Adapters Running in the Plain J2SE Adapter Engine

This section summarizes how you can secure adapters running in the Plain J2SE Adapter Engine.

The Plain J2SE Adapter Engine is only supported for compatibility reasons. It hosts only a subset of the adapter functionality and has fewer security features. You should only use the Plain J2SE Adapter Engine if it is a precondition in your environment. For more information, see the Plain J2SE Adapter Engine.

User Administration

The Plain J2SE Adapter Engine has a separate user and password management, which is not integrated into the overall SAP NetWeaver user administration. For more information, see Configuration.

The Plain J2SE Adapter Engine provides three user roles for interactive users:

?     Adapter Engine administrator

With this role you administer the Plain J2SE Adapter Engine. It includes the user administration itself.

?     Adapter configurator

With this role you configure the individual adapters.

?     Adapter user

With this role you can view the adapter configurations.

Additionally, there is a role for messaging, which has to be assigned to users that send messages to the Plain J2SE Adapter Engine:

?     HTTP server user

With respect to password management, you should always store passwords in the tokenized and obfuscated form as documented in Password Management.

Securing Communication

You should enable SSL for all HTTP-based communication to and from the Plain J2SE Adapter Engine:

?     Communication to and from the Integration Server

?     Communication to and from an external SOAP communication partner

If possible, you should also encrypt the communication to and from the JMS provider.

The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.

Securing Resources

All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.

The file for the engine administration data itself is located in the following directory:

<installation directory>/tech_adapter/BaseConfiguration

The file for the adapter configuration data is located in the following directory:

<installation directory>/tech_adapter/Configuration

The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.

Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.