Package com.sap.conn.jco.server

Interface JCoServerSecurityHandler

public interface JCoServerSecurityHandler

The security handler will be called for authenticating user credentials and for checking the permissions of the user, who initiated a remote function call. Each application should provide its own implementation of the security handler. The security handler is registered at the JCoServer instance.

See Also:

• SecurityHandler

Method Summary

Modifier and Type	Method	Description
default JCoServerUserContext	authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData)	This method will be invoked by the JCo runtime for each new session which is established.
default void	checkAuthentication(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData... authenticationData)	Deprecated. Will be removed in a future release without further notice.
default void	checkAuthorization(JCoServerContextInfo serverCtxInfo, JCoServerUserContext userContext, String functionName)	This method will be invoked by the JCo runtime on each remote function call.
default void	checkAuthorization(JCoServerContext serverCtx, String functionName, JCoServerAuthorizationData authorizationData)	Deprecated. Will be removed in a future release without further notice.

Method Details

authenticate

@MandatoryInFuture
default JCoServerUserContext authenticate(JCoServerContextInfo serverCtxInfo,
 JCoServerAuthenticationData... authenticationData)
                                   throws JCoServerAuthenticationException

This method will be invoked by the JCo runtime for each new session which is established. In case the connection state is stateless, it will be invoked on each incoming remote function call.

Note: WebSocket RFC server connections are stateful by default, and CPIC-based registered RFC server connections are stateless by default.

Parameters:

serverCtxInfo - remote function call related server context information

authenticationData - authentication data sent from the remote system or null, if no data is provided

Returns:

the user context of the successfully authenticated user, or null if the security handler does not have a user management

Throws:

JCoServerAuthenticationException - if the user does not have access to the associated server instance

Since:

JCo 3.1.11

checkAuthentication

@Deprecated
default void checkAuthentication(JCoServerContextInfo serverCtxInfo,
 JCoServerAuthenticationData... authenticationData)
                          throws JCoApplicationAuthenticationException

Deprecated.

Will be removed in a future release without further notice. This method has been replaced by method authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData...authenticationData) whose implementation will be mandatory in a future release.

This method will be invoked by the JCo runtime for each new session which is established. In case the connection state is stateless, it will be invoked on each incoming remote function call.

Note: This method is obsolete and won't be invoked anymore, if the replacement method authenticate(JCoServerContextInfo serverCtxInfo, JCoServerAuthenticationData...authenticationData) has been implemented.

Parameters:

serverCtxInfo - remote function call related server context information

authenticationData - authentication data sent from the remote system or null, if no data is provided

Throws:

JCoApplicationAuthenticationException - if the user does not have access to the associated server instance

Since:

JCo 3.1.0

checkAuthorization

@MandatoryInFuture
default void checkAuthorization(JCoServerContextInfo serverCtxInfo,
 JCoServerUserContext userContext,
 String functionName)
                         throws JCoServerAuthorizationException

This method will be invoked by the JCo runtime on each remote function call. The passed JCoServerUserContext is the object, which was previously returned by method authenticate(JCoServerContextInfo, JCoServerAuthenticationData...) for the current session.

Parameters:

serverCtxInfo - remote function call related server context information

userContext - the user context of the successfully authenticated user in the current session, or null if the security handler does not have a user management

functionName - name of the function module which is about to be invoked

Throws:

JCoServerAuthorizationException - if the user does not have the authorization to execute the function

Since:

JCo 3.1.11

checkAuthorization

@Deprecated
default void checkAuthorization(JCoServerContext serverCtx,
 String functionName,
 JCoServerAuthorizationData authorizationData)
                         throws JCoApplicationAuthorizationException

Deprecated.

Will be removed in a future release without further notice. This method has been replaced by method checkAuthorization(JCoServerContextInfo, JCoServerUserContext, String) whose implementation will be mandatory in a future release.

This method will be invoked by the JCo runtime on each remote function call.

Note: This method is obsolete and won't be invoked anymore, if the replacement method checkAuthorization(JCoServerContextInfo, JCoServerUserContext, String) has been implemented.

Parameters:

serverCtx - remote function call related server context

functionName - name of the function module which is about to be invoked

authorizationData - authorization data sent from the remote system

Throws:

JCoApplicationAuthorizationException - if the user does not have the authorization to execute the function