Solved: Secure storage remote access

Former Member · ‎10-22-2015

Hi,

I'm trying to implement a simple java standalone application that will connect to a J2EE instance, get a handle on "ts~sec~securestorage~service" and use it like described in Examples for Using Secure Storage Interfaces and Classes - J2EE Technology in SAP Web Application Se...

The problem is with this code, I can connect properly, I can do a ctx.list(""), walk through the list and verify that "ts~sec~securestorage~service" is existing. But when I do a ctx.lookup("ts~sec~securestorage~service") it returns a null object.

As I'm connecting from outside the JVM I'm setting up the Context with additional information like p4 connection, user, credentials as described in this page Creating an Initial Context - Developing Java EE 5 Applications - SAP Library

Could you elaborate on what the cause could be ?

Thanks in advance !

Full code here,


import java.io.UnsupportedEncodingException;
import com.sap.tc.logging.Category;
import com.sap.security.core.server.securestorage.SecureStorageRuntimeInterface;
import com.sap.security.core.server.securestorage.remote.RemoteSecureStorageClientContextInterface;
import javax.naming.Context;
import javax.naming.InitialContext;
import java.util.Hashtable;
import com.sap.xmii.security.SecureStoreManager;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;

public class decryptor
{
    public static void main(String[] args)
    throws UnsupportedEncodingException, Exception
    {

    String connectionString = "sapserver:50004";
    java.util.Properties p = new java.util.Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");
    p.put(Context.PROVIDER_URL, connectionString);
    p.put("force_remote", "true");
    p.put(Context.SECURITY_PRINCIPAL, "Administrator");
    p.put(Context.SECURITY_CREDENTIALS, "***********");

    Context ctx = new InitialContext(p);

    NamingEnumeration<NameClassPair> list = ctx.list("");
    String service_name;
    String svc = "";

    while (list.hasMore()) {
        service_name = list.next().getName();
        if (service_name.contains("securestorage~service")) {
             System.out.println("Found service "+service_name+" in ctx.list()");
             svc = service_name;
        }
    }
    
    Object o = ctx.lookup(svc);
    if (o == null) {
        System.out.println("secure storage service not started<br>");
    }
    else {
        SecureStorageRuntimeInterface secStore = null;
        RemoteSecureStorageClientContextInterface myContext = null;
        secStore = (SecureStorageRuntimeInterface)o;
        myContext = secStore.getSecureStorageClientContext();
        // do something with myContext here...
    }
    }
}    



}
}

}

Former Member · ‎10-22-2015

Secure storage is protected by call stack validations. It can only be called from permitted connections, such as Jco.

It cannot be used by customers directly. You must use the application which is a program in the call-stack validation (eg. a connector).

Cheers,

Julius

Former Member · ‎10-22-2015

Secure storage is protected by call stack validations. It can only be called from permitted connections, such as Jco.

It cannot be used by customers directly. You must use the application which is a program in the call-stack validation (eg. a connector).

Cheers,

Julius

Former Member · ‎10-23-2015

Thanks Julius,

I have no JCo connection active from the "JCo Monitoring" panel of Netweaver Administrator.

Is there a documentation somewhere that describe the exact conditions to met to use such a service from the outside ?

Cheers,

Mathieu

Former Member · ‎10-23-2015

I am only aware of the statement that it is not intended and also not possible. So I guess they never made any external documentation for that either.

Cheers,

Julius