access to a Web Dynpro and EJB Application When it is Available as a Web Service

In this tutorial, you will use a Web Dynpro client to access the EJB as a Web service.

To obtain the user ID, you will activate authentication on the Web Dynpro client as well as on the Web service.

Because the EJB methods can also be accessed directly, it is best to provide the authorization protection at the backend. Therefore you will include permission checks in the EJB methods.

Note

Although it is possible, it is not necessary to provide authorization protection for the Web service for this tutorial.

Recommendation

We recommend applying authorization protection for Web services that access components that do not directly support access protection, for example, java classes that are available as Web services.

As an optional step, you can also check UME permissions in the Web Dynpro client and adjust the Web Dynpro screen based on the user’s permissions.

The table below shows the protection to use at each level.

Protection Used for Tutorial 3

 

Component

Protection

Presentation Layer

Web Dynpro

Authentication

UME permissions (optional)

Middleware

Web service

Authentication

Business Logic

EJB

UME permissions

Applications to Use

The applications used in this set of tutorials are the J2EE quick car rental application and the Web Dynpro car rental application. Both of these applications are provided with the SAP NetWeaver Developer Studio example applications. In a default installation, you can find these applications in the directory C:\Program Files\SAP\JDT\eclipse\examples. They are provided with the archive files J2EE_QuickCarRental.zip and WebDynpro_CarRental.zip respectively.

Tutorials for Using Roles and Permissions in Applications

To continue with the tutorials for using roles and permissions, see:

·        Protecting Access to the J2EE-Based Car Rental Application

·        Protecting Access to the J2EE-Based Application Using UME Permissions

·        Protecting Access to the Web Dynpro Application Using UME Permissions

 

 

End of Content Area