on 09-23-2004 3:37 PM
Hi
My application is as follows.
Devlop the webdynpro components and access them with enterprise portals.
I have a requirement where depending on the user logged in to the portal, i need to customize the webdynpro component in terms of fields and buttons displayed.
How do i get the role/ACL information from portal runtime into webdynpro component. I tried using some of the jars provided by enterprise portal in webdynpro but it did not work. Any better approach or suggestion please.
Regards
NagaKishore V
Hi,
It all depends on granularity of checks you need to perform:
1. The highest degree of granularity is role-based security, you can use UME to verify user role(s) and update UI accordingly
2. Next goes std. permissions model, when you can verify certain permissions / actions. As Tomas Lin noted, it is implemented as custom UME permissions. However, I'm not sure whether or not this functionality available with sneak preview version of NW, or, to be exact, whether or not necessary build plugins are available in NetWeaver, because run-time definitely has support for custom permissions.
3. The third options is fine-grained ACL permissions. However, here you will end up with almost complete custom implementation: defining permissions, maintaining association between UME principals and permissions as well as business objects and permissions, editors for all of this etc.
Regards,
VS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tomas
I have gone through that document previously and created a sample webdynpro application to get the role information.
I used the following API's to get the user information
IWDClientUser,WDClientUser
Sample Code
IWDClientUser user = WDClientUser.getCurrentUser();
String title = user.getTitle();
String lastname = user.getLastName();
String sal = user.getSalutation();
String sname = user.getServiceName();
String uid = user.getClientUserID();
I was not successful in getting the information
Regards
NagaKishore V
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Try this:
import java.util.Iterator;
import java.util.Set;
import java.util.HashSet;
import java.util.Arrays;
import com.sap.security.api.AttributeList;
import com.sap.security.api.IPrincipal;
import com.sap.security.api.IRole;
import com.sap.security.api.IRoleFactory;
import com.sap.security.api.IUser;
import com.sap.security.api.UMException;
import com.sap.security.api.UMFactory;
import com.sap.tc.webdynpro.services.sal.um.api.IWDClientUser;
import com.sap.tc.webdynpro.services.sal.um.api.WDClientUser;
....
public void wdDoInit()
{
final IWDClientUser wdUser = WDClientUser.forceLoggedInClientUser();
final IUser user = wdUser.getSAPUser();
final IRoleFactory roleFactory = UMFactory.getRoleFactory();
try
{
final AttributeList attrs = new AttributeList();
attrs.addAttribute( IPrincipal.DEFAULT_NAMESPACE, IPrincipal.UNIQUE_NAME );
final IRole[] roles = roleFactory.getRoles
(
roleFactory.getRolesOfUser( user.getUniqueID(), true ),
attrs
);
for (int i = roles.length - 1; i >= 0; i-- )
{
final IRole role = roles[ i ];
userRoles.add( role.getUniqueName() );
}
}
catch (final UMException exOnGetRoles)
{
wdComponentAPI.getMessageManager().reportException( new WDNonFatalException(exOnGetRoles), false );
}
wdContext.currentGuiSetup().setEditButtonVisibility
(
checkRoles(userRoles, MAY_EDIT_ITEM) ? WDVisibility.VISIBLE : WDVisibility.NONE
);
wdContext.currentGuiSetup().setCreateButtonVisibility
(
checkRoles(userRoles, MAY_CREATE_ITEM) ? WDVisibility.VISIBLE : WDVisibility.NONE
);
}
....
private boolean static checkRoles(final Set availableRoles, final Set sufficientRoles)
{
final Set copyOfSufficientRoles = new HashSet( sufficientRoles );
/* Intersect to sets */
copyOfSufficientRoles.retainAll( availableRoles );
/* Check passed if intersection is non-empty */
return copyOfSufficientRoles.size() > 0;
}
final private Set userRoles = new HashSet();
final private static Set MAY_EDIT_ITEM = new HashSet
(
Arrays.asList( new String[] { "Publisher", "Editor", "Administrator" } )
);
final private static Set MAY_CREATE_ITEM = new HashSet
(
Arrays.asList( new String[] { "Publisher" } )
);
Hope you got the idea.
VS
Hi Valery
I tried your code with the force authentication. It is trying to get the user id of the J2EE engine.
In fact my requirement is.. when a user logs on to the enterprise portals and access the webdynpro components i need the enterprise portal user id and i want the portal user id roles.
Any suggestions please.
Regards
NagaKishore
Hi Nagakishore,
One option can be to provide SSO between the portal and WAS system and having same user id's in both the systems. This is when you have separate systems from portal and WAS. Then you can have the code above to get the user of the WAS which in turn will also be the user of your portal system.
I dont the complete scenario in your case but we have a same requirement and we are trying to solve it the way i have mentioned.
Regards
Sidharth
Hi Nagakishore,
I didn´t read the whole task but as of the last postings I think your problem is that you don´t use the same userstore for both systems (portal and Web AS that is hosting the Web Dynpro Apps.).
If you want to access the roles from portal in your Web Dynpros the portal has to write the role information to the same userstore the Web Dynpros read the role infos from. This can either be a corporate LDAP, a R/3 system or the same database.
Establishing SSO between the portal and Web AS is not sufficient. This only garantees that the Web AS accepts the logon ticket generated by the portal (in case of using logon tickets) or the portal provides the user information (id and pw) giving access to the Web AS (in case of using UIDPW).
Regards
Helmut
Use the security actions provided by web dynpro. Read section 1.4 of
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/web dynpro security.pdf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.