Skip to main content

How to .. Integration Non-SAP J2EE-based Web Applications into SAP Portal with SSO Part 2

After we have configured our portal object, we must install the gateway application and modified the target application.

1. Deployment of the Gateway Web J2EE Application:

We must to create an j2ee web application with the purpose to be a gateway from every application that want to validate the SAP Ticket Logon. I have created this application because of the problem with the sapssoext library provied from SAP, it can't be loaded from more than one classloader, then this new web application will be the unque application on the server that can load this library.

This application could expose 2 or more services, it depends of you. I will mention 2 services:

  1. /SsoGatewayWeb/ssojson.dtx : under this URI will happen the vaidation of the SAP Ticket Logon sent by the SAP Portal, it returns a JSON string with the information retrieved from the ticket.
  2. /SsoGatewayWeb/sendsso2cookietest : this URI generates HTML content, it generates the string ACL of the certificate file.

Both only accept calls from HTTP POST method

The source code of the application can download from here. This application was developed with Spring MVC 2.0.8 and Json-Lib. Also it uses servelet technology.


This project also exports a client library that should be used for projects to integrate, this is called myssoext.jar.



Note: To test the latter URI(/SsoGatewayWeb/sendsso2cookietest ), an iView must be created as we seen in the first part of this blog, the only difference is that when you edit the iView should get in the attribute "URL Template" will have to go as follow:


<System.protocol>: / / <System.server>: <System.port>
<System.uri>? <Authentication> & X509 = /my_path/on/destination_server/verify.pse


Where x509 is the name of the parameter, by example, here is a file
system path of the Unix platform. Another point to mention is that the file to test must be test into the SAP Portal that generated it, namely whether
the file "verify.pse" was created on myserverX portal, then the iView must be in myserverX SAP Portal.

2. Changing the Target Application


This integration involves changing
the destination of the application code. In our case is a Struts J2EE web
applications using Spring Framework and Strut Framework.


This will import the library "myssoext.jar". Which contains the following claes and interfaces:

com.mysap.sso.ILogonConstants
com.mysap.sso.LogonTicketException

pe.com.mydomain.ssoenablerapp.integration.ISso2TicketClient
pe.com.mydomain.ssoenablerapp.integration.IValidateMySapTicketSso
pe.com.mydomain.ssoenablerapp.integration.Sso2TicketHttpClient



Based as it is developed the target applicaton is able to identify the URL to
which you pass the SAP Logon Ticket, and this is where it performs
the authentication of the application, the uri is:

/strutsdemoweb/autentificar.do


It will be directed by URI org.apache.struts.action.ActionServlet class
of Struts Framework, and what direction, according to the
struts-config.xml file, I have modified my customized class.


I haved followed the next steps to fit my application with the gateway web application.


1. Within base web.xml file, i have added a filter, i have used it for
verification, it implements the interface pe.com.mydomain.ssoenablerapp.integration.IValidateMySapTicketSso.

The
method "isValidateMySapSsoTicket", once implemented, should be called
before any sentence in the filter class. This will validate the existence of the parameter
"MYSAPSSO2" in the received implementation of the HttpServletRequest interface.
If successful, will put two variables in session:


IlogonConstants.TICKET_SESSION: it defines that the SAP Logon Ticket, in the request, was read and achieved successfully

IlogonConstants.PORTAL_USER: attachment containing the user in the SAP
Logon Ticket, this should be the id of the user logged into the SAP
Portal and will be used for validation against the target application.


Both constants are in the package "com.mysap.sso" within the library above.


For this case must include the following libraries and their dependencies.
a. Json-lib, in its version 2.2.3 (json-lib-2.2.3-jdk13.jar) and its dependencies
1.Jakarta commons-lang 2.4
2.Jakarta commons-beanutils 1.7.0 or higher
3.Jakarta commons-collections 3.2
4.Jakarta commons-logging 1.1.1
5.Ezmorph 1.0.6

b.Jakarta Commons Http Client in version 3.1 (HTTPClient-commons-3.1.jar) and its dependencies
1.Jakarta commons-codec 1.3.
2.Jakarta commons-logging 1.1.1


2. After, we need to modify the customized struts action class. The most important
thing here is to validate the presence of 2 previous variables in the scope
"session" and executes the log-in of the user into the target application.

