Level: Intermediate Jose A Martinez Rodriguez (joseamr@us.ibm.com), WPS SWAT team, IBM
Ashish Rahurkar (ashish.rahurkar@us.ibm.com), WPS SWAT team, IBM
09 Aug 2006 This article describes how to configure dynamic authentication in WebSphere Adapters deployed with WebSphere Process Server. Dynamic authentication configuration let's you configure the adapter such that the username and password that the adapter uses to communicate with the Enterprise Information System system can be set dynamically. It alleviates the need to redeploy the adapter application after setting the username and password in the J2C Managed Connection Factory properties for the adapter.
Introduction
IBM® WebSphere® Adapters run in WebSphere Process Server's JCA container and are implemented
using the Java™ 2 Enterprise Edition (J2EE) Connector Architecture (JCA) 1.5 specification. This article
shows you how to use the functionality of WebSphere Adapters to dynamically apply different authentication
towards the Enterprise Information System (EIS) by dynamically changing the JCA ConnectionSpec properties.
A WebSphere JCA adapter can use either basic username and password authentication through Managed Connection Factory properties
or Java Authentication and Authorization Services (JAAS) objects or Authentication Aliases in WebSphere Application Server. If you
want to change the username and password used for authentication with either one of these authentication methods,
you can either redeploy the adapter or change the username and password through the WebSphere Application Server admin console and
JAAS Security settings.
You could invoke the adapter using a different (dynamic) authentication by passing the username and password within the BusinessGraph that represents the corresponding EIS object.
We will build a sample based on the IBM WebSphere Adapter for SAP to demonstrate this functionality.
JCA Dynamic Connection Specification Properties
The WebSphere Process Server Version 6.0.1 BusinessGraph implementation has a child business object called 'properties' defined as an element in
the BusinessGraph schema definition as follows:
<element name="properties" type="anyType" minOccurs="0"/><!--DataObject-->
This business object can hold JCA Connection Specification Properties that are dynamically set into ConnectionSpec
on the JCA Adapter. To invoke the adapter using a different username and password, without the need to redeploy the
adapter, you need to:
- Set the username and password in the BusinessGraph within the properties child business
object.
- Set the correct connectionSpec class reference in the adapter import, for example:
com.ibm.j2ca.sap.SAPConnectionSpec.
- Set the Res. Auth. Property in the Authentication Properties of the adapter to Application.
The default is set to Container.
The username and password properties take a special prefix "CS" to identify them as Connection Spec properties. In order
to set the 'username' and 'password' you need to set 'CSusername' and 'CSpassword' in the properties element of the
business object. Shown below in Listing 1 is a code sample for SAP adapter that creates the
BusinessGraph from the wrapper business object and sets the properties business object with "CSusername" and
"CSpassword" that hold the new username and password.
Listing 1. Sample code to set "CSuserName" and "CSpassword"
BOFactory dataFactory = (BOFactory) ServiceManager.INSTANCE.locateService(
"com/ibm/websphere/bo/BOFactory");
DataObject createSapSalesOrderBOWrapper = dataFactory.createByElement(
"http://SAPPrueba/ScaArtifacts/SAPOutboundInterface",
"createSapSalesOrderBOWrapper");
DataObject createSapSalesOrderBOWrapperInput =
createSapSalesOrderBOWrapper.createDataObject(
"createSapSalesOrderBOWrapperInput");
DataObject sapSalesOrderBOWrapper =
createSapSalesOrderBOWrapperInput.createDataObject(
"SapSalesOrderBOWrapper");
DataObject sapBapiSalesorderGetstatus =
sapSalesOrderBOWrapper.createDataObject(
"SapBapiSalesorderGetstatus");
sapBapiSalesorderGetstatus.setString("Salesdocument", "documento");
// Create the property business object
DataObject prop = createSapSalesOrderBOWrapperInput.createDataObject("properties");
// Setting the property 'userName' to connection spec
prop.setString("CSusername", "SAPUSERNAME");
//Setting the property 'password' to connection spec
prop.setString("CSpassword", "SAPPASSWORD");
|
 |
Sample scenario
This section describes how to build a sample scenario using the IBM WebSphere Adapter for SAP that makes use of dynamic authentication.
