- SAP Community
- Products and Technology
- Additional Q&A
- Security Policy on JAVA GUI 7.30 and higher - Erro...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Security Policy on JAVA GUI 7.30 and higher - Error trying to access to external JAVA application
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 04-27-2015 12:52 PM
Hi all,
We want to run an external java application calling it from JAVA GUI, but we have found an error that prevents us from continuing. We have prepared the JAVA GUI installation for including .jar files we need and the installation goes right. The problem appears when we want to run the Java application from an ABAP report, then a security error is raised.:
access denied ("java.security.SecurityPermission" "putProviderProperty.UJI-MSCAPI")
In order to prevent this error, we have modified SAPGui.policy file with the following entries copying from "Level4":
//============================================================
// Customized user defined trust level definitions
//============================================================
grant principal com.sap.platin.base.security.GuiSessionPrincipal "#CLevel1" {
permission java.security.SecurityPermission "putProviderProperty.UJI-MSCAPI";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.AllPermission "<all permissions>";
};
grant principal com.sap.platin.base.security.WdpSessionPrincipal "#CLevel2" {
permission java.security.SecurityPermission "putProviderProperty.UJI-MSCAPI";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.AllPermission "<all permissions>";
};
And "TrustClassification" file has been modified with:
// DA1 is our test system.
DA1:Level4
We would appreciate any help in order to solve this problem.
Thank you in advance.
Regards.
Alejandro.
:
Accepted Solutions (1)
Accepted Solutions (1)
RMW
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello,
it seems that you are not using the trust levels you have created.
So you should use one of them instead of Level4.
Alternatively, to have a global permission, you can try with following addition in SAPGUI.policy file
//============================================================
// Customized user defined trust level definitions
//============================================================
grant {
permission java.security.SecurityPermission "putProviderProperty.UJI-MSCAPI";
};
If that grant does not help, please add the complete output of the security error dialog and describe in more detail, what you are trying to do.
In case it does help, you should find out reading the error message (without the grant) to limit the required grant to a codebase like
grant codeBase "file:${InternalPath:D_JARDIR}${/}platinr3S.jar" {
...
}
Best regards
Rolf-Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thank Rolf-Martin for your information, but it's not run fine yet.
I have modified "TrustClassification" file through changing level to CLevel1. Additionally, the SAPGUI.policy file has been extended with the global permission you told us, but the final result is the same with the same error message.
For more details, I share all configuration files I know for this purpose.
All this work has as goal to communicate a crypto smart card from the keyboard to sign documents digitally.
SAPGUI.policy
//============================================================
//
// file : SAPGUI.policy
// last written: 27.04.2015 16:21:36 CEST
//
//============================================================
// User defined grant clauses
grant {
permission java.security.SecurityPermission "putProviderProperty.UJI-MSCAPI";
};
//============================================================
// Customized user defined trust level definitions
//============================================================
grant principal com.sap.platin.base.security.GuiSessionPrincipal "#CLevel1" {
permission java.security.SecurityPermission "putProviderProperty.UJI-MSCAPI";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.AllPermission "<all permissions>";
};
grant principal com.sap.platin.base.security.WdpSessionPrincipal "#CLevel1" {
permission java.security.SecurityPermission "putProviderProperty.UJI-MSCAPI";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.AllPermission "<all permissions>";
settings
############################################################
#
# file : C:\Users\a.filoso.rosas\AppData\LocalLow\SAPGUI\settings
# created : 06.03.2014 09:10:48 CET
# encoding: UTF-8
#
############################################################
@frameMaximized = "true"
@frameWidth = "648"
@frameHeight = "696"
@GLF_showDetailCol = "1"
@GLF_ColumnState = "0 / 75"
@signatureDefault = "SAP Green"
@logonFrame_2_Height = "744"
@animationOn = "false"
@animatedFocus = "false"
@theme = "Grass"
@lookAndFeelDefault = "SAP Green"
@infoPreference = "User"
@logonFrame_2_Width = "1280"
@GLF_recent = "16d3434c-7df5-4b99-a089-4469e9ce6828"
@GLF_combidivider = "150"
@LSSelection = "29531967-0a26-44a2-86f5-7b43e0389c3e:16d3434c-7df5-4b99-a089-4469e9ce6828"
@activeTrustLevels = "CLevel1:CLevel2:Level4:Level3:Level2:Level1"
@customTrustLevels = "CLevel1:KPI:KPI;CLevel2:KPI:KPI"
@overwrite = "false"
@httpsProxyHost = ""
@httpsProxyPort = "0"
@ftpProxyHost = ""
@httpProxyIgnore = ""
@ftpProxyPort = "0"
@httpProxyPort = "0"
@proxyMode = "0"
@httpProxyHost = ""
trustClassification
############################################################
#
# file : C:\Users\a.filoso.rosas\AppData\LocalLow\SAPGUI\trustClassification
# created : 06.03.2014 09:10:48 CET
# encoding: UTF-8
#
############################################################
IA1:Level4
FA1:Level4
DA1:CLevel1
Thank you in advance.
Regards.
Alejandro Filoso.
RMW
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Alejandro,
well, it was worth a try, but not knowing the technical detail, it was a shot in the dark.
More information would provide, if you could create a trace file accordint to note 683960 with default trace keys and in addition key POLICYEXCEPTION.
You might want to create a support message on BC-FES-JAV with the descriptiion what you are doing and this trace file instead of potentially disclosing sensitive data here, which you might want to avoid.
Best regards
Rolf-Martin
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thank you so much for your help Rolf-Martin!
I achieved to run the java application adding the following sentence in SAPGUI.policy file:
grant codeBase "file:/C:/Users/myUser/SAP Clients/SAPGUI for Java 7.30rev9/jar/-"{
permission java.security.AllPermission "<all permissions>";
};
It means all our problems were about security policy with JAVA. The next step will be to limit permission by reading the trace file as you comment.
Best regards.
Alejandro Filoso.
Answers (0)
- SAP Application User provision based on Application Role via Entra ID in Technology Q&A
- Working with SAFe Epics in the SAP Activate Discover phase in CRM and CX Blogs by SAP
- Onboarding Users in SAP Quality Issue Resolution in Technology Blogs by SAP
- What’s new in Mobile development kit client 24.4 in Technology Blogs by SAP
- GRC Tuesdays: Takeaways from the 2024 Internal Controls, Compliance and Risk Management Conference in Financial Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.