SAPSecurityResources

java.lang.Object
- com.sap.aii.af.service.resource.SAPSecurityResources

```
public class SAPSecurityResources
extends Object
```
Central class for SAP Security resources. It gives access to KeyStoreManager (see below) that in turn allows to retrieve keys and certificates from the J2EE keystore. Especially for XI AF JCA adapters and modules it is necessary to access the keystore in the "SYSTEM_LEVEL" permission mode since a credential based access is not possible because the AF runs with technical credentials internally. Once the keystore is opened the further key/certificate access id done via SAP J2EE APIs (Details see: https://media.sdn.sap.com/javadocs/preNW04/SP2/60_sp2_javadocs/tc_sec_ssf/index.html)

Field Summary

Fields
Modifier and Type Field and Description

static Set grantedPermissionSet

Fields
Modifier and Type	Field and Description
`static Set`	`grantedPermissionSet`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static SAPSecurityResources`	`getInstance()` Return's a SAPSecurityResources.
`KeyStoreManager`	`getKeyStoreManager(PermissionMode permissionMode)` Central class for KeyStore management.
`KeyStoreManager`	`getKeyStoreManager(PermissionMode permissionMode, String[] aPROTECTION_DOMAIN)` Central class for KeyStore management.
`String`	`toString()` Returns a string representation of this object.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail
- grantedPermissionSet
```
public static Set grantedPermissionSet
```

Method Detail

getInstance
```
public static SAPSecurityResources getInstance()
```
Return's a SAPSecurityResources.

Returns:

com.sap.aii.af.service.resource.SAPSecurityResources

getKeyStoreManager

public KeyStoreManager getKeyStoreManager(PermissionMode permissionMode)
                                   throws KeyStoreException

Central class for KeyStore management. The KeyStore-Mode define's the permission context for the KeyStore management.

 KEYSTORE      - Mode: Run's the KeyStoreManager with NO additional permission's. This means:
                       The calling code must have code based permissions for the performing actions
                       and the user MUST be assigned to the KeystoreAdministrator role (-- user based permission).

 DO_PRIVILEGED - Mode: Run's the KeyStoreManager under code based permission for all performing actions.

 SYSTEM_LEVEL  - Mode: Run's the KeyStoreManager under user based permissions. The following java.lang.RuntimePermission
                       is checked: com.sap.aii.security.lib.Constants.SECURITY_RUNTIME_PERMISSION = XiSecurityRuntimePermission.
                       This permission has to be granted as code permissions. This can be done by setting the corresponding
                       Protection Domains array. For an application you get the Protection Domain via the MANIFEST.MF: Example.

                       Implementation-Title = com.sap.aii.adapter.soap.app
                       Implementation-Vendor-Id = sap.com

                       --> Protection Domain = <Implementation-Vendor-Id>/<Implementation-Title> = sap.com/com.sap.aii.adapter.soap.app

                       For an service you don't need to specify the Protection Domain and a library is not allowed to reference a service
                       because of the layering.

Parameters:: permissionMode - - com.sap.aii.security.lib.PermissionMode
Returns:: com.sap.aii.security.lib.KeyStoreManager - the keystore manager
Throws:: KeyStoreException - In case there's a problem when accessing the key storage

getKeyStoreManager

public KeyStoreManager getKeyStoreManager(PermissionMode permissionMode,
                                          String[] aPROTECTION_DOMAIN)
                                   throws KeyStoreException

Central class for KeyStore management. The KeyStore-Mode define's the permission context for the KeyStore management.

 KEYSTORE      - Mode: Run's the KeyStoreManager with NO additional permission's. This means:
                       The calling code must have code based permissions for the performing actions
                       and the user MUST be assigned to the KeystoreAdministrator role (-- user based permission).

 DO_PRIVILEGED - Mode: Run's the KeyStoreManager under code based permission for all performing actions.

 SYSTEM_LEVEL  - Mode: Run's the KeyStoreManager under user based permissions. The following java.lang.RuntimePermission
                       is checked: com.sap.aii.security.lib.Constants.SECURITY_RUNTIME_PERMISSION = XiSecurityRuntimePermission.
                       This permission has to be granted as code permissions. This can be done by setting the corresponding
                       Protection Domains array. For an application you get the Protection Domain via the MANIFEST.MF: Example.

                       Implementation-Title = com.sap.aii.adapter.soap.app
                       Implementation-Vendor-Id = sap.com

                       --> Protection Domain = <Implementation-Vendor-Id>/<Implementation-Title> = sap.com/com.sap.aii.adapter.soap.app

                       For an service you don't need to specify the Protection Domain and a library is not allowed to reference a service
                       because of the layering.

Parameters:: permissionMode - - com.sap.aii.security.lib.PermissionMode; aPROTECTION_DOMAIN - - String[]
Returns:: com.sap.aii.security.lib.KeyStoreManager - the keystore manager
Throws:: KeyStoreException - In case there's a problem when accessing the key storage

toString
```
public String toString()
```
Returns a string representation of this object.

Overrides:

toString in class Object

Returns:

String

Class SAPSecurityResources

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

grantedPermissionSet

Method Detail

getInstance

getKeyStoreManager

getKeyStoreManager

toString

This class can be accessed from: