HTTP URL

Hello,
is it possible to add some attribute (for example the customer number ) to the url for Sender Plain HTTP Adapter.
thanks for help
best regards
Alex

Hi,
is it possible to add some attribute (for example the customer number ) to the url for Sender Plain HTTP Adapter.
See your own cutomer number in URL
http://<hostname:port>/<path>?<query-string>
strictly speaking not possible , but if you want specify the customer number as
party / agency like below
Sender party (optional) &party=<party>
Sender agency (optional) &agency=<agency>
Sender scheme (optional) &scheme=<scheme>
If you do not enter values for agency and scheme, the following default values are used:
agency=http://sap.com/xi/XI
scheme=XIParty
But the respective receiver should support
Regards
Chilla

Similar Messages

How to do Handshake with tired party(bank) HTTPS URL from SAP PI server

Dear Expert,
I have developed bunch of scenarios, all are synchronous ABAP proxy to HTTP_AAE with bank on PI 7.4(dual stack). Bank web server is HTTPS enabled server. Our ABAP developments are still in progress also we have few issue in connection from ECC to PI.but that is not the focus of discussion here.
we want to do the handshake to check the connectivity with bank on their HTTPS URL from PI. Bank has provided the privet key for SSL from their server and corresponding public key they have maintained on their server. I have imported the private key under NWA -> Certificates -> Key Storage -> TrustedCA->Import Entry->Entry Type->PKCS#12->select the SSL.p12 file->import , also I have selected the option to "Use SSL" in HTTP_AAE receiver communication channel and selected the corresponding entryin "keystore view" and "keystore entry". All these I have done in our DEV system, and we are trying to connect our PI dev to bank Dev server.
Questions
Is there any specific steps to do the handshake with third party HTTPS(bank in my case) server? if not, how can we just test the HTTPS connectivity by using the SSL private installed on our PI server, without running the complete scenarios. Our PI has been installed on UNIX, and "telnet https url 443" is working, as network team has opened the HTTPS port.
We have not enabled the SSL technically on our PI server, and we have not installed any generated certificate from our PI server. Moreover, we have not made our PI url as "https:hostname:port" as we just need to communicate with bank by using their private key. Do you guys think we should enable the SSL? if yes, please explain why.
What is the best practice to test the connection with third party having HTTPS URL? how can I just assure HTTPS communication is working fine, before testing my actual scenarios.
Thanks for helping always.
Regards,
Farhan

Hi Farhan,
Some part of the blog is applicable for sending HTTPS request to partners/third party (Receiver SOAP Adapter).
If banks certificates are already in trustedCA, then, can you check if it also imported under user PIISuser under Identity management in NWA. If above 2 steps are done then i think your are good to go. But be careful when you install certificate, it should be in proper order.
As you already mentioned, connectivity is already established and you are able to PIng/telnet from pi server, connectivity looks ok.
While sending request, if you are getting 401 unauthorized, below might be the reason -
1. Certificate not installed correctly or some missing steps
2. Partner or TP is not ready to receive it, some certificate issue in there side.
other than 401 means you are ok (As per certificate and Connectivity) - 403 and 500 errors are next stops.
403 - error because of encoding method.
500 - data issue.
Regards
Aashish Sinha

Hitting a HTTPS url from SAP PI

Dear All,
Please let me know how to hit a HTTPS url using plain HTTP adapter in SAP PI. I was just provided with a url and user credentials.
Regards
Koti Reddy

Hi Koti,
Please perform the HTTPS settings mentioned in the below link before you start the using.
http://scn.sap.com/docs/DOC-26145
Regards,
Naveen

Safari 5.0.5 (6533.21.1) - Lost ability to browse "https" urls, "http" fine

Bizarre occurrence in Safari for me that I was hoping someone may have come across before:
Tonight for some reason it will not accept any https url whatsoever - it produces the following error:
can't open the page <https://url> The error is: “The operation couldn't be completed. Operation not permitted” (NSPOSIXErrorDomain:1) Please choose Safari > Report Bugs to Apple, note the error number, and describe what you did before you saw this message
I've not installed anything recently or made any config changes. All I do is stay up-to-date with the software updates from Apple.
I've tried moving the app to the Trash, rebooting and then re-installing but with no luck
I tried restoring a previous version of Safari (5.0.4) from early April Time Machine version but still had the same problem. Wondering if there are files outwith the Safari App that may be the cause and not the app itself.
I have checked that my firewall and content filtering allow access - (this is the unchanged config I mention above) - and they do and am accessing this discussion site (ironically https so Safari couldn't get to it after my initial Google search) from Firefox.
I've nothing against Firefox as a browser but I was happy enough with Safari and would like to keep using it.
In trawling the web I couldn't see anything that directly matched what I was experiencing.
If anyone has any hints or tips that might help I'd be really grateful.
Thanks
Steve