Figure 1. Module the assembly diagram for the sample scenario
Install and configure IBM WebSphere Adapter for SAP
This article does not explain how to install and configure the
WebSphere Adapter for SAP. For help installing, configuring, and deploying the adapter using
WebSphere Integration Developer (hereafter referred to as Integration Developer), please refer to
WebSphere Adapter for SAP documentation.
In the sample scenario, a simple service was configured for a sample BAPI "BAPI_SALESORDER_GETSTATUS" with
Create Operation using Enterprise Service Discovery in Integration Developer. An Interface "SAPOutBoundInterface", some Data
types and an EIS Import were created during Enterprise Service Discovery. The following diagram (Figure 2) shows the
data types that were created:
Figure 2. Data Types for the sample scenario
If you have correctly installed, deployed, and configured the SAP adapter, you should have an SCA module in
your Business Integration View in Integration Developer and your assembly diagram should look similiar to Figure 3 below:
Figure 3. Assembly diagram with SAP EIS Import
Configure the ConnectionSpec class name in the EIS Import
- Right-click on the SAPOutboundInterface import in the Assembly Diagram and select Show in Properties.
- Click on Binding Properties and then choose the Connection tab.
- Click on Connection Spec and select the class:
com.ibm.j2ca.sap.SAPConnectionSpec.
Figure 4. Set the Connection Spec class in the SAP EIS Import
Set the Res-Auth field in Authentication Properties to application
- Select Authentication Properties in the same panel from the last step above.
- Check the Res Auth field and if it's set to Container, change it to Application.
Figure 5. Set Res Auth in the SAP EIS Import
Create a new interface to test the functionality
Create an additional interface to be able to test this functionality dynamically.
This interface will match the original SAPOutboundInterface with only one difference: we will add a
couple of input parameters, so we can pass the username and password.
- From the Business Integration view, click on File => New => Interface.
You will see the New Interface Wizard.
Figure 6. Create a new interface
- Enter a name (for example, SAPOutboundWithUserPwdInterface) for the new interface and click Finish.
- Add a Request/Response operation matching the operation in the SAPOutboundInterface with two additional
input parameters for username and password and an output parameter.
Your interface should look like the one shown in the Figure 7 below.
Figure 7. New interface
Create a Java component that sets the value for the Properties element
- Create a Java component in the assembly diagram.
- Change the display name to 'DynamicCS Properties'.
- Wire the Java component to the SAPOutboundInterface import. You will see a message as shown in Figure 8 below.
Figure 8. Create a matching reference
- Click OK to create a matching reference to the interface in the Java component.
You should see the following (see Figure 9) in your assembly diagram:
Figure 9. Assembly diagram
-
Click on the Java component and click again on the icon to add an interface:
Figure 10. Add Interface
- Select the interface we created in the prior section, in our sample SAPOutboundWithUserPwdInterface and click OK, you should see the Interface icon added to the java component:
Figure 11. Assembly diagram
Export the Java component
- Create an export in the assembly diagram and wire it to the Java component. The following window will popup.
- Click OK and continue. This will allow the service to be used in other modules.
Figure 12. Create the export
- Make sure the final assembly diagram looks similar to Figure 13 below.
Figure 13. Assembly diagram
Generate the Java implementation
Generate the Java implementation for the Java component created earlier. The implementation will set the dynamic username and password.
-
Right-click on the Java component and select Generate Implementation. A window will popup asking you to select the package where the implementation will be generated.
- Select the default.
Tip: You can use any other package at your discretion, it doesn't matter for this sample.
You will have as many empty methods as operations in your export wsdl file. The method of interest is
public DataObject createSapBapiSalesOrderGetStatusWrapper(
DataObject createSapBapiSalesOrderGetStatusWrapperInput)
- Identify the BusinessGraph that you are going to pass to the SAP adapter.
