Non-SAP JPA implementation

Similar Messages

• SAP JPA and lazy loading

  Dear experts,
    I have a WD application with EJB model. I have faced strange JPA exception (I am using SAP JPA implementation).
    This is 2 Entities with relationship
  @Entity
  @Table( schema = "dbo", name = "class")
  public class ClassEntity {
    private Long id;
          @Id
       @Column(name="id")
       @GeneratedValue(strategy= GenerationType.IDENTITY)
      public Long getId() {
            return id;
       public void setId(Long id) {
            this.id = id;
  private Collection<ClassAttributeEntity> classAttributesById;
      @OneToMany(mappedBy = "classByClassId", fetch=FetchType.LAZY)
      public Collection<ClassAttributeEntity> getClassAttributesById() {
          return classAttributesById;
      public void setClassAttributesById(Collection<ClassAttributeEntity> classAttributesById) {
          this.classAttributesById = classAttributesById;
  @Entity
  @Table( schema = "dbo", name = "class_attribute")
  public class ClassAttributeEntity{
  private Long id;
          @Id
       @Column(name="id")
       @GeneratedValue(strategy= GenerationType.IDENTITY)
      public Long getId() {
            return id;
       public void setId(Long id) {
            this.id = id;
      private ClassEntity classByClassId;
      @ManyToOne
      @JoinColumn(name = "class_id", referencedColumnName = "id")
      public ClassEntity getClassByClassId() {
          return classByClassId;
      public void setClassByClassId(ClassEntity classByClassId) {
          this.classByClassId = classByClassId;
    I want to execute JPQL query
  "SELECT c FROM ClassEntity c"
  ; But I get this exception:
  javax.persistence.PersistenceException: The relationship >>classAttributesById<< of entity {test.ClassEntity(id=1686)}cannot be loaded because the entity is detached
    I can overcome it using EAGER loading -
  @OneToMany(mappedBy = "classByClassId", fetch=FetchType.EAGER)
  , but I really dont need ClassAttributes in this situation! I have many thousands of classes and eager loading provides extremly poor perfomance. What can I do with this problem?
    Thanks in advance for any advice.

  Hi Andrey,
  I assume you are getting the exception if you atempt to access "classAttributesById" ouside the transaction, in which you executed the query, i.e. after the persistence context, in which the query has been executed is closed.
  You have got to make sure that all entities you need to access are read as long as the persistence context executing the query is still open.
  How to address this depends a bit on whether you need to access all related entites or only some.
  If you need to access the relationship "classAttributesById" for only some instances of "ClassEntity", you could for example call size() on "classAttributesById" for these selected instances of "ClassEntity" (within the same transaction/persistence context".
  If you need to access all related entities, theoretically, fetchType = EAGER would be the right choice. However, as you have observed, SAP JPA can't handle this efficiently at the time beeing. Therefore,
  I'd rather suggest that you firstly load all related attributes with a query
  "SELECT ca FROM ClassAttributeEntity ca"
  and secondly load the "ClassEntity"s
  "SELECT c FROM ClassEntity c"
  this should execute efficiently.
  Sorry for the inconvenience.
  -Adrian

• SAP JPA simple query

  Hello, experts!
    I have a simple entity
  @Entity
  @Table( schema = "dbo", name = "class")
  public class ClassEntity {
    private Long id;
          @Id
       @Column(name="id")
       @GeneratedValue(strategy= GenerationType.IDENTITY)
      public Long getId() {
            return id;
       public void setId(Long id) {
            this.id = id;
  I have about 10.000 records in this table. The simplest query "SELECT c FROM ClassEntity c WHERE c.id=:id" tooks 3-4 seconds! I have found (using mssql profiler) that SAP JPA implementation selects ALL records and only then returns the one I need!
  Moreover, query "SELECT count(c) FROM ClassEntity c" tooks 3-4 seconds too, and its behaviour is the same! Have anyone an idea, whats going on? How can I select just 1 record (ClassEntity) from the table?
    Thanks for any advice.

