Implement authentication and access control with the Common Security Infrastructure (CSI) component. Use CSI to authenticate and authorize administrator, developer, and end-user operations. CSI has a service provider plug-in model that integrates with the customer’s existing security infrastructure.
SAP Mobile Platform does not provide its own security systems for storing and maintaining users and access control rules, but delegates these functions to the enterprise’s existing security solutions. Security provider plug-ins for many common security solutions are included with SAP Mobile Platform.
One of the service provider types, the login module, authenticates the user. The login module interface conforms to the Java Authentication and Authorization Service (JAAS). All of the login modules in the SAP Mobile Platform authenticate with user ID and password credentials. Multiple login modules, each of which links to a different security store, can be stacked. When the user logs in, each login module attempts authentication in the order specified in the CSI configuration definition. The authentication attempt stops iterating through the sequence when authentication has been achieved or rejected.
For more information on using a custom security provider, see Security API in Developer Guide: SAP Mobile Server Runtime.