SES 32: Java EE Security

Java EE wasn’t developed with any specific application in mind. That’s why the developers have designed basic elements or blocks for security implementation:

  • Roles: Roles are used for business by users. For example, for a buying application, you need a Buyer role or Purchasing Manager role. Roles are clubbed together to form a series of authorizations within a Java application. Also, all authorizations used by the users in the business, are defined in roles.
  • Users: Users are often called user principals, which are identified by a unique principal name and can be authenticated by some authentication data.
  • Groups: These are used for role administration for user groups. Here, one can assign roles to a particular group and then assign uses to that group, instead of assigning roles to each user. This process doesn’t just save time, but also lets you to add or remove roles from that group.

Authentication Ways for SAP HCP

  • FORM: This authentication way is used for form-based security configuration using SAML 2.0 (Security Assertion Markup Language).
  • SAML2: It is similar to FORM authentication way.
  • CERT: This one makes it easy for users to log on using client certificates.
  • BASIC: This method uses HTTP basic security. It’s use in not recommended, since it’s not secure compared to other supported authentication methods.
  • BASICCERT: This is a hybrid and supports authentication using client certificates inside network and basic security outside the network.
  • OAUTH: This method is used to secure APIs with the help of OAuth 2.0 protocol.

Assignment of Roles in SAP HCP Cockpit

Now, let’s see how to assign roles to users inside SAP HCP Cockpit. This is done by clicking AUTHORIZATIONS tab, where you’ll see AUTHORIZATION MANAGEMENT content page to USERS tab. Thus, following are the required procedure for role assignment for users:

  • Choose a record of the user that you wish to maintain, by choosing target user account name into USER field and click on SHOW ASSIGNMENTS tab.
  • Hit the ASSIGN tab and add a new role in the roles table. This will show you ASSIGN ROLES FOR USER.
  • In the dialog box, select target role by choosing host SAP HCP account and Java application defining the role.
  • Click on SAVE tab after finishing the role assignment.


SAP HCP allows you to define custom groups to combine multiple roles together so that groups can be assigned to specific users of a class. These groups are defined with the context of SAP HCP account in SAP HCP cockpit, unlike user accounts that are maintained externally.

#Personal Recommendations

In case, if you want to refer and purchase for a guide or a book on the same, below are some of our personal recommendations that we’ve absolutely loved:

%d bloggers like this: