Show TOC

NoSecurity Configuration PropertiesLocate this document in the navigation structure

A NoSecurity provider offers pass-through security for SAP Mobile Server, and should be typically be reserved for devlopment or testing. SAP strongly encourages you to avoid using this provider in production environments — either for administration or device user authentication.

  • The NoSecLoginModule class provides open authentication services
  • The NoSecAuthorizer class provides authorization services
  • The NoSecAttributer provides attribution services
You need to configure only the authentication properties for the NoSecurity provider.
Table 1: Authentication Properties
Property Default Value Description
useUsernameAsIdentity true If this option is set to true, the user name supplied in the callback is set as the name of the principal added to the subject.
identity nosec_identity The value of this configuration option is used as the identity of the user if either of these conditions is met:
  • No credentials were supplied.
  • The useUsernameAsIdentity option is set to false.
Use First Password false If set to true, the login module attempts to retrieve only the user name and password from the shared context. It never calls the callback handler.
Try First Password false If set to true, the login module first attempts to retrieve the user name and password from the shared context before attempting the callback handler.
Clear Password false If set to true, the login module clears the user name and password in the shared context when calling either commit or abort.
Store Password false If set to true, the login module stores the user name and password in the shared context after successfully authenticating.
providerDescription none

(Optional). When enabled, allows the administrator to associate a description with the provider instance.

Using a provider description makes it easier to differentiate between multiple instances of the same provider type: for example, when you have multiple login modules of the same type stacked in a security configuration, each targeting a different repository.
Note When you create a new security configuration, SAP Mobile Platform sets the NoSecurity provider by default. SAP recommends that after you add, configure, and validate your providers, you remove the NoSecurity provider. For more information, see Creating a Security Configuration.