Mac OS X (10.5.2) <--- your profile.
Which Mac OS X are you running?
If you haven't tried, reinstall Safari.
http://support.apple.com/kb/DL1070
Then repair disk permissions.
Launch Disk Utility. (Applications/Utilities) Select MacintoshHD in the panel on the left, select the FirstAid tab. Click: Repair Disk Permissions. When it's finished from the Menu Bar, Quit Disk Utility and restart your Mac. If you see a long list of "messages" in the permissions window, it's ok. That can be ignored. As long as you see, "Permissions Repair Complete" when it's finished... you're done. Quit Disk Utility and restart your Mac. If you see any warnings re: SUID messages, they can be safely ignored, information here: http://support.apple.com/kb/TS1448?viewlocale=en_US

Problems with SAP BC to post a request to https URL

Hello,
in a integration scenario one of our partners wants to send a xml to our server via https. 
I tried this internal with a test business connector. I simple use the WmPublic.pub.client http service. 
I try to post a record to an https:// URL and get an error. It seems that there is some trouble with the ssl handshake. However it is working in the browser. 
The option Security -> Certificates -> Trusted Certificates -> CA Certificates Directory is 'unspecified'. Therefore no server certificate should be reject. 
 
Now I got an 'iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure 
' error. I do not find any helpful entries in this forum. Did anyone solve this issue? 
 
Thank you, 
Nils 
 
error: 
2009-08-03 10:08:13 CEST iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure 
 at iaik.security.ssl.r.f(Unknown Source) 
 at iaik.security.ssl.x.b(Unknown Source) 
 at iaik.security.ssl.x.a(Unknown Source) 
 at iaik.security.ssl.r.d(Unknown Source) 
 at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) 
 at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source) 
 at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source) 
 at com.wm.net.NetURLConnection.trySSLConnect(NetURLConnection.java:691) 
 at com.wm.net.NetURLConnection.httpsConnect(NetURLConnection.java:562) 
 at com.wm.net.NetURLConnection.connect(NetURLConnection.java:171) 
 at com.wm.net.HttpURLConnection.getOutputStream(HttpURLConnection.java:419) 
 at com.wm.net.HttpContext.getOutputStream(HttpContext.java:578) 
 at com.wm.net.HttpContext.getOutputStream(HttpContext.java:554) 
 at com.wm.net.HttpContext.post(HttpContext.java:338) 
 at pub.client.http(client.java:512) 
 
SAP BC Info: 
Software 
Product webMethods Integration Server 
Version 4.6 (Standard Encryption) Release Notes 
Updates BC46_CoreFix7 
Build Number 940 + CoreFix 7 [Fixes 1-205 + SP1-3] 
SSL Standard (40-bit), Provider: IAIK 2.6 
 
Server Environment 
Java Version 1.3.1_20 (47.0) 
Java Vendor Sun Microsystems Inc. 
Java Home /usr/jdk1.3.1_20/jre 
Java VM Version 1.3.1_20-b03 
Java VM Info Java HotSpot(TM) Client VM (mixed mode) 
Classpath /usr/local/sapbc46/server/updates/BC46_CoreFix7.jar 
/usr/local/sapbc46/server/lib/server.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/java/lib/i18n.jar 
/usr/java/jre/lib/rt.jar 
/usr/local/sapbc46/server/lib/classes 
/usr/local/sapbc46/server/lib/client.jar 
/usr/local/sapbc46/server/lib/mail.jar 
/usr/local/sapbc46/server/lib/server.jar 
packages/SAP/code/classes 
packages/SAP/code/jars/static/inqmyxml.jar 
packages/SAP/code/jars/static/jARM.jar 
packages/SAP/code/jars/static/jCO.jar 
packages/SAP/code/jars/static/sapjco.jar 
packages/SAP/code/jars/static/sapxmltoolkit.jar 
packages/WmPartners/code/classes 
packages/WmWin32/code/classes 
OS Linux 
OS Platform i386 
OS Version 2.6.18.8-0.13-default 
Current User sapbc 
Working Dir /usr/local/sapbc46/server 

