Recently, I´ve been discussing with anthony.muller about the possibility of scripting WEBI docs from within the WEBI doc itself through the use of HTML + Javascript.

I´ve been posting some samples about it. The biggest problem with this scripts was that the fact that it needed an aditional authentication or hard code the login and password.

This presents a double problem : security and creating an aditional session for the user.

Since then I´ve been strugling with the possibility of getting the logon token  from the user already logged in. I think that I finally got a solution or the  problem recovering the serialized session from the webi doc.

This is done by this a script inserted in a blank cell of a webi report which "Read As" property of the cell is set to HTML

There are, in fact, two scripts. One when the WEBI doc is opened through BI Launch PAD , and the other when it´s opened via OpenDocument.Following are both

Script 1 - When the DOC is opened through BI LaunchPad

<script>

    var serialToken = new XMLHttpRequest();

    var url =self.top.location.href;

    serialToken.open('get', url, false);

    serialToken.setRequestHeader('X-PINGARUNER', 'pingpong');

    serialToken.setRequestHeader('Content-Type', 'text/html');

    serialToken.setRequestHeader('Accept', 'text/html');

    serialToken.send();

    texto=serialToken.responseText;

    texto=texto.substr(texto.indexOf('serializedSession')+20,texto.length);

    texto=texto.substr(0,texto.indexOf('cms')-3);

    texto=texto.trim();

    seria=texto.substr(0,texto.length-2);

    seria=seria.trim()

    var logon = new XMLHttpRequest();  var url = 'http://<server>:<port>/biprws/logon/token';

    var action = 'logon/long';

    var response;

    logon.open('POST', url, false);

    logon.setRequestHeader('X-PINGARUNER', 'pingpong');

    logon.setRequestHeader('Content-Type', 'application/xml');

    logon.setRequestHeader('Accept', 'application/xml');

    seria= seria.replace(/&/g,"&amp;");

    console.log(seria)

    var bodie='<attrs xmlns="http://www.sap.com/rws/bip"> <attr name="tokenType" type="string" possibilities="token,serializedSession">serializedSession</attr> <attr name="logonToken" type="string">'+seria+'</attr></attrs>'

    logon.send(bodie);

    token= logon.responseXML.getElementsByTagName('attr')[0].innerHTML;

    token=token.replace(/&amp;/g,"&");

</script>

The logon token is stored in the variable token.

How it works :

The first HttpRequest calls a .jsp which is responsible for acessing the system and retrieving the document acessed. It will return a HTML page which contains the hard coded serializedSession. The following lines up to the next HttpRequest have the function of parsing the token from the HTML page returned.

The second HttpRequest make a call to the Rest API to get the logon token from the serialized session.

Script 2 - When using OpenDocument

<script>

debugger;

var wini = self.top.document

var txt = wini.childNodes[wini.childNodes.length-1].getElementsByTagName('script')[wini.childNodes[wini.childNodes.length--1].getElementsByTagName('script').length-1].innerHTML;

texto=txt.substr(txt.indexOf('serializedSession')+20,txt.length);

texto=texto.substr(0,texto.indexOf('cms')-3);

texto=texto.trim();

seria=texto.substr(0,texto.length-2);

seria=seria.trim()

var logon = new XMLHttpRequest();  var url = 'http://<server>:<port>/biprws/logon/token';

    var action = 'logon/long';

    var response;

    logon.open('POST', url, false);

    logon.setRequestHeader('X-PINGARUNER', 'pingpong');

    logon.setRequestHeader('Content-Type', 'application/xml');

    logon.setRequestHeader('Accept', 'application/xml');

    seria= seria.replace(/&/g,"&amp;");

    console.log(seria)

    var bodie='<attrs xmlns="http://www.sap.com/rws/bip"> <attr name="tokenType" type="string" possibilities="token,serializedSession">serializedSession</attr> <attr name="logonToken" type="string">'+seria+'</attr></attrs>'

    logon.send(bodie);

    token= logon.responseXML.getElementsByTagName('attr')[0].innerHTML;

    token=token.replace(/&amp;/g,"&");

</script>

</script>

Comments will be highly appreciated.

Regards,

Rogerio

OBS : Tahnks to scottrenaud and sing.phommavong