The development capabilities of AS Java enable you to create and implement customized JAAS login modules to authenticate access to your applications.
You can develop login modules to customize access protection to your specific business requirements.
● SAP NetWeaver Developer Studio is installed
● AS Java is installed.
● You have administrative privileges to manage the configuration of the login modules on the AS Java.
The use of Java Authentication and Authorization Services on the AS Java enables you to enforce security in your applications in a pluggable and application-independent manner. When users or an application requests access to an application, the AS Java follows the sequence of steps defined in JAAS login modules to authenticate access.
The JAAS login modules implement authentication logic and enable pluggable and extensible authentication configuration during server runtime. The AS Java is shipped with a set of standard login modules that you can use for configuring most user authentication and SSO scenarios. In addition, you can develop custom login modules to adapt the authentication capabilities of the AS Java technology stack of SAP NetWeaver to your needs and business requirements.
For more information about the JAAS authentication flow, see Overview of the Login Process in JAAS.
For more information about the development time integration between the AS Java authentication and authentication against the UME, see Integration of AS Java and UME Authentication.
● Using Login Modules to Protect Web Applications
Gives information about the development and configuration tasks to enable during development time the use of authentication for Web applications. You can find information about SAP-specific callbacks that are used to communicate data to and from a Web application, security session management, SSO to applications.
● Security Aspects for Web Services
Provides information about the Web service-specific tasks to enable authentication for WS access.
Provides information about authentication for remote clients that use Java Remote Method Invocations.
● Propagation of Security Principals between AS Java Containers
Provides information about the process of propagating authentication credentials among applications running in different AS Java containers.