This section describes security issues for calls from a Java Application to an SAP Application Server.
JCA, as part of the J2EE Architecture, uses services of J2EE standard authentication comprised in
JAAS (Java Authentication and Authorization Service).
This standard authentication contains authentication methods like
● BasicPassword and
● Kerbv5
These authentication methods are Container Managed Authentication procedures.
The type of authentication is given through the configuration of application descriptors.
When a connection is established, the SAP system checks the validity of the user credentials provided, regardless of the security mechanisms used.
The user specified in a ConnectionFactory is a repository user. This user must have all required authorizations for meta data query (see SAP note 460089).
However you should use the current application user for a call. The Container Managed Authentication uses the user that has logged on to the J2EE server. The Application Managed Authentication uses the user passed by the application via ConnectionSpec when generating the connection. If the Application Managed Authentication has not passed a user, then the repository user will be used.
For details on the different authentication types see:
● Application Managed Authentication
● Secure Network Connection (SNC)