cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Retrieve SSO Ticket for JCO.Server

Go to solution
Former Member

on ‎12-28-2005 10:30 AM

0 Kudos

Hello Community,

I need your help. I am successfully calling a "java service" (NOT a web service!) through JCO (JCO.Server).

Everything is working fine, but now here is my problem:

I would like to know the current user, under whom the call was made. Of course I could always transmit "sy-uname" (as a seperate parameter of my Java-Service) to send the current SAP-Username. But if I do that, the programmer could call my service sending any username he likes.

The better way would be to send the sap logon ticket you also would retrieve in a web application (as a cookie). It is only a string and I easily could transmit it manually as a parameter. But there does not seem to be a kind of BAPI/Transaktion like "BAPI_SSO_GET"...

Or is there a way to retrive this sso-ticket by configuring the connection (sm59)?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-28-2005 11:07 AM
0 Kudos

Hi,

Please refer this thread

/thread/26909 [original link is broken]

This shows how to retrieve user name from SSO ticket with java. This may help you.

Regards,

Uma

Show replies
Show replies
Former Member
‎12-28-2005 12:29 PM
0 Kudos

Hi Uma,

thanks for your reply. But my problem is not to verify or to interpret the sso-ticket. I already have that as we are already calling Java-Applications (JBoss, not SAPWebAS) through the portal, getting a SSO-Ticket as a cookie.

And that's the point. As I already can verify and interpret the SAP logon ticket, I would like to use it to authenticate the current user calling java from SAP via JCO.

I need this as I am going to call Cobol-transaktions from java than (via CICS or MQ), which need to know the user.

So what I am going to create is a kind of EAI-Gateway for Cobol-Transaktions...

Regards,

Daniel

Former Member
‎12-29-2005 7:38 AM
0 Kudos

Hi Becker

Here are some links regarding authentication using SSO.

Check this out.

http://help.sap.com/saphelp_nw04/helpdata/en/94/f2503ede925441e10000000a114084/content.htm

http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/80fbc690-0201-0010-1aba-93d5...

[link removed (content deleted)]

Dont Forget to reward pts if it helps ;>)

Regards

Rakesh.

Message was edited by: Jason Lax

Former Member
‎12-29-2005 8:36 AM
0 Kudos

Hi Rakesh,

thank you for your supportive answer. But unfortunatly it does not solve my real problem. I do not need to authenticate against SAP with a sso-ticket. I already did that.

What I want to do is to call Java through the JCO.Server-Class. I already managed this and everything is working fine. But what I need in the Java world is the current user who is calling the Java service.

For example: the current user working in SAP with an applikation there is Mr.X. He is authenticated and trusted. Now the application needs something from Java and is therefor calling a service via JCO.Server.

The Java-Service now needs to know the name of the current user (e.g. to write it in a database).

It would be no problem to transmit "sy-uname" (e.g. MRX) to the java world (just as a parameter). But to send just only the current SAP-Logon-Name is not helpful as this could be faked by a programmer. My idea now was to create the same SAP Logon Tickit, that is also created by the Portal and transmitted via a cookie, and to transmit that instead of the user-name. I already have several mechanism to handle that sso ticket in my java world and I can trust it. Also this ticket could be used allthrough all other services in Java and Cobol-transaktions and back to SAP again (something like "technical SOA")...

So I thought there has to be a transaktion or BAPI or a kind of configuration for the JCO connection or whatever else in the SAP ABAP World, which I could use to just create the current Logon Ticket, which would authenticate the current user, and send that instead of only the current user name.

Thank you all for your support...

Regards

Daniel

Former Member
‎12-30-2005 7:09 AM
0 Kudos

O.K.

Let's think a little bit RFC from one system to another and look at the call back functionality.

If you can access the call back from your java server you can have an ABAP part of code that transmits the syst-uname.

(I didn't say it was going to be easy or even feasable but this is the scenario I can come up with which should satisfy your requirement).

As this is a pull /vs the push you described earlier this should satisfy your requirements.

Enjoy

Former Member
‎12-30-2005 9:35 AM
0 Kudos

Hi,

thank you for your reply. The thing is, that I do <b>not</b> want to call a BAPI from Java (I already do that and it's working already!)

I need to call a Java-Method. You can use JCO.Server to do so. This is working too. Everything is fine.

The following SAP-Code is already working fine:


DATA lv_msg(256).
DATA lv_dest		TYPE rfcdest.
DATA lv_result	TYPE aa50010basic.
DATA lv_input		TYPE aa50010basic.
lv_dest = 'JCO-TEST'.

CALL FUNCTION 'SAP_AA500G10' DESTINATION lv_dest " JCO Destination
  	EXPORTING
  		ev_input = lv_input
  	IMPORTING
  		ev_output = lv_result
  	EXCEPTIONS
  		communication_failure = 1 MESSAGE lv_msg
  		system_failure = 2 MESSAGE lv_msg.

IF sy-subrc <> 0.
  	WRITE: lv_msg.
ENDIF.

Now I can of course send the sy-uname to the Java-Service "SAP_SAP_AA500G10" as a simple Parameter. But than the developer could send every kind of String he wishes. This is not secure enouge for my tast.

Is there a way, to transmit the SAP Logon Ticket (that SAP is also creating when using HTTP-Connections to e.g. a webservice) via JCO <b>from SAP to Java</b>?

Former Member
‎04-18-2007 6:38 PM
0 Kudos

Hi Daniel,

I'm understand your problem because I'm looking for a similiar way to call a external method (e.g. JCo Server) from ABAP.

My problem in a short way:

The ABAP Code should start a external server process at the Frontend Client. Therefore the server program has to be started by the SAPGUI and put necessary information to the external program (e.g. User Information, technical way to the application server, SSO Ticket).

The graphical screen painter works in that way. The SM59 Entry has to be maintained to start a external program at the client.

I've no find a way/information to works with JCo as started rfc server.

Any Ideas?

Best regards,

Joerg

Answers (0)

Ask a Question