Destination Service API
With the Destination service, you can set up HTTP(S) or RFC connections from the AS Java to other servers. The data to use for the connection (target address and user authentication information) is specified in the Destination service as a destination entry.
The following types of destinations are supported:
- HTTP(S)
- RFC
HTTP destinations support HTTP-Post and HTTP-Get requests to HTTP or HTTPS URLs. RFC destinations are used for connections to ABAP servers.
In earlier releases, you also maintained logon data for Web services in the Destination service. These are now maintained in the logical ports for the Web service. For more information, see Authentication .
You can either set up destinations manually using the SAP NetWeaver Administrator or you can use the service's API to establish destinations programmatically.
This documentation applies to the programmatic use of the API to set up the destinations. For more information about using the SAP NetWeaver Administrator, see Destination Service in the Administration Manual.
Secure Storage
The URL and user authentication information specified in the destination entry is saved encrypted using the AS Java's Secure Storage service.
Using SSL for HTTPS Connections
HTTP destinations can also use the Secure Sockets Layer (SSL) protocol to establish secure connections to the target server. The Destination service uses the secure connection factory to establish these connections.
The corresponding public-key certificates are to be stored in a keystore entry in the Key Storage service. These include the trusted CA certificate to use to verify the target server's server certificate and, if applicable, the user's X.509 client certificate to use for authentication.
Using SNC for RFC Connections
You can use Secure Network Communications (SNC) to secure RFC connections to ABAP systems. In this case, you must use SAP NetWeaver Single Sign-On or an external security product to provide the protection.
Logging
The Destination service uses the AS Java's logging API. Any debugging logs are written to the system/security log .
You specify the authentication method to use for a connection when you create the HTTP destination. The following authentication methods are supported:
- No authentication
- Basic (user ID and password)
With this option, then you must specify the user ID and password to use for the connection. The user information is then sent with the request in an HTTP Basic Authentication header.
- X.509 client certificates
In this case, SSL with mutual authentication is used to authenticate the client. To use this option, you must specify the public-key certificate from a keystore entry in the Key Storage service to use for the client authentication.
- Logon Tickets
In this case, the current user must possess a logon ticket. The logon ticket is then sent with the request.
- Authentication assertion tickets
For system connections between the AS Java and an AS ABAP service using jRFC or HTTP, there is an additional ticket type called the authentication assertion ticket. This ticket is structured the same as the standard logon ticket and is used in a similar manner with the following restrictions:
- It is to be used for connections between systems where no user interaction is necessary.
- It is limited to one-time use. Once the ticket has been verified, it is deleted. A new ticket is issued for a new connection.
- It has a limited validity period (a few seconds).
All Destinations
Your application needs classloader references to tc~sec~destinations~service and tc~sec~destinations~interface .
- If you use Development Components (DCs), for example, when developing Web Dynpro applications, set the references in the DC dependencies. For more information, see Defining Development Component Dependencies .
- For Java EE applications that are developed independent of DCs, add the references in the Developer Studio as described in Editing Runtime References in the application-j2ee-engine.xml .
HTTP Destinations
- If the connection uses SSL, then the user who runs the application must have access to the keys in the Key Storage service.
- If you use logon tickets for user authentication, then:
- The servers involved in the connection must be configured for using logon tickets for authentication.
- The user must possess the logon ticket before using the connection specified by the destination. Therefore, the application using the destination must ensure that the user has a logon ticket. (Either use the pre-defined login module template ticket or include the modules EvaluateTicketLoginModule and CreateTicketLoginModule in the application's login module stack.)
RFC Destinations
- If the connection uses SNC, then SAP NetWeaver Single Sign-On or the external security product to use must be installed and configured on each of the communication partner servers. For more information, see Configuring SNC: AS Java -> AS ABAP .
You can use the Destination service API to create, delete, change or use destinations.
Creating a Destination
To create a destination:
- Lookup a reference to the Destination service using the JNDI service.
- Create a new destination (method: createDestination ).
- Adjust the destination's parameters (method: set<parameter> ).
- Store the destination (method: storeDestination ).
Using a Destination
To establish a connection using a destination:
- Lookup a reference to the Destination service using the JNDI service.
- Obtain a destination (method: getDestination ).
- Open a connection (method: getURLConnection ).
See also:
Interfaces and Classes for Using the Destination Service API
Examples for Using the Destination Service API