cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Securing WebDynpro with Roles

Former Member

on ‎01-21-2009 3:02 PM

0 Kudos

Hello Community,

fist: I'm running on NW CE 7.1 (SP5)

I want to secure my web-dynrpo (Java) application. For this i first set the application property "sap.authentication" to true. So only users which logged to the system can execute the web-dynpro.

But additionaly only users belonging to a specific role should execute the web-dynpro.

At the moment i only did it in my underlaying EJBs with help of Annotations (@RolesAllowed({"xxx","yyy"}) and the needed mapping of that App-Roles to Server-Roles in "ejb-j2ee-engine.xml".

This helps, when some unauthorized application is trying to use my beans and of course so it works with my Web-Dynpro Application.

But i would like to check before getting an exception from the ejb if the user is member of a specific server-role.

Any ideas to achive this?

regards

Matthias

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-21-2009 10:16 PM
0 Kudos

You can use UME API /UME permissions to check whether the user has the role assigned.

Get the webdynpro user and then check the roles.

IWDClientUser clientUser = WDClientUser.getCurrentUser();

sapUser = clientUser.getSAPUser();

if (sapUser.hasPermission(new NamePermission("XXXX")))---to check UME permission

or

sapUser.isMemberofRole -- to check whether the user has the role.

Hope that helps!

Show replies
Show replies
Former Member
‎01-22-2009 7:31 AM
0 Kudos

Hello,

in NW CE 7.1 the mechanism is different.

I don't have the IUser Interface or the User Class.

But the WDClientUser-Class (now) has a method for directly get the username or to check the permission.

So your Code-Snippet would look like this in NW CE 7.1


IWDClientUser wdClientUser = WDClientUser.getCurrentUser();
wdClientUser.checkPermission(permission);

But Permission is not of Type NamePermission or other SAP-Permission-Types for UME.

And wdClientUser doesn't have a method getSAPUser();

So the big question further is how to check if a user has a specific permission or belongs to a specific role.

And where do i have to customize the permssions? Its not possible to customize them in the server-admin. there i'm only able to customize users, groups and roles for UME.

But I read that these have to be inserted into an actions.xml file. i also found out, that there is a specific DC-Type for UME-Content

and after deploying that dc-jar file i could see the permissions in server-admin ume. Is this the right way?

regards

Matthias

Ask a Question