How to remove user authentication for SAP Web Service?

Similar Messages

• How to retrieve user identity in a web service using SSO/SSL?

  I am using OracleAS10g Rel2 to develop a web service implemented as a java class. The web service client uses basic HTTP authentication and is to access the web service over SSL. I would like to know in general how I might access the user identity from within the java class. I am aware that it is possible to pass environment variables from the HTTP server to the OC4J container with Oc4jEnvVar, but can't sufficient documentation on this and am not sure this is the right approach.
  Any help is greatly appreciated..

  There are a couple of possible techniques--
  A) Use the AccesControlContext API
  You can use methods from the java.security.AccessControlContext,
  java.security.AccessController, and javax.security.auth.Subject
  classes to get the authenticated subject.
  1. Create an AccessControlContext object by calling the
  AccessController.getContext method. The getContext method takes a
  "snapshot" of the current calling context and returns it in an
  AccessControlContext object.
  2. Get the subject of the context by using the Subject.getSubject method.
  For more information on the classes and methods described in this section, see the API
  for the java.security and javax.security.auth packages at the following Web
  address.
  http://java.sun.com/j2se/1.4.2/docs/api/index.html
  For example:
  java.security.AccessControlContext context =
  java.security.AccessController.getContext();
  javax.security.auth.Subject sub = javax.security.Subject.getSubject(context);
  B) use the ServiceLifecycle API:
  You can use the javax.xml.rpc.server.ServiceLifecycle and
  ServletEndpointContext interfaces to obtain user information from security
  tokens, such as SAML, Username, or X.509. For example, the
  ServletEndpointContext.getUserPrincipal method returns the name of the
  authenticated user; the ServletEndpointContext.isUserInRole method
  returns whether user belongs to a specific role.
  Follow these general steps:
  1. Implement the ServiceLifecycle interface for the Web service.
  2. In the implementation of the ServiceLifecycle.init method, cast the
  context parameter to ServletEndpointContext.
  3. Call methods, such as getUserPrincipal and isUserInRole, on the
  ServletEndpointContext context parameter to obtain user information.
  For example:
  package test;
  public class SecureService implements securePort,
  javax.xml.rpc.server.ServiceLifecycle {
  private javax.xml.rpc.server.ServletEndpointContext context;
  public void init(Object obj) throws javax.xml.rpc.ServiceException {
  context = (javax.xml.rpc.server.ServletEndpointContext)obj;
  public String helloUser(String message) throws java.rmi.RemoteException {
  java.security.Principal principal = context.getUserPrincipal();
  if(principal == null) {
  throw new RuntimeException("Principal not found");
  String userName = principal.getName();
  return "Hi "+userName+"! "+message;
  public void destroy() {
  context = null;
  }

• How to disable default logging for workshop web services

  Hi there,
  We have created a web service using WL Workshop that we want to deploy to a production server. The problem is that the destination server is not using a default log4j library for the server, but each application initiates its own library.
  When we try to deploy the web service onto the production server, we are getting an error of a log4j/Appender class not found. We can solve the problem by adding any log4j library to the class path at the beginning, but that will cause compatilibity problems with existing applications.
  Is there any way to disable the default web services logging? It looks like the knex library is trying to instantiate this class at deployment. Any way we can disable that option?
  Thanks

  Thanks David for your reply,
  That is indeed what I am trying to do: to add all required libraries within my web-inf folder.
  But it seems that the server itself expects the log4j library to be loaded when the server is initiated. It looks to me that some server-level listener for the web services is starting together with the domain and tries to access the log4j library. This library is not found because it is inside the web-inf folder of my application.
  I do not see any error while starting the server. The error only appears when trying to deploy the application (ear) with the web service. It seems that I am forgetting something, but unless I include the log4j.jar in the classpath when I start the server, i will not be able to avoid the error.
  Suggestions and tests are much welcome.
  thanks!