Ok - in this case you need to include to session based SSL setup in your flow (scenario).
The pub.security:setKeyAndChain and pub.security:clearKeyAndChain services are used to control which client certificate
the SAP BC server presents to remote servers. You need to use these services to switch between certificates and
certificate chains if you are not using aliases for remote servers.
List of services to be used:
pub.security:clearKeyAndChain
-- Associates the default key and certificate chain with the subsequent set of invoked services.
pub.security:setKeyAndChain
-- Processes a digital signature to make sure that the provided data has not been modified. The signature input is the DER encoding of the PKCS#7 SignedData object.
pub.security.pkcs7:sign
-- Creates a PKCS7 SignedData object.
pub.security.pkcs7:verify
-- Processes a digital signature to make sure that the provided data has not been modified.
pub.security.util:createMessageDigest
-- Generates a message digest for a given message.
pub.security.util:getCertificateInfo
-- Retrieves information (e.g., serial number, issuer, expiration date) from a digital certificate.
pub.security.util:loadPKCS7CertChain
-- Converts a certificate chain that is in PKCS7 format to a list (a one-dimensional array) of byte arrays.
Example:
Invoke pub.client:http to send data to Company D.
Invoke pub.security:setKeyAndChain using the key and certificate chain for Company B.
Invoke pub.client:http to send data to Company B.
Invoke pub.security:setKeyAndChain using the key and certificate chain for Company C.
Invoke pub.client:http to send data to Company C.
Invoke pub.security:clearKeyAndChain to revert back to the default key and certificate chain for Company
Au2019s server.
Invoke pub.client:http to send data to Company D.
Edited by: Kai Lerch-Baier on Aug 3, 2009 1:47 PM

Accessing BSP File Download using HTTPS URL

Hi,
I'm struggling with a problem of downloading a file from a https url. I wrote a BSP App for downloading a file from a unix server.. It works fine when I use a http URL with port 8080 and does not work when I use https.!!
Example:
https://comms.gmsanet.co.za/supplier [ download does not work ]
http://comms.gmsanet.co.za:8080/supplier [ download works ]
When I try to download using https.. it does not pull the file name and path
see code below and suggest me if anything to be chnaged.
In the Form Initialization method:
event handler fr data retrieval
DATA: i_file type string,
 s_fields TYPE tihttpnvp,
 s_fields_line TYPE ihttpnvp,
 multipart_form type ref to if_http_entity,
 file_upload type xstring,
 lv_backend type string,
 success type string,
 entity type ref to if_http_entity,
 file type xstring,
 content_type type string,
 content_filename type string,
 content_length type string,
 content_disposition type string,
 num_multiparts type i,
 i type i value 1,
 doEcho type string value 'X',
 value type string,
 filename type ZFILETAB-fileinfo,
 ext1 type string,
 ext2 type string,
 dsn type string,
 bptype like sy-uname,
 itab TYPE ZFILETAB,
 itab_line TYPE ZFILETABLINE,
 file_ext type ZFILETABLINE,
 fileinfo type c,
 zcount type i.
 filename = '/NewMessge.doc'.
 content_filename = filename.
Check the extension and assign the content type
 split filename at '.' into ext1 ext2.
 case ext2.
 when 'zip'.
 content_type = 'application/x-zip-compressed'.
 when 'doc'.
 content_type = 'application/msword'.
 when 'txt'.
 content_type = 'text/plain'.
 when 'ppt' or 'pps'.
 content_type = 'application/vnd.ms-powerpoint'.
 when 'xls' or 'exe'.
 content_type = 'application/octet-stream'.
 when 'gif'.
 content_type = 'image/gif'.
 when 'jpg' or 'jpeg'.
 content_type = 'image/pjpeg'.
 when 'htm' or 'html'.
 content_type = 'text/html'.
 endcase.
 dsn = filename.
 OPEN DATASET dsn FOR INPUT IN BINARY MODE.
 IF sy-subrc NE 0.
 zmessage = 'Error opening file'.
 navigation->set_parameter( name = 'zmessage' value = zmessage ).
 navigation->goto_page( 'downloaderror.htm' ).
 exit.
 ENDIF.
 DO.
 READ DATASET dsn INTO file.
 EXIT.
 ENDDO.
 CLOSE DATASET dsn.
set response data to be the file content
runtime->server->response->set_data( file ).
runtime->server->response->set_header_field(
 name = 'Content-Type'
 value = content_type ).
concatenate 'attachment; filename=' filename into content_disposition.
runtime->server->response->set_header_field(
 name = 'Content-Disposition'
 value = content_disposition ).
set the file size in the response
content_length = xstrlen( file ).
runtime->server->response->set_header_field(
 name = 'Content-Length'
 value = content_length ).
runtime->server->response->delete_header_field(
 name = 'Cache-Control' ).
runtime->server->response->delete_header_field(
 name = 'Expires' ).
navigation->response_complete( ).
Thanks
Ajay

