Secure Communication
Description
If you want to set up an HTTP, Web services consumer, or RFC connection from the AS Java to other servers, you might want to make use of transport layer security for network communications. Depending on the protocol used for the connection, you can use either the Secure Sockets Layer (SSL) or Secure Network Communications (SNC) protocol to secure the communication.
When using SSL or SNC to encrypt data communications at the network layer, you make use of the following security features:
· Authentication
With server-side authentication, the server identifies itself to the client when the connection is established, which reduces the risk of using “fake” servers to gain information from clients.
With mutual authentication, both the client and the server are authenticated when the connection is established. You can use client-side authentication, for example, to authenticate users using SSL instead of using user IDs and passwords.
● Data integrity
The data being transferred between the client and the server is protected so that any manipulation of the data is detected.
● Data privacy
The data being transferred between the client and the server is also encrypted, which provides for privacy protection. An eavesdropper cannot access the data.
For more detailed
information on transport layer security, see
Transport Layer
Security on the AS Java.
What Do I Get from the SAP NetWeaver Platform?
The AS Java supports the use of transport layer security for network communications. Depending on the protocol used for the connection, it supports SSL or SNC. If you want to set up an HTTP, HTTPS, Web services consumer, or RFC connection from the AS Java to other servers, then you can easily use the security features provided by the Destination service.
Three types of destinations are supported:
● HTTP(S)
● RFC
● Web services
HTTP destinations support HTTP Post and HTTP Get requests to HTTP or HTTPS URLs. Web service destinations are automatically created for deployable Web service proxies and are used to configure the authentication data. RFC destinations are used for connections to ABAP servers.
The data to be used for the connection (target address and user authentication information) is specified in the Destination service as a destination entry. The following authentication methods are supported:
● None
If you use this option, then no authentication occurs with the connection.
● Basic
With this option, you need to specify the user name and password to use for the connection. The user information is then sent with the request in an HTTP Basic Authentication header.
● X.509 client certificates
In this case, SSL with mutual authentication is used to authenticate the client. To use this option, you need to specify the public-key certificate from a keystore entry in the Key Storage service to be used for the client authentication.
● Logon Tickets
In this case, the current user must possess a logon ticket. The logon ticket is then sent with the request.
The Destination service uses the Secure Storage service on the AS Java to store the URL and user authentication information specified in the destination entry in encrypted form.
● You can use the Secure Sockets Layer (SSL) protocol to secure HTTP connections. In this case, the corresponding keys and public-key certificates are stored in keystore entries in the Key Storage service.
● You can use Secure Network Communications (SNC) to secure RFC connections to ABAP systems. In this case, you need to use an external security product to provide the protection.
You can either set up destinations manually using the SAP NetWeaver Administrator or you can use the service’s API to establish destinations programmatically. The following sections apply to the programmatic use of the API to set up the destinations.
For more detailed
information on the Destination service, see
Destination
Service.
What Do I Need to Do?
You can use the Destination service API to create, delete, change or use destinations.
Creating a Destination
To create a destination:
...
1. Look up a reference to the Destination service using the JNDI service.
2. Create a new destination (method: createDestination).
3. Adjust the destination’s parameters (method: set<parameter>).
4. Store the destination (method: storeDestination).
Using a Destination
To establish a connection using a destination:
...
1. Look up a reference to the Destination service using the JNDI service.
2. Obtain a destination (method: getDestination).
3. Open a connection (method: getURLConnection).
The interfaces and
classes for using the Destination service API are located in the package
com.sap.security.core.server.destinations.api. For more detailed information about the
most important interfaces provided with the Destination service API, see
Destination
Service API.
Examples
For some examples
about using the Destination service in your applications, see
Examples for Using the
Destination Service API.
Further Information
●
Transport Layer
Security on the AS Java