com.sap.security.api.umap

Class NoLogonDataAvailableException

java.lang.Object
  java.lang.Throwable
      java.lang.Exception
          com.sap.security.api.UMException
              com.sap.security.api.umap.NoLogonDataAvailableException

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

MultipleHitException

public class NoLogonDataAvailableException
extends UMException

This exception is thrown when user mapping data for a combination of principal and backend system is requested, but there is no user mapping data available (which fits the system's configured logon method).

You can use getReason() to distinguish between different reasons that led to this exception and react accordingly.

See Also:

Serialized Form

Field Summary

static int	REASON_ACCESS_DENIED Access to sensitive information of the user mapping data has been denied.
static int	REASON_CRYPTO_MISMATCH The encryption modes used to save and now read the user mapping data are incompatible.
static int	REASON_KEY_CHANGED Strongly encrypted user mapping data can not be decrypted because the main key used for user mapping encryption has been changed after saving the user mapping data.
static int	REASON_MULTIPLE_MAPPING There are several local users mapped to the same backend user.
static int	REASON_NO_CERTIFICATE There is no existing certificate for the user for which the request for user mapping data has been issued.
static int	REASON_NO_DATA No user mapping data has been saved for the current user / system combination (so this is no error, just an information).
static int	REASON_NO_KEY Strongly encrypted user mapping data can not be decrypted because the main key used for user mapping encryption is not available.
static int	REASON_NO_TICKET here is no existing SAP logon ticket for the user for which the request for user mapping data has been issued.
static int	REASON_NORMAL_MAPPING_BUT_REFSYS User mapping data has been saved for a system that was not the SAP reference system at the time of saving, but now the system is the SAP reference system.
static int	REASON_NOT_REQUIRED The logon method of the system for which user mapping data has been requested is ILoginConstants.SSO_JCO_LOGON_METHOD_NONE, meaning that the system does not require authentication, so user mapping does not need to provide any credentials.
static int	REASON_POLICY_FILES_MISSING Strongly encrypted user mapping data can not be decrypted on this machine because the so-called "JCE policy files for unlimited strength encryption" are missing.
static int	REASON_REFSYS_MAPPING_SIGNATURE_MISSING The "digital signature" protecting user mappings for the SAP reference system from unauthorized changes is missing (SAP note 1107795).
static int	REASON_UNKNOWN User mapping data is not available because of an unknown reason.
static int	REASON_UNSUPPORTED_LOGON_METHOD The logon method of the system for which user mapping data has been requested is either not supported in general or at least not supported in the current scenario, i.e. for the variant of IUserMappingData.enrich(*) which is used.

Fields inherited from class com.sap.security.api.UMException

m_throwable, mMessageBuffer

Constructor Summary

NoLogonDataAvailableException()
Create a NoLogonDataAvailableException without further information.

NoLogonDataAvailableException(String message)
Create a NoLogonDataAvailableException with a specific error message.

NoLogonDataAvailableException(String message, int reason)
Create a NoLogonDataAvailableException with a specific error message and an error code.

Method Summary

int	getReason() Get the error code of the reason that caused this exception.

Methods inherited from class com.sap.security.api.UMException

addMessage, getLocalizedMessage, getMessage, getMessages, getNestedException

Methods inherited from class java.lang.Throwable

fillInStackTrace, getCause, getStackTrace, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

REASON_UNKNOWN

public static final int REASON_UNKNOWN

User mapping data is not available because of an unknown reason. You should have a look at log and trace files for details.

See Also:

Constant Field Values

REASON_NO_DATA

public static final int REASON_NO_DATA

No user mapping data has been saved for the current user / system combination (so this is no error, just an information).

See Also:

Constant Field Values

REASON_CRYPTO_MISMATCH

public static final int REASON_CRYPTO_MISMATCH

The encryption modes used to save and now read the user mapping data are incompatible.

Example: User mapping data has been saved with weak encryption. In the meanwhile, the administrator switched to strong encryption, but didn't use the conversion facility to migrate all existing user mapping data. Now the user mapping data is still weakly encrypted, but a system configured to use strong encryption does not accept weakly encrypted user mapping data for security reasons.

See Also:

Constant Field Values

REASON_MULTIPLE_MAPPING

public static final int REASON_MULTIPLE_MAPPING

There are several local users mapped to the same backend user.

Only relevant for IUserMapping.getInverseMappingData(String, ISystemLandscapeObject) and overloaded methods with the same name.

