Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JCO: How to configure SNC so that "checkAuthorization" is called

Former Member

‎03-27-2008 2:57 PM

0 Kudos

Hi experts,

my question is how to easily configure a SAP system so that the "checkAuthorization" method on a remote JCO server is called. The JCO documentation about this topic is very short, is there any more documentation except what I found in the API doc:

checkAuthorization

...

protected boolean checkAuthorization(java.lang.String function_name,
                                  int authorization_mode,
                                  java.lang.String authorization_partner,
                                  byte[] authorization_key)

Called by the jni-layer to check for authorization in case of SNC usage for the server connection.

Derived servers will override this function to actually implement the authorization handling. The method has to return true if the the request should be accepted and it returns false if the caller is not authorized to invoke the function.

Note:This method will be invoked only if SNC is used on the server connection.

Parameters:

function_name - the function that has been called by a remote client

authorization_mode - the mode of the authorization:

Mode Description

AUTHORIZATION_SNC Secure Network compliant authorization

AUTHORIZATION_BASIC Basic authorization

authorization_partner - the partner (system) name where the request comes from

authorization_key - the authorization key as binary data depending on the mode

Returns:

true if the request should be accepted and false otherwise.

...

Any links, tips, hints or "how-to"s about how to easily setup SNC (I'm not a SAP expert ) for development and testing purposes?

Many thanks in advance and kind regards,

Sebastian

4 REPLIES 4

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎03-31-2008 8:27 PM

0 Kudos

Oh Jesus - this looks weird ...

I can only imagine that this is about an ACL check for JCO service providers (-> RFC server): the ACL is supposed to contain the list of "trusted peers" identified by their SNC name (in the binary notation, the so-called ACL key).

That's what I'm guessing (knowing SNC and RFC).

But frankly speaking: the quoted docu is terrible.

Can you provide a link (URL) to the source ...?

Regards, Wolfgang

Former Member
In response to WolfgangJanzen

‎04-07-2008 4:21 PM

0 Kudos

Hi Wolfgang,

thanks for your reply. The docu snippet I posted is taken from the official SAP JCO documentation which can be found here:

http://help.sap.com/javadocs/NW04/current/jc/com/sap/mw/jco/JCO.Server.html#checkAuthorization(java....

You wrote that you're familiar with SNC, so could you please point me to some docu about how to easily setup SNC? As I'm not a SAP expert it would be good to have a simple step-by-step tutorial or sth. like that.

Thanks and kind regards,

Sebastian

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to WolfgangJanzen

‎04-07-2008 4:44 PM

0 Kudos

> 

> You wrote that you're familiar with SNC, so could you please point me to some docu about how to easily setup SNC? As I'm not a SAP expert it would be good to have a simple step-by-step tutorial or sth. like that.
> Sebastian

Well, SNC is generic (since it's based on the GSS-API, Generic Security Services Application Programming Interface). So, it will not be possible to provide a "simple step-by-step tuturial". However, all (certified) SNC vendors should provide such a tuturial (or even better: a configuration tool) for their product.

Regarding the docu: I'm attempting to contact the author in order to clarify whether my assumption is right and to provide a proper answer. As soon as I get a reply I'll post it here.

Cheers, Wolfgang

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
In response to WolfgangJanzen

‎04-09-2008 3:57 PM

0 Kudos

> 

> Hi Wolfgang,
> 
> thanks for your reply. The docu snippet I posted is taken from the official SAP JCO documentation which can be found here:
> http://help.sap.com/javadocs/NW04/current/jc/com/sap/mw/jco/JCO.Server.html#checkAuthorization(java....

O.k. - now it's confirmed.

This method does indeed refer to SNC. This is a callback handler that is supposed to be provided by the JCO server in order to implement an Access Control List (ACL) check. The JCO runtime will retrieve the SNC name of the caller (in most cases that will be an ABAP server) and pass it as arguments to this method (callback handler) - in printable notation ("authorization_partner", same as the result of the RFC API call RfcSncPartnerName) and in a canonical (but binary) form ("authorization_key", see: RfcSncPartnerAclKey), if "authorization_mode" = AUTHORIZATION_SNC. So, actually the wording is not appropriete ... (it's about "authentication", not "authorization").

But the name of the method itself ("checkAuthorization") is not entirely wrong / misleading, since it allows to implement an ACL also based on evaluating which "function module" (in terms of RFC) is requested. That's then somehow comparable to the S_RFC authorization check in ABAP which is performed for each inbound RFC call. And that's then indeed about "authorizations".

Cheers, Wolfgang