• How to remove User IDs for deleted users from the Disk Quota list

  Hello,
  We have a computer lab setup with an Xserve managing 15 stations in the lab. Users are setup with networked home directories and quota's are setup on the drive containing the home directories to limit users' storage.
  The user account and the quota limit are setup with Workgroup Manager. When a student has been gone for a while and we are sure they no longer need the account we delete their account within Workgroup Manager and move their Home folder to the trash.
  When viewing disk usage in Server Admin (by selecting the volume and clicking the Quatas tab) user ids for deleted users are listed and it still shows the disk usage and quota settings for the user.
  How can I remove theses user ids from the quota list?
  Any help would be appreciated.
  Brian

  I would restore User's file structre back to normal just by copying from standby user?
  Did you mean copy files to a new user profile? If so, hope this link can be helpful for you
  http://windows.microsoft.com/en-in/windows/fix-corrupted-user-profile#1TC=windows-7
  For the unknown user, as you said, it's probably a user account from second OS or
  action. If you're annoying about this unknown user, then you can remove all occurrences of granted rights to the specified SID with this command icals [/remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q]
  http://technet.microsoft.com/en-us/library/cc753525.aspx
  Yolanda Zhu
  TechNet Community Support

• Using Web Dynpro authentication for a Web Service call

  Hi all,
  I want to develop a Web Dynpro that calls a Web Service running on the same Web AS (7.0). The Web Dynpro will be integrated in a Portal. The web service that has to be called is automatically generated when we create a guided procedure :
  http://help.sap.com/saphelp_nw2004s/helpdata/en/44/44c59fd7c72e84e10000000a155369/frameset.htm
  In my Web Dynpro, I imported the WSDL of this WS and created a model.
  The first time I tried to call the WS in my Web Dynpro I got an authentication error :
  Service call exception; nested exception is: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://<myHostName>:50100/GPRuntimeFacadeWS/GPProcessExposing?style=document&pid=CA544E9B629A11DB91480017A48D672A&pver=0.5"
  So I hard-coded an HTTP authentication :
       model._setUser("myWASuser");
       model._setPassword("myPassword");
  And the Web Service call now works.
  Now the next step is that the WS call is made by the user that runs the Web Dynpro. So I found this documentation :
  http://help.sap.com/saphelp_nw04/helpdata/en/59/e8e95d1eba48dfa86ae91ad8816f5d/frameset.htm
  It would resolve my authentication problem, AND the transport issue : at the moment the Web Service URL is stored in the Logical Port of the WD model, and at transport time, a rebuild of the WD project will be needed.
  So I applied what is said in the doc : from the point of view of the Web Service consumer, I just had to add :
      model._setHTTPDestinationName("STARTGP");
  (where STARTGP is the name of the destination I created in the Visual Administrator with a "Logon Ticket" authentication.)
  before the execute(), and I removed my hardcoded authentication.
  Unfortunately, nothing changes... I still get a 401 authentication error.
  Does anyone have an idea about this ? Or maybe a workaround ?
  Thanks in advance for any suggestion.
  Regards,
  Julien

  Hello Julien,
  I have a scenario similar to yours. A client webdynpro application accessing a EJB methods exposed as web service. Those EJB's methods calls R3 RFC's. The client requirements' was to allow SSO through all the layers (Webdynpro -> EJB WS -> RFC). The Webdynpro and EJB's are deployed on the same WAS.
  Solution:
  1 - Create a RFC Destination on Visual Administration provide the R3 connection parameters and set the Authentication for "Current User (Logon Ticket)". Save your Destination;
  2 - In your EJB Project open your Web Service Configuration, on the Security page, set:
      Authentication Mechanism: HTTP Authentication
      Basic (username/password)
      Use SAP Logon Ticket
  3 - In your EJB, implement the following code to create JCO Client for the RFC invocations:
  Object obj = ctx.lookup(DestinationService.JNDI_KEY);
      DestinationService dstService = (DestinationService) obj;
      RFCDestination dst = (RFCDestination) dstService.getDestination("RFC", "<YOUR_RFC_DESTINATION_NAME>");
      Properties jcoProperties = dst.getJCoProperties();
      JCO.Client jcoClient = JCO.createClient(jcoProperties);
  4 - In your EAR Project, open your "application-j2ee-engine.xml" and add the References:
       "tc/sec/destinations/service" as Service
       "tc/sec/destinations/interface" as Interface.
  5 - Create your EAR File and Deploy;
  6 - Check if the web service now requires Authentication: go to http://<host>:<port>/index.html and click on Web Services Navigator. Test your Web Service. Your Web Service should requiere you to log in before execute the test;
  7 - Go back to your Visual Administrator and create a HTTP Destination. Provide your WS URL (should be something like "http://<host>:<port>/<WS_NAME>/Config1?style=document"). Choose Authentication: Logon Ticket. Save your Destination;
  8 - Go to your webdynpro project, import your WS Model. (If you have already created it, you have to delete it and import it again, refer to this blog on how to reimport WS Models: /people/bertram.ganz/blog/2005/10/10/how-to-reimport-web-service-models-in-web-dynpro-for-java  How To Reimport Web Service Models in Web Dynpro for Java );
  9 - Open your model's Logical Ports node, go to the Security tab, and choose "Use SAP Logon Ticket";
  10 - In your webdynpro code, before you call the ws invocation (should be something like that: <YOUR_NODE_DEFINITION>.modelObject().execute();), include the following line:
  <YOUR_NODE_DEFINITION>.modelObject()._setHTTPDestinationName("<YOUR_HTTP_DESTINATION_NAME>");
  11 - Save All Metadata and deploy your Webdynpro App. Test your results.
  I hope it helps you, as the documentation on how to implement this scenario is scattered through the SDN and all the SAP help portal.
  Best regards,
  Paulo.

