public interface DestinationService
tc/sec/destinations/service
and tc/sec/destinations/interface
.
The destination service consists actually of two instances: the default instance
and a privileged instance. The default instance performs user-based authorization
checks based on the called methods (see below) and can be obtained either via
the new DestinationServiceLocator
or from JNDI. The privileged instance
circumvents authorization checks and is restricted via code-based security concepts
to few selected engine containers.
The destination service API allows to programmatically access or modify existing
destinations and create new destinations. Access to these API functions that
modify the destination service storage (storeDestination, updateDestination,
removeDestination) is protected in the default instance via a user-based
permission check on an UME action named Destination_Service_Write_Permission
.
This action is assigned already to members of the Administrator role.
If the code accessing the destination API does so as a system thread (thus,
no user context is available) the authorization check is successful also
in the default instance. As noted before, the privileged instance performs
no authorization checks.
The destination service protects security-sensitive information like e.g. passwords, tickets, etc. from unauthorized access. Due to the fact, that no user may read e.g. passwords in plaintext, no matter what his or her privileges are, access to these destination properties is restricted via code-based security to few selected engine components.
Code example for accessing the destination service via DestinationServiceLocator:
DestinationService dstService = null;
try {
dstService = DestinationServiceLocator.getInstance();
} catch (DestinationException e) {
// handle exception that can occur when instance has not yet been initialized
}
Code example for creating and storing a new HTTP destination:
// Fetch destination service instance
DestinationService dstService = null;
try {
dstService = DestinationServiceLocator.getInstance();
} catch (DestinationException e) {
// handle exception that can occur when instance has not yet been initialized
System.out.println("Destination service instance not yet initialized ... tough luck!");
return null;
}
// Create an empty destination of type HTTP
Destination dst = dstService.createDestination("HTTP");
HTTPDestination httpDst = (HTTPDestination) dst;
httpDst.setUrl("http://localhost/sld" + getServerHost() + ":" + getServerPort() + "/CGBasic/CGS");
httpDst.setName("MyTestDestination");
httpDst.setUsernamePassword("admin", "secretadminpass");
if (dstService.existsDestination("HTTP", "MyTestDestination")) {
// If destination exists already, update it in the destination service storage
dstService.updateDestination("HTTP", httpDst);
} else {
// If destination does not yet exist, store it in the destination service storage
dstService.storeDestination("HTTP", httpDst);
}
Code example for accessing an existing HTTP destination and using its connectivity features:
Destination dst = dstService.getDestination("HTTP", "MyTestDestination");
HTTPDestination httpDst = (HTTPDestination) dst;
HttpURLConnection urlConn = httpDst.getURLConnection();
InputStreamReader inr = new InputStreamReader(urlCon.getInputStream());
Modifier and Type | Field and Description |
---|---|
static int |
DESTINATION_NAME_MAX_LENGTH
Maximum length in characters of destination names.
|
static String |
JNDI_KEY
JNDI name under which the service is registered.
|
static String |
JNDI_KEY_LOCAL
Recommended JNDI name under which the service is registered.
|
Modifier and Type | Method and Description |
---|---|
Destination |
createDestination(String type) |
Destination |
createDestination(String type,
Object data) |
boolean |
existsDestination(String type,
String name)
Note, that this method does NOT throw an exception, e.g. if the queried
type does not exist.
|
Destination |
getDestination(String type,
String name)
Return an instance of a defined destination.
|
com.sap.security.core.server.destinations.api.DestinationInformation |
getDestinationInformation(String type,
String name) |
List |
getDestinationNames(String destinationType) |
com.sap.security.core.server.destinations.api.dynamictype.creation.DestinationTypeManager |
getDestinationTypeManager()
This method gives access to the
DestinationTypeManager , that can be used to
dynamically create new destination types. |
List |
getDestinationTypes() |
Hashtable |
getKeystoreViews()
Deprecated.
|
Object |
getUIMetaData(String type,
Object data)
Used internally for obtaining UI information.
