Show TOC

Kerbv5 (SSO)Locate this document in the navigation structure

Definition

This authentication type is handled by the interface javax.resource.spi.security.GenericCredential.

As with BasicPassword authentication, you need to enter User / Password in the web browser to the application when calling the server for the first time. For this User / Password pair, an application server issues a ticket that will also be used to establish a connection through SAP JRA. As long as your web session is valid, this ticket will always be supplied to the application server on each request.

To enable the Kerbv5 authentication mechanism, application descriptors should contain the following entries:

web-j2ee-engine.xml descriptor:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd">
<web-j2ee-engine>
   <resource-ref>
      <res-ref-name>MyConnFactory</res-ref-name>
      <res-link>MyConnFactory</res-link>
   </resource-ref>
      <security-role-map>
         <role-name>Everybody</role-name> 
         <group-name>Guests</group-name>
         <group-name>Administrators</group-name>
      </security-role-map>
  <login-module-configuration>
   <login-module-stack
      <login-module>
         <login-module-name>
         BasicPasswordLoginModule
         </login-module-name>
         <flag>OPTIONAL</flag>
      </login-module>
      <login-module>
         <login-module-name>
         CreateTicketLoginModule
         </login-module-name>
         <flag>SUFFICIENT</flag>
      </login-module>
   </login-module-stack>
  </login-module-configuration>
</web-j2ee-engine>

web.xml descriptor:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
                         "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
   <display-name>VeriClientServletSSO</display-name>
   <servlet>
      <servlet-name>VeriClientServletSSO</servlet-name>
      <display-name>VeriClientServletSSO</display-name>
      <servlet-class>
       com.sap.mw.jco.jra.tests.client.auth.basic.VeriClientServletSSO
      </servlet-class>
   </servlet>
   <servlet-mapping>
      <servlet-name>VeriClientServletSSO</servlet-name>
      <url-pattern>/VeriClient</url-pattern>
   </servlet-mapping>
   <session-config>
      <session-timeout>30</session-timeout>
   </session-config>
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>test1</web-resource-name>
         <url-pattern>/VeriClient</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>Everybody</role-name>
      </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
   </security-constraint>
   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JRAAuthentication</realm-name>
   </login-config>
   <security-role>
      <role-name>Everybody</role-name>
   </security-role>
   <resource-ref>
      <res-ref-name>MyConnFactory</res-ref-name>
      <res-type>javax.resource.cci.ConnectionFactory</res-type>
      <res-auth>Container</res-auth>
   </resource-ref>
</web-app>

Please be aware that the application container should be notified through the entry

<res-auth>Container</res-auth>

that it should use one of the Container Managed Authentication methods.