on 06-07-2005 9:59 AM
Hi,
I'm developing a Java application on Apache Tomcat that communicates with R/3. I'm using a default user for accessing custom ABAP function modules. It doesn't seem very secure to create clients by hardcoding the usr/pwd of the default user in the source code. What would be a good and easy way to handle my usr/pwd problem?
Thanks.
Hi Elve,
I'd guess the only thing you can do is obfuscate the password, as tomcat to my knowledge has nothing like a secure storage.
You could use crypto (from the JCE) to obfuscate the password, but you still would need the key to decrypt being part of your application. For this reason milage may vary on what makes sense and what won't.
Personaly, if I would have the problem, I would put the obfuscation into different classes (to really make it complex ;-).
Regards,
Patrick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Use Crypto and provide a SAP Certificate (X.509).
Put that into your store and use it when communicating with SAP. No need for username or passwd.
Talk to SAP about using certificate but as per JCO doc it can be done.
Nota: certificates need to be available at both ends...
if you don't already have a certificate type login talk to your basis people as they will need to create some config to allow for certificates and crypto...
Hi Elvez,
Try following code to pass X509 certificate with JCO to the SAP R/3 system.
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String fname = System.getProperty("user.home") +
File.separator + ".jks";
FileInputStream fis = new FileInputStream("c:
720184_150.jks");
ks.load(fis, null);
if (ks.isKeyEntry(args[0])) {
System.out.println(args[0] +
" is a key entry in the keystore");
char c[] = new char[args[1].length()];
args[1].getChars(0, c.length, c, 0);
System.out.println("The private key for " + args[0] +
" is " + ks.getKey(args[0], c));
Certificate certs[] = ks.getCertificateChain(args[0]);
if (certs[0] instanceof X509Certificate) {
X509Certificate x509 = (X509Certificate) certs[0];
System.out.println(args[0] + " is really " +
x509.getSubjectDN());
}
if (certs[certs.length - 1] instanceof
X509Certificate) {
X509Certificate x509 = (X509Certificate)
certs[certs.length - 1];
System.out.println(args[0] + " was verified by " +
x509.getIssuerDN());
}
}
else if (ks.isCertificateEntry(args[0])) {
System.out.println(args[0] +
" is a certificate entry in the keystore");
Certificate c = ks.getCertificate(args[0]);
if (c instanceof X509Certificate) {
X509Certificate x509 = (X509Certificate) c;
System.out.println(args[0] + " is really " +
x509.getSubjectDN());
// System.out.println(args[0] + " certificate : " +
//
System.out.println(args[0] + " was verified by " +
x509.getIssuerDN());
String cert = new String(x509.getPublicKey().getEncoded());
// cert = "\"" + cert + "\"";
System.out.println("certificate is here : "+cert);
JCO.addClientPool( SID, // Alias for this pool
10, // Max. number of connections
"100", // SAP client
"$X509CERT$", // userid
cert, // password
"EN", // language
"INFPW01536", // host name
"00" );
Here, 720184_150.jks is a key store of the combination of both PSE file and certificate.
Regards,
Bhavik
Hi,
One approach would be to store the username and password in the deployment descriptor (web.xml) of your application as servlet parameters.
- Thorsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.