To protect your application service methods, you can use permissions based on the User Management Engine (UME). You use the same mechanism as in Java EE applications.
A new permission with permission class com.sap.caf.rt.security.srv.ServicePermission is generated. It extends the java.security.BasicPermission class and is automatically used as the permission class for the permissions you define in your CAF application.
<your project name>/permissions/src/actions.xml.
By default, the file contains an action for which full control is generated. Full control includes all permissions that are defined for service operations.
In a separate section there is a new permission generated from step 1.
<provider>/<xapp>/<service name>/<operation name>
actions.xm l
<BUSINESSSERVICE> <DESCRIPTION LOCALE="en" VALUE="sap.com/myxapp"/> <ACTION NAME="Fullcontrol" > <DESCRIPTION LOCALE="en" VALUE="Permission to execute all application service operations"/> <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyAppService/my1stOperation" VALUE="*" /> <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyAppService/my2ndOperation" VALUE="*" /> <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyNewAppService/anotherOperation" VALUE="*" /> </ACTION> <!-- Application specific permissions can be added to the following section --> <!-- //@@custom code start --> <!-- //@@custom code end --> </BUSINESSSERVICE>
At runtime, create UME roles that contain the actions you have defined, and assign them to users
Alternatively, you may implement application service operations permission checks by coding in the operation itself. To open the source code of your application service, go to the Implementation tab page and choose the link for the EJB class.
Note that to be able to see the updated actions.xml file with the new permissions for an operation, you have to generate the CAF application.