Show TOC Start of Content Area

Background documentation Authentication for Web Applications Users on the J2EE Engine  Locate the document in its SAP Library structure

Authentication is a mechanism for securing your Web applications by determining the user’s identity before granting that user access to application resources. The J2EE specification defines four compulsory schemes for Web application users authentication:

You can use each of these standard authentication schemes to protect your Web applications. They are part of the J2EE Engine’s implementation. To enable any of the schemes for your Web application, all you have to do is declare that in its web.xml deployment descriptor (provided that the user store you are using supports digest authentication, and you have also configured the HTTPS protocol to use for CLIENT-CERT authentication). For more information on doing this, see Configuring Authentication.

Pluggable Authentication using JAAS Login Modules

You can define your own authentication scheme that best suits the security architecture of your Web application by developing a JAAS-based login module (or by developing several login modules and configuring them in a stack). You can do this in a pluggable manner – that is, you develop the login modules and register them in the Security Provider Service on the J2EE Engine, independent of your Web application. Then you just declare that your application must use the corresponding login modules using its web-j2ee-engine.xml additional descriptor.

See also:

For more information on how to declare the usage of the login modules, see Configuring Authentication.

For more information on the login process when using JAAS login modules, see Overview of the Login Process in JAAS.

End of Content Area