3. I have modified the application-context file of the spring framework to inject the HttpClient class.


<bean name = "httpClient" class =
"pe.com.mydomain.ssoenablerapp.integration.Sso2TicketHttpClient">
<property name="strUri" value="${sso2ticket.verifier.uri}"/>
<property name="strScheme" value=
"${sso2ticket.authentication.scheme}" />
<property name="strCharacterEncoding" value =
"${sso2ticket.url.character.encoding}" />
</bean>



the propertyConfigurer bean.

<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list><value>classpath:configuration.properties</value></list>
</property>
</bean>

4.We need to add configuration.properties at the root of the classpath. It contains the following lines :

sso2ticket.url.character.encoding = UTF-8
sso2ticket.authentication.scheme = basicauthentication
sso2ticket.verifier.uri = /SsoGatewayWeb/ssojson.dtx

the variable sso2ticket.verifier.uri contains the URI of the gateway application that validate the SAP Logon Ticket.

the variable sso2ticket.authentication.scheme is used by the UME API.

the variable sso2ticket.url.character.encoding is used to create the cookie.

Note. The most important in the code is after you have retrieved the user from the JSON string in the target application we must authenticate with the UME API like that:

Subject objSubject = UMFactory.getLogonAuthenticator().logon(request, response, strSchemeAux);

This code line allows to bypass the default login screen.

You can download here the java code with the mentioned previous code.

I hope than you can find useful the information on this blog.

Bye, see you later.




Labels:

Comments

Anonymous said…
Well I assent to but I think the collection should secure more info then it has.
Feb 7, 2010, 1:20:00 PM
Osita said…
Hola, me interesa contratarte para un proyecto, la vacante es de planta en México y posiblemente viajes a Brasil.

Escrbeme a xayide.princess@gmail.com o agrégame al gtalk.

Saludos,
Karla.
Jul 20, 2010, 12:38:00 PM
Post a Comment

Popular posts from this blog

My first serious Groovy class ..... decompiling java classes with closures

After I read the chapter 6 "closures" of the book Groovy and Grails Recipe, and I decided to use the power of closures of Groovy for resource (files) with other problem that I had, decompile in one step every class of jar library. Well, the purpose of this class is call an external java decompiler (jad) from a Groovy class and execute the command into directory where the jar file was decompressed. And by using the power of closures executes recursively into this directory until find the classes. Well, no more words, here the class package demo class Executor { // directory where the library(jar) was decompressed def path /** * Execute the decompilation of the classes into the directory defined in the path * @return */ def decompileClasses(){ def directory = new File(path) //make use of closures defined in the Object class directory.eachFileRecurse { def name = it.absolutePath //if the current resource hasn't a .class extension continues with
Post a Comment
Read more

How to .. Integration Non-SAP J2EE-based Web Applications into SAP Portal with SSO Part 1

We are going to integrate Non-SAP J2EE-based Web Applications into the SAP Portal with Application Integrator and SSO. In this part, I will discuss the overall of these posts and configure the iView with Application Integrator Overview of Integration. To perform this integration must take into account the following steps: Deployment of the portal application for the creation of the system portal object Create and set the type of Application Integrator iView that will contain the applications to integrate. Installing SAPSSOEXT and SAPSECU libraries Deployment of the application gateway called SsoGatewayWeb Changing the target application. This integration has the following restrictions: It applies only for web applications based on J2EE Servlet. Depend exclusively on the sucessful load of the libraries supported by SAP (sapssoext and sapsecu) in both Windows and UNIX environments. The target application must have created a profile for the user id logged to the SAP portal, this sh
Post a Comment
Read more

WebDynpro for Java: Tutorial of the Basic Usage of RoadMap Component

We will create a local Development component project of the type Web Dynpro as follow Our project will contain only 3 views with the purpose of show the basic usage of the roadMap object. After, we create our component controller RoadMap and the RoadMapView view as follow Now, we will create the 2 views more, the previous one will contain only the RoadMap Object (RoadMapView) used in all the project, the other ones show the flow between screens. Here the list of the 3 views: RoadMapView,  InitView, and ConfirmView. Now, we will add the component RoadMap object (it is on the Standar Complex Group) to the RoadMapView view, but first delete the default object added to the view, after we will need to add two steps (it could be more, depends of your logic) to our roadmap object. In order to do that we will use the Outline view of the NWDS. We add the two steps as follow The type steps to add at the RoadMap object will be ot the "RoadMapStep" type. The name of the steps are: Init
Post a Comment
Read more