See Also:

Constant Field Values

REASON_POLICY_FILES_MISSING

public static final int REASON_POLICY_FILES_MISSING

Strongly encrypted user mapping data can not be decrypted on this machine because the so-called "JCE policy files for unlimited strength encryption" are missing.

These files need to be installed in every JDK installation used by the SAP AS Java cluster, i.e. on every cluster node. See SAP note 796540 for further details.

See Also:

Constant Field Values

REASON_KEY_CHANGED

public static final int REASON_KEY_CHANGED

Strongly encrypted user mapping data can not be decrypted because the main key used for user mapping encryption has been changed after saving the user mapping data.

See Also:

Constant Field Values

REASON_NO_TICKET

public static final int REASON_NO_TICKET

here is no existing SAP logon ticket for the user for which the request for user mapping data has been issued.

Only relevant for IUserMappingData.enrich(Properties) and systems with logon method "SAPLogonTicket" (ILoginConstants.SSO_JCO_LOGON_METHOD_TICKET).

See Also:

Constant Field Values

REASON_NO_CERTIFICATE

public static final int REASON_NO_CERTIFICATE

There is no existing certificate for the user for which the request for user mapping data has been issued.

Only relevant for IUserMappingData.enrich(Properties) and systems with logon method "X509CERT" (ILoginConstants.SSO_JCO_LOGON_METHOD_X509CERT).

See Also:

Constant Field Values

REASON_NO_KEY

public static final int REASON_NO_KEY

Strongly encrypted user mapping data can not be decrypted because the main key used for user mapping encryption is not available.

See Also:

Constant Field Values

REASON_NORMAL_MAPPING_BUT_REFSYS

public static final int REASON_NORMAL_MAPPING_BUT_REFSYS

User mapping data has been saved for a system that was not the SAP reference system at the time of saving, but now the system is the SAP reference system.

Background: User mapping data for the SAP reference system needs to be verified when being saved for security reasons. Verification is not done for other systems, so "normal" user mappings can not be used for the SAP reference system, but need to be "refreshed" (entered again).

See Also:

Constant Field Values

REASON_ACCESS_DENIED

public static final int REASON_ACCESS_DENIED

Access to sensitive information of the user mapping data has been denied.

See Also:

Constant Field Values

REASON_REFSYS_MAPPING_SIGNATURE_MISSING

public static final int REASON_REFSYS_MAPPING_SIGNATURE_MISSING

The "digital signature" protecting user mappings for the SAP reference system from unauthorized changes is missing (SAP note 1107795).

See Also:

Constant Field Values

REASON_UNSUPPORTED_LOGON_METHOD

public static final int REASON_UNSUPPORTED_LOGON_METHOD

The logon method of the system for which user mapping data has been requested is either not supported in general or at least not supported in the current scenario, i.e. for the variant of IUserMappingData.enrich(*) which is used.

See Also:

Constant Field Values

REASON_NOT_REQUIRED

public static final int REASON_NOT_REQUIRED

The logon method of the system for which user mapping data has been requested is ILoginConstants.SSO_JCO_LOGON_METHOD_NONE, meaning that the system does not require authentication, so user mapping does not need to provide any credentials.

See Also:

Constant Field Values

Constructor Detail

NoLogonDataAvailableException

public NoLogonDataAvailableException()

Create a NoLogonDataAvailableException without further information.

NoLogonDataAvailableException

public NoLogonDataAvailableException(String message)

Create a NoLogonDataAvailableException with a specific error message.

Parameters:

message - The message text for the exception.

NoLogonDataAvailableException

public NoLogonDataAvailableException(String message,
                                     int reason)

Create a NoLogonDataAvailableException with a specific error message and an error code.

The code can be retrieved by getReason() and can be used e.g. to programmatically handle different reasons for user mapping data being missing.

Parameters:

message - The message text for the exception.

reason - The reason for the exception. One of the constants starting by REASON_.

Method Detail

getReason

public int getReason()

Get the error code of the reason that caused this exception.

Returns:

Any of the constants starting by REASON_.

Access Rights

This class can be accessed from:

SC	DC
[sap.com] ENGINEAPI	[sap.com] com.sap.security.api.sda
[sap.com] ENGFACADE	[sap.com] tc/je/usermanagement/api
[sap.com] CORE-TOOLS	[sap.com] com.sap.engine.client.lib