07-17-2007 8:48 PM
We are getting a validated SAP Logon ticket genearted by SAP Netweaver engine.
Our J2EE application which is deployed on the same Netweaver APP server and the SAP Logon ticket is passed in the http request.
Question: Is there a way to extract the user ID from the ticket? We need not validate the ticket again, but only need to extract the user id. Any sample code or pseudo code will be helpful.
Thanks,
- Shankar
07-20-2007 4:36 PM
Sorry, but that's the wrong way: you definetly need to validate a security token (here: SAP Logon Ticket) before you should grant trust.
But anyway: that's the job of the framework. Applications can simply request to obtain the name of the authenticated / "current" user (aka "principal").
I'm not an NWAS Java expert. But I'm pretty sure that there are many here in the forum who can easily tell the exact method name.
PS: for outbound communication I'd strongly recommend to make use of the Destination Service. That service will then also provide security tokens which are requested by the recipient system - again: that's a framework task, not an application task.
07-20-2007 4:36 PM
Sorry, but that's the wrong way: you definetly need to validate a security token (here: SAP Logon Ticket) before you should grant trust.
But anyway: that's the job of the framework. Applications can simply request to obtain the name of the authenticated / "current" user (aka "principal").
I'm not an NWAS Java expert. But I'm pretty sure that there are many here in the forum who can easily tell the exact method name.
PS: for outbound communication I'd strongly recommend to make use of the Destination Service. That service will then also provide security tokens which are requested by the recipient system - again: that's a framework task, not an application task.
07-20-2007 5:20 PM
Hi Shankar,
As Wolfgang pointed out you shouldn't directly extract the user ID from the ticket but let the security framework do that for you and then access the user id with the APIs.
To get the user for authorization purposes the document here should answer your question:
http://help.sap.com/saphelp_nw70/helpdata/en/80/45da9619d24b61bb869c31ef3b780a/frameset.htm
If you don't use the UME, the method would be getUserPrincipal for the HTTPServletRequest.
Regards,
Yonko