Show TOC Start of Content Area

Procedure documentation Protecting Access to Application Service Operations  Locate the document in its SAP Library structure

Use

To protect your application service methods, you can use permissions based on the User Management Engine (UME). You use the same mechanism as in Java Enterprise Edition (EE) applications.

Prerequisites

You must be familiar with the use of UME permissions in Java EE applications.

More information: Authorization Concept of the AS Java

Procedure

...

       1.      Enable permission checks for the appropriate method:

                            a.      In the Composite Application perspective of the SAP NetWeaver Developer Studio, open your application service.

                            b.      Choose the Operations tab page.

                            c.      Select the operation whose access you want to protect.

                            d.      Choose Edit.

                            e.      In the Permission check dropdown box, select Enable.

                              f.      Choose Finish.

A new permission with permission class com.sap.caf.rt.security.srv.ServicePermission is generated. It extends the java.security.BasicPermission class and is automatically used as the permission class for the permissions you define in your CAF application.

       2.      Modify the file actions.xml.

                            a.      In the Package Explorer view, open the following file:

<your project name>/permissions/src/actions.xml.

By default, the file contains an action for which full control is generated. Full control includes all permissions that are defined for service operations.

In a separate section there is a new permission generated from step 1.

                            b.      Each permission is named by the fully qualified service name and operation name in the following way:

Syntax

<provider>/<xapp>/<service name>/<operation name>

                            c.      Copy and paste the permissions from the full control section and modify them for your application specific permissions:

Syntax

actions.xml

<BUSINESSSERVICE>

    <DESCRIPTION LOCALE="en" VALUE="sap.com/myxapp"/>

   <ACTION NAME="Fullcontrol" >

       <DESCRIPTION LOCALE="en" VALUE="Permission to execute all application service operations"/>

      <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyAppService/my1stOperation" VALUE="*" />

      <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyAppService/my2ndOperation" VALUE="*" />

      <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyNewAppService/anotherOperation" VALUE="*" />

   </ACTION>

<!-- Application specific permissions can be added to the following section -->

<!-- //@@custom code start -->

 

<!-- //@@custom code end -->

</BUSINESSSERVICE>

                            d.      Save the file.

More information: actions.xml File

       3.      Build and deploy the application service.

At runtime, create UME roles that contain the actions you have defined, and assign them to users.

More information: Creating UME Roles and Assigning Them to Users.

More Information

Alternatively, you may implement application service operations permission checks by coding in the operation itself. To open the source code of your application service, go to the Implementation tab page and choose the link for the EJB class.

Checking the Permission in the EJB Methods

 

 

End of Content Area