  Hi Andrey,
  the behavior you are describing would be absolutely unexpected.
  Could you please double check using the SQL Trace (http://<host>:<port>/OpenSQLMonitors) that the generated SQL is a you are describing it.
  -Adrian

• How to implement SSO to non-SAP systems using SAP logon ticket?

  Hello,
  We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
  Can anyone please give me some leads on this, in particular:
  1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
  2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
  3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
  Roy

  Hi,
  I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
  There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
  I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
  In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want  to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
  There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
  Here are some links you might want to check:
  OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
  wss4j: http://ws.apache.org/wss4j/
  shibboleth: http://shibboleth.internet2.edu/
  opensso: https://opensso.dev.java.net/
  On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
  Hope this is helpful...
  Let me know if you need further assistance on this topic
  Cheers

• Implementation strategy for non sap sources

  hai friends,
              could anyone help with the
  'implementation strategy for non sap sources'.

  Hi,
  Its the same as with R3 sources.Only difference is you'll have different underlying interfaces. Non SAP systems can either be flat files, ETL systems or legacy systems using ETL connection, Oracle or Java systems XML, etc.
  But your stategy would remain the same only per your non sap source system, the transactions and the ways you configure your datasources would differ.
  Cheers,
  Kedar

• Documentation in SolMan of Non SAP Implementation.

  Hi experts,
  Is it possible to maintain documentation, blueprints, etc. for an implementation of a NON SAP system (CC&B of Oracle)?
  If possible, what would be the correct scenario of SolMan?
  Best Regards,

  Hi Gustavo,
  In my view, the right transactions to hold documents for Non-SAP systems are SOLAR01 & SOLAR02 or the Solution Landscape.
  The questions you would have to answer yourself are:
  (1) Are these Non-SAP systems part of the 'overll' solution landscape in terms of interacting with SAP in one way or ther other  OR are these meant to carry out certain Business Processes that are totally standalone and have no 'interface' or cross-dependency on SAP
        - If these Non-SAP systems actively interact with SAP, you may be better off getting the structure definition as well as documentation in the same Project
       - If some elements interact and most others are standalone, you may like to have a different Project to manage those standalone elements
  (2) Do you plan to undertake any 'Project' that may end up using these Non-SAP system documentation OR is it primarily for the support team that manages an existing infrastructure, to have access to these documents from one place ?
  - If no projects are foreseen taking shape, you may be better off defining the structure as Business Scenarios or Interface Scenarios in Solution Landscape as opposed to Project side
  Please feel free to ask any further queries.
  Best regards,
  Srini

• SSO to Non-SAP using login-tickets

  Hi all,
  I'd like to set up an SSO connection to a non-SAP HTTP system by using the SSO web filter (iis_sso.dll) on IIS 5.0.
  I've created an iView (using the application integrator) with the URL template : http://<ip-address-host>:82/reqvars.asp?<Authentication> in which <Authentication> is MYSAPSSO2=<Request.SSO2Ticket>. The reqvar.asp page comes with the web filter as an example and displays all HTTP header fields. That way you can check whether the user-ID has been extracted successfully from the SAP logon ticket. However, I fail to get any value into the REMOTE_USER variable. The ISAPI filter (iss_sso) has been installed (global) successfully.
  I'm using the following settings in the verify.properties files:
  remote_user_alias = REMOTE_USER
  pse_file = C:\SSOFilter\verify.pse
  application = portal
  log_file = C:\SSOFilter\filter.log
  log_level = 3
  Remark: in the original example the remote_user_alias is set to REMOTE-USER: However, I feel this is wrong since the actual variable is REMOTE_USER. Also I have seen this one in another forum post as being a working properties file. Or should I use original value?
  No entries are being written to the log so I believe nothing is happening at all.
  The SSOFilter folder contains the following files:
  iis_sso.dll
  sapsecu.dll
  sapsecu.lib
  verify.properties
  verify.pse
  mfc71.dll, mfc71u.dll, msvcp71.dll, msvcr71.dll and sapsecin.exe
  This folder also has been added to the environmental PATH variable.
  Any suggestions would be highly appreciated (and rewarded ,
  Frodo

