Additional system security functions for SAP NetWeaver AS Java are described in the sections below:
With the Key Storage Service, you can manage the key pairs used by the AS Java, for example, for signing logon tickets or for using SSL.
You can protect access to system resources on the AS Java by assigning them to protection domains and maintaining corresponding access control lists.
● Recommended WS Security Scenarios
You can protect access to Web services using authentication and authorization mechanisms. You can also specify that transport layer security should or must be used when accessing the Web service.
● Security Audit Log of the AS Java
Use the security audit log to track security-related events on the AS Java. Events such as unsuccessful logon attempts or changes to user profiles can be recorded and analyzed.
● Secure Storage for Application-Specific Data
Your applications can use the secure storage area on the AS Java to store sensitive data such as passwords. Data saved in this area is encrypted using a secret key that is created explicitly for the application or service.
● Secure Storage in the File System
The AS Java stores security-relevant information encrypted in a file in the file system. Because the cryptographic software needs to be deployed after the installation, you first need to activate the secure storage in the file system to have this information stored in encrypted form.
Using the Security Provider, you can view the users who are logged on to the AS Java server. The administrator can also terminate individual user sessions.