Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
SAP NetWeaver 7.4 SP03 Process Integration
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
com.sap.aii.af.service.resource

Class SAPSecurityResources

java.lang.Object
  extended by com.sap.aii.af.service.resource.SAPSecurityResources

public class SAPSecurityResources
extends Object

Central class for SAP Security resources. It gives access to KeyStoreManager (see below) that in turn allows to retrieve keys and certificates from the J2EE keystore. Especially for XI AF JCA adapters and modules it is necessary to access the keystore in the "SYSTEM_LEVEL" permission mode since a credential based access is not possible because the AF runs with technical credentials internally. Once the keystore is opened the further key/certificate access id done via SAP J2EE APIs (Details see: https://media.sdn.sap.com/javadocs/preNW04/SP2/60_sp2_javadocs/tc_sec_ssf/index.html)

Field Summary
static Set grantedPermissionSet
           
 
Method Summary
static SAPSecurityResources getInstance()
          Return's a SAPSecurityResources.
 KeyStoreManager getKeyStoreManager(PermissionMode permissionMode)
          Central class for KeyStore management.
 KeyStoreManager getKeyStoreManager(PermissionMode permissionMode, String[] aPROTECTION_DOMAIN)
          Central class for KeyStore management.
 String toString()
          Returns a string representation of this object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

grantedPermissionSet

public static Set grantedPermissionSet
Method Detail

getInstance

public static SAPSecurityResources getInstance()
Return's a SAPSecurityResources.

Returns:
com.sap.aii.af.service.resource.SAPSecurityResources

getKeyStoreManager

public KeyStoreManager getKeyStoreManager(PermissionMode permissionMode)
                                   throws KeyStoreException
Central class for KeyStore management. The KeyStore-Mode define's the permission context for the KeyStore management.
KEYSTORE - Mode: Run's the KeyStoreManager with NO additional permission's. This means:
The calling code must have code based permissions for the performing actions and the user MUST be assigned to the KeystoreAdministrator role (-> user based permission).
DO_PRIVILEGED - Mode: Run's the KeyStoreManager under code based permission for all performing actions.
SYSTEM_LEVEL - Mode: Run's the KeyStoreManager under user based permissions. The following java.lang.RuntimePermission is checked: com.sap.aii.security.lib.Constants.SECURITY_RUNTIME_PERMISSION = XiSecurityRuntimePermission.
This permission has to be granted as code permissions. This can be done by setting the corresponding Protection Domains array. For an application you get the Protection Domain via the MANIFEST.MF: Example.
Implementation-Title = com.sap.aii.adapter.soap.app Implementation-Vendor-Id = sap.com
--> Protection Domain = / = sap.com/com.sap.aii.adapter.soap.app
For an service you don't need to specify the Protection Domain and a library is not allowed to reference a service because of the layering.

Parameters:
permissionMode - - com.sap.aii.security.lib.PermissionMode
Returns:
com.sap.aii.security.lib.KeyStoreManager
Throws:
KeyStoreException

getKeyStoreManager

public KeyStoreManager getKeyStoreManager(PermissionMode permissionMode,
                                          String[] aPROTECTION_DOMAIN)
                                   throws KeyStoreException
Central class for KeyStore management. The KeyStore-Mode define's the permission context for the KeyStore management.
KEYSTORE - Mode: Run's the KeyStoreManager with NO additional permission's. This means:
The calling code must have code based permissions for the performing actions and the user MUST be assigned to the KeystoreAdministrator role (-> user based permission).
DO_PRIVILEGED - Mode: Run's the KeyStoreManager under code based permission for all performing actions.
SYSTEM_LEVEL - Mode: Run's the KeyStoreManager under user based permissions. The following java.lang.RuntimePermission is checked: com.sap.aii.security.lib.Constants.SECURITY_RUNTIME_PERMISSION = XiSecurityRuntimePermission.
This permission has to be granted as code permissions. This can be done by setting the corresponding Protection Domains array. For an application you get the Protection Domain via the MANIFEST.MF: Example.
Implementation-Title = com.sap.aii.adapter.soap.app Implementation-Vendor-Id = sap.com
--> Protection Domain = / = sap.com/com.sap.aii.adapter.soap.app
For an service you don't need to specify the Protection Domain and a library is not allowed to reference a service because of the layering.

Parameters:
permissionMode - - com.sap.aii.security.lib.PermissionMode
aPROTECTION_DOMAIN - - String[]
Returns:
com.sap.aii.security.lib.KeyStoreManager
Throws:
KeyStoreException

toString

public String toString()
Returns a string representation of this object.

Overrides:
toString in class Object
Returns:
String
Access Rights

This class can be accessed from:







SC


DC

Public Part

ACH






[sap.com] SAP_XIAF


[sap.com] com.sap.aii.af.svc.facade


api


BC-XI





















  

      Overview 
      Package 
    Class 
      Use 
      Tree 
      Deprecated 
      Index 
      Help 
  





SAP NetWeaver 7.4 SP03 Process Integration







 PREV CLASS 
 NEXT CLASS

  FRAMES   
 NO FRAMES   
 









  SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD









Copyright 2014 SAP AG Complete Copyright Notice