Skip to Content
Author's profile photo Former Member

About Security Aspects when Using Web Services in SAP Interactive Forms by Adobe

Web Services are a very easy way to connect an interactive PDF form to an SAP backend. Web services can be used to read data and also to update the backend. Table-like data structures are supported. An important consideration if you want to use web services is to understand what is supported in terms of security.

Using the WSDL-based Data Connection

In Adobe LiveCycle Designer you can add multiple data connection which are based on WSDL files. WSDL-based data connections do not support any security means like authentication with a user name/password. This will change with Adobe LiveCycle Designer 8.2 (not covered in this blog).

My blog Using Web Services with SAP Interactive Forms by Adobe- Overview & Tips (Using Web Services with SAP Interactive Forms by Adobe- Overview & Tips) describes how to use WSDL-based data connections. Please note that the interactive PDF forms need usage rights to call web services when viewed with Adobe Reader (see the mentioned blog). Designer’s “PDF preview” does not add this usage rights so web service do not work.

The following  “issue” is often observed with secured Web Services. The WSDL is downloaded with a web browser (where the user name/password is provided) and saved to the local disc. Then a WSDL-based data connection is created with a local file. Later this scenario does not work since during runtime authentication would be required. So the recommendation is to use an URL pointing to the WSDL directly to avoid finding out later that something is not working.

Using the SOAP Object in JavaScript

If you are using JavaScript you can use the SOAP object to call web services (requires Adobe Reader or Acrobat to run). From a security perspective the advantage is that authentication on the transport level is supported but the convenient data binding concept can no longer be used. You need to create a request object in JavaScript and process the returned response manually.

All information you need can be found in the Acrobat JavaScript Scripting Reference (http://www.adobe.com/devnet/acrobat/pdfs/AcroJS.pdf). Look under “SOAP Object”. The method to use is “request” so go to the section describing this method and take a look at example 1. This example shows how to construct a request object and how to parse the return result. These examples use an URL “http://soapinterop.org/”. This has to be replaced with the name space found in the WSDL file. So there is no magic you have to look at this file. In my test it was “urn:sap-com:document:sap:soap:function:mc-style”. You also need function names and parameter names (either from the design time or found in the WSDL file).

If the web service requires basic authentication Adobe Reader will open a dialog where you can provide a user name and a password. There is a check box where Reader asks if you want to save this information. If you do so the dialog no longer appears for this server! Remember this if you encounter strange situations where you wonder where the authentication came from. I saw this multiple times.

You can avoid this dialog if you are providing the user name and password programmatically. This is shown in Example 3 under the request method. An oAuthenticator structure is created and passed to the web service as parameter.

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Chintan Virani
      Chintan Virani
      Thanks for the writeup Juergen. Is there anyway to disable the popup without hard coding the username and password in the WSDL URL being called from within Adobe form.

      Regards,
      Chintan

      Author's profile photo Former Member
      Former Member
      Blog Post Author
      I don't think so since the authentification is needed.

      Regards,
      Juergen