Author Austin Sincock is product manager for ROBUSTA(tm), Gamma Enterprise Technologies Web sales solution for SAP.
The key to building a secure Web application is the authentication mechanism used for logging in to the system. SAP
Requires Free Membership to View
When you register, you will start receiving targeted emails from my award-winning team of editorial writers. Our goal is to keep you informed on the hottest topics and biggest challenges faced by SAP professionals today.
Hannah Smalltree, Editorial Director
provides an authorization transaction similar to the standard SAP user login, called 'Internet User'. It can be found under the user administration tools or by going to transaction SU05.
The Internet User transaction can be used to create username/password combinations for many different types of business partners. For a customer login application, we will use the KNA1 user profile. Once we have created and initialized the Internet User, we can now use the assigned password to authenticate that user through the customer password check BAPI. To test this BAPI in SAPGUI, call transaction SE37 (Function Builder), and execute BAPI_CUSTOMER_CHECKPASSWORD. Using the newly created Internet user and password, this BAPI will return an empty return object indicating that the authentication was successful. If the authentication fails, R/3 will populate the return object with an error type of 'E' and a text message indicating the reason for the error.
In order to call this BAPI from outside of SAP, I recommend using SAP's JCo Java connector. This can be found at http://services.sap.com. Log in with your OSS ID and search for JCo to download. The code snippet included below demonstrates how to use JCo to call the check password BAPI and how to retrieve the return object to determine whether the authentication was successful.
This code is incomplete and designed solely as an example of using JCo. Please review the JCo documentation for a complete overview of the API and examples for calling SAP.
---------------------------------------
/**
* This method calls BAPI_CUSTOMER_CHECKPASSWORD on SAP.
*
* @param customerNo SAP customer number
* @param password SAP password
* @return an hashtable containing the following information
* RETURN.CODE
* RETURN.TYPE
* RETURN.MESSAGE
*/
public static Hashtable checkPassword(String customerNo, String password) {
JCO.Function function = createFunction("BAPI_CUSTOMER_CHECKPASSWORD");
JCO.ParameterList myParams = function.getImportParameterList();
myParams.setValue(customerNo,"CUSTOMERNO");
myParams.setValue(password,"PASSWORD");
mConnection.execute(function);
JCO.ParameterList resultParams = function.getExportParameterList();
Hashtable myHashtable = new Hashtable();
myHashtable.put("RETURN.TYPE",extractField("RETURN","TYPE",resultParams));
myHashtable.put("RETURN.CODE",extractField("RETURN","CODE",resultParams));
myHashtable.put("RETURN.MESSAGE",extractField("RETURN","MESSAGE",resultParams));
return myHashtable;
}
---------------------------------------
Author Austin Sincock is product manager for ROBUSTA(tm), Gamma Enterprise Technologies Web sales solution for SAP. Click here to visit the company's home page.
This was first published in February 2002