• How to embed user credentials in Secured Web Service from OBIEE 11gFMW?

  I am trying to invoke a webservice that I successfully exposed as a WSDL Web Service using EBS Integrated SOA Gateway. I am using OBIEE 11g Action Framework which uses WebLogic.
  Here are the steps I completed:
  - I exposed a WSDL web service in EBS R12 via Integrated SOA Gateway
  - I granted the access to this service in EBS R12 to user SYSADMIN
  - I used OBIEE 11g to make a Action to call the Web service (using Action Framework) by searching for the WSDL
  - When I try to execute the action: I get the error:
  Action could not be invoked.
  ServiceExecutionFailure :
  Error invoking web service HR_PHONE_API_Service at endpoint http://ip-10-87-33-3.ec2.internal:8000/webservices/SOAProvider/plsql/hr_phone_api/ Missing <wsse:Security> in SOAP Header
  PROBLEM: I am unsure how to add the credentials for SYSADMIN user and password to add the SOAP username/pwd to the outgoing call. According to the documentation in the Integrators guide, FMW Security guide, and Web Logic guides..seems we have to configure the SOAP call to have the proper credentials. The documentation is not very clear on exactly how to do this. I tried to set up the credential store and an account in ActionFrameWorkConfig.xml but I am still missing something. I am logged into OBIEE as biadmin and I am trying to call a webservie in EBS that is granted to SYSADMIN/sysadmin user. Pls advise.

  I am trying to invoke a webservice that I successfully exposed as a WSDL Web Service using EBS Integrated SOA Gateway. I am using OBIEE 11g Action Framework which uses WebLogic.
  Here are the steps I completed:
  - I exposed a WSDL web service in EBS R12 via Integrated SOA Gateway
  - I granted the access to this service in EBS R12 to user SYSADMIN
  - I used OBIEE 11g to make a Action to call the Web service (using Action Framework) by searching for the WSDL
  - When I try to execute the action: I get the error:
  Action could not be invoked.
  ServiceExecutionFailure :
  Error invoking web service HR_PHONE_API_Service at endpoint http://ip-10-87-33-3.ec2.internal:8000/webservices/SOAProvider/plsql/hr_phone_api/ Missing <wsse:Security> in SOAP Header
  PROBLEM: I am unsure how to add the credentials for SYSADMIN user and password to add the SOAP username/pwd to the outgoing call. According to the documentation in the Integrators guide, FMW Security guide, and Web Logic guides..seems we have to configure the SOAP call to have the proper credentials. The documentation is not very clear on exactly how to do this. I tried to set up the credential store and an account in ActionFrameWorkConfig.xml but I am still missing something. I am logged into OBIEE as biadmin and I am trying to call a webservie in EBS that is granted to SYSADMIN/sysadmin user. Pls advise.

• How to create Listening Channel for XML/web services repsonse

  Hi , I am new to B2B 11g, wish to ask tht,
  I followed the B2B tutorial by using Generic File and it working fine. However,
  if I wish to receive XML from trading partner thought web server, how should i configure the listening channel, which protocol should I use.
  And may any1 kindly reference me to any link or info?
  Thanks you.

  however..if remote partner going to send me thought web services and not thought folder, should I do anything on my B2B? did i need to specific any extra listening channel?No. No additional configuration is required for receiving files over HTTP. Just ask your TP to post files over one of the below URL's -
  http://hostname:soa_server_port/b2b/httpReceiver or http://hostname:soa_server_port/b2b/transportServlet
  If you just want to test your B2B whether it is properly configured then best way is to have another B2B setup (may be a new domain) which will mock your TP setup. From that B2B setup send message to your B2B over HTTP (on any of above URL's) and see if gets processed successfully.
  If you just want to test whether your B2B is ready to accept messages over HTTP, then access the above URL's through browser and make sure that you see below message -
  "B2B Server is ready to accept HTTP messages from the Trading Partner"
  Regards,
  Anuj

• How to make high traffic for a Web Service?

