If an SSO ticket was passed with a call, this ticket is checked on the Java EE Application side for its validity.
To enable the SSO mechanism, you have to perform the following steps:
● Configure the called application using the SAP-specific SSO Mechanism for
Server calls.
For details, see the documentation of the SAP Security Provider service on the J2EE Application Server: Using SAML Assertions for Single Sign-On.
● In the calling SAP Application Server, you have to activate the use of the SSO
tickets with each call via the transaction SM59.
If the access to the MDB has to be restricted to specific role, you may add the according restrictions in the ejb-jar.xml, according to the ejb 2.1 specification:
<assembly-descriptor>
<security-role>
<role-name>Hugo</role-name>
</security-role>
<method-permission>
<description>method-permission</description>
<role-name>Hugo</role-name>
<method>
<ejb-name>MyEjbNameBean</ejb-name>
<method-name>onMessage</method-name>
</method>
</method-permission>
</assembly-descriptor>