  Hi,
  I dont have much info related but i can giv u hint
  refer OSS Notes 442401 and 723896.
  When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
  In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
  certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
  In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
  You can refer following link :-
  http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  user authentication and SSO
  http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Authentication Using a Directory with SSO Integration Using Logon Tickets
  http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  SSO
  SAP Logon Ticket-based Single Sign-On
  http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

• SSO to non SAP Application using SAP Logon Ticket

  Hi Experts,
  I Have EP 7 SP 15 using SPNego Wizard to SSO with Active Directory and SSO between EP and ECC using SAP Certificates.
  Now I have a demand to SSO some JAVA based applications (non SAP) to my portal using the SAP Logon Ticket.
  I Have followed some blogs that directed me to use SAPSSOEXT (some libs) to read the MYSAPSSO2 cookie. The problem is that I didn't found this cookie, I even executed the command javascript:document to look for this cookie but the browser just show me the JSESSIONID info.
  Does anybody knows where I can find this cookie or if there's a better way to set up this SSO? It´s necessary to say that I cannot SSO these application to the kerberos protocol because some security reasons on my company.
  Thanks
  Armando

  Hi,
  I dont have much info related but i can giv u hint
  refer OSS Notes 442401 and 723896.
  When using SAP logon tickets for non-SAP applications, two different implementation options are available. The difference lies in where the ticket verification takes place.
  In the first case,  the SAP logon ticket is submitted to the web server filter located on the web server. The web server filter verifies the portal serveru2019s public key
  certificate using its local Personal Security Environment (PSE) and then populates the HTTP header field with the user ID for SSO to the non-sap web application.
  In the second case,  the SAP logon ticket is sent to the non-SAP application, which then verifies it using the ticket verification DLL and submits the user ID to the application for SSO.
  You can refer following link :-
  http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8deaf2f11d5993700508b6b8b11/frameset.htm
  user authentication and SSO
  http://help.sap.com/saphelp_nw70/helpdata/EN/8f/ae29411ab3db2be10000000a1550b0/frameset.htm
  Authentication Using a Directory with SSO Integration Using Logon Tickets
  http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  SSO
  SAP Logon Ticket-based Single Sign-On
  http://help.sap.com/saphelp_nwce10/helpdata/en/45/b6af743753003ae10000000a11466f/frameset.htm

• SSO with Logon Ticket to non-SAP Unix based application

  Hi all,
  Anyone has implemented SSO with Logon Ticket to a Unix box ?
  We need to achieve Single Sign On between our EP5.0 SP5 Portal and a third-party web application with a front-end on a Unix AIX machine with Apache.
  We achieved SSO with non-SAP applications with Logon Tickets, but one was to an IIS system in another domain (we therefore used the standard Web Filter for IIS and declared it in usermanagement for cross-domain support) and another one running on Windows platform (we used the C libraries provided in the "Logon Ticket Toolkit": NT or Linux only).
  From what we understand and found on the web sites, we cannot reuse any standard web filter (none for Unix, am I correct ???) and want to implement custom code using SAP libraries, if possible using Java
  -> Are there any Java libraries that are available to both:
  . verify the logon ticket with the deployed Portal public key
  . decrypt/extract the authenticated username from this ticket ??
  I've seen a mention of Java libraries, and Unix, in a SAP EP 6.0 document but I'm not sure where to find them...
  Is the SAP Logon Ticket issued the same way in EP 5.0 and EP 6.0 ?
  I managed to find something called SAPSSOEXT, for AIX, which contains some partial library and a sample, but it is dated 2000 !! Anyone has more information about this ?
  Any hint is very much appreciated.
  Thanks a lot
  Olivier

