cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADSUser security issue

JMorozowski
Active Participant

on ‎03-13-2008 5:11 PM

0 Kudos

I am currently in the process of configuring ADS for my Netweaver 2004S system (connection BW and the Portal). I have gone through the guide numerous times and set up the users and roles exactly the way they have mentioned in the guide, however, when I attempt to test my RFC connection I am getting the error 403 Forbidden message. I have verified that I am using the correct username and password.

PS When I change the RFC connection to use the J2EE Administrator username and password it tests successfully.

Edited by: Jon Morozowski on Mar 13, 2008 6:44 PM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (10)

Answers (10)

JMorozowski
Active Participant
‎03-17-2008 1:44 PM
0 Kudos

I could not give ADSCallers access to the WSNavigator so I added my user to a group that had access and all is working now.

Show replies
Show replies
JMorozowski
Active Participant
‎03-14-2008 5:36 PM
0 Kudos

My ADS_AGENT user works fine with that test. I have double checked my security config from the guide and bounced my J2EE engine and the ADS rfc connection is STILL failing. It appears to be some kind of security somewhere on the Java side. I've verified that I can login to my J2EE side with ADSUser. Can someone with a working ADS please let me know what components their ADSUser has rights to?

Shridhar,

I have ran your test and I think I isolated the problem even further. I can not login to the WS Navigator with ADSUser, however, I can login with my Administrator user and then when I run the test using the ADSUser ID it is successful. When I attempt to go to the url http://<ADS_HOST>:<PORT>//AdobeDocumentServices/Config?style=rpc I can not login there with ADSUser, but when I login with Administrator and then run the test, and then enter the ADSUser credentials for the test, the test runs successfully. So I think if I can get ADSUser to login to WS Navigator then my problem will be solved.

HTTP/1.1 200 OK

Connection: close

Set-Cookie: <value is hidden>

Set-Cookie: <value is hidden>

Server: SAP J2EE Engine/7.00

Content-Type: text/xml; charset=UTF-8

Date: Fri, 14 Mar 2008 17:38:36 GMT

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ><SOAP-ENV:Body><rpl:rpDataResponse xmlns:rpl='urn:AdobeDocumentServicesVi'><Response xmlns:pns='urn:com.adobe'><pns:rpStreams></pns:rpStreams><pns:rpStrings><pns:RpString><pns:name>Error_Level</pns:name><pns:value>0</pns:value></pns:RpString><pns:RpString><pns:name>Results</pns:name><pns:value>Processing exception during a "checkDocument" operation.

Request start time: Fri Mar 14 13:38:36 EDT 2008

com.adobe.ProcessingException: Required stream: "PDFDocument" not found in request OR its length is zero.

Exception Stack Trace:

com.adobe.ProcessingException: Required stream: "PDFDocument" not found in request OR its length is zero.

at com.adobe.ads.request.Request.checkDocument(Unknown Source)

at com.adobe.ads.request.Request.setUpOperations(Unknown Source)

at com.adobe.ads.request.Request.process(Unknown Source)

at com.adobe.AdobeDocumentServicesEJB.processRequest(Unknown Source)

at com.adobe.AdobeDocumentServicesEJB.rpData(Unknown Source)

at com.adobe.AdobeDocumentServicesLocalLocalObjectImpl0_0.rpData(AdobeDocumentServicesLocalLocalObjectImpl0_0.java:120)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at com.sap.engine.services.webservices.runtime.EJBImplementationContainer.invokeMethod(EJBImplementationContainer.java:126)

at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:157)

at com.sap.engine.services.webservices.runtime.RuntimeProcessor.process(RuntimeProcessor.java:79)

at com.sap.engine.services.webservices.runtime.servlet.ServletDispatcherImpl.doPost(ServletDispatcherImpl.java:92)

at SoapServlet.doPost(SoapServlet.java:51)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)

</pns:value></pns:RpString><pns:RpString><pns:name>VersionInfo</pns:name><pns:value>800.20070708051308.406522</pns:value></pns:RpString><pns:RpString><pns:name>TraceString</pns:name><pns:value> com.adobe.ProcessingException: Required stream: "PDFDocument" not found in request OR its length is zero.

</pns:value></pns:RpString></pns:rpStrings></Response></rpl:rpDataResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>

Edited by: Jon Morozowski on Mar 14, 2008 6:39 PM

Show replies
Show replies
former_member265210
Active Participant
‎03-17-2008 7:21 AM
0 Kudos

To access WSNavigator

add securityrole "sap.com/com.sap.engine.services.webservices.tool*wsnavigator : WSNavigatorRole" to "everyone" group or ADS_AGENT.