|
com.sap.security.core.server.destinations.api.PingResult |
ping(String destinationType,
String destinationName) |
void |
removeDestination(String type,
String name)
Remove an destination from the destination store.
|
void |
storeDestination(String type,
Destination destination)
Store a destination of a given destination type.
|
void |
updateDestination(String type,
Destination destination)
Update a destination of a given destination type.
|
static final String JNDI_KEY
static final String JNDI_KEY_LOCAL
static final int DESTINATION_NAME_MAX_LENGTH
Destination getDestination(String type, String name) throws DestinationException, RemoteException
To clarify, the destination service expects the queried destination
to exist and will throw a DestinationException
in case
it does not exist. Destination existence can be queried via the method
existsDestination(String type, String name)
.
Note, that the access to the security-sensitive destination properties (e.g. passwords, tickets, ...) is protected and restricted to a selected set of engine components with a need-to-know.
type
- destination typename
- destination nameDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callDestination createDestination(String type, Object data) throws DestinationException, RemoteException
type
- destination typedata
- configuration dataDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callList getDestinationTypes()
List getDestinationNames(String destinationType) throws DestinationException, RemoteException
destinationType
- destination typeDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callboolean existsDestination(String type, String name)
Note, that this method does NOT throw an exception, e.g. if the queried type does not exist.
type
- destination typename
- destination nameDestination createDestination(String type) throws DestinationException, RemoteException
type
- destination typeDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callvoid updateDestination(String type, Destination destination) throws DestinationException, RemoteException
If this method is called on the default (non-privileged) destination service
instance by a thread that is not a system thread (therefore is in a certain
user's context) a permission check ensures that the user has been assigned
the UME action named Destination_Service_Write_Permission
.
This action is available already to members of the Administrator role.
type
- destination typedestination
- the destination to be updatedDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callvoid storeDestination(String type, Destination destination) throws DestinationException, RemoteException
If this method is called on the default (non-privileged) destination service
instance by a thread that is not a system thread (therefore is in a certain
user's context) a permission check ensures that the user has been assigned
the UME action named Destination_Service_Write_Permission
.
This action is available already to members of the Administrator role.
type
- destination typedestination
- the destination to be storedDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callvoid removeDestination(String type, String name) throws DestinationException, RemoteException
If this method is called on the default (non-privileged) destination service
instance by a thread that is not a system thread (therefore is in a certain
user's context) a permission check ensures that the user has been assigned
the UME action named Destination_Service_Write_Permission
.
This action is available already to members of the Administrator role.
type
- destination typename
- destination nameDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callHashtable getKeystoreViews() throws DestinationException, RemoteException
Used internally.
DestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callcom.sap.security.core.server.destinations.api.DestinationInformation getDestinationInformation(String type, String name) throws DestinationException
type
- destination typename
- destination nameDestinationException
- if the queried destination does not existObject getUIMetaData(String type, Object data) throws DestinationException, RemoteException
type
- destination typedata
- destination dataDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callcom.sap.security.core.server.destinations.api.PingResult ping(String destinationType, String destinationName) throws DestinationException, RemoteException
destinationType
- destination typedestinationName
- destination nameDestinationException
- if the queried destination does not existRemoteException
- if exception occur during the execution of a remote method callcom.sap.security.core.server.destinations.api.dynamictype.creation.DestinationTypeManager getDestinationTypeManager() throws DestinationException
DestinationTypeManager
, that can be used to
dynamically create new destination types.DestinationTypeManager
is returned that allows to manage
destination types dynamically. Due to the critical quality of this method, it is
only available via the privileged destination service instance.DestinationException
- Is thrown if this method is called from the default
destination service instance instead of the privileged instance.DestinationServiceLocator.getPrivilegedInstance()
Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] ENGFACADE
|
[sap.com] tc/bl/security/destinations/api
|
api
|
BC-JAS-SEC
|
[sap.com] J2EE-FRMW
|
[sap.com]
|
-
|
BC-JAS-SEC
|
[sap.com] J2EE-FRMW
|
[sap.com]
|
default
|
BC-JAS-SEC
|
Copyright 2018 SAP AG Complete Copyright Notice