  Check these links for reference regarding AIX and Apache using X.509 certificates:
  http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/cas_pki.htm
  And just using cookies -
  http://forums.devshed.com/archive/t-105611 (perl based)
  You can also use mod_ssl built into your Apache to facilitate both certificate based authentication as well as encryption.
  The mod_ssl route is most secure (because of the encryption), the IBM link is comprehensive but requires extra infrastructure (LDAP).
  Nick
  Nick

• Configure sso to non sap

  dear all,
  i would like implement sso from ep to other web application ( non SAP )
  the legacy system is using " PHP and Web Server APACHE "
  there any want can help me how to configure the sso and how to create iview for my legacy system ( using URL iView  or application integrator )
  thanks for your help
  echo

  Hi Echo,
  Single Sign On to non-SAP applications normally can't be done by configuration.
  How SSO can be done depends on your application.
  Maybe these few hints may help you:
  You need the same usernames in portal and in your external application
  You may integrate your app using an application integration iView
  If your external application can be run in some kind of 'trusted' mode (this means, no password, just the username is required to log on as long as the request comes from certain IP adresses / your portal server) you can just pass the userid using the app integrator iView mechanism
  SAP provides a library (currently written in C, but there is at least a java wrapper available) to decode the SAP SSO Ticket
  You may extend your external applications logon mechanism to use the mentioned SSO ticket and do the login without password. Application Integrator is able to send the SSO ticket to your external app.
  In less words: you need to do some coding on your external application
  Hope this helps (or come back for more),
  Carsten

• SSO to non SAP applications

  Hi,
  I am trying to implement SSO to SAP and JAVA applications in the process i need to verify the "PSE" file downloaded from the keystore administration and to decrypt the "SSO2 Cookie" in order to do this i hv downloaded the SAPSSOEXT.DLL file and placed it in "C:\Windows:\System32". and registed the DLL file using "REGSVR32 C:\Windows:\System32sapsso.dll"
  But when i am executing the program i am getting the follwing error
  java.lang.UnsatisfiedLinkError: no sapssoext in java.library.path
          at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682)
          at java.lang.Runtime.loadLibrary0(Runtime.java:822)
          at java.lang.System.loadLibrary(System.java:993)
          at SSO2Ticket.<clinit>(SSO2Ticket.java:38)
  at the line
  System.loadLibrary("sapssoext");
  Can some body please help me out how to add the downloaded dll file into java path.
  Thanks in Advance

  HIi check this Link
  Hope it will be usefull.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d0c78148-12de-2a10-27bf-960acc753aab
  Also use this link
  Single Sign-On to Non-SAP Java Applictions with SAPSSOEXTthanks
  Rewards r welcome
  Edited by: Mayank  Saxena on Sep 6, 2008 1:24 PM

• SSO from non-SAP (Webspher AS) to SAP (EP)

  Hi,
  We need to connect in SSO an WebSphere Application Server with SAP EP.
  In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
  How do I implement a SSO for my scenario?
  All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
  Best Regards.
  Diego.

  >
  Diego Garofalo wrote:
  > Hi,
  > We need to connect in SSO an WebSphere Application Server with SAP EP.
  > In practice our users will log on Corporate Portal, go to a section in which there will be a link to SAP EP (in particular access to the functionality ESS and MSS).
  > How do I implement a SSO for my scenario?
  > All the documentation I found is from SAP EP to a non-SAP application and not vice versa.
  >
  > Best Regards.
  >
  > Diego.
  Question: which kind of authentication mechanism is used when the users will log on Corporate Portal ?
  It might be a smart idea to use the same authentication mechanism also for SAP EP.
  Well, if not only SSO (Single Sign-On) but also SLO (Single Log-Off) is demanded, then you should focus on SAML 2.0 - provided that all parties do support it. NetWeaver will support SAML 2.0 with a future release, so this is only an outlook for you by now.

