cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Howto put custom JAAS Login Module into NWDI

Go to solution
Former Member

on ‎11-15-2006 12:42 PM

0 Kudos

Hi there!

We are currently in migration phase and want to integrate existing codings to NWDI. We mainly had Web Dynpro projects which we figured out how to migrate through discovering help.sap.com

Formerly I developed a custom JAAS login module which is productive on our portal systems. Now I would like to integrate it to NWDI. Is this possible in general?

Best Regards

Christian

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-15-2006 1:26 PM
0 Kudos

Hi Christian

I assuming you want to put the code of the JAAS login module into NWDI. Have you tried creating DCs for J2EE library components . The provider.xml is missing in this type of project but I guess the DC usage relationship feature supercedes this. So you could make DC component for the Java project and then get the libray DC to reference this via public parts. The relationship should be build time ,deploy time. I havent tried this but I think this should work

(DC components on dev configs from NWDI are automatically integrated after the check in process)

Regards

Pran

Show replies
Show replies
Former Member
‎11-15-2006 1:53 PM
0 Kudos

We have done this in the current project I'm in. Works fine. Some recommendations:

1. Put your JAAS login module code in a Java DC

2. Encapsulate this Java DC in a J2EE Library DC. The best setup would be to create the J2EE Library DC first and define the Java DC as a child DC.

3. Put your login modules in a separate SC!

The reason for point 3 is that it seems that you need to restart the server everytime a loginmodule is (re-)deployed. You do not want to do this if you have not changed the loginmodule itself.

Former Member
‎11-22-2006 10:13 AM
0 Kudos

Hi Pascal,

Thanks for your answer.

What do you mean with step 3 "putting all login modules in seperate SC"? As of my understanding I should not put multiple combinations of Java Project/J2EE Libraries into one SC?

Regards

Christian

Former Member
‎11-22-2006 10:22 AM
0 Kudos

From my point of view an SC should contain developments that are related to eachother or fulfill a certain task together.

My point was to make sure that you do not put loginmodule DCs in an SC with non-login module DCs. I didn't say you have to put all loginmodule DCs in one SC... You can still put your loginmodule DCs in different SCs. Just make sure no non-loginmodule DCs are in there, since changing them can trigger a deployment of the loginmodule(s).

Former Member
‎11-23-2006 10:18 AM
0 Kudos

Hi Pascal,

I have some problems implementing this. The point is that the login module need external libraries (security_api.jar, logging.jar, util.jar). I tried to create an external library containing these and added them to public parts. The public parts are used by my Child Java DC (which contains the Login Module code).

I first tried to create the External Library DC also as Child DC of the J2EE Library DC. Because that didn't work I created a new track (with J2EE and Java DC as child) and then tried to create an own DC for the external libraries.

Both methods do not work. I remember some days ago on my first tries I got the java code to resolve the external libraries when having three seperate DCs. Could it be a problem with the Child DC?

How did you in your project include the external libraries?

Regards,

Christian

Former Member
‎11-23-2006 12:55 PM
0 Kudos

Can you clarify a bit more what didn't work? What issues do you face?

Our setup for security.jar (which is not available in one of the base SC's) (for the rest try to use as many base DC's as possible):

1. Create External Library DC for security.jar

2. Add security.jar to libraries folder, add to new pp for Compilation

3. Create J2EE Library DC for loginmodule

4. Create Java Library DC for loginmodule as Child DC

5. Define the External Library DC as Used DC of the Java DC, referencing the Compilation pp (Only a Build time dependency, since this will not be deployed, instead you'll reference the registered interface, see below).

6. Create a public part for Assembly in the Java DC. Add all your loginmodule classes to the pp.

7. Define the Java DC as Used DC of the J2EE Library DC, referencing the Assembly pp (only Build time dependency). (this packages the loginmodule jar in the J2EE library)

8. Create a provider.xml in the 'server' folder of the J2EE Library DC

9. Define references to libraries used by the Child DC and the Child DC's jar:


	<references>
		<reference 
			provider-name="sap.com" 
			strength="weak" 
			type="library">com.sap.security.api.sda</reference>
		<reference 
			provider-name="sap.com" 
			strength="weak" 
			type="interface">security_api</reference>
		<reference 
			provider-name="sap.com" 
			strength="weak" 
			type="library">com.sap.tc.Logging</reference>
		<reference 
			provider-name="sap.com" 
			strength="weak" 
			type="library">servlet</reference>
	</references>
	<jars>
		<jar-name>[vendor name]~[DC name]~Assembly.jar</jar-name>
	</jars>

The J2EE Library DC has only one Used DC: The child Java DC.

The Java DC has Used DCs for anything you need to compile your loginmodule code.

Hope I didn't forget anything else.

Former Member
‎11-27-2006 11:24 AM
0 Kudos

Thanks for your help so far. Unfortunately I can't get my java DC to resolve all needed imports:

import com.sap.engine.interfaces.security.auth.AbstractLoginModule;
import com.sap.engine.lib.security.LoginExceptionDetails;
import com.sap.engine.lib.security.http.HttpGetterCallback;
import com.sap.tc.logging.Location;
import com.sap.tc.logging.Severity;

Whereas these imports can be resolved:

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;

Additionally I have a problem in step 8 of your former post: Where or what is the 'server' folder? And how can I create a provider.xml in it?

Sorry for these 'basic' questions, but I am normally not into java development during my daily tasks...

Regards,

Christian

Former Member
‎11-28-2006 12:01 PM
0 Kudos

You need to define the following additional Used DCs from SC SAP-JEE:

- com.sap.engine.client.lib

- tc/logging

If your J2EE Library DC does not have a server folder yet, just create it and create/put your provider.xml in there.

Former Member
‎11-28-2006 5:10 PM
0 Kudos

I got it work - Thank you very much for your help!

Additionally - if anyone is interested:

1.) I could not create the server folder and provider.xml through NWDS user interface - I followed instructions in

2.) Pascal, you don't have to server reboot after (re-)deploying a login module. The 'old' version will continue to work. If you want to 'activate' the new login module version, just remove and re-add it in the policy configuration that uses the login module after deploying.

Regards,

Christian

Answers (0)

Ask a Question