Configuring Authentication
You configure policy configurations for your Web application in order to determine the mechanism that will be used to authenticate an application's users. You can choose from the standard policy configurations such as BASIC , DIGEST , FORM , and CLIENT-CERT , or use a custom login module. For more information about setting up policy configurations, see Managing Policy Configurations in the Administration Manual.
In addition, you can associate the application with a security policy domain that affects the local single sign-on (SSO) capabilities.
You configure login modules in both web.xml and web-j2ee-engine.xml descriptors from the SAP NetWeaver Developer Studio.
On the web.xml screen, proceed as follows:
- Open the General screen.
- Choose the authorization mechanism you want to use from the Authentication method drop-down list. The possible values are BASIC , DIGEST , FORM and CLIENT-CERT . For information about the different methods, see the JavaÔServlet 2.3 Specification at http://java.sun.com.
- If you chose the BASIC authentication method in the previous step, specify an authentication realm in the Realm name field. This string is then entered in the Realm field of the logon screen that the browser displays.
- If you have chosen FORM based authentication, you must also specify the location of the resource (HTML page, or servlet or JSP page) that provides the login page and the page that responds to a failed authentication attempt. To do this, choose Form login configuration and then enter the locations of the pages in the Form login page and Error login page fields, respectively.
You perform the next configuration steps on the web-j2ee-engine.xml screen:
- Open the Security screen.
- Select login configuration. You can make the following settings:
- Enter a security policy domain, to which the application is associated, in the Security policy domain field. This field accepts string values. If you use hierarchical policy domains, you must separate the strings with a backslash. For example, a value of /A/B means that this application is associated with domain /A/B that is included in the root domain /A. This configuration affects the applications SSO behavior.
For more information about the single sign-on environment on the J2EE Engine, see Single Sign-on for J2EE Web Applications .
- Force password change after a successful authentication to the application. To do this, you must provide the resources that provide the pages that display the login form or process the cases of failed password change. You must enter the location of those resources in the Login page and the Error page fields in the Password change configuration pane, respectively.
For more information about password change behavior on the J2EE Engine, see Changing the User Password .
- Configure a custom login module that will be used for user authentication. To do this, choose Add to add a new login module. Then enter the name of the login module in the Name field. The value of the field can either be the fully qualified Java class name of the class that implements the login module, or the name that it is registered with in the user store. Choose the priority flag for that module from the Priority drop-down list. The possible values are optional, required, requisite and sufficient. For more information about the semantics of those values, see Managing Login Modules in the Administration Manual.Note
In order to configure and use a custom login module in your Web application, you must have first registered it in the J2EE Engine user store.
- Enter a security policy domain, to which the application is associated, in the Security policy domain field. This field accepts string values. If you use hierarchical policy domains, you must separate the strings with a backslash. For example, a value of /A/B means that this application is associated with domain /A/B that is included in the root domain /A. This configuration affects the applications SSO behavior.
See also: