on 01-21-2009 3:02 PM
Hello Community,
fist: I'm running on NW CE 7.1 (SP5)
I want to secure my web-dynrpo (Java) application. For this i first set the application property "sap.authentication" to true. So only users which logged to the system can execute the web-dynpro.
But additionaly only users belonging to a specific role should execute the web-dynpro.
At the moment i only did it in my underlaying EJBs with help of Annotations (@RolesAllowed({"xxx","yyy"}) and the needed mapping of that App-Roles to Server-Roles in "ejb-j2ee-engine.xml".
This helps, when some unauthorized application is trying to use my beans and of course so it works with my Web-Dynpro Application.
But i would like to check before getting an exception from the ejb if the user is member of a specific server-role.
Any ideas to achive this?
regards
Matthias
You can use UME API /UME permissions to check whether the user has the role assigned.
Get the webdynpro user and then check the roles.
IWDClientUser clientUser = WDClientUser.getCurrentUser();
sapUser = clientUser.getSAPUser();
if (sapUser.hasPermission(new NamePermission("XXXX")))---to check UME permission
or
sapUser.isMemberofRole -- to check whether the user has the role.
Hope that helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
in NW CE 7.1 the mechanism is different.
I don't have the IUser Interface or the User Class.
But the WDClientUser-Class (now) has a method for directly get the username or to check the permission.
So your Code-Snippet would look like this in NW CE 7.1
IWDClientUser wdClientUser = WDClientUser.getCurrentUser();
wdClientUser.checkPermission(permission);
But Permission is not of Type NamePermission or other SAP-Permission-Types for UME.
And wdClientUser doesn't have a method getSAPUser();
So the big question further is how to check if a user has a specific permission or belongs to a specific role.
And where do i have to customize the permssions? Its not possible to customize them in the server-admin. there i'm only able to customize users, groups and roles for UME.
But I read that these have to be inserted into an actions.xml file. i also found out, that there is a specific DC-Type for UME-Content
and after deploying that dc-jar file i could see the permissions in server-admin ume. Is this the right way?
regards
Matthias
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.