cancel
Showing results for 
Search instead for 
Did you mean: 

Call RFC from EJB using SSO

Former Member
0 Kudos

Can anyone point me in the right direction on the best practice for calling an RFC using SSO from an EJB?

When using the local interface for the EJB, the only solution I see is to pass the authenticated IUser instance from the portal component to the EJB business method through the method signature.

I am guessing that there is a better way to get access to an authenticated user in the EJB container.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Thanks for the reply.

Actually I was able to solve the problem last night. To get SSO to work in my local EJBs I created an RFC destination in the destination service using the visual administrator. I then used the destination service at runtime to pull the system definition from the J2EE system definitions store instead of the portal system landscape definitions and my connection object was created as expected.

Here is the code to create the connection in my EJB business method:


//get the user
IUser user = UMFactory.getUserFactory().getUserByUniqueName(this.myContext.getCallerPrincipal().getName());

// get the destination service
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sapportals.portal.prt.registry.PortalRegistryFactory");
InitialContext context = new InitialContext(env);
IDestinationsService destinationsService =
	(IDestinationsService) context.lookup(IDestinationsService.SERVICE_JNDI_NAME);
				
// define a destination filter to restrict to the RFC defined destinations
DestinationFilter destinationFilter1 =
	new DestinationFilter(DestinationFilter.SOURCE_J2EE_DESTINATION_SERVICE, DestinationFilter.TYPE_SAP);
				
// get a user specific connection
IConnection connection = destinationsService.getConnection(user, "ECC", destinationFilter1);
			

Former Member
0 Kudos

Well rather than pass the IUser from my portal component to the EJB (which only works through the local interface) I found I can pull the SSO ticket from the IUser in the portal component and pass it as a String to the business methods of the EJB.

This gets me around the serialization issue and allows me to pass the SSO ticket through the remote interface of the EJB but it feels "unecessary".

I would think that the EJB container would be able to generate the SSO ticket based on the caller principal in the session context. However I cannot find any information that indicates how to generate an authenticated user (read user with a valid SSO ticket) in the EJB container from the session context caller principal.

Has anyone had to call an RFC using SSO authentication from an EJB? If so how are you handling the ticket?

Former Member
0 Kudos

HI,

I have recently been doing some investigation in this area myself. I use the SAPJRA to connect to SAP from my EJB's, which will accept the SSO ticket and pass through the user's credentials to call the RFC. One watchout is that when you deploy the SAPJRA, you must hardcode a username and password, but the system will automatically replace these values if you have configured the security properly in the web.xml of the web application you are using to call.

Hope this helps