Additional Blogs by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Resolving SAPUI5 to SAP Gateway cross site scripting (HTTP 101) challenges with SAP webdispatcher

architectSAP
Active Contributor
‎06-15-2013 4:00 PM

I have been involved in a few SAPUI5 projects that connected to the backend (mainly to SAP ERP) via SAP Gateway. As long as the SAPUI5 runtime resides on the SAP Gateway server this works seamlessly. However once one divides them, e.g. to use the SAPUI5 Java runtime on a SAP PO J2EE server, cross site scripting issues tend to occur.

While one could resolve these issues with reverse proxies in software, e.g. Apache, or in hardware, e.g. F5 BIG-IP (both examples I have been seeing working), an alternative and much easier to configure solution is to use SAP webdispatcher.

Since release 7.20 SAP webdispatcher can be configured to connect to multiple back-ends and in case of SAP back-ends reads their configuration from the respective message servers as usual, thereby avoiding the sometimes complex rule definitions needed for other reverse proxy configurations.

And that is how simple it is:

  • Say the SAP Gateway server was gateway.your.company.com with its message server listening on port 8100 with SID G11.
  • And theSAPUI5 server is j2ee.your.company.com with its message server listening on port 8101with SID J11.
  • While the SAP webdispatcher is on webdispatcher.your.company.com listening on port 80.

Then the only configuration one will have to add to the SAP webdispatcher profile would be:

wdisp/system_conflict_resolution = 1

# to choose rule one over rule two to avoid ambiguities

wdisp/system_0 = SID=G11, MSHOST=gateway.your.company.com MSPORT=8100, SRCURL=/sap/

# to redirect requests starting with /sap/ to the gateway server

wdisp/system_1 = SID=D02, MSHOST=j2ee.your.company.com, MSPORT=8101, SRCURL=/

# to redirect request not starting with /sap/, i.e. UI5 requests, to the UI5 server

Please comment out the original profile settings for the single system connection. As a result you will see both systems in the SAP Web Administration Interface of SAP webdispatcher as well.

Finally, in the code, one would replace any direct reference to either gateway.your.company.com with its port or j2ee.your.company.com with its port with webdispatcher.your.company.com where you could omit the port in case of port 80.

And that would be it. No more 101s.
5 Comments
Popular Blog Posts