SAP users and JCo connection pools
There are occasions where we need to invoke functions using the end user's credentials. Is there a way to temporarily appropriate pooled connections for this purpose (for performance reasons)? And along the same vein, how does one use SSO tickets with JCO and JCO connection pools?
One of the major challenges using JCo has been that of supporting named SAP users for reasons of authorization and security. Unfortunately, there is no way to switch a pooled connection to a named user connection with JCo. Thomas Schuessler recently pointed out the ability to create a connection pool for each named user, with exactly one connection in each pool. This would allow you to set the pool timeout equal to the user's Web session and the actual connection timeout would be relatively short in order to conserve system resources.
Providing user credentials via SSO tickets using JCo has also been a hot topic, lately. I am only aware of one SAP offering that allows SSO tickets through a Java solution. The SAP J2EE Server Engine, offered as a bolt-on in WAS 6.10 and earlier and integrated with 6.20, provides single sign on capabilities with separate users managed by the J2EE Engine, whose authentication is then transparently passed on to the application server. In 6.2 and higher, you can take SAP Logon tickets through the JAAS login module. Check out http://help.sap.com and search for J2EE JAAS for more info.
This was first published in April 2003