This section describes security issues for calls from a Java Application to an SAP Application Server.
JCA, as part of the Java EE Architecture, uses services of Java EE standard authentication comprised in the JAAS (Java Authentication and Authorization Service).
This standard authentication contains authentication methods like
● BasicPassword and
● Kerbv5
These authentication methods are Container Managed Authentication procedures.
The type of authentication is given through the configuration of application descriptors.
When a connection is established, the SAP system checks the validity of the user credentials provided, regardless of the security mechanisms used.
For details on the different authentication types see:
● Application Managed Authentication
● Secure Network Connection (SNC)