  Hi there,
  I have build a simple Web Service and I would like to test its delay under high traffic environment.
  I have also built a client that consumes the Web Service. I want to run the client about 100 times simultaneously.
  Is this possible? And if it is, then could you tell me a way on how to run them?
  I have deployed the Web Service in the Sun Application Server 8.2.
  Thanks in advance.

  SSZ wrote:
  Yes.But couldn't understand where to start.In that case use the magic wand.
  Ask specific questions, Many of your posts have an underlying tone , that of you not having read any documentation of bothered to research anything yourself I havent got the time to tell you how if you havent got the time to tell me what you have read , what you grasp and what you do not grasp.

• How to defne user mapping for a Webservice method to acheive single sign on

  I all,
  I have created a Web service System using a url (containing full path of my wsdl )
  Now this particular wsdl(my webservice) has an <b>authenticate method</b> , which takes username and password.
  wanted to know is there any way that i can do user mapping for it .
  i.e when i create an ivew for this web service system using authenticate method , it should pick up the username and password from the user mapping. presently the ivew itself asks for username and password ?
  else can anyone tellme is there a way to do user mapping for my web service system that i have created using a wsdl url. presently it works with any junk username password, i mean the connection always succeds , may be because accessing a wsdl dosent requires any user name and password.
  thanks

  I all,
  I have created a Web service System using a url (containing full path of my wsdl )
  Now this particular wsdl(my webservice) has an <b>authenticate method</b> , which takes username and password.
  wanted to know is there any way that i can do user mapping for it .
  i.e when i create an ivew for this web service system using authenticate method , it should pick up the username and password from the user mapping. presently the ivew itself asks for username and password ?
  else can anyone tellme is there a way to do user mapping for my web service system that i have created using a wsdl url. presently it works with any junk username password, i mean the connection always succeds , may be because accessing a wsdl dosent requires any user name and password.
  thanks

• Dynamic destinations for adaptive web service in webdynpro for java

  Hi,
  Please advice me on how to create dynamic destination for adaptive web service model in webdynpro for java.
  Regards,
  Patana

  Hi,
  If this is the case, then use the HTTP destination for this.
  What you need to do is:
  1. Create one HTTP destination in visual administrator at services-> Destinations. Provide HTTP url of the your web service and the security options.
  2. Specify this HTTP destination in the code before executing web service model.
  Write following code for that:
  wdContext.current<node name>Element().modelobject()._setHTTPDestination(<Specify HTTP destination name>);
  Then execute your web service model.
  Now, whenever you want to change the server on which your web service is running, make change in the HTTP Destination in visual administrator.
  Refer this link,
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2bc0932-0d01-0010-6d8e-cff1b2f22bc7
  Regards,
  Sunaina Reddy T

• Using Identity Management for Securing Web Services

  My goal is to associate my services with an Oracle Internet Directory. I made some attempts to set up SAML authentication for the web services, but it didn't have the right outcome.
  (My identity management server and OID is up and running and I have successfully made authentication modules for other web applications)
  Here is what I did:
  1. I wrote a simple java file, used jdeveloper tools to create and deploy it as a web service to OC4J. I associated an identity management server with this service through OC4J web tools as security provider.
  2. I made a data control for the web service and put it in an ADF application . (client)
  3. I deployed the client project(2) to OC4J.
  I could use the web service through the page.
  Then
  I secured the webservice to expect SAML for authentication.
  Surprisingly, the client could still communicate with the webservice, Why? Shouldn't it have rejected the request because of the problem in SAML token? (The proxy and the data control were not secured, and didn't provide any SAML tokens)
  4.
  I added login page to my client project (through ADF security wizard). It used idenity management for authentication successfully. login process completes and web service data control is displayed.
  5. I want the authentication information to be propagated through the page so that the web service receives the data and uses Identity Management.
  I know I should add <property name="oracle.security.wss.propagate.identity" value ="true"/>
  to one of the configuration files, but don't know where exactly.
  Best Regards,
  Farbod

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• How do we reset password for SAP* and DDIC user in SAP R/3 ECC 6.0?

