Start of Content Area

Background documentation Security Architecture and Security Contract  Locate the document in its SAP Library structure

The Adapter Framework default modules use the component-managed sign-on scenario as the security model.

Link to external website

The references refer to chapter 7.4.2 of the document J2EE Connector Architecture Specification, Final Version 1.0.

You can download this document at java.sun.com/j2ee/connector.

·        If the user name and password are configured in the exit bean of the default Adapter Framework module processor, they are forwarded, for example with ConnectionSpec, to the resource adapter.

·        If you do not use the default modules for the resource adapter, you can choose one of the security scenarios for the implementation of the resource adapter. The user name and password belong to a technical user that operates the Adapter Framework. This information does not relate to an end user.

·        The Adapter Framework does not publish any credentials or certificates (aliases) for the logon procedure to external protocols or back-end systems. You can, however, add this information to the metadata for the adapter configuration during adapter development. This configuration data is read for each communication channel and used to log on to back-end systems. See also: Adapter Metadata

Note

The references in the table refer to chapters 7 (Security Architecture) and 8 (Security Contract) of the document J2EE Connector Architecture Specification, Final Version 1.0.

You can download this document at java.sun.com/j2ee/connector.

Requirements Relating to Security Architecture and Security Contract

Requirement

JCA

Process Integration

Comment

Reference

Page

Component-managed sign-on scenario

Possible

Should be used

Use the transferred user name and password for the logon procedure. You can enhance or replace these in your own channel configuration, for example, with an alias or the J2EE keystore.

83

ManagedConnection

Factory.createManaged

Connection

Mandatory

Mandatory

createManaged Connection() uses the javax.security.auth. Subject object for authentication. The resource adapter must also support this property in the Adapter Framework.

97

Reauthentication

Possible

Possible

The Adapter Framework does not use reauthentication.

97

Deployment descriptor authentication values

Mandatory

Mandatory

Must be set in order to determine which authentication mechanism is to be used.

97

 

 

 

End of Content Area