Security on the Portal WEB Services 

Authentication

When exposing a portal service as a Web service, the normal authentication and authorization process used by the portal is used. The SOAP connection delegates the process of the HTTP request to the central authentication mechanism.

The Web service framework supports:

• Authentication with user ID and password
• Authentication with X.509 client certificate
• SSO with SAP Logon Tickets and user/password authentication

Authorization

The Web service authorization process is based on the security zone concept. It checks whether the roles of the user attached to the HTTP request can have write access to the service.

The security zone is created by two elements:

·        The security domain

·        The list of users/roles/groups attached to this domain

The security domain is declared in the portalapp.xml file that is generated with all portal components/services. The tag corresponding to the security zone is automatically generated by the PAR Open Tool Plug-in of the SAP NetWeaver Developer Studio.

<services>  <service alias="TestBO" name="TestBO">   <service-config>    <property name="className" value="com.sap.test.TestBO"> </property>    <property name="SecurityZone" value="com.sap.test.TestBO/DefaultSecurity"> </property>    <property name="WebEnable" value="true"> </property>    <property name="WSDL" value="TestBO.wsdl"> </property>   </service-config>  </service> </services>

 

See also:

 

Examples of Portal Web Services Security