Start of Content Area

Background documentation Accessing the J2EE Keystore  Locate the document in its SAP Library structure

The J2EE server provides a keystore for managing keys and certificates. For more information, refer to: Key Storage Service

The J2EE server provides the security.classlibrary, which provides an API that enables you to work with keys and certificates from the J2EE keystore. This library contains tc_sec_ssf.jar, which implements the API. By default, you can find the API JavaDoc under: http://help.sap.com/javadocs/index.html.

If you want to use the API, your adapter or module must reference security.class and the enhancement of the Adapter Framework com.sap.aii.security.lib. You must adapt the deployment descriptors application-j2ee-engine.xml and connector-j2ee-engine.xml accordingly.

The API has no simple option for accessing the keystore of a JCA adapter or an adapter module. Therefore, the Adapter Framework provides the class SAPSecurityResources, which allows you to open the keystore. To do this, you must be granted access rights for the relevant module or adapter. Proceed as follows:

...

       1.      Start the Visual Administrator.

       2.      Switch to change mode.

       3.      Choose Server Services Security Providerand tab page Protection Domains.

       4.      In the left window, search in Domains for your deployment unit.

Example

The example adapter is under: domains sap.com com.sap.aii.af.sample.ra connector connectors sample_ra.rar sample_ra.jar.

The example module is under: domains sap.com com.sap.aii.af.sample.module EJBContainer applicationjars sample_module.jar.

       5.      In the right window, choose Available permissions available java.lang.RuntimePermission VARIANTS.

       6.      Check that the XiSecurityRuntimePermission entry is there.

If not, choose New. In the dialog box, change the second value of Specify Target name to XiSecurityRuntimePermission and choose OK.

       7.      Select java.lang.RuntimePermission under Granted permissions.

       8.      Choose Grant. Under Granted permissions, XiSecurityRuntimePermission now appears under java.lang.RuntimePermission.

The change is valid immediately.

       9.      Switch to display mode.

The SAPSecurityResources API is part of the Adapter Framework services; therefore, a reference to the J2EE service com.sap.aii.af.svc (display name: SAP XI AF Core) is sufficient. This reference is already contained in all JCA adapters and modules.

The API JavaDoc for SAPSecurityResources is shipped with the example adapter in sample_ra.sda. See under: com.sap.aii.af.service.resource.

SAPSecurityResources  gives you access to the KeyStoreManager classes of the J2EE library com.sap.aii.security.lib (display name: SAP XI Security Lib). This in turn calls ISsfProfile or ISsfPab of the security.class API.

Note

The example adapter and example module show you how to access a private key, for example, for encryption purposes. Search in the source code for the character strings CS_ASECGETCERT and CS_MSECGETCERT.

 

 

 

End of Content Area