Protecting Access to Application Service Operations 

Use

To protect your application service methods, you can use permissions based on the User Management Engine (UME).

For more information, see User Management Engine.

Procedure

...

       1.      Enable permission checks for the appropriate method:

                            a.      In SAP NetWeaver Studio, open your application service.

                            b.      Choose the Operations tab page.

                            c.      Select the operation whose access you want to protect.

                            d.      Choose Edit… → Next.

                            e.      In the Permission check dropdown box, select Enabled.

                              f.      Choose Finish.

A new permission with permission class com.sap.caf.rt.security.srv.ServicePermission is generated.

       2.      Modify the file actions.xml.

                            a.      Open the following file:

<your project name>/permissions/_comp/src/actions.xml.

By default, the file contains an action for which full control is generated. Full control includes all permissions that are defined for service operations.

In a separate section there is a new permission generated from step 1.

                            b.      Each permission is named by the fully qualified service name and operation name in the following way:

<provider>/<xapp>/<service name>/<operation name>

                            c.      Copy and paste the permissions from the full control section and modify them for your application specific permissions:

actions.xml

<BUSINESSSERVICE>     <DESCRIPTION LOCALE="en" VALUE="sap.com/myxapp"/>    <ACTION NAME="Fullcontrol" >        <DESCRIPTION LOCALE="en" VALUE="Permission to execute all application service operations"/>       <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyAppService/my1stOperation" VALUE="*" />       <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyAppService/my2ndOperation" VALUE="*" />       <PERMISSION CLASS="com.sap.caf.rt.security.srv.ServicePermission" NAME="sap.com/myxapp/MyNewAppService/anotherOperation" VALUE="*" />    </ACTION> <!-- Application specific permissions can be added to the following section --> <!-- //@@custom code start -->   <!-- //@@custom code end --> </BUSINESSSERVICE>

                            d.      Save the file.

       3.      Build and deploy the application service.

       4.      At runtime, configure the access rights for the requested operation.

For more information, see User Administration.

Example

There is a tutorial on how to create access protection in your applications.

For more information, see Protecting Access to a J2EE-Based Application Using UME Permissions.