on 08-29-2005 2:03 PM
Hello all,
I call an EJB through the JCo RFC provider service from an ABAP function module.
Everything works fine but now I want to add security aspects.
I don´t want eveyone who has access to the function module to access my EJB.
Can I add a login module to this EJB, so that ABAP-users who use this (ABAP) function module have to use their (J2EE) users to call this bean???? How??
Are ther any other possibilities?
Thanks for your help!!
Jan
From a ABAP program can we initiate a RFC connection and send data from SAP to a java program?
If possible, how can i do that? help me with an example
Sounder
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sounder,
1. Why not to post this as separate topic?
2. There is no much documentation regarding this topic, the best explanation I've found so far is here:
/people/thorsten.nordholmsbirk/blog/2006/03/31/deconstructing-sap-was-jco-rfc-provider-under-the-hood
Valery Silaev
SaM Solutions
Hi Jan,
Let me check, if i come across anything i will let you know,
Then you being new to SDN please go through the point system for rewarding points for those solutions that were helpful,
https://www.sdn.sap.com/sdn/index.sdn?page=crp_help.htm
Thanks
Kathirvel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jan,
1. Create a Z table for storing the J2EE authorized users information in SAP.
2. Then add two parameters for the username and password in the RFM that is used by JCo.
3. Now check for the user in the Z table before providing access. i.e.
in the RFM these lines should be placed first before calling the bean,
select single <username> <password> from <ztable> into <user_itab> where
<user_name_field> = RFM-username and <user_password_field> = RFM-password.
if sy-subrc <> 0.
*... error
else.
*.. valid user
endif.
Now continue with usual routine.
Hope this is what your requirement is.
Thanks
Kathirvel.
Message was edited by: Kathirvel Balakrishnan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jan,
here is what you need to do to set such a login module:
1. Start the J2EE Engine Visual Admin
2. Go to Server > Services > Security Provider > Policy Configurations
3. Select your EJB from the list of Components
4. You can add login modules that will apply for the EJB from the Authentication tab (switch to edit mode and use the buttons at the bottom of the tab). Whoever attempts to access the EJB will be authenticated against the J2EE Engine user store.
From the Security Roles tab, you can also define roles and assign these to the J2EE Engine users, but that's another topic in itself. The steps above will also apply for all application components deployed on the J2EE Engine.
For documentation, you can check the <i>SAP NetWeaver > User Authentication and Single Sign-On > Authentication on the J2EE Engine > Login Modules and Login Module Stacks</i> from the SAP help portal. You can also take a look at the topic Security Provider Service from the J2EE Engine Administration Manual.
hope this helps...
Regards,
Yonko
Hello Yonko,
thanks for your reply.
This is what I found, too.
I set up this login module, but when I call my RFM (which calls the bean) the tasks are done by the default user and I get no Login Screen as I would expect.
Is there another configuration to do? Can I disable the use of the default communication user??
Thank you
Jan
Hi Jan,
Disabling the default communication user is an option, but then you'll need to make another communication user, so that the two systems can use something for authentication...
I rather think the issue would come down to modifying the communication user's role permissions though. The communication user (or its user group) is probably assigned a role on the J2EE Engine that has permissions to access your EJB, so whenever you call it from the ABAP system authentication succeeds.
You can try the Security Roles tab to see if you can modify the communication user's (or its user group's) J2EE role assignment for your EJB. Also, in the Resources tab, you can modify the permission assignments for your EJB's J2EE roles.
Hope this works. See also SAP NetWeaver Security Guide - the Security Aspects for Connectivity and Interoperability section, and the SAP Web Application Server Security Guide - you can use these as an entry point to the relevant documents.
Here's a link:
http://help.sap.com/saphelp_nw04/helpdata/en/ed/18cc38e6df4741a264bddcd4f98ae2/frameset.htm
Regards,
Yonko
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
78 | |
10 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.