In the J2EE Engine you can use or define groups of login modules that contain different authentication logic. Such groups are referred to as login module stacks. Each login module stack enables you to choose different combinations of authentication for the applications you create, or for each of the components on the J2EE Engine.
Predefined login module stacks, which are also referred to as authentication templates, on the J2EE Engine:
● SAP-J2EE-Engine– this is a default configured login module stack that can be used by everyone.
● Basic – allows for Basic Authentication, supported by the Web container.
● Client – allows for client certificate authentication, supported by the Web container.
● Form – allows for form authentication, supported by the Web container.
· Ticket – used for creating and verifying logon tickets.
· Evaluation assertion ticket – used for verifying assertion tickets (tickets used between systems).
Using the login modules, you can create a login module stack that combines the authentication logic from several modules. Therefore, to perform authentication, the complete set of login modules is processed according to the configuration in the login module stack.
You can set the order in which these login modules are called during the authentication process and the order in which a client can be authenticated to the J2EE Engine. Also, following the JAAS specification, each module is processed according to login module flags.
Login Modules Flags Description
Flag |
Required to Succeed |
Description |
OPTIONAL |
No |
Authentication proceeds down the list if the module has succeeded or has failed. |
REQUIRED |
Yes |
Authentication proceeds down the list of modules if the module has succeeded or has failed. |
REQUISITE |
Yes |
If successful, the authentication proceeds down the list, otherwise control returns to the application – that is, the authentication does not proceed. |
SUFFICIENT |
No |
If the authentication is successful, control returns to application; otherwise, the authentication proceeds. |
The following table shows how a login module stack is processed based on these flags.
Login Module Stacks Processing
Module |
Flag |
Pass/Fail |
Pass/Fail |
Pass/Fail |
Module 1 |
SUFFICIENT |
Pass |
Fail |
Fail |
Module 2 |
REQUISITE |
* |
Pass |
Fail |
Module 3 |
OPTIONAL |
* |
Pass |
* |
Overall authentication |
|
Pass |
Pass |
Fail |