Skip to Content
Technical Articles

SICF on PI/PO single stack : Shortening Long URLs for customers inbound.

SICF alternative on PI/PO single stack.

 

In case where customer sends us files on a dual stack, SICF is available to create service and shorten the long technical URLs with various security mechanisms.

Which means something like this

{server:port}/HttpAdapter/HttpMessageServlet?interfaceNamespace=<namespace> &interface=<interface name>&senderService=BS_Sender&qos=EO

can be made to this

{server:port}/<context-root>/<app>

without compromising on the authentication mechanism like Basic, certificate etc. in PI/PO .

The ‘test’ service in the below pic

can be accessed using

https://<server>/<service element>/test?sap-client=300

Logon is a list of Logon Procedure in that order to be followed.

However On Java stack  where we no more have such a service, the same can be achieved by using a servlet which will forward the received request to the HTTP adapter URL.

{server:port}/HttpAdapter/HttpMessageServlet?interfaceNamespace=<namespace> &interface=<interface name>&senderService=BS_Sender&qos=EO

The customer actually posts to the servlet, which then forward it to the Http Adapter. This method can be used in other scenarios as well where we need to shorten a url or don’t want the outside world to know about the  technical details.Below is the procedure:

 

Procedure:

In NWDS, create  two DCs of type WebModule & Enterprise Application in DI perspective.

Give a name for the project , here “sicf”.

 

Chose Finish

Create DC of type Enterprise Application

 

Link with the webmodule “sicf”

 

Choose Finish .

In the Project Explorer , select the Dynamic Web Project.

In the context menu, choose New → Servlet .

Throughout the wizard pages, enter the servlet settings as required.

Here we created a class named “test” in the java package “com.test”

 

To access the servlet, you need to add servlet mapping. Using this and the context-root specified in application.xml we will be able to access the URL. Each mapping represent a java class here test.java can be accessed using /test in the browser (GET method) or UI tools.

 

Here we select the doPost and doGet methods where we will write our code.

Chose Finish

 

You can see that in the project structure Servets, Its Mapping and the Java class has been created.

 

Inside test.java , the doGet & doPost needs to be implemented.

Copy paste the below code. The Get method will just print out some message. The post method will redirect the request to the Http adapter .

 

/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		PrintWriter out= response.getWriter();
		out.println("This is the GET Method ,use POST to post data ");
		
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		PrintWriter out= response.getWriter();
		
		ServletContext web1 = getServletContext();;
		ServletContext web2 = web1.getContext("/HttpAdapter");
		RequestDispatcher rd = 
		web2.getRequestDispatcher("/HttpMessageServlet?interfaceNamespace=urn:sap-com:document:sap:idoc:messages&interface=GSVERF.GSVERF01&senderService=SELFBILLING&qos=EO");
		
		rd.include(request, response);
		out.println("Response -> Inside Post method");
		out.close();
	}

Servlets can redirect client requests to other servlet and JSP components. This is done by using the “include” method of the  request  dispatcher as seen above in the doPost method.

 

 

For authentication we need to maintain web-descriptors , namely web.xml and web-j2ee-engine.xml in our application.

In web-j2ee-engine.xml, we need to enter the security mechanism to be used.

<login-module-stack> can have multiple <login-module> elements.

<?xml version="1.0" encoding="UTF-8"?>
<web-j2ee-engine xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="web-j2ee-engine.xsd">
	<spec-version>2.4</spec-version>
	<security-role-map>
 		<role-name>Everyone</role-name>
 		<server-role-name>Everyone</server-role-name>
 	</security-role-map>
  <login-module-configuration>
  	<login-module-stack>
  	<login-module>
  	<login-module-name>BasicPasswordLoginModule</login-module-name>
  	<flag>REQUIRED</flag>
  	</login-module>
  	
   	</login-module-stack>
 </login-module-configuration>
</web-j2ee-engine>

 

 

The element <login-module-name > can be found in NWA path:

NWA-> Configuration->Security->Authentication & SingleSign-On

The element <flag> can be :

 

 

In the web.xml descriptor , there is an entry for  servlet and its URL mapping

Include below code for the login mechanism after <servlet-mapping> node ends, we are using client-cert and basic. The role mapped here is the j2ee role and not PI.

<security-role>
		<description>Everyone</description>
		<role-name>Everyone</role-name>
	</security-role>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>General access restriction</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<description>EveryoneH</description>
			<role-name>Everyone</role-name>
		</auth-constraint>
		<user-data-constraint>
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>
	<login-config>
		<auth-method>BASIC,CLIENT-CERT</auth-method>
		<realm-name>test</realm-name>
	</login-config>

Multiple mechanism , If used , should be comma separated.

The sub-element auth-method configures the authentication mechanism for the web application. The element content must be either NONE, BASIC, DIGEST, FORM, or CLIENT-CERT. The realm-name element indicates the realm name to use when the basic authentication scheme is chosen for the web application.

In the EAR project create application.xml file.

 

The application.xml links the war file to the context-root that helps us give application a name.

Using the context-root our URL to access test.java is

<server>:<port>/<context-root>/<servlet-url-mapping>

i.e.

<server>:<port>/sicftesting/test

<?xml version="1.0" encoding="UTF-8"?>
<application 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://java.sun.com/xml/ns/javaee" 
xmlns:application="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5">
  <display-name>SICFTest</display-name>
  <module>
    <web>
      <web-uri>demo.sap.com~sicf.war</web-uri>
      <context-root>sicftesting</context-root>
    </web>
  </module>
</application>

Build  both the application and EAR and deploy.

 

Finally, as your application is on the server ,you  can use a browser to call the application  – the doGet method will be called. The output below is what we wrote in the doGET method.

Use tool like Postman or SoapUI to send the request/file and you will find an entry in your pimon tool.

Below is the scenario which got triggered after sending the request .

 

So ,as our HTTP adapter is itself implemented as a servlet , we create another servlet to redirect inbound requests to this adapter masking all the technical details with all the security mechanisms in place, making it easier for the partners to use and we can internally change the landscape , interfaces without the need to to communicate the change making task a lot easier.

 

Please feel free to comment , suggest and ask any questions.

Updated on 21st Dec 2018 :

Forgot to mention ,that as we have the HttpServletRequest request  &  HttpServletResponse response objects in the function call , they can be used to manipulate query or header parameters as well as the response codes .

Example:

//for all the query params 
request.getQueryString();

//username=james&password=pwd
request.getParameter("username");

 

4 Comments
You must be Logged on to comment or reply to a post.
  • nice idea 🙂

     

    I’m wondering if you can use “SAP Web dispatcher” for the same purpose ?

    Did you check it by any chance ?

     

    Best Regards,

    Michal Krawczyk

    • I am sorry. I have no idea about dispatchers( as it is with the Basis – no access).

      I have heard of URL manipulations using web dispatcher , but don’t know how effective they are with the regex and their applicability on our scenarios.

      But somehow, this point was lying in the list of challenges faced by us (PI team) when migrating to single stack.

      And it struck me 💡 to try this , which worked.

      Not sure about different security mechanism per app with the dispatchers , but here we can certainly control it  as well as create custom , if needed.