Show TOC

Procedure documentationEnabling Endpoints for Security Locate this document in the navigation structure

Prerequisites

A new simplified service should be composed and the original service should be consumed in the diagram of the simplified service. Moreover, the consumed service should be mapped to the service composition flow elements. Once you have composed your service, assign a service group for the activity of the consumed original service. Then save and generate the diagram.

Procedure

1. Open the EJB deployment descriptor in the Java EE perspective

Since by default the EJB project does not provide deployment descriptors for EJB 3.0, you have to generate one by right-clicking on the project and selecting   Java EE Tools   Generate Deployment Descriptor Stub  

Double-click on the deployment descriptor node (the first node under the EJB project) and an xml editor for ejb-jar.xml opens.

2. Define an EJB role

In the ejb-jar.xml insert the following fragment as a child of the <ejb-jar> tag:

Example Example

  1. <assembly-descriptor>
  <security-role>
    <description/>
    <role-name>PowerRole</role-name>
  </security-role>
  <method-permission>
    <description/>
    <role-name>PowerRole</role-name>
    <method>
	 <ejb-name>SalesOrderByIDQueryResponseInEjb</ejb-name>
	 <method-name>*</method-name>
    </method>
  </method-permission>
</assembly-descriptor>
End of the code.
3. Define a mapping between the EJB role and an SAP specific role:

In the ejb-j2ee-engine.xml (located under “ejbModule\META-INF\”) insert the following fragment as a child of the <ejb-j2ee-engine> tag.

Syntax Syntax

  1. <security-permission>
  <security-role-map>
    <role-name>PowerRole</role-name>
    <server-role-name>ServerPowerRole</server-role-name>
  </security-role-map>
</security-permission>
End of the code.

Note that you can also add this child in the tree of the XML editor.

4. Runtime Configuration Steps

You can check the assigned roles and actions in the Identity Management.

Execute the Web service (that is, the EJB) without authorization. To do that, open the Web Service Navigator and in the Local Java AS provider system find your service. Execute it. As a result, an exception related to accessing the EJB should be thrown.

Now assign the user to the SAP specific role in UME.

As a result, the Web service executes successfully because the user (principal) has the necessary authorizations.

To the service group of the service you have to assign the configured provider system pointing to the external service that you want to consume or compose.