Skip to Content
Author's profile photo Eddy De Clercq

O Brother, Where Art Thou?

In my I am what I am web log I elaborated on a piece of code from the Honeypot Project that I demonstrated at Teched. In this web log we will go a bit further and look at another piece of essential code that assures the Honeypot server that the honeypot is valid and has not been tampered with.


This is done by sending the requested URL (back) to the server where it can be validated. Again, this looks easier than it actually is. First of all, we need to give the complete URL, which means with the host included. As described in the previous web log, no hard coding is allowed. But that isn’t the biggest issue. As you know, a BSP URL also has this infamous mangle. This cryptic part of the URL contains information about the user environment. See this excellent web log for additional info. on this matter.


The first thing that we need to tackle is the mangle. The most basic data that it should contain are the mandant and the language.


First we set the mandant


l_field-name = 'c'. 


l_field-value = sy-mandt. 


APPEND l_field TO l_fields. 


l_field has the type ihttpnvp, l_fields has the type tihttpnvp 




Then we need to set the language


l_field-name = 'l'. 




We determine the ISO value of the language. Again it can’t be hard coded since it can be determined by several factors. E.g. one can set the language in the BSP application via the node in SICF.




call function 'LANGUAGE_CODE_SAP_TO_ISO' 


EXPORTING sap_code = sy-langu 


IMPORTING iso_code = lang 


EXCEPTIONS others = 1. 




If, for some reason, we don’t find any ISO variant, we need to set it to a default.


if sy-subrc = 0. 


translate lang to lower case. 


l_field-value = lang. 




l_field-value = 'en'. 




APPEND l_field TO l_fields. 




If you want to know what the mangle will look like you can encode the table l_fields




CALL METHOD cl_http_utility=>if_http_utility~fields_to_string 




fields = l_fields 


encode = 1 




string = encoded. 




Now, we need to create the URL, based on the application name and namespace …




CALL METHOD runtime->construct_bsp_url 




in_application = runtime->application_name 


in_application_ns = runtime->application_namespace 




out_local_url = url. 




and the BSP page name


concatenate url '/' runtime->page_name into url. 




The final uri is the above url combined with the mangle info.


uri = CL_BSP_UTILITY=>CREATE_REWRITE_URL( in_url = url in_uri_tab = l_fields ). 




All that remains to be done is to retrieve the server name…


sname = request->get_header_field( '~server_name' ). 




and the port


sport = request->get_header_field( '~server_port' ). 








As you can see, from both this and my previous web log, one can achieve similar things as that from within classic environments like PHP. Maybe a bit more code is needed in order to achieve the same results, but in the end we can conclude that BSP doesn’t have limitations when it comes to more system specific functionalities.

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.