- SAP Managed Tags
Dear experts,
I have following Java code which was working properly on a SAP PI 7.31 installation, but not in a new SAP PO 7.50. This Java code is executed from a Java Mapping, which it works fine when executing from Operation Mapping Test tab (ESR), but not from the interface itself (Advanced Adapter Engine). The purpose of this is code is to connect to a server, download the SSL Certificate and save it into the TrustedCAs view of the keystore in SAP PO. Everything works fine except the part to store the certificate into the keystore.
...
Object keystoreManager = null;
try {
InitialContext ctx = new InitialContext();
keystoreManager = ctx.lookup("keystore");
} catch (Exception e) {
return false;
}
Class<?> classKeyStoreManager = keystoreManager.getClass();
Method methodGetKeyStore = classKeyStoreManager.getMethod("getKeystore", java.lang.String.class );
Object[] paramGetKeyStore = { keyStoreView };
KeyStore keyStore = (KeyStore) methodGetKeyStore.invoke(keystoreManager, paramGetKeyStore);
...
keyStore.setCertificateEntry(alias, cert); // It raises the exception here!
...
I've successfully tested to save the certificate into DEFAULT view of the Keystore insted of TrustedCAs view. So, it seems the issue is related to permission issues with TrustedCAs view. I understand that in both cases (TrustedCAs and DEFAULT views), the same user Guest is performing the operation.
This is the captured stack trace via XPI Inspector:
Well, I've found the Note "1788571 - Protection domains for PI mapping classes" and I've tried to set up permissions to the domain "sap.com/com.sap.xi.services", but doesn't work.
Any ideas?
Thanks in advance and regards,
Jose.
Accepted Solutions (1)
Answers (1)
Adding more information: I've now seen an interesting thing regarding Protection Domains. I've executed the Java Mapping in Quality environment for first time. Before executing the mapping from ESR (via Operation Mapping Test tab), the domain "sap.com/com.sap.xi.repository" didn't have any granted code-based permissions into "Certificates and Keys..." configuration via NWA (like the domain "sap.com/com.sap.xi.services"). After executing the test message, "All View Actions" to TrustedCAs has been added automatically.
So, It seems this configuration is not to manually enable the permissions for ESR to store into TrustedCAs. The configuration is added automatically with first execution. But, when I execute the same mapping mapping via interface, from Advanced Adapter Engine (I assume domain "sap.com/com.sap.xi.services"), the error is raised. It seems related to the user, but I've already added all the necessary roles to Guest user and It doesn't work.
These are the logs for a successful (from ESR) and unsuccessful (from AAE) execution:
And these are the roles added to Guest user:
Thanks!
Bluesky| User | Count |
|---|---|
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.