In our sample,
createSapBapiSalesOrderGetStatusWrapper is the wrapper of the BusinessGraph
createSapBapiSalesOrderGetStatusWrapperInput. We need to set our dynamic Connection Specification properties
(username and password in this case) in the properties child object of the BusinessGraph. Then we will pass the wrapped
BusinessGraph to the SAP adapter that will return the SAP Business Object from SAP and, in turn, we will pass it back
to the caller of the Java component. Here is the full implementation of that method for our sample:
Listing 2. Implementation of the method
public DataObject createSapBapiSalesOrderGetStatusWrapper(
DataObject createSapBapiSalesOrderGetStatusWrapperInput,
String username,
String password) {
DataObject prop=
createSapBapiSalesOrderGetStatusWrapperInput.getDataObject("properties");
|-------10--------20--------30--------40--------50--------60--------70--------80--------9|
|-------- XML error: The previous line is longer than the max of 90 characters ---------|
// check if they already created this child object or not
if (null == prop) {
System.out.println("*** Properties not found in this DataObject. " +
"Creating properties child BO...");
prop = createSapBapiSalesOrderGetStatusWrapperInput.createDataObject("properties");
|-------10--------20--------30--------40--------50--------60--------70--------80--------9|
|-------- XML error: The previous line is longer than the max of 90 characters ---------|
}
// Setting the conn spec property 'username'
// Note that the username property is prefixed by CS
prop.setString("CSusername", username);
// the userName\password is used by reflection to create Method from it ,so
|-------10--------20--------30--------40--------50--------60--------70--------80--------9|
|-------- XML error: The previous line is longer than the max of 90 characters ---------|
// this must match the ConnectionSpec getter-setter method string
// Setting the conn spec property 'password'
// Note that the password property is prefixed by CS
prop.setString("CSpassword", password);
// invoke the adapter
Service serv= locateService_SAPOutboundInterfacePartner();
Object boReturn= serv.invoke(
"createSapBapiSalesOrderGetStatusWrapper",
createSapBapiSalesOrderGetStatusWrapperInput);
// return the result BO that we got back from SAP
return (DataObject)boReturn;
}
|
|
Test the sample scenario
To launch the test component on the export:
- Start your process server in your Integration Developer UTE.
Figure 14. Start the Process Server in Integration Developer
- Add your project to the server. Once your server is started, right-click on your server and select the option, Add and Remove Projects see Figure 15:
Figure 15. Add the remove project
- Right-click on the export on the Assembly Diagram and select Test Component (see Figure 16):
Figure 16. Add remove project
- Enter appropriate data for your SAP business object, (in our case a BAPI), and also enter the username and password that the adapter will use to login in SAP. Notice that if you put random data here, it will be very likely that SAP will throw a BaseSAP exception due to not correct data.
You can see in the Test Component pane how the top element is of type BG.
Figure 17. Test the Component Pane
- Click on the Configurations tab at the bottom left corner of the pane, then select the two Emulators, and click on Remove.
Figure 18. Test the Component Configuration
- Click the Events tab at the bottom left corner of the pane, and then click on Continue (see Figure 19).
Figure 19. Test the Component Configuration
If you entered the right data, username and password, the test should go on successfully and you will see the
returned object from SAP in the Test Component pane. If you failed to enter right data for your SAP business
object, you will encounter a business exception from SapBaseException.
If you failed to enter the right user/pwd combination you will see a ResourceException with the following:
Exception in connecting to SAP:Error MsgName or password is incorrect. Please re-enter.
You can try several times with different username and password combinations to see how the data goes in successfully.
Try with an unknown username and/or password to see how SAP throws an exception.
Conclusion
Connection Specification properties can be programmatically passed to JCA adapters; therefore, they can be changed dynamically.
This article showed you how to dynamically change the username and password properties in a sample that uses the WebSphere
Adapter for SAP. The same approach works with other adapters. There are different scenarios where this functionality can be applied, but we have focused here on showing the basics, so
you can apply it to your particular scenario.
Attribution
Thanks to Sandeep Raghav for sharing all of the undocumented information with us.
Resources Learn
Discuss
About the authors  | 
| | Jose A. Martinez Rodriguez is currently a member of the WPS SWAT team and focuses on WebSphere Process Server customer engagements. Prior to his current role, he was a software developer with the WebSphere Process Server development team. He is a soccer fan. |
| 
| | Ashish Rahurkar is currently a member of the WPS SWAT team and focuses on WebSphere Process Server customer engagements. Prior to his current role, he was a software developer in the WebSphere Adapters development team. He is an avid photographer. |
Rate this page
| 
