Skip to Content
avatar image
Former Member

AbstractUserAccount.getCertificates throws ArrayIndexOutOfBoundsException

Hi,

I use a ClientCertLoginModule to authenticate web service calls.

I've added the trusted certificates to users in the UME. Now in my app, I use the following code fragment to retain the certificate's distinguised name (DN):

IUser user = UMFactory.getAuthenticator().getLoggedInUser();

IUserAccount[] useraccounts = user.getUserAccounts();

X509Certificate[] certificates = useraccounts[0].getCertificates();

X509Certificate certificate = certificates[0];

String dn = certificate.getSubjectDN().getName();

Now if I fire web service calls to this piece of code one by one, all goes well.

If I fire web service calls in parallel, using the same certificate each time, the following error occurs:

java.lang.ArrayIndexOutOfBoundsException

at com.sap.security.core.imp.AbstractUserAccount.getCertificates(AbstractUserAccount.java:1671)

at com.sap.security.core.imp.UserAccountWrapper.getCertificates(UserAccountWrapper.java:295)

Does anyone have an explanation for this behaviour???

Thanx!

David.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Aug 18, 2008 at 02:25 PM

    Hello,

    Using UME API you actually is trying to get the user certificate from the user store. Obviously, the userstore (DB, LDAP, ABAP, depending on the UME config) does not hold the user certificate.

    What you have to do is to get the SSL client certificate from the HTTP request. This would be exactly the certificate that was sent through the SSL channel. Also, this is the required implementation as per J2EE specification (UME API is SAP proprietary):

    java.security.cert.X509Certificate[] crtChain =
       (java.security.cert.X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
    String dn = null;
    if (crtChain != null && crtChain.length > 0) {
      dn = crtChain[0].getSubjectDN();
    }
    // do something with the DN
    

    Kind regards,

    Tsvetomir

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 20, 2008 at 08:56 AM

    Hi Tvetomir,

    Thanx for your suggestion. The thing is, that I'm using the Axis web service framework.

    I have a SOAPEnvelope instance to work with, and no (direct) request available to try your code with....

    And as I said, single user my code works fine, it all brakes down with several concurrent calls....

    Greetings,

    David.

    Add comment
    10|10000 characters needed characters exceeded