How?

Login to Visual Admin -> Server –> Services -> Security Provider > Policy Configurations

- Select ‘com.sap.engine.services.webservices.tool*wsnavigator’

Select tab Security Roles and change the Security Role ‘WSNavigatorRole’ also to groups ‘everyone’ and save it.

Regards

Shridhar Gowda

Former Member
‎03-17-2008 9:18 AM
0 Kudos

Hi Jon,

Make sure that you are atleast on sp stack 11 on your java stack.

Once your ads_agent is working fine then just create a http destination using visual admin.

FP_ICF_DATA_<SID> enter the client details and use ur ads_agent user.

in the address enter http://localip:<abap http port>.

Regards,

Vamshi.

JMorozowski
Active Participant
‎03-14-2008 1:26 PM
0 Kudos

Thanks for all the answers. However, there is not a problem logging in to the portal with the ADSUser account. The problem seems to be a security issue on the Java side. When I try to test via the http link to test and I log in with the ADSUser I get the message " You are not authorized to view the requested resource".

Show replies
Show replies
Former Member
‎03-14-2008 2:17 PM
0 Kudos

Hi Jon,

Create a user ADS_AGENT this should be a service user and the role to this user should be SAP_BC_FP_ICF.This user should exsists in the client in which you want to use ADS.

The ADSUSER will be exsisting in the client 001 by default.

Also check this link

http://<local ip>:8001/sap/bc/fp/form/layout/fp_test_00.xdp

Enter the userADS_AGENT and the password which you have created.

The output should be in the xml format.

Regards,

Vamshi.

former_member265210
Active Participant
‎03-14-2008 7:20 AM
0 Kudos

do this test and let me know

1. The info of SM59 , test via browser link this

http://<ADS HOST>:<PORT>/AdobeDocumentServices/Config?style=rpch

2. click > Test tab then "rpData then Send button

3. now it will ask you for user/password. enter correct ads username and password:

copy -paste the error here.

Regards

Shridhar Gowda

Show replies
Show replies
Former Member
‎03-14-2008 6:58 AM
0 Kudos

Hi

In the path prefix of your rfc in sm59 give the following string

/AdobeDocumentServices/Config?style=rpc

If you dont use ssl this works fine, as you have already created the user 'ADSUSER' in the 001. This user must be a communication user.Also try creating the same user in the client which you want to configure ADS.Then place the ads user password in the rfc and try it should work.It has worked in my case.

Reward points if helpfull.

Regards,

Vamshi.

Show replies
Show replies
Former Member
‎03-13-2008 7:14 PM
0 Kudos

On ABAP side, it should not matter. But please do and also make sure that the password is the same on ABAP & Java side both.

Regards,

Snehal

Show replies
Show replies
Former Member
‎03-14-2008 4:59 AM
0 Kudos

Hi,

I am asuming your java stack and ABAP stack are in the different machiens and answering this question.

if this is the case you will have 2 users ADSUSER(one in abap and one in Java)

Please delete the one in the java database and change the password from portal and see if it is reflecting in ABAP(to check this you have to change the user as dailog , test it and change back to system).

If this is all working you wont face any problem with the RFC connection.

I am happy to provide any further information.

Kind Regards,

Vamsi.

JMorozowski
Active Participant
‎03-13-2008 7:12 PM
0 Kudos

I deleted and recreated the user on the Java side and it did not fix the problem. Does the user need to be deleted and recreated on the ABAP side as well? I think the case is wrong there also.

Show replies
Show replies
Former Member
‎03-13-2008 7:07 PM
0 Kudos

Recreate the user with the correct case.

Regards,

Snehal

Show replies
Show replies
JMorozowski
Active Participant
‎03-13-2008 6:45 PM
0 Kudos

Thank you for the swift reply, it appears the case in Visual Admin is all caps. Is there a way to change this case or should the user be deleted and recreated on the Java side?

Show replies
Show replies
Former Member
‎03-13-2008 6:42 PM
0 Kudos

Please refer to the following link and make sure the correct authorizations are granted :

http://help.sap.com/saphelp_nw70/helpdata/en/7f/65eba6ac324d28b477390262a87ab2/frameset.htm

Also, in the policy configuration to user mapping the user should be maintained in the right case 'ADSUser'

Also refer to SAP note 944221.

Hope this helps.

Regards,

Snehal

Show replies
Show replies
Ask a Question