Hi Brian,
I have the same problem as Ajay Yeluguri. In http mode I can generate a download of an Excel document but when we use the portal in https it doesn't work.
When I try to download using https it does not pull the file name and path and when I choose download I have a error message : "Internet Explorer cannot download from ..."
I've test the point 3.2 "... including file up/download" of the BSP application IT00 and it works fine in http and https mode. My problem is not the upload but the download. And in this application the uploaded document is opened in the Internet Explorer window but I want to generate a Save as... window to download the file.
Have you an idea what i can do to solve my problem.
Thanks
Yann

Name of .crl and .crt file missing from HTTP URL in certificate details

Hello Everyone,
I am in the process of building a 2-tier Windows Server 2012 R2 PKI. The CA name of both the offline standalone root CA and enterprise subordinate CA have spaces in it (we'll call the CA name, 'Test Lab Root CA' for point of reference).
When I submitted the certificate request for the subordinate CA to the root CA and viewed the attributes/extensions of the pending request, I noticed the HTTP URL is missing the name of the .crt and .crl file.
The AIA extension reads URL=http://test.domainname.com/pki/.crt
in the issued certificate details.
The CDP extension reads URL=http://test.domainname.com/pki/.crl
in the issued certificate details.
The AIA and CDP location HTTP URLs are configured as http://test.domainname.com/pki/<CertificateName>.crt and http://test.domainname.com/pki/<CRLNameSuffix><DeltaCRLAllowed>.crl, respectively on the
root CA.
The LDAP URL shows the .crt and .crl file name (with %20 replacing the spaces) perfectly fine. The LDAP URL is configured using variables as well. It's just the HTTP URL that is missing the name of the file altogether.
I have read about the issue where spaces are not being replaced with %20 in the URL on Windows Server 2012 and a hotfix is available for that issue. But this issue seems to be slightly different and I'm running Windows Server 2012 R2. I tried installing
the hotfix to see if it would help, but the hotfix can't install because it doesn't apply to Server 2012 R2.
I've been trying to find a technet discussion or blog article for a week to see if anyone has seen this and what the fix is, but I'm coming up empty. I only find talks about %20 not replacing the space in the name.
Does anyone have any insight to my particular issue? I don't want to issue the subordinate CA certificate until I know the HTTP URL populates the CRL and CRT file name correctly. I can get around this by typing out the name of the file (with spaces and not
%20... e.g. http://test.domainname.com/pki/Test Lab Root CA.crl) in the URL via the registry and the URL displays the name of the file (with %20 in the name) when I do another certificate request and check the attributes/extensions in the
pending request. However, I prefer to avoid manually typing out the name of the file in the registry. I'd like to use the variables if at all possible.
Any help/guidance would be greatly appreciated.
Thank you.

