Using the URL-iView in SAP Enterprise Portal
In this article, I’m going to review some of the abilities and limitations of the URL-iView when used in combination with the Portal.
This e-blog post is aimed at developers and users who have a basic understanding and knowledge of Portal navigation.
URL-iView is somewhat different from other iViews: its sole purpose is performing a redirect to the specified URL.
At first glance – an easy operation, but due to the way in which the portal handles navigation and iView integration, some problems may arise. I will explain the technical details and the solutions which are provided in order to overcome them.
A guide for creating URL-iViews is in SAP note 1936087 – How to create a URL iView on NW EP?.
Typical user scenarios:
- The user wants to display external content or a part of another website inside their portal.
- The user wants to open the external content in a pop-up window.
URL-iView behind the scenes:
Firstly, we need to understand how the portal embeds iViews inside itself. In general, URL-isolated iViews are rendered in an iframe,
which is located in the content area of the portal. This is done by a mechanism which sets the “src” attribute of the iframe element to be the direct launch URL of the required iView.
When requesting the URL-iView via the direct launch URL, the server response includes the “redirect” header with the “target-url” of that URL-iView as a value. That header instructs the browser to perform a redirection to the “target-url”.
The crucial point is that the browser redirects only the iframe which contains the request for the URL-iView and not the whole window.
So, what could go wrong?
Since the URL-iView must be URL-isolated, its content is rendered in an IFrame. This approach may cause the following problems:
- Many websites are designed to prevent the possibility of being rendered in other websites. This approach stems from both security and proprietary concerns. From a security perspective, the ability to present a website or a portion of it inside another website opens a gateway to all kinds of threats such as click-jacking.Since the standard way of embedding foreign URL content is through the iframe element, a website to be configured to prevent the display of its content in an iframe. Website developers can also use the “X-Frame-Options:DENY” response header to prevent attempts to load a page in an iframe from other websites.
- Scripts of the target website may perform some actions based on the fact that they are defined in the topmost document. If this kind of script is running in an iframe it might break or be blocked by the browser security policy since it is in violation of the Same Origin restrictions.
We have seen that rendering external content in an iframe might be problematic; therefore the only safe way (for most scenarios) to do it is by opening the desired “target-url” in a separate window.
The practical solution is to make the portal launch the direct launch URL of the URL-iView in a new window. In that way, the new window won’t have any iframes. When getting the response from the server, it will instantly redirect itself to the “target-url” as if the target URL was typed by the user in the browser address bar.
There are two main methods you can use to navigate to a URL-iView (and to iViews in general). To Prevent issues when running
the URL-iView, the configuration you’ll need will vary slightly, according to the method you choose:
- Navigation by TLN, DTN, Bread crumbs, Related Links:
To achieve the portal equivalent of window.open method, set the “Launch in New Window” property of an iView to “Display in Separate Window” (Navigation Mode = 1).
By doing so (and after applying all the relevant SAP notes), you configure the portal to launch the URL-iView in a new window whose target is the direct launch URL of the requested URL-iView.
The current SAP notes which explain how to troubleshoot this feature are:
2. Navigation using the Portal Navigation API:
- If you have links to URL-iViews which use a Navigation API such as EPCM.doNavigate and you want to launch a URL-iView as described in this section, then do the following:
- Set the value of the “mode” parameter to 1.
- Set the “target” parameter as the direct-launch-URL of the requested iView.
For example, the following call is specified:
The direct-launch-URL can be constructed from the iView PCD location:
Let’s say that the PCD location of your iView is “pcd:portal_content/some_role/myURLiView“.
First, you replace each “:” with “!3a” and each “/” with “!2f”. Now you get:
pcd!3aportal_content!2f some_role!2f myURLiView
You add the prefix:
So that the final result is the direct-launch-URL:
By setting mode=1, you configure the portal to open a new window, and by setting the target to the direct launch URL, you ensure that the new window redirects properly as needed.
b. Navigation using the Navigation Tag Library:
If you are using the Navigation Tag Library to create links via JSP, then bear in mind the following:
When creating a link using the navNodeAnchor tag, set the navigationMethod to “byURL” and not “byEPCM”, and, of
course, set the navigationMode to 1. This will ensure that the direct launch URL of the URL-iView will be used in the navigation to the new window.
So the code should look like this:
<nav:navNodeAnchor navigationMethod=”byURL” navigationMode=”1“/>