Show TOC Start of Content Area

This graphic is explained in the accompanying textKerbv5 (SSO)  Locate the document in its SAP Library structure

This authentication type is handled by the interface javax.resource.spi.security.GenericCredential.

As with BasicPassword Authentication, you will need to enter User / Password via web browser to the application when calling the server for the first time. For this User / Password pair an Application Server issues a ticket that will be used also for establishing a connection via SAP JRA. As long as your web session is valid, this ticket will always be supplied to the Application Server on each request.

To enable the Kerbv5 authentication mechanism, application descpriptors should contain the following entries:

 

web-j2ee-engine.xml descriptor:

 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd">

  <web-j2ee-engine>

    <resource-ref>

      <res-ref-name>MyConnFactory</res-ref-name>

      <res-link>MyConnFactory</res-link>

    </resource-ref>

    <security-role-map>

      <role-name>Everybody</role-name>

      <group-name>Guests</group-name>

      <group-name>Administrators</group-name>

    </security-role-map>

  <login-module-configuration>

    <login-module-stack>

        <login-module>

           <login-module-name>

BasicPasswordLoginModule

</login-module-name>

           <flag>OPTIONAL</flag>

        </login-module>

        <login-module>

           <login-module-name>

CreateTicketLoginModule

</login-module-name>

           <flag>SUFFICIENT</flag>

        </login-module>

    </login-module-stack>

  </login-module-configuration>

  </web-j2ee-engine>

 

web.xml descriptor:

 

<?xml version="1.0" encoding="UTF-8"?>

 

<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>

 

<web-app>

  <display-name>VeriClientServletSSO</display-name>

  <servlet>

    <servlet-name>VeriClientServletSSO</servlet-name>

    <display-name>VeriClientServletSSO</display-name>

    <servlet-class>

com.sap.mw.jco.jra.tests.client.auth.sso.VeriClientServletSSO

    </servlet-class>

  </servlet>

  <servlet-mapping>

    <servlet-name>VeriClientServletSSO</servlet-name>

    <url-pattern>/VeriClient</url-pattern>

  </servlet-mapping>

  <session-config>

    <session-timeout>30</session-timeout>

  </session-config>

 

  <security-constraint>

    <web-resource-collection>

      <web-resource-name>test1</web-resource-name>

      <url-pattern>/VeriClient</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>Everybody</role-name>

    </auth-constraint>

    <user-data-constraint>

      <transport-guarantee>NONE</transport-guarantee>

    </user-data-constraint>

  </security-constraint>

  <login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>JRAAuthentication</realm-name>

  </login-config>

  <security-role>

    <role-name>Everybody</role-name>

  </security-role>

 

  <resource-ref>

    <res-ref-name>MyConnFactory</res-ref-name>

    <res-type>javax.resource.cci.ConnectionFactory</res-type>

    <res-auth>Container</res-auth>

  </resource-ref>

</web-app>

Please be aware that application container should be notified through the entry

<res-auth>Container</res-auth>

that it should use one of the Container Managed Authentication methods.

 

End of Content Area