cancel
Showing results for 
Search instead for 
Did you mean: 

Security Problem Accessing J2EE-Keystore

Former Member
0 Kudos

Hi!

I' m trying to access a keystore-view out of a xi-module (ejb), but get the following exception:

SMime.process() - Error while trying to verify signature: com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored at com.sap.engine.services.keystore.impl.KeystoreManagerImpl.checkPermission(KeystoreManagerImpl.java:48) at com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub.checkPermission(KeystoreManagerWrapper_Stub.java:707) at com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub.getKeystore(KeystoreManagerWrapper_Stub.java:201) at com.snapconsult.spardat.smime.SMime.process(SMime.java:174) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0.process(ModuleLocalLocalObjectImpl0.java:133) at com.sap.aii.af.mp.ejb.ModuleProcessorBean.process(ModuleProcessorBean.java:252) at com.sap.aii.af.mp.processor.ModuleProcessorLocalLocalObjectImpl0.process(ModuleProcessorLocalLocalObjectImpl0.java:103) at com.sap.aii.adapter.mail.service.MPCallerApplication.perform(MPCallerApplication.java:142) at com.sap.aii.messaging.srt.ApplicationBubble.onMessage(ApplicationBubble.java:29) at com.sap.aii.messaging.srt.InitiatorBubble.onMessage(InitiatorBubble.java:37) at com.sap.aii.messaging.srt.xmb.XMBIMAPInitiatorServiceImpl$MailClientTask.invoke(XMBIMAPInitiatorServiceImpl.java:628) at com.sap.aii.af.service.scheduler.JobBroker$Worker.run(JobBroker.java:450) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170) Caused by: com.sap.engine.services.keystore.exceptions.BaseKeystoreException: Application is not authorized to execute keystore operation [] at com.sap.engine.services.keystore.impl.security.CodeBasedSecurityConnector.checkPermissions_getView(CodeBasedSecurityConnector.java:712) at com.sap.engine.services.keystore.impl.security.SecurityRestrictionsChecker.checkPermission(SecurityRestrictionsChecker.java:230) at com.sap.engine.services.keystore.impl.ParameterChecker.checkPermission(ParameterChecker.java:35) at com.sap.engine.services.keystore.impl.KeystoreManagerImpl.checkPermission(KeystoreManagerImpl.java:46) ... 15 more Caused by: java.security.AccessControlException: access denied at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269) at java.security.AccessController.checkPermission(AccessController.java:401) at com.sap.engine.services.keystore.impl.security.CodeBasedSecurityConnector.checkPermissions_getView(CodeBasedSecurityConnector.java:705) ... 18 more

In the Security Provider - under "Protection Domains" I already added XISecurityRuntimePermission to my jar and further - under "Security Roles" - defined a Security Role named and mapped it to "J2EE_ADMIN", just to be sure.

Unfortunatly, I still get this exception. Has anybody got any hint on this?

Thanks a lot in advance!

Regards, Thomas

Accepted Solutions (1)

Accepted Solutions (1)

former_member214355
Contributor
0 Kudos

Hi

Can you Clarify If you have have given J2EE_ADMIN the keystoreadministrator and keystoreviewscreator server roles delivered with the J2EE Engine?

Thanks

Answers (2)

Answers (2)

Former Member
0 Kudos

HI,

have you solved your issue?

Im facing the exact same problem now.

Have you solved your problem in accessing own ketstore-view, please let me know the solution if you have solved.

KeyStore keyStore = manager.getKeystore("MYSTORE");

Caused by: java.rmi.RemoteException: com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored

Caused by: com.sap.engine.services.keystore.exceptions.BaseKeystoreException: Application is not authorized to execute keystore operation [

Caused by: java.security.AccessControlException: access denied

Please advice.

Thanks

MMK

henrique_pinto
Active Contributor
0 Kudos

Try this: in KeyStore service of Visual Admin, go to the Security tab (on the bottom part). Select the GET_VIEW action, choose your view and add your EJB to it.

Regards,

Henrique.

Former Member
0 Kudos

Hello Thomas,

I know it’s been a while since your post but I wonder if you resolved the problem and how?

I’ve the same problem, the only difference is that I want to access keystore-view out of a java mapping.

Can you help me out?

Can anyone help me out?

Thanks in advance.

Alexandre

henrique_pinto
Active Contributor
0 Kudos

Hi Alexandre,

have you solved your issue?

Im facing the exact same problem now.

I was even thinking of deploying the Keystore access part as an EJB and access it through java mapping (so I could give permissions for EJB in Security Provider) but Thomas's error sugests that even that won't work.

Any help would be appreciated.

Regards,

Henrique.