Show TOC Anfang des Inhaltsbereichs

Diese Grafik wird im zugehörigen Text erklärtKerbv5 (SSO)  Dokument im Navigationsbaum lokalisieren

This authentication type is handled by the interface javax.resource.spi.security.GenericCredential.

As with BasicPassword Authentication, you will need to enter User / Password via web browser to the application when calling the server for the first time. For this User / Password pair an Application Server issues a ticket that will be used also for establishing a connection via SAP JRA. As long as your web session is valid, this ticket will always be supplied to the Application Server on each request.

To enable the Kerbv5 authentication mechanism, application descpriptors should contain the following entries:

 

web-j2ee-engine.xml descriptor:

 

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-j2ee-engine SYSTEM "web-j2ee-engine.dtd">

  <web-j2ee-engine>

    <resource-ref>

      <res-ref-name>MyConnFactory</res-ref-name>

      <res-link>MyConnFactory</res-link>

    </resource-ref>

    <security-role-map>

      <role-name>Everybody</role-name>

      <group-name>Guests</group-name>

      <group-name>Administrators</group-name>

    </security-role-map>

  <login-module-configuration>

    <login-module-stack>

        <login-module>

           <login-module-name>

BasicPasswordLoginModule

</login-module-name>

           <flag>OPTIONAL</flag>

        </login-module>

        <login-module>

           <login-module-name>

CreateTicketLoginModule

</login-module-name>

           <flag>SUFFICIENT</flag>

        </login-module>

    </login-module-stack>

  </login-module-configuration>

  </web-j2ee-engine>

 

web.xml descriptor:

 

<?xml version="1.0" encoding="UTF-8"?>

 

<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>

 

<web-app>

  <display-name>VeriClientServletSSO</display-name>

  <servlet>

    <servlet-name>VeriClientServletSSO</servlet-name>

    <display-name>VeriClientServletSSO</display-name>

    <servlet-class>

com.sap.mw.jco.jra.tests.client.auth.sso.VeriClientServletSSO

    </servlet-class>

  </servlet>

  <servlet-mapping>

    <servlet-name>VeriClientServletSSO</servlet-name>

    <url-pattern>/VeriClient</url-pattern>

  </servlet-mapping>

  <session-config>

    <session-timeout>30</session-timeout>

  </session-config>

 

  <security-constraint>

    <web-resource-collection>

      <web-resource-name>test1</web-resource-name>

      <url-pattern>/VeriClient</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>Everybody</role-name>

    </auth-constraint>

    <user-data-constraint>

      <transport-guarantee>NONE</transport-guarantee>

    </user-data-constraint>

  </security-constraint>

  <login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>JRAAuthentication</realm-name>

  </login-config>

  <security-role>

    <role-name>Everybody</role-name>

  </security-role>

 

  <resource-ref>

    <res-ref-name>MyConnFactory</res-ref-name>

    <res-type>javax.resource.cci.ConnectionFactory</res-type>

    <res-auth>Container</res-auth>

  </resource-ref>

</web-app>

Please be aware that application container should be notified through the entry

<res-auth>Container</res-auth>

that it should use one of the Container Managed Authentication methods.

 

Ende des Inhaltsbereichs