Skip to Content
Author's profile photo Vikas Singh

Storing passwords in SAP PI modules

Storing passwords in SAP PI modules.

Setting user and password inside a module is slightly different from normal adapter module parameters as the text can’t be kept in clear-text in module parameters.

Three strategies we can use:

1)  Hard coded values: Use hard-coded user id and password in the module. Not a great approach but sometimes this can be the only feasible option. The advantage of course is that there is no risk of locking the user.

2) Comm channel params starting with specific strings: Setting in comm channel as a secure parameter ( displayed as asterisk ).


Here, user can be set as a normal string parameter. For passwords, we don’t want the password to show up in clear text. Hence, password can be the following:

  • – If password parameter  starts with pwd, it’s displayed as asterisks when entered and displayed. However, the database folder is unencrypted.
  • – If password parameter starts with cryptedpassword, the database folder is encrypted. This is more secure as the database folder is encrypted.

The advantage is that the values can be configured for each system and the drawback being if the password is not correctly entered it can get locked and trying to find the comm channel which is locking the user can be time consuming.

3) Setting values in Application Properties. This  combines the best of both worlds – we’re able to configure values in each environment and as we’re configuring it in only one location, the chances of accidentally locking the user due to incorrect values is reduced.



i) for >= 7.1 environment


The values can be modified from NWA. The path is:


NWA_1.png


Configuration Management->Infrastructure->Java System Properties




Steps required to add configuration capacity.


a)  Add sap.com~tc~je~configuration~impl.jar to the module EJB project.

Path to get the client library: /usr/sap/<SID>/<instance>/j2ee/cluster/bin/services/configuration/lib/private/sap.com~tc~je~configuration~impl.jar

b) Create sap.application.global.properties file under META-INF. It’s essentially a  .properties file.

EAR_1.png

Sample content to make User modifiable and appear as clear text

## Comment for user

#? secure = false; onlinemodifiable = true

#% type = STRING;

User =

Sample content to make User modifiable and appear as asterisk when entering in NWA.

## Comment for password

#? secure = true; onlinemodifiable = true

#% type = STRING;

Password =

c) Update module code to read the property


Sample code will look something like this ( to be added in the module code )

// Obtain the JNDI context

InitialContext ctx = new InitialContext();


// access the Application-Configuration-Façade service

ApplicationPropertiesAccess appCfgProps = (ApplicationPropertiesAccess) ctx.lookup(“ApplicationConfiguration”);


java.util.Properties appProps = appCfgProps.


if (appProps == null) {

// perform error handling

}

else


{

userID = appProps.getProperty(“

password = appProps.getProperty(“Password”);

                                                                }

d) Update application deployment descriptor to indicate the library being used. Add this to application-j2ee-engine.xml .

<reference reference-type=“hard”>

    <reference-target provider-name=“sap.com”

target-type=“service”>

      tc~je~appconfiguration~api

    </reference-target>

</reference>


ii) For 7.0 environment


a) Replace


ApplicationPropertiesAccess appCfgProps;

appCfgProps = (ApplicationPropertiesAccess) ctx.lookup(“ApplicationConfiguration”);

java.util.Properties appProps = appCfgProps.getApplicationProperties();

by

ApplicationConfigHandlerFactory cfgHandler = (ApplicationConfigHandlerFactory)ctx.lookup(“ApplicationConfiguration”); 

java.util.Properties appProps = cfgHandler.getApplicationProperties();



b) Update application-j2ee-engine.xml


<reference reference-type=”hard”>

    <reference-target provider-name=”sap.com”

     target-type=”service”>

      tc~je~appconfiguration~api

    </reference-target>

</reference>

c) Update the property in Visual Admin:

Server -> services -> configuration adapter-> Runtime -> Display configuration-> Configurations -> apps -> <YOURAPP>-> appcfg -> Propertysheet  application.global.properties

d) it can be displayed in.

Analysis->Configuration

Local System->apps-> sap.com-> <YOUR APP >-> appcfg -> Propertysheet  application.global.properties

Assigned Tags

      8 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Prasad Babu Koribilli
      Prasad Babu Koribilli

      Thanks for the detailed blog.

      Regards,

      Prasad.

      Author's profile photo Jo Kr
      Jo Kr

      Hi Vikas,

      thanks for sharing this. It might be a solution in my actual project. 🙂

      best regards

      jo

      Author's profile photo Vikas Singh
      Vikas Singh
      Blog Post Author

      Glad it's useful - Cheers, Vikas

      Author's profile photo Former Member
      Former Member

      Thanks for the detailed blog.

      Author's profile photo Former Member
      Former Member

      Hi Vikas Singh,


      Thanks for the information which you provided, but i did not get user,password under properties tab in NWA (mentioned location in the blog).


      Could you please guide me to get out of this issue.


      More appreciate for your help.


      Thanks brahmaji

      Author's profile photo Vikas Singh
      Vikas Singh
      Blog Post Author

      You need to add the properties file with your EAR - sap.application.global.properties .

      Author's profile photo Former Member
      Former Member

      Thanks for your information Vikas Singh, Issue got resolved now I will get username,password in NWA.

      Author's profile photo Rajesh PS
      Rajesh PS

      Hello Vikas Singh ,

      Indeed a good blog.

      I have a question i.e. In NWA Application property is it possible to read and write the token id's at run time. Then retrieve the token id's from application property and use it in actual use case scenario.

       

      https://answers.sap.com/questions/12872081/how-to-read-and-write-oauh-access-token.html

      Please provide your valuable suggestions.

      Thanks much – Rajesh PS