cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JCo Security

Former Member

on ‎08-29-2005 2:03 PM

0 Kudos

Hello all,

I call an EJB through the JCo RFC provider service from an ABAP function module.

Everything works fine but now I want to add security aspects.

I don´t want eveyone who has access to the function module to access my EJB.

Can I add a login module to this EJB, so that ABAP-users who use this (ABAP) function module have to use their (J2EE) users to call this bean???? How??

Are ther any other possibilities?

Thanks for your help!!

Jan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎03-21-2007 7:51 PM
0 Kudos

From a ABAP program can we initiate a RFC connection and send data from SAP to a java program?

If possible, how can i do that? help me with an example

Sounder

Show replies
Show replies
Former Member
‎03-22-2007 9:24 AM
0 Kudos

Sounder,

1. Why not to post this as separate topic?

2. There is no much documentation regarding this topic, the best explanation I've found so far is here:

/people/thorsten.nordholmsbirk/blog/2006/03/31/deconstructing-sap-was-jco-rfc-provider-under-the-hood

Valery Silaev

SaM Solutions

http://www.sam-solutions.net

Former Member
‎08-30-2005 9:03 AM
0 Kudos

Hi Jan,

Let me check, if i come across anything i will let you know,

Then you being new to SDN please go through the point system for rewarding points for those solutions that were helpful,

https://www.sdn.sap.com/sdn/index.sdn?page=crp_help.htm

Thanks

Kathirvel

Show replies
Show replies
Former Member
‎08-30-2005 8:07 AM
0 Kudos

Hi Jan,

1. Create a Z table for storing the J2EE authorized users information in SAP.

2. Then add two parameters for the username and password in the RFM that is used by JCo.

3. Now check for the user in the Z table before providing access. i.e.

in the RFM these lines should be placed first before calling the bean,

select single <username> <password> from <ztable> into <user_itab> where

<user_name_field> = RFM-username and <user_password_field> = RFM-password.

if sy-subrc <> 0.

*... error

else.

*.. valid user

endif.

Now continue with usual routine.

Hope this is what your requirement is.

Thanks

Kathirvel.

Message was edited by: Kathirvel Balakrishnan

Show replies
Show replies
Former Member
‎08-30-2005 8:50 AM
0 Kudos

Hi Kathirvel,

ok. this seems to be a good workaround

but I wonder if there is no possibility to use these standard login modules so that I can use the authorized users of the UME of the J2EE-engine???

Thanks for your help

Jan

yonko_yonchev
Active Participant
‎08-30-2005 1:29 PM
0 Kudos

Hello Jan,

here is what you need to do to set such a login module:

1. Start the J2EE Engine Visual Admin

2. Go to Server > Services > Security Provider > Policy Configurations

3. Select your EJB from the list of Components

4. You can add login modules that will apply for the EJB from the Authentication tab (switch to edit mode and use the buttons at the bottom of the tab). Whoever attempts to access the EJB will be authenticated against the J2EE Engine user store.

From the Security Roles tab, you can also define roles and assign these to the J2EE Engine users, but that's another topic in itself. The steps above will also apply for all application components deployed on the J2EE Engine.

For documentation, you can check the <i>SAP NetWeaver > User Authentication and Single Sign-On > Authentication on the J2EE Engine > Login Modules and Login Module Stacks</i> from the SAP help portal. You can also take a look at the topic Security Provider Service from the J2EE Engine Administration Manual.

hope this helps...

Regards,

Yonko

Former Member
‎08-30-2005 1:47 PM
0 Kudos

Hello Yonko,

thanks for your reply.

This is what I found, too.

I set up this login module, but when I call my RFM (which calls the bean) the tasks are done by the default user and I get no Login Screen as I would expect.

Is there another configuration to do? Can I disable the use of the default communication user??

Thank you

Jan

yonko_yonchev
Active Participant
‎08-31-2005 10:20 AM
0 Kudos

Hi Jan,

Disabling the default communication user is an option, but then you'll need to make another communication user, so that the two systems can use something for authentication...

I rather think the issue would come down to modifying the communication user's role permissions though. The communication user (or its user group) is probably assigned a role on the J2EE Engine that has permissions to access your EJB, so whenever you call it from the ABAP system authentication succeeds.

You can try the Security Roles tab to see if you can modify the communication user's (or its user group's) J2EE role assignment for your EJB. Also, in the Resources tab, you can modify the permission assignments for your EJB's J2EE roles.

Hope this works. See also SAP NetWeaver Security Guide - the Security Aspects for Connectivity and Interoperability section, and the SAP Web Application Server Security Guide - you can use these as an entry point to the relevant documents.

Here's a link:

http://help.sap.com/saphelp_nw04/helpdata/en/ed/18cc38e6df4741a264bddcd4f98ae2/frameset.htm

Regards,

Yonko

Former Member
‎08-29-2005 2:20 PM
0 Kudos

check if this link is of any help

Show replies
Show replies
Former Member
‎08-30-2005 6:58 AM
0 Kudos

No, unfortunately not.

I need to call Javabeans from ABAP and want to insert a kind of login module, so that users who invoke the bean have to authanticate.

Ask a Question