J2EE Web Applications Security 

Modern business applications require complex security architectures so that sensitive application resources are protected from unauthorized access. J2EE Web applications (as part of an entire-scoped enterprise application and an “entry point“ to backend resources) are often used to authenticate application users. Therefore, the Web Containers that manage these applications must provide the necessary infrastructure to support the authentication and authorization processes taking place in the Web layer.

The SAP J2EE Engine Web Container manages the interactions with the security services to fulfill the security requirements of the Web applications deployed on it. These requirements include authenticating the users, authorizing them to access certain resources, and observing rules that guarantee data integrity and confidentiality.

Apart from the standard J2EE specification authentication requirements, the SAP J2EE Engine provides options for using custom authentication schemes based on JAAS mechanism. These options refer to developing and configuring login modules stacks to provide pluggable authentication that is not application- dependent.

See also:

 

For more information about the security mechanisms that you can use to secure your J2EE Web applications on the SAP J2EE Engine, see:

• Authentication for Web Applications Users on the SAP J2EE Engine
• Authorization for Web Application Users on the SAP J2EE Engine
• Single Sign-on for J2EE Web Applications
• Propagation of Security Principals to Other Containers on the SAP J2EE Engine