  Hi,
  How do we reset password for SAP* and DDIC user in SAP R/3 ECC 6.0?
  I tried with acual method as below from client '000':
  DELETE FROM USR02 CLIENT SPECIIED WHERE BNAME = 'SAP*' AND MANDT = '001'.
  After this when I tried to logon '001' using SAP* with password PASS it is giving  the message that Incorrect logon and password.
  (Also when I checked for 'SAP*' in 001 it looks like it is not got created as I queried as below:
  SELECT SINGLE * FROM USR02 CLIENT SPECIFIED WHERE BNAME = 'SAP*' AND MANDT = '001'.)
  Can anybody throw some light on this? RewardS is guranteed for solutions!
  -B S B

  Hi again:
  I forget to tell.
  You must restart the system. So, that a new user with the name "sap*" gets generated with password "pass"
  Hope this wil help,
  Eric

• User Authentication for subfolder not working in Web Browser

  We are using Oracle Application Server 10.1.2.3 and Database Server 10.2.0.5 for our application.
  One of the functionalities of the Application is to send emails with attachments.
  The logic is that the Application would generate the attachment file on the Application Server.
  Then a database package uses Oracle's utl_http package/procedures(more specifically utl_http.request_pieces where the single argument is a URL) to pick up the file from the Application Server via URL, attach the file and send the email.
  Exchange and Relay Server is also set in the Application.
  The problem is that the folder containing the folder which stores the attachments is having user authentication set.
  Example : The main folder is /apps/interface, this folder requires a valid user when it is accessed via URL on a web browser.
  Alias created in httpd.conf
  Alias /int-dir/ "/apps/interface/"
  The folder /apps/interface/email/ is the folder where the attachment files are generated and stored.
  Application Server : 10.12.213.21
  Database Server : 10.12.213.22
  Email Server : 10.12.213.44
  Configuration as per httpd.conf
  Alias /int-dir/ "/apps/interface/"
  <Location /int-dir/>
  AuthName "Interface folder"
  AuthType Basic
  AuthUserFile "/u01/app/oracle/as10g/oasmid/Apache/Apache/conf/.htpasswd"
  require user scott
  </Location>
  <Location /int-dir/email>
  Options Indexes Multiviews IncludesNoExec
       Order deny,allow
       Deny from all
       Allow from 10.12.213.21
       Allow from 10.12.213.22
       Allow from 10.12.213.44
  </Location>
  Using the above configuration the Application is able to attach the files and send the email, however, when we access the following URL :
  http://10.12.213.21:7778/int-dir/ - it prompts for user authentication
  However if we use the following URL :
  http://10.12.213.21:7778/int-dir/email/ - it does not prompt for user authentication, and all the files in the folder are displayed in the browser.
  I have tried so many things including AllowOverride, .htaccess, but i am not able to get user authentication for the email folder.
  Please help me if you can.
  Thanking you in advance,
  GLad to give any more information that i can.
  dxbrocky

  Thanks for your response.  I fixed the problem by selecting "full site" or "full website" at bottom of the web page.  After making this selection the zoom function returned.  Thanks again for your interest.

• How to publish a SAP Web Service in SAP XI/PI 7.0

  Hi,
  First I've to say that I'n new in this deals with SAP Web Services and SAP XI/PI.
  I've created a Web Service with TX SE80 using a standard BAPI.
  I've created the Client Proxy with TX SE80.
  I've created a Logical Port wiht TX LPCONFIG.
  I've tried this is SOAMANAGER but I have this error...
  "SRT Framework exception: Uninstantiated object "subject sidl service" in method IF_SRT_WSP_CONFIG_SIDL~CREATE_CLNT_CFG_FROM_WSDL_D of class CL_SRT_WSP_CONFIG_SIDL"
  I would like to publish this service in my SAP XI/PI 7.0
  How can I solve the error in SOAMANAGER?
  How can I publish de SAP WS that I've created in SAP XI/PI?
  Thanks a lot.
  Waiting for your news.
  Fernando.

