cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JCo Logon Security

bjorn-henrik_zink
Active Participant

on ‎06-07-2005 9:59 AM

0 Kudos

Hi,

I'm developing a Java application on Apache Tomcat that communicates with R/3. I'm using a default user for accessing custom ABAP function modules. It doesn't seem very secure to create clients by hardcoding the usr/pwd of the default user in the source code. What would be a good and easy way to handle my usr/pwd problem?

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-09-2005 3:41 PM
0 Kudos

Hi Elve,

I'd guess the only thing you can do is obfuscate the password, as tomcat to my knowledge has nothing like a secure storage.

You could use crypto (from the JCE) to obfuscate the password, but you still would need the key to decrypt being part of your application. For this reason milage may vary on what makes sense and what won't.

Personaly, if I would have the problem, I would put the obfuscation into different classes (to really make it complex ;-).

Regards,

Patrick

Show replies
Show replies
Former Member
‎06-11-2005 3:30 PM
0 Kudos

Use Crypto and provide a SAP Certificate (X.509).

Put that into your store and use it when communicating with SAP. No need for username or passwd.

Talk to SAP about using certificate but as per JCO doc it can be done.

Nota: certificates need to be available at both ends...

if you don't already have a certificate type login talk to your basis people as they will need to create some config to allow for certificates and crypto...

bjorn-henrik_zink
Active Participant
‎07-18-2005 1:24 PM
0 Kudos

Hi FJ,

thanks for your very helpful reply. Could you provide me with some hints on how to use JCo with Certificates?(Concrete examples would be excellent)

Thanks in advance.

Elvez

Former Member
‎07-19-2005 5:08 AM
0 Kudos

Hi Elvez,

Try following code to pass X509 certificate with JCO to the SAP R/3 system.

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

String fname = System.getProperty("user.home") +

File.separator + ".jks";

FileInputStream fis = new FileInputStream("c:
720184_150.jks");

ks.load(fis, null);

if (ks.isKeyEntry(args[0])) {

System.out.println(args[0] +

" is a key entry in the keystore");

char c[] = new char[args[1].length()];

args[1].getChars(0, c.length, c, 0);

System.out.println("The private key for " + args[0] +

" is " + ks.getKey(args[0], c));

Certificate certs[] = ks.getCertificateChain(args[0]);

if (certs[0] instanceof X509Certificate) {

X509Certificate x509 = (X509Certificate) certs[0];

System.out.println(args[0] + " is really " +

x509.getSubjectDN());

}

if (certs[certs.length - 1] instanceof

X509Certificate) {

X509Certificate x509 = (X509Certificate)

certs[certs.length - 1];

System.out.println(args[0] + " was verified by " +

x509.getIssuerDN());

}

}

else if (ks.isCertificateEntry(args[0])) {

System.out.println(args[0] +

" is a certificate entry in the keystore");

Certificate c = ks.getCertificate(args[0]);

if (c instanceof X509Certificate) {

X509Certificate x509 = (X509Certificate) c;

System.out.println(args[0] + " is really " +

x509.getSubjectDN());

// System.out.println(args[0] + " certificate : " +

//

System.out.println(args[0] + " was verified by " +

x509.getIssuerDN());

String cert = new String(x509.getPublicKey().getEncoded());

// cert = "\"" + cert + "\"";

System.out.println("certificate is here : "+cert);

JCO.addClientPool( SID, // Alias for this pool

10, // Max. number of connections

"100", // SAP client

"$X509CERT$", // userid

cert, // password

"EN", // language

"INFPW01536", // host name

"00" );

Here, 720184_150.jks is a key store of the combination of both PSE file and certificate.

Regards,

Bhavik

thorsten_nordholmsbirk
Contributor
‎06-07-2005 12:39 PM
0 Kudos

Hi,

One approach would be to store the username and password in the deployment descriptor (web.xml) of your application as servlet parameters.

- Thorsten

Show replies
Show replies
Ask a Question