On Fri, 27 Mar 2015 03:42:28 +0000, Brian Komar [MVP] wrote:
You have totally messed up the URLs.
If you run certutil -getreg ca\CRLPublicationURLs and certutil -getreg ca\CACertPublicationURLs, you will see that you do not have correct use of variables when compared to the settings that follow:
The URLs should be set to the following for an offline CA:
certutil -setreg CA\CRLPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:http://test.domainname.com/pki/%%3%%8%%9.crl"
*certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://*test.domainname.com*/pki/%%1_%%3%%4.crt"*
For an issuing CA, they should be set to:
The URLs should be set to the following for an offline CA:*certutil -setreg CA\CRLPublicationURLs "65:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n6:http://test.domainname.com/pki/%%3%%8%%9.crl"*
*certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://**test.domainname.com**/pki/%%1_%%3%%4.crt"*
Just a clarification here, if you're running the above certutil commands at
the command prompt you only need single % characters in the command line.
The double % characters are only required if the commands are being run in
a batch file.
Paul Adare - FIM CM MVP

[CS3 JS SDK] Possible to Use HTTP URLs for Links?

I am attempting to use JavaScript to implement a connector from CS3 (InDesign/InCopy in my case) to our content management system. Our CMS provides an HTTP-based API. By using the HttpConnection object (from the Bridge code, see posts on "httpwebaccess library") I can access our repository using HTTP URLs and, for example, get an InDesign document or INX file (and the UI support in CS3 scripting makes it possible for me to build all the UI components I need without having to write a true plugin).
However, what I *can't* seem to do is create Link objects that use a URL, rather than a File, to access resources.
My goal is to be able to store in our repository InDesign documents that use URLs to other resources in the repository for links (e.g., to graphics and InCopy articles).
However, as far as I can tell from the scripting documentation and my own experiments, the URL property on Link is read-only in JavaScript (even though the scripting API HTML indicates it's a read/write property) and Link instances can only be constructed using File objects.
My question: have I missed some trick in the scripting API (or elsewhere) that would allow me to create links that use URLs instead of files (and having done so would InDesign resolve those URLs?)? Our repository does support WebDAV, so that might be an option, but it would depend on mounting WebDAV services in consistent places on client machines, which is dicey at best, given the weak nature of the WebDAV clients on both Windows and OS X).
Or are my only options to either copy linked resources to the client's local file system (or a shared network drive) or implement a plugin that implements my desired behavior for links?
And if the answer is a plugin, will that even work?
This is in the context of CS3. Has the Link mechanism changed at all in CS4 such that I could do what I want in CS4 where I cannot in CS3?
Thanks,
Eliot

Hi,
It is not possible to use HTTP URLS in CS3. You will have to create a plug-in to use Custom Data Links.
I think it is possible to use HTTP URLs in CS4 as per the User Guide.
Regards,
Anderson

Call http url in Abap - Should not open Browser

Hi Friends,
I have a requirement where i need to check whether a perticular http service is running or not. For that i need a some code to call http url from abap and it should not open the browser. If that perticular url is not found or time out then i should know that in program...
Is there any way to do that..

just run the following url (after changing the values for host,etc) from browser
http://<abaphost>.<domain>.com:<port>/sap/public/ping
to get the values for http://<abaphost>.<domain>.com:<port> just go to transaction se80 and choose bsp application option and choose any existing bsp application and then doubl click on a page. on the right side click on the attributes tab and at the end you can find the url
Regards
Raja

How to encrypt UserID and Password in HTTP url

Hello experts,
We want to encrypt UserID and Password which has used in http URL in SAP PI 7.1.
As we have used SOAP adapter with Transport Protocol HTTP for sender server.
Kindly help us on it.
Regards,
Poonam.

Hi,
please go through below blog,
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b04408cc-f10e-2c10-b5b7-af11026b2393?QuickLink=index&overridelayout=true
please go through below threads,
SOAP Envelope with user id password
Soap ---to ----file scenario
regards,
ganesh.