  Hi Dimitri,
  I had the same problem:
  "SRT Framework exception: Uninstantiated object "subject sidl service" in method IF_SRT_WSP_CONFIG_SIDL~CREATE_CLNT_CFG_FROM_WSDL_D of class CL_SRT_WSP_CONFIG_SIDL"
  And by following Nags hints I got solution:
  1, On the system where is your service provider, run transaction SICF
  2, Execute this transaction
  3, Go to node: default_host/sap/bc/srt/wsil
  4, Right click on "wsil" -> choose "Test service" - web browser should open with XML definition of service
  5, Find your service provider. In my case it looks like this:
  <service>
  <name>ZTEST_WS</name>
  u2212
  <wsdlNamespace>
  urn:sap-com:document:sap:soap:functions:mc-style/service
  </wsdlNamespace>
  <wsdlName>service</wsdlName>
  u2212
  <wsdl>
  http://xxx.yyy.com:8000/sap/bc/srt/wsdl/srvc_DF838C999AA282F18829001CC4D74176/wsdl11/service/ws_policy/document?sap-client=800
  </wsdl>
  </service>
  5, Look for WSDL link -> in my case:
  http://xxx.yyy.com:8000/sap/bc/srt/wsdl/srvc_DF838C999AA282F18829001CC4D74176/wsdl11/service/ws_policy/document?sap-client=800
  I dont know why, but this link is different like WSDL link in service definition which I can see in SE80:
  http://xxx.yyy.com:8000/sap/bc/srt/wsdl/sdef_ZTEST_WS/wsdl11/ws_policy/document?sap-client=800
  6, Use this link (from "wsil") instead of link from SE80 in SOAMANAGER to create logical port
  7, Yours logicall port should be created without errors.
  My question - have anybody idea, why this links are different and why only that second one works?
  Peter

• SAP Web services performance tuning in terms of concurrent users?

  Hello,
  we in our organisation are planning to build a web portal which can connect to our sap environment and perform various tasks.
  Hence to find out the performance capabilities we exposed some web services from SAP end and did a load test on the same.
  The test results were not promising, with only 25 concurrent users the response time was as high as 12 seconds.
  Now we need to fine tune the SAP web service module to get the max performance.
  Can anybody point us in the right direction?

