Search This Blog

Tuesday, August 23, 2011

SAP Note 1120760 - Security note: Missing authorization check for Web services

Symptom
For Web services (service interfaces), the authorization check against the authorization object S_SERVICE is not executed for the provider in the security log (part of the SOAP runtime).


Other terms
 SOAP, Simple Object Access Protocol, security log, WSSEC, S_SERVICE, RBAM, AUTHORITY-CHECK, Web service


Reason and Prerequisites
 Reason:
This problem is caused by a programming error in the method CL_WS_SECURITY_PROTOCOL->IF_SOAP_SECURITY_HELPER~CHECK_AFTER_DESERIALIZATION.

Prerequisite for the error:
  • The system is not an SAP Business ByDesign system or
  • the Web service to be checked was generated using the inside-out approach (not modelled using the ESR outside-in approach) or
  • the Web service to be checked is NWA-SI (= http://sap.com/xi/BASIS MBeanAccessInbound).

Solution
 Implement the correction instructions or import the Support Package.



Affected Releases
Software
Component
Release
From
Release
To
Release
And
subsequent
SAP_BASIS
71
710
710
 

Correction delivered in Support Package
Support
Packages
Release
Package
Name
SAP_BASIS
710

Corrections Instructions
Correction
Instruction
Valid
from
Valid
to
Software
Component
Last
Modifcation
710
710
SAP_BASIS
02.01.2008  13:59:32

Posted by at

1 comment:

  1. davidApril 20, 2019 at 2:17 AM

    Nice and interesting information and informative too.Can you please let me know the good attraction places we can visit: Security Services in Thane

    ReplyDelete

Subscribe to: Post Comments (Atom)