Hi all,
My scenario is what follows:
Some XML messages sent to XI have some info encrypted with the public key technology. The public-key certificate used for encryption is part of a key pair generated, and stored, in a previously custom created view - “CartaoCidadao” – in the XI J2EE “keystore” service. The certificate is then for distribute by the senders of that kind of messages. The objective is programmatically access the keystore service, namely the profile (or private key) “ccKeyPair” of the “CartaoCidadao” view to decipher that info, validate it and finally send it to the SAP ERP2005.
To achieve that goal I’ve decided to use a java mapping program -“CCDataValidator.jar”- and the SSF (Secure Store and Forward) java libraries. Next you can see the bit of code of my mapping program execute method to obtain the profile from “keystore” service and where the problem resides:
// get profile from keystore service of J2EE engine
InitialContext context = new InitialContext();
KeystoreManager manager = (KeystoreManager)context.lookup("keystore");
KeyStore keyStore = manager.getKeystore("CartaoCidadao");
String alias = "ccKeyPair";
try {
SsfProfileKeyStoreprofile = new SsfProfileKeyStore(keyStore, alias, null);
} catch (Exception e) {
e.printStackTrace();
throw new StreamTransformationException("Error while accessing keystore", e);
}
I’ve no problem with the call lookup the service and if try to check if my view is available using KeystoreManager.existKeystoreView(“CartaoCidadao”) the result is true.
The problem happens when I make the call KeystoreManager.getKeystore(“CartaoCidadao”), getting the follow exception:
<i>java.rmi.RemoteException: com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored
at com.sap.engine.services.keystore.impl.KeystoreManagerImpl.checkPermission(KeystoreManagerImpl.java:48)
at com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub.checkPermission(KeystoreManagerWrapper_Stub.java:707)
at com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub.getKeystore(KeystoreManagerWrapper_Stub.java:201)
at ccDataValidation.CCDataValidator.execute(CCDataValidator.java:108)
at com.sap.aii.ibrep.server.mapping.ibrun.RepJavaMapping.execute(RepJavaMapping.java:73)
at com.sap.aii.ibrep.server.mapping.ibrun.RepMappingHandler.run(RepMappingHandler.java:80)
at com.sap.aii.ibrep.server.mapping.rt.MappingHandlerAdapter.run(MappingHandlerAdapter.java:107)
at com.sap.aii.ibrep.server.mapping.ServerMapService.transformInterfaceMapping(ServerMapService.java:127)
at com.sap.aii.ibrep.server.mapping.ServerMapService.transform(ServerMapService.java:104)
at com.sap.aii.ibrep.sbeans.mapping.MapServiceBean.transform(MapServiceBean.java:40)
at com.sap.aii.ibrep.sbeans.mapping.MapServiceRemoteObjectImpl0_0.transform(MapServiceRemoteObjectImpl0_0.java:167)
at com.sap.aii.ibrep.sbeans.mapping.MapServiceRemoteObjectImpl0_0p4_Skel.dispatch(MapServiceRemoteObjectImpl0_0p4_Skel.java:104)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:320)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:198)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:129)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
<b>Caused by: com.sap.engine.services.keystore.exceptions.BaseKeystoreException: Application is not authorized to execute keystore operation []</b> at com.sap.engine.services.keystore.impl.security.CodeBasedSecurityConnector.checkPermissions_getView(CodeBasedSecurityConnector.java:755)
at com.sap.engine.services.keystore.impl.security.SecurityRestrictionsChecker.checkPermission(SecurityRestrictionsChecker.java:234)
at com.sap.engine.services.keystore.impl.ParameterChecker.checkPermission(ParameterChecker.java:35)
at com.sap.engine.services.keystore.impl.KeystoreManagerImpl.checkPermission(KeystoreManagerImpl.java:46)
... 20 more
<b>Caused by: java.security.AccessControlException: access denied </b> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at java.security.AccessController.checkPermission(AccessController.java:401)
at com.sap.engine.services.keystore.impl.security.CodeBasedSecurityConnector.checkPermissions_getView(CodeBasedSecurityConnector.java:748)
... 23 more</i>
Obviously it’s a security problem regarding GET_VIEW permissions.
How can I set a GET_VIEW permission to this view so my mapping program can access it?
I already tried to add all Granted Domains available in All Domains for the Action “GET_VIEW” and view “CartaoCidadao” in the Security tab of the J2EE “keystore” service via Visual Administrator but the problem remains. What I am missing?
I also was walking around the Security Provider service in the Visual Administrator but I don’t know if, and what, I have to do something here, about Protection Domains per example.
Can anyone help me out on this? Please…
I’m around this issue for a week now I don’t know what to do more.
Thank you very much and… Merry Christmas!
Alexandre
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.