• SSO from non-SAP application to EP system

  Hi all,
  Is it possible to configure the Single sign-on from non-SAP application to SAP Enterprise portal?
  My requirement is
  I have a link to "Enterprise Portal" in my company's website home page. If I click on the link, it should directs to EP portal with out asking for logon.
  Please suggest, is it possible??
  Regards,
  Sujoy

  Hi Sujoy,
  SSO implementation to non-browser applications i.e non-SAP systems is possible in 3 ways which are listed .Can find useful info in the below links.
  http://help.sap.com/saphelp_nw70/helpdata/EN/12/9f244183bb8639e10000000a1550b0/frameset.htm
  among the non-browser applciation if it is an MS dotnet system then the below article will give a clear understanding of SSO implementation.
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f05ae0f0-bf93-2b10-ed9e-a7320c012841
  Regards
  Supraja

• SSO from Non-SAP portal to EP

  Hi.
  We need SSO from Non-SAP portal to EP.
  The Non-SAP Portal has publish Form-based authentification.
  I mean userid&password set to URL.
  Then the EP can generate SAP Logon ticket to backend system?
  regards,

  How to Enable Single Sign-on with Non-SAP Web Application                    
  I have very good material coollected for the same implement this.
  http://help.sap.com/saphelp_nw04/helpdata/en/12/9f244183bb8639e10000000a1550b0/content.htm                                             
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a7b5ba90-0201-0010-4dbc-8f999dcd2798                                                                                
  Cheers!!                                             
  SJ.

• "SSO" for non-sap web application using SAPGUI to browse?

  I have a web application (non SAP) and the user base are also SAP users in an ABAP system.
  To strengthen the authentication in the web app, I wanted to implement SSO 
  authentication as we pity the users for having to remember so many strong pw's and I
  dont like LDAP based pw sync or other technology I dont understand, because then we are
  just yet another application with the same pw...
  We are having technical problems implementing SSO on the web app side, and are anyway a
  bit sceptical about the user admin / role admin assignment if we get it to work.
  So I have created a transaction in SAP which browses the web app and the intention is to
  send the SAP sy-uname as the web app user. We can control this using s_tcode, and
  an own auth object on the WAS side and a check on the session type before the connection is
  established. In this sense we are dependent on the SAP concept implemented, but even so:
  The role assignment is controlled in the web app itself -> so assume that I am not overly
  worried about unauthorized access to the web application, as they would not have any
  system role for it as their sy-uname does not exist. (Infact we can monitor this)
  The browser on the front end is the SAPGUI with html controls on the SAP side.
  I would be interested in knowing whether anyone else has experience with this approach, and
  whether there are any areas to be carefull of?
  I would also like to know whether this is a strategic error?
  Kind regards,
  Julius

  Hi Julius,
  well, if that web application would run on the same ABAP backend system then the solution described in <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0612670">SAP Note 612670</a> would be applicable:
  a so-called "Re-entrance ticket" (based on the "SAP logon ticket" SSO proceedings) is issued, transported via the SAPGUI connection and back to the system via the invoked HTML control.
  But for non-SAP web applications that does not help.
  In that case only X.509 client certificates can be used for SSO. Actually, the web application could then also be invoked directly (independent from the SAPGUI session). The user is authenticated based on the X.509 client certificate - and not based on the ABAP userID (of the SAPGUI session).
  Well, if you don't mind the effort you could also use the "SAP Logon Ticket evaluation library" (sapssoext, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/0304450">SAP Note 304450</a>) to evalute the SAP logon ticket externally. You'll then need to have a "stub application" at the ABAP side that triggers the http redirect to your external web application. Not a nice solution but a possible one.
  In the future SAML browser artifacts would be an option (preferable to integrate non-SAP applications). But currently that's not available (for NWAS ABAP).
  Cheers, Wolfgang