Secure Your Enterprise Application with Authentication in SAP NetWeaver Web AS Java

  • by Robert Heidasch, Chief Innovation and Technology Lead, Accenture
  • December 2, 2009
One of a company’s worst nightmares is the theft of customer or other confidential data. To avoid having unauthorized parties view this data, you should secure your enterprise applications. Find out how you can carry this out by using the Java Authentication and Authorization Service in SAP NetWeaver Application Server Java.
Key Concept
In SAP NetWeaver, authentication includes the process of establishing and verifying the identity of a person or system component as a prerequisite for allowing the person or system component access to an SAP NetWeaver server system. The authentication process is initiated by SAP NetWeaver when a client system requests access to various system resources, such as back-end resources.

With the increasing use of distributed systems based on open standards and flexible information sharing with multiple business partners, establishing the identities of the communicating parties has become an important element in protecting your business operations. You need to protect your business sensitive data provided by the business application against unauthorized access, such as protecting the list of your customers from your competitor. This is especially relevant for Web applications that access external resources (e.g., Web container-based applications such as Java servlets or Web services running on Java-based servers called JEE servers). In these situations, the authorization concept applies to the following two factors:

  • Is the user authorized to access this resource?
  • Can the client load the resource, or is the client prevented from loading it?

The JEE server supports the Java Authentication and Authorization Service (JAAS) standard, which in turn supports authentication of installed applications (e.g., Web applications that are running in a Web container). The JAAS standard allows you to configure policy to determine the mechanism that the system uses to authenticate an application’s users.

SAP NetWeaver Application Server (SAP NetWeaver AS) Java is a JEE server and supports JAAS-based authentication of Java applications. The authentication concept is based on the Web application’s authentication, which is integrated with SAP User Management Engine (SAP UME). SAP UME provides a centralized user management for all Java applications running in SAP NetWeaver AS Java (or the SAP JEE server).

I will show you the authentication functionality available in the SAP JEE server, including the JAAS standard configuration and SAP-specific extensions that are required to configure the authentication mechanism in Java-based applications. Additionally, I will demonstrate how to develop a JAAS-compliant login module that is integrated with SAP UME and can be used in custom Java applications. You can implement the authentication mechanism in SAP NetWeaver AS ABAP and Java. In this article, I concentrate on authentication functionality available in SAP JEE server.

Robert Heidasch

Robert is the chief innovation and technology lead in the global Accenture Technology Platform, which is responsible for SAP Leonardo and the new digital technology defining business value and driving the digital transformation of complex enterprise solution for Accenture diamond and strategic clients. Before that he was responsible as innovation and solution lead for the design and architecture of new business applications developed jointly by Accenture and SAP based on the newest SAP and non-SAP technology. Robert is the Accenture certified Senior Digital Architect and Senior Technology Architect. He is coauthor and trainer of a couple of SAP technology-related trainings for the in-memory platform and architecture of new business applications (e.g., SAP HANA, SAP Cloud Platform, and SAP Leonardo applications for solution architects and technical architects, all of which were provided by Accenture in Europe, the US, and Asia). Robert has more than 23 years’ experience designing and developing IT systems. He published several technical and business articles about SOA, SAP NetWeaver and its integration with non-SAP systems (e.g. Microsoft, Oracle, etc.), and SAP HANA technology. He is also an inventor of 38 patents in the US in the area of in-memory technology, artificial intelligence and machine learning, security, semantics, and SOA. He is a frequent speaker in international business conferences and SAP Forum. He is a subject matter expert in customer projects worldwide and has extended experience in team leadership in Europe, the US, and India.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.