cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PI71 Access Control (Assinged Users) with Axis does not work

Former Member

on ‎06-03-2009 12:33 PM

0 Kudos

Hi!

I've got 2 topics to address:

1. topic:

I have found several blogs handling the topic Access Control via "Assigned Users" in Sender Agreements and/or "Communication Components".

E.g.

/people/community.user/blog/2006/11/15/security-access-control-via-assigned-users

/people/rahul.nawale2/blog/2006/06/16/acl--confine-users-sending-messages

/people/sap.user72/blog/2005/11/17/xi-controlling-access-to-sensitive-interfaces

BUT: I could not found any information why this obviously does not work when working with SOAP Axis Adapter.

Trying things out with e.g. SOAP Adapter everything is fine and the Access Control List is checked. But when using the Axis Framework the Access Control List is not checked. Each and every request containing a valid PI user is accepted regardless of the content of the User Access List in Sender Agreement and/or Communication Component.

Anyone out there who already had this issue and .... solved it?

2. topic:

When working whith Access Control Lists in Sender Agreements the lowest level of checks are based on Service Interfaces. But we have several Service Interfaces with multiple operations each. Is it possible to check on Service Interface Operation also? If yes, how? If not, why not and when will this "feature" come?

Thanx for any hint!

Regards,

Volker

Edited by: Volker Kolberg on Jun 5, 2009 9:32 AM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-15-2009 2:18 PM
0 Kudos

Sorry. I was wrong. This issue is not fixed.

Any further ideas in this forum?

Thanx!

Regards,

Volker

Show replies
Show replies
Former Member
‎06-15-2009 9:10 AM
0 Kudos

Hi!

Issue is fixed. Just wanted to keep you informed about how we fixed it: We applied Patch SAP_XIAF 7.10.6.25 and then it worked.

Regards,

Volker

Show replies
Show replies
Former Member
‎06-05-2009 8:43 AM
0 Kudos

Hi,

Not sure about solution but after going through above blogs my conclusion is:

-> Only adapter listed for assigned user have adapter framework to check ACL or assigned user. SOAP Axis adapter is not one of them.

->Obisious conclusion from my part is that it is adapter which checks assigned user or ACL not communication channel or sender agreement in other word XI framework doesn't check assigned user, it is responsibility of respective adapters.

->Service interface is replicating webservices and till now security is supported on the level of webserive not service methods or operation, however it is possible that something similar will be come in future which will support secutiry on most granular level i.e. service operation.

Regards,

Gourav

Show replies
Show replies
Former Member
‎06-08-2009 7:54 AM
0 Kudos

Hi Gourav!

Many thanx for your reply.

I see the world in a similar way. BUT:

1. Axis SOAP Adapter is SOAP Adapter with Extensions. In the lisrt of Adapters i still select the SOAP Adapter and the Core EJB Module in Ayis SOAP Adapter is still the Module of SOAP Adapter. Quite strange ...

2. This is not optimal. I see many realistic scenarios where I have more or less large Web Services with several operations and not every operation is valid for every user/customer/partner/vendor and so on. So I want to avoid access to "forbidden operations" at the earliest possible stage - and this is the Inbound Adpater I use.

Regards,

Volker

stefan_grube
Active Contributor
‎06-16-2009 11:21 AM
0 Kudos

> ... the Core EJB Module in Axis SOAP Adapter is still the Module of SOAP Adapter.

Are you sure?

I have not found anything in the Axis FAQ note for this issue. I assume that the functionality is missing. Create an OSS ticket for this.

Regards

Stefan

Former Member
‎06-22-2009 5:23 PM
0 Kudos

Hi Stefan!

Thanx. I have created a CSN in SMP, but I hoped (and still hope) that anybody in this forum knows about this issue.

Regards,

Volker

Former Member
‎08-24-2009 9:05 AM
0 Kudos

Hi folks!

Just for your information. After applying some patches to the J2EE Engine and implementing new SAP Note #1039369 version it now works.

Regards,

Volker

Ask a Question