How to download video files using http urls through OSB

Hi all,
I am working on a requirement where I need to download the video using http url of that video through OSB. Is it possible to convert the video files hosted in a server into base64 code using OSB ? Kindly help me on this.
Thanks
Edited by: 887737 on Jul 25, 2012 3:26 AM

Hi,
I believe you can get the video file using file transport and then convert it into base64 using a java call out...
This may help...
https://blogs.oracle.com/ateamsoab2b/entry/an_example_of_how_to
Cheers,
Vlad

SOAP receiver channel with https url

Hi All,
We are working on SAP PO 7.4. We have RFC to SOAP scenario. To connect with external target system we are using https url.
We don't have any sign, encrypt requirement, do we still need to maintain certificates in Key Store as we are using https?
Thanks
Shivi

No.you don't have to select that option.
But you have to install the certificates.
Below one can help you.
How to Enable SSL certificate at the receiver SOAP Adapter

Can any body help me in reading from HTTPS URL

I need to read an HTTPS URL and store the response within a table .
How will I manage to do it from within a servlet using URLConnection and openStream as it does'nt work .
How will JSSE help in this regard .
Since I also need to give the userid and password to get into the file and read the file
https://anyhost.com/readthisfile.html
somnath
Web Developer

Hi,
The Java Secure Socket Extension (JSSE) library from Sun Microsystems lets you access a secure Web server from behind a firewall via
proxy tunneling. To do this, the JSSE application needs to set the https.ProxyHost and https.ProxyPort system properties. The
tunneling code in JSSE checks for "HTTP 1.0" in the proxy's response. If your proxy, like many, returns "HTTP 1.1", you will get an
IOException. In this case, you need to implement your own HTTPS tunneling protocol.
In this article, I will show you how to create a secure socket that tunnels through the firewall, and pass it to the HTTPS stream handler to
open HTTPS URLs using the URLConnection class.
Open the http tunnel socket to the proxy
The first step to creating your secure socket is to open the tunneling socket to the proxy port. The code needed to do this proxy
handshaking can be found in the sample code SSLClientSocketWithTunneling.java that comes with the JSSE distribution. First, a normal socket is created that connects to
the proxy port on the proxy host (line 65). After the socket is created, it is passed to the doTunnelHandshake() method where the proxy's tunneling protocol is called:
54 SSLSocketFactory factory =
55 (SSLSocketFactory)SSLSocketFactory.getDefault();
56
57 /*
58 * Set up a socket to do tunneling through the proxy.
59 * Start it off as a regular socket, then layer SSL
60 * over the top of it.
61 */
62 tunnelHost = System.getProperty("https.proxyHost");
63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
64
65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
66 doTunnelHandshake(tunnel, host, port);
In doTunnelHandshake(), an http "CONNECT" command is sent to the proxy, with the secure site's hostname and port number as the parameters (line 161). In the original
tunneling code on line 206 in JSSE, it then checks for "HTTP/1.0 200" in the proxy's reply. If your organization's proxy replies with "HTTP 1.1", an IOException will be
thrown. To get around this, the code here checks for the reply "200 Connection Established", which indicates that tunneling is successful (line 207). You can modify the
code to check for the expected corresponding response from your proxy:
139 private void doTunnelHandshake(Socket tunnel, String host, int port)
140 throws IOException
141 {
142 OutputStream out = tunnel.getOutputStream();
143 String msg = "CONNECT " + host + ":" + port + " HTTP/1.0\n"
144 + "User-Agent: "
145 + sun.net.www.protocol.http.HttpURLConnection.userAgent
146 + "\r\n\r\n";
147 byte b[];
148 try {
149 /*
150 * We really do want ASCII7 -- the http protocol doesn't change
151 * with locale.
152 */
153 b = msg.getBytes("ASCII7");
154 } catch (UnsupportedEncodingException ignored) {
155 /*
156 * If ASCII7 isn't there, something serious is wrong, but
157 * Paranoia Is Good (tm)
158 */
159 b = msg.getBytes();
160 }
161 out.write(b);
162 out.flush();
163
164 /*
165 * We need to store the reply so we can create a detailed
166 * error message to the user.
167 */
168 byte reply[] = new byte[200];
169 int replyLen = 0;
170 int newlinesSeen = 0;
