Entering content frame

Procedure documentation Obtaining the Current Security Session Locate the document in its SAP Library structure

Use

Since J2EE Engine 6.30, this is a security object attached to the threads via the ThreadSystem. This object registered to the ThreadSystem is an instance of the class com.sap.engine.interfaces.security.SecurityContextObject and is under the name of "security" (com.sap.engine.interfaces.security.SecurityContextObject.NAME).

Procedure

You have to obtain a reference to the interface security_api.

The references are described in the <service name>-provider.xml in the following manner:

This graphic is explained in the accompanying text

<!ELEMENT reference (#PCDATA)>

   <!ATTLIST reference type (interface) #REQUIRED>

   <!ATTLIST reference strength (weak|strong|notify) #REQUIRED>

If there is a weak reference to a component that is not started, the service will still be started. If there is a strong reference, the service cannot be started because the defined strong reference is not satisfied.

To add references to the security_api interfaces, include the following section of code:

This graphic is explained in the accompanying text

<reference type="interface" strength="weak">

  security_api

</reference>

 

Now you can obtain the current security session from that class by calling the getSession() method. You can use the security session instance (a Java object) as unique identifier.

This graphic is explained in the accompanying text

// The following code is required for the further calls

ApplicationServiceContext applicationServiceContext = ...;

// Provided with start method of service

com.sap.engine.frame.core.thread.ThreadSystem threadSystem = applicationServiceContext.getCoreContext().getThreadSystem();

 

int securityContextObjectID = threadSystem.getContextObjectId(com.sap.engine.interfaces.security.SecurityContextObject.NAME);

 

// The following code should be invoked each time you need to obtain the current security session

com.sap.engine.frame.core.thread.ContextObject contextObject = threadSystem.getThreadContext().getContextObject(securityContextObjectID));

 

com.sap.engine.interfaces.security.SecuritySession securitySession = ((com.sap.engine.interfaces.security.SecurityContextObject) contextObject).getSession();

 

From the remote client, the procedure looks as follows:

This graphic is explained in the accompanying text

   ClientThreadContext threadContext =

      ClientFactory.getThreadContextFactory().getThreadContext();

 

   SecurityContextObject contextObject =

      ((SecurityContextObject) threadContext.getContextObject("security"));

 

   if (contextObject != null) {

      contextObject.getSession();

   } else {

      // no security session because the client has not made any call to the server yet.

   }

 

 

Leaving content frame