Problem solve Get help with specific problems with your technologies, process and projects.

Authenticating a Customer Within SAP

The key to building a secure Web application is the authentication mechanism used for logging in to the system.

Author Austin Sincock is product manager for ROBUSTA(tm), Gamma Enterprise Technologies Web sales solution for...

SAP.

The key to building a secure Web application is the authentication mechanism used for logging in to the system. SAP provides an authorization transaction similar to the standard SAP user login, called 'Internet User'. It can be found under the user administration tools or by going to transaction SU05.

The Internet User transaction can be used to create username/password combinations for many different types of business partners. For a customer login application, we will use the KNA1 user profile. Once we have created and initialized the Internet User, we can now use the assigned password to authenticate that user through the customer password check BAPI. To test this BAPI in SAPGUI, call transaction SE37 (Function Builder), and execute BAPI_CUSTOMER_CHECKPASSWORD. Using the newly created Internet user and password, this BAPI will return an empty return object indicating that the authentication was successful. If the authentication fails, R/3 will populate the return object with an error type of 'E' and a text message indicating the reason for the error.

In order to call this BAPI from outside of SAP, I recommend using SAP's JCo Java connector. This can be found at http://services.sap.com. Log in with your OSS ID and search for JCo to download. The code snippet included below demonstrates how to use JCo to call the check password BAPI and how to retrieve the return object to determine whether the authentication was successful.

This code is incomplete and designed solely as an example of using JCo. Please review the JCo documentation for a complete overview of the API and examples for calling SAP.

---------------------------------------
    /**
     * This method calls BAPI_CUSTOMER_CHECKPASSWORD on SAP.
     * 
     * @param customerNo SAP customer number
     * @param password SAP password
     * @return an hashtable containing the following information
* RETURN.CODE
* RETURN.TYPE
* RETURN.MESSAGE
*/ public static Hashtable checkPassword(String customerNo, String password) { JCO.Function function = createFunction("BAPI_CUSTOMER_CHECKPASSWORD"); JCO.ParameterList myParams = function.getImportParameterList(); myParams.setValue(customerNo,"CUSTOMERNO"); myParams.setValue(password,"PASSWORD"); mConnection.execute(function); JCO.ParameterList resultParams = function.getExportParameterList(); Hashtable myHashtable = new Hashtable(); myHashtable.put("RETURN.TYPE",extractField("RETURN","TYPE",resultParams)); myHashtable.put("RETURN.CODE",extractField("RETURN","CODE",resultParams)); myHashtable.put("RETURN.MESSAGE",extractField("RETURN","MESSAGE",resultParams)); return myHashtable; } ---------------------------------------

Author Austin Sincock is product manager for ROBUSTA(tm), Gamma Enterprise Technologies Web sales solution for SAP. Click here to visit the company's home page.


This was last published in February 2002

Dig Deeper on SAP security administration

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close