Communication Between the ICM and J2EE Engine

The communication between the ICM and J2EE Engine has the following peculiarities:

·        A separate protocol is used.

·        The ICM can be set up so that the communication with the J2EE Engine is SSL-encrypted.

·        If you want to forward certification data to the J2EE Engine to use it there for authentication, and the communication between the ICM and J2EE is not to be encrypted, in the J2EE Engine you have to set the property AcceptClientCertWithoutSSL in the HTTP Provider Service to true (default is false).

Communication Protocol

The communication between the ICM and J2EE Engine has its own protocol.

When the ICM receives an HTTP(S) request for the J2EE Engine, it proceeds as follows:

·        If the request is SSL-encrypted (HTTPS), the ICM decodes the data. The request is now an HTTP request.

·        The ICM checks on which port the Java Dispatcher receives HTTP or HTTPS requests. The Java dispatcher sends this information to the ICM via the ABAP dispatcher.

·        The ICM adds additional information to the HTTP request:

Ў        Length of the request

Ў        Information to determine whether it is an HTTP or an HTTPS request

With this extra information the forwarded data stream is no longer in HTTP.

·        The Java dispatcher forwards the request to a local Server Process.

The same process is applied to the response. The Java dispatcher provides the HTTP(S) response with the additional information and passes this to the ICM, which then sends it to the client.

SSL Communication

If the ICM receives an HTTPS request, it decodes it. If it determines from the URL (see Server Selection and Load Balancing Using the SAP Web Dispatcher) that the request should go to the J2EE Engine, there are various communication options.

You can set whether the request should be SSL-encrypted, before it is forwarded to the J2EE Engine. You can do this in the following ways:

·        Do not encrypt the request: The request is sent to the J2EE Engine with the protocol described above via TCP sockets.

·        Encrypt the HTTPS request again: All requests that arrived as HTTPS at the ICM are SSL-encrypted again, before they are sent to the J2EE Engine.

·        Encrypt all requests: Regardless of whether the request was HTTP or HTTPS, it is SSL-encrypted, before it is sent to the J2EE Engine.

The ICM is configured for communicating with the J2EE Engine in the profile parameter icm/HTTP/j2ee_<xx>.