This release includes enhancements that increase security for OData clients in specific landscapes, enable you to integrate your existing security landscape with Unwired Platform, implement role-based automatic on-boarding, and control data change notification (DCN) authentication and authorization. Anonymous login capability provides underlying support.
Documented in: Security, see SiteMinder Authentication with Sybase Unwired Platform
Documented in: Developer Guide: Unwired Server Runtime, see Security API
Documented in:Sybase Control Center for Sybase Unwired Platform, see SUP Help Desk
Previously, the "admin" security profile was used when the user name did not include the security configuration name.
For example, if the user name includes the "admin" security configuration, and the administrator wants to push all packages and users through HttpAuthDCNServlet, the administrator can reuse the existing code without any changes by ensuring the user names include the @admin suffix. If no security configuration is specified for the user name, the package security configuration (or the "security" parameter in Hybrid App DCN) authenticates and authorizes the user.
Documented in: Security, see Adding a PreconfiguredUserLoginModule for HTTP Basic Authentication
This release supports anonymous access, that is, one without an authentication or authorization requirement. The system administrator selects a predefined "Allow Anyone" role, which, once assigned to an application, enables access to the application without requiring or validating credentials. Application clients indicate when they are requesting anonymous login, which is specified via a flag in the connection API. Internally, the client runtime and server facilitate the rest of the interaction using SAP Passport.