  One of the function module code is as follows
  FUNCTION ZHRPULSE_CREATECONTACTS3.
  *"*"Local Interface:
  *"  IMPORTING
  *"     VALUE(EMPL_CONTACT_DETAILSIN) TYPE  ZHR_CONTACT_DETAILS
  *"  EXPORTING
  *"     VALUE(EMPL_CONTACT_DETAILSOUT) TYPE  ZHR_CONTACT_DETAILS
  *"     VALUE(STATUS) TYPE  ZHR_STATUS
  *"  TABLES
  *"      SUBTYPE_TABLE STRUCTURE  ZHR_CONTACT
  DATA: tempRet type BAPIRETURN1,
        oref   TYPE REF TO cx_root.
  DATA: E_IT0001 type P0001.
  CALL FUNCTION 'HREIC_READ_INFOTYPE_0001'
    EXPORTING
      I_PERNR         = EMPL_CONTACT_DETAILSIN-EMPLOYEE_ID
      I_DATE          = sy-datum
  IMPORTING
      E_RETURN        = tempRet
      E_IT0001        = E_IT0001
  EXCEPTIONS
     NOT_FOUND       = 1
     OTHERS          = 2.
  IF SY-SUBRC <> 0.
    Status-status = 'Failure'.
    status-information = 'ID Not Found in Master Data.'.
    exit.
  ENDIF.
  EMPL_CONTACT_DETAILSOUT-EMPLOYEE_ID = E_IT0001-PERNR.
  EMPL_CONTACT_DETAILSOUT-EMPLOYEE_NAME = E_IT0001-ENAME.
  SELECT single Btext from t001p into EMPL_CONTACT_DETAILSOUT-location where btrtl = E_IT0001-btrtl.
  CALL FUNCTION 'HR_EMPLOYEE_ENQUEUE'
      EXPORTING
        NUMBER             = EMPL_CONTACT_DETAILSIN-Employee_ID.
    IF sy-subrc NE 0.
      Status-status = 'Failure'.
    status-information = 'NOT able to get a lock on the Employee ID'.
      EXIT.
    ENDIF.
    CALL FUNCTION 'BAPI_ADDRESSEMP_CREATE'
      EXPORTING
        EMPLOYEENUMBER         = EMPL_CONTACT_DETAILSIN-Employee_ID
        VALIDITYBEGIN          = SY-DATUM
        VALIDITYEND            = '99991231'
        ADDRESSTYPE            = '1'
        STREETANDHOUSENO       = EMPL_CONTACT_DETAILSIN-ADDRESS1
        SCNDADDRESSLINE        = EMPL_CONTACT_DETAILSIN-ADDRESS2
        CITY                   = EMPL_CONTACT_DETAILSIN-CITY
        POSTALCODECITY         = EMPL_CONTACT_DETAILSIN-PIN_CODE
     IMPORTING
        RETURN                 = tempRet
        EMPLOYEENUMBER         = EMPL_CONTACT_DETAILSIN-Employee_ID
  If sy-subrc eq 0.
    Status-status = 'Success'.
    status-information = 'Executed successfully'.
  else.
    Status-status = 'Failure'.
    status-information = tempRet-message.
    exit.
  endif.
  "For creating communication details
  subtype_table-subtype = '9100'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-EXTENTION.
  append subtype_table.
  subtype_table-subtype = '9200'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-EMERGENCY_NO.
  append subtype_table.
  subtype_table-subtype = '9300'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-AVAYA.
  append subtype_table.
  subtype_table-subtype = '9400'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-MOBILE_NO1.
  append subtype_table.
  subtype_table-subtype = '9450'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-MOBILE_NO2.
  append subtype_table.
  subtype_table-subtype = '9500'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-DIRECT.
  append subtype_table.
  subtype_table-subtype = '9600'.
  subtype_table-communicationid = EMPL_CONTACT_DETAILSIN-HOME.
  append subtype_table.
  if subtype_table[] is not initial.
  Loop at subtype_table.
    CALL FUNCTION 'BAPI_EMPLCOMM_CREATE'
      EXPORTING
        employeenumber        = EMPL_CONTACT_DETAILSIN-Employee_ID
        subtype               = subtype_table-SUBTYPE
        validitybegin         = sy-datum
        validityend           = '99991231'
        communicationid       = subtype_table-communicationid
     IMPORTING
        return                = tempRet
  If sy-subrc eq 0.
    Status-status = 'Success'.
    status-information = 'Executed successfully'.
  else.
    Status-status = 'Failure'.
    status-information = tempRet-message.
    exit.
  endif.
    Endloop.
    CLEAR subtype_table.
  ENDIF.
  CALL FUNCTION 'BAPI_TRANSACTION_COMMIT'
  * EXPORTING
  *   WAIT          =
  * IMPORTING
  *   RETURN        =
    "for unlocking the employee ID
    CALL FUNCTION 'HR_EMPLOYEE_DEQUEUE'
      EXPORTING
        number = EMPL_CONTACT_DETAILSIN-Employee_ID
  "   IMPORTING
    "    return =
  EMPL_CONTACT_DETAILSOUT-ADDRESS1 = EMPL_CONTACT_DETAILSIN-ADDRESS1.
  EMPL_CONTACT_DETAILSOUT-ADDRESS2 = EMPL_CONTACT_DETAILSIN-ADDRESS2.
  EMPL_CONTACT_DETAILSOUT-CITY = EMPL_CONTACT_DETAILSIN-CITY.
  EMPL_CONTACT_DETAILSOUT-PIN_CODE = EMPL_CONTACT_DETAILSIN-PIN_CODE.
  EMPL_CONTACT_DETAILSOUT-EXTENTION = EMPL_CONTACT_DETAILSIN-EXTENTION.
  EMPL_CONTACT_DETAILSOUT-EMERGENCY_NO = EMPL_CONTACT_DETAILSIN-EMERGENCY_NO.
  EMPL_CONTACT_DETAILSOUT-AVAYA = EMPL_CONTACT_DETAILSIN-AVAYA.
  EMPL_CONTACT_DETAILSOUT-MOBILE_NO1 = EMPL_CONTACT_DETAILSIN-MOBILE_NO1.
  EMPL_CONTACT_DETAILSOUT-MOBILE_NO2 = EMPL_CONTACT_DETAILSIN-MOBILE_NO2.
  EMPL_CONTACT_DETAILSOUT-DIRECT = EMPL_CONTACT_DETAILSIN-DIRECT.
  EMPL_CONTACT_DETAILSOUT-HOME = EMPL_CONTACT_DETAILSIN-HOME.
  ENDFUNCTION.