171 boolean headerDone = false; /* Done on first newline */
172
173 InputStream in = tunnel.getInputStream();
174 boolean error = false;
175
176 while (newlinesSeen < 2) {
177 int i = in.read();
178 if (i < 0) {
179 throw new IOException("Unexpected EOF from proxy");
180 }
181 if (i == '\n') {
182 headerDone = true;
183 ++newlinesSeen;
184 } else if (i != '\r') {
185 newlinesSeen = 0;
186 if (!headerDone && replyLen < reply.length) {
187 reply[replyLen++] = (byte) i;
188 }
189 }
190 }
191
192 /*
193 * Converting the byte array to a string is slightly wasteful
194 * in the case where the connection was successful, but it's
195 * insignificant compared to the network overhead.
196 */
197 String replyStr;
198 try {
199 replyStr = new String(reply, 0, replyLen, "ASCII7");
200 } catch (UnsupportedEncodingException ignored) {
201 replyStr = new String(reply, 0, replyLen);
202 }
203
204 /* We check for Connection Established because our proxy returns
205 * HTTP/1.1 instead of 1.0 */
206 //if (!replyStr.startsWith("HTTP/1.0 200")) {
207 if(replyStr.toLowerCase().indexOf(
208 "200 connection established") == -1){
209 throw new IOException("Unable to tunnel through "
210 + tunnelHost + ":" + tunnelPort
211 + ". Proxy returns \"" + replyStr + "\"");
212 }
213
214 /* tunneling Handshake was successful! */
215 }
Overlay http tunnel socket with SSL socket
After you have successfully created the tunneling socket, you overlay it with the SSL socket. Again, this is not difficult to do:
54 SSLSocketFactory factory =
55 (SSLSocketFactory)SSLSocketFactory.getDefault();
56
57 /*
58 * Set up a socket to do tunneling through the proxy.
59 * Start it off as a regular socket, then layer SSL
60 * over the top of it.
61 */
62 tunnelHost = System.getProperty("https.proxyHost");
63 tunnelPort = Integer.getInteger("https.proxyPort").intValue();
64
65 Socket tunnel = new Socket(tunnelHost, tunnelPort);
66 doTunnelHandshake(tunnel, host, port);
67
68 /*
69 * Ok, let's overlay the tunnel socket with SSL.
70 */
71 SSLSocket socket =
72 (SSLSocket)factory.createSocket(tunnel, host, port, true);
73
74 /*
75 * register a callback for handshaking completion event
76 */
77 socket.addHandshakeCompletedListener(
78 new HandshakeCompletedListener() {
79 public void handshakeCompleted(
80 HandshakeCompletedEvent event) {
81 System.out.println("Handshake finished!");
82 System.out.println(
83 "\t CipherSuite:" + event.getCipherSuite());
84 System.out.println(
85 "\t SessionId " + event.getSession());
86 System.out.println(
87 "\t PeerHost " + event.getSession().getPeerHost());
88 }
89 }
90 );
The code had called the SSLSocketFactory's getDefault() method earlier to get an instance of the SSLSocketFactory (line 54, repeated above). Next, it passes the
tunneling socket that was created in the previous step to the createSocket() method of the SSLSocketFactory. The createSocket() method returns an SSLSocket that is
connected to the destination host and port via the proxy tunnel. You can optionally add a HandshakeCompletedListener to the socket if you wish to be informed when the
SSL handshaking is completed.
The SSLSocket created is basically ready for use to transfer secure contents. The startHandshake() method is called to start the SSL handshaking (line 98). After which, you
can issue the http "GET" command to retrieve the secure pages (line 105):
91
92 /*
93 * send http request
94 *
95 * See SSLSocketClient.java for more information about why
96 * there is a forced handshake here when using PrintWriters.
97 */
98 socket.startHandshake();
99
100 PrintWriter out = new PrintWriter(
101 new BufferedWriter(
102 new OutputStreamWriter(
103 socket.getOutputStream())));
104
105 out.println("GET http://www.verisign.com/index.html HTTP/1.0");
106 out.println();
107 out.flush();
However, issuing http commands to the tunneling SSL socket to access Webpages is not ideal because it would mean having to rewrite the whole http protocol handler from
scratch. Instead, you should use the HTTPS URL APIs that the JSSE already includes for that purpose. To do this, you have to pass the tunneling SSL socket to the HTTPS URL
stream handler.
Pass SSL socket to HTTPS URL stream handler
The JSSE library has an HttpsURLConnection class that is in the com.sun.net.ssl package, which extends the java.net.URLConnection class. An HttpsURLConnection object
is returned by the URL object's openConnection() method when "HTTPS" is specified as the protocol. The HttpsURLConnection class has a method, setSSLSocketFactory(),
that lets you set an