cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to code to tell UME a user is authenticated

Go to solution
Former Member

on ‎10-16-2014 3:32 AM

0 Kudos

Dear  all,

   I want  to authenticate a user  in my j2ee application in SAP J2EE engine,.Because the user is authenticated by other System,and my application  have known this.But the problem is how  can I  tell the SAP J2EE engine or UME that the user is authenticated.please help.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

daniel_ruiz2
Active Contributor
‎10-21-2014 10:12 PM
0 Kudos

hi Sun,

well, you're probably looking into something like getLoggedInUser() or getLoggedInUser(req, res) of http://help.sap.com/javadocs/NW74/SPS06/CE/se/com.sap.se/com/sap/security/api/IAuthentication.html#g...() if you want to know either a User (request) is already authenticated or not.


this is probably the first 'thing' your code should run, and on failure (for instance, first request the method should return a null instead of a User) you can use forcedLoggedInUser(req, res) and this will trigger the JAAS.


it should use whatever scheme you have setup for your application, but since you 'know' which User is in question, all you need to do is create an Authentication Handler which receives 'a user and no password' and pretty much tell the J2EE to hand over a SSO cookie for that user.


using such method (and of course having your ABAP system trusting the sso cookie) you can pretty much be any user in any system.


just be extra careful when doing such, as I mentioned, you will bypass ' all security' around authentication and a malicious request can impersonate any give user just by knowing a username.

hope it helps,

D.

Show replies
Show replies
Former Member
‎10-22-2014 10:26 AM
0 Kudos

dear Daniel,

     Is there some example code  or some document which " tell the J2EE to hand over a SSO cookie for that user" ?I just want tell the J2EE a user is authenticated ,and so that the J2EE can authenticate the user and set the user's SSO cookie。

daniel_ruiz2
Active Contributor
‎10-22-2014 7:46 PM
0 Kudos

hi Sun,

well, there are documents around.. most of them, sort of old stuff.. but nonetheless, you can just decompile the login-module provided in the AS itself (should be somewhere in the AS jars) and you have an example implementation.

NW 7.0: https://help.sap.com/saphelp_nw70ehp1/helpdata/en/68/5ddc40132a8531e10000000a1550b0/content.htm

NW 7.3: http://help.sap.com/saphelp_nw73ehp1/helpdata/en/4a/47abb3e1f41cd4e10000000a421937/content.htm

Also, I found this document http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/069eaf4b-0901-0010-6e89-d1fcceebc... which sort of contains an example with some security being applied.

Hope it helps,

D.

Answers (0)

Ask a Question