File/FTP, JDBC, JMS, and Mail Adapters
Use
The common feature of the adapters in this section is that the external protocol provides a generic data store. From this data store the data is read and transformed into an XI message on the inbound side, and the data contained in an XI message is written on the outbound side to this data store.
|
File |
FTP |
JDBC |
JMS |
|
|
|---|---|---|---|---|---|
|
Data store |
NFS file system |
FTP server |
JDBC database |
JMS queuing system |
Mail server |
|
Access protocol |
Specific to operating system or file system. May use operating system functions to secure access. |
FTP/FTPS Secure FTP (FTPS) should be used if possible. |
Specific to JDBC database provider. Access should be secured if supported by the provider. |
Specific to JMS queuing system provider. Access should be secured if supported by the provider. |
IMAP4, POP3, SMTP. All protocols should be secured with SSL. S/MIME and user authentication are supported. |
The connection to the data store is always established from the Advanced Adapter Engine; both read and write access are required for the inbound and the outbound side. The user who actually reads from or writes to the data store can be defined in the adapter-specific sender or receiver channel. The user can also be an anonymous technical user under which the AS Java process of the Advanced Adapter Engine is running.
From a security perspective, only necessary authorizations should be given to these users (least privilege principle).
The following table summarizes the access data for the data store of both the sender inbound side and the receiver outbound side.
|
File |
FTP |
JDBC |
JMS |
|
|
|---|---|---|---|---|---|
|
User on inbound side |
AS Java process user |
Configured in File (FTP) sender channel |
Configured in JDBC sender channel |
Configured in JMS sender channel |
Configured in mail sender channel |
|
User authority on data store |
Read and write access to configured file/directory |
Read and write access to configured file/directory |
Read and write access to configured database tables |
Read and write access to configured queues |
imap4 or pop3 access rights for reading and deleting messages in the configured folder |
|
User on outbound side |
AS Java process user |
Configured in File (FTP) receiver channel |
Configured in JDBC receiver channel |
Configured in JMS receiver channel |
Configured in mail receiver channel |
|
User authority on outbound side |
Read and write access to configured file/directory |
Read and write access to configured file/directory |
Read and write access to configured database tables |
Read and write access to configured queues |
smtp or imap4 access rights for sending messages (smtp) or storing messages in the configured folder (imap4) |
Providing Credentials for Database Access in the JDBC Adapter
Use the fields in the JDBC adapter configuration to provide user name and password for database access. Do not provide the credentials in the connection address because they might get written to the audit log in plain text.
More information
Defining Operating System Commands in the File/FTP Adapter
You can define operating system commands that are to be executed by the file/FTP adapter before and after message processing.
To prevent malicious usage of this function, enhancing communication channels that way is restricted: Only those users with assigned role SAP_XI_CONFIG_FILE_OS_CMD_J2EE are authorized to enhance communication channels that way.
By default, this role is not assigned to any standard user of PI. You have to assign this role manually to dedicated users which should be in charge of defining operating system commands during configuration of file/FTP adapter.
More information: Defining Operating System Commands Before/After Processing