cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EP SSO and J2EE applications

Former Member

on ‎06-25-2008 9:31 AM

0 Kudos

Hi,

I have developed an application in J2EE/ JSP using Netweaver Developer studio that connections to a back-end system using the JCO Java connecter.

Our EP consultant has created an iView for this but, of course, the user must log in a second time to my application using their credentials.

I have been asked to make this work using SSO. If I understand correctly, to do this I essentially need to look for a browser cookie call MYSAPSSO2, and from that I can determine the name of the user logged in.

Questions:

1. Does anyone have an example of Java code that handles this?

2. Where can I get a description of the SSO cookie structure so that I can take out the information that I need and have my code handle all the different configurations that this cookie might have?

3. Is this a secure way to do things? Surely it would be easy for someone to make a "fake" cookie (a faux biscuit) to dupe my code into thinking a particular user was logged on.

Thanks!

Tristan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-25-2008 3:32 PM
0 Kudos

Hi ,

dou need the code for the user name who has logged into the portal . or u need SSO Details,

Regards

venkat

Show replies
Show replies
Former Member
‎06-25-2008 3:35 PM
0 Kudos

Hi,

for current user logged

Try:

{

// get the currently logged in user

IWDClientUser wdUser = WDClientUser.getCurrentUser();

//get the com.sap.security.api.Iuser; It is null in case wdUser represents an anonymous user

IUser user = wdUser.getSAPUser();

//check whether the user is anonymous

if (user != null)

{

//access logon ID by iterating through the IUserAccount array

IUserAccount[] acct = user.getUserAccounts();

if(acct[0] != null)

{

String strUserid = acct[0].getLogonUid();

//pass the value obtained from the portal to value attribute

wdContext.currentNode().setAttribute(new String(strUserid));

}

}

}

put this code

Regards ,

venkat

Former Member
‎06-26-2008 6:02 AM
0 Kudos

Hi Venkat,

Thanks for your reply, but I think that only works for WebDynpro applications. We are writing a pure Java application - when I try that code I get a null pointer exception because, presumably, the call to getCurrentUser is expecting some of the web dynpro classes to have been instantiated.

Do you know how we could achieve this in pure Java?

Thanks,

Tristan

former_member698570
Active Participant
‎06-26-2008 11:33 PM
0 Kudos

Hi,

could you clarify your problem?? I'm confused.

You developed an enterprise application that is deployed in your J2EE Engine and you are accessing it via SAP EP.

Is there any other system involved or why are you talking about implementing Single Sign On?

If your application resides in the portal you can easily determine the Authenticated User using UME API

Here is some sample code:

boolean permitted = false; 
 try { 
        IGroupFactory igf = UMFactory.getGroupFactory (); 
        IUserFactory ufac = UMFactory.getUserFactory (); 
        IGroup GROUP = igf.getGroupByUniqueName ("GROUPTOCHECK"); 
                         
        IUser loggedonUser = UMFactory.getAuthenticator().getLoggedInUser(); 
                          
       if (loggedonUser!=null) { 
         String groupun = GROUP.getUniqueID (); 
         permitted = loggedonUser.isMemberOfGroup (groupun, true); 
       } 
} catch (UMException UMEx) { 
  UMEx.printStackTrace(); 
}

If you want to validate the logon ticket or extract information from it you need an appropriate SAP Library called SSOEXT but this only makes sense for external or 3rd party systems.

Nevertheless goto https://websmp105.sap-ag.de/swdc and search for SSOEXT:

Download the software. The package also contains documentation and sample codes for various programming languages (e.g. Java, .NET and others)

Hope this helps

Cheers

Ask a Question