on 07-22-2009 6:44 AM
hello all,
I'm using web dynpro java, below is error I'm getting for line jcoProperties.getProperty("jco.client.passwd")
com.sap.security.core.server.destinations.api.DestinationException: [com.sap.ASJ.dest.sv0655] Code-based destination service access denied to component sap.com/tcxiccbpm~pilist. Access to security-relevant internal destination properties (e.g. passwords, tickets, etc.) is restricted to few selected engine components and not generally available to any service or application.
sap.com/tcxiccbpm~pilist is my dc name.
Can you please help.
Hi
Unfortunately you are trying to read user password stored in JCo destination. Such operation is forbidden by security reasons. Passwords are stored in Secure Store and you cannot simply read them. That's why you get such exception.
Maybe in some old 7.0 releases this was possible, but the security hole was closed in 7.1.
In general you cannot read any J2EE user passwords. This is forbidden.
So, rethink of your application scenario. The main question is why do you need to read password?
BR, Sergei
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Atul
1) Usually in the case I would ask the end-user to type the password at time of the operation.
2) Also you can try to use J2EE Configuration Service API. It allows to store application configuration properties and the read them. It's possible to mark some property as secure (password, for example). In the case the service will store password in the secure store. Such way will allow you to introduce configuration properties for your application.
3) Also you can consider your own configuration file where you can store password and then read it, but this is not secure, I think.
BR, Sergei
User | Count |
---|---|
89 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.