Show TOC Start of Content Area

Process documentation Configuring Web Applications Security  Locate the document in its SAP Library structure

Purpose

Use this process to set up the declarative security of your Web applications. The objective of this process is to use the deployment descriptors to meet the requirements that the security architecture of your Web application poses in terms of access control, authentication, and so on. Using declarative security saves you the effort of dealing with all of the above issues in the application’s code. It also provides better maintainability, enabling you to change the application security configuration without having to change and recompile the source code.

Process Flow

The configuration of Web application security consists of three, relatively autonomous areas:

·        Configuring access control to Web application resources as described in Specifying Security Constraints.

·        Configuring the application-scoped security roles and mapping them to existing J2EE Engine roles as described in Defining Web Applications Security Roles.

·        Configuring the authentication modules as described in Configuring Authentication.

See also:

 

For more information about security architecture and application security requirements, see the corresponding sections of JavaÔ 2 Enterprise Edition, version 1.3 and JavaÔ Servlet, version 2.3 specifications at http://java.sun.com.

End of Content Area