You are aware that you can't trust anything especially a username passed from the frontend. Hope you use Principal Propagation and habe the user in sy-uname.
I'm aware of that, but that is the request of my customer. Principal Propagation is not possible, as there is just an RFC-User to the Backend. I need the a dynamic parameter, so the user can get matched in the backend.
Maybe you can use Principal Propagation with X509, map the certificate to a fixed user and then read the original X509 from the request and get the original user out of the subject of the certificate.
code snippet in odata service to get the X509 and get the certificate subject:
read table mr_request_details->technical_request-REQUEST_HEADER into data(ls_cert_str) WITH TABLE KEY name = 'ssl_client_cert'.
if sy-subrc = 0.
data(lr_cert) = cl_abap_x509_certificate=>get_instance( if_certificate = ls_cert_str-value ).
lr_cert->get_subject_dn(
importing
et_dn = data(lt_dn)
).
read table lt_dn into data(ls_dn) with key oid = 'CN'.
data(lv_dn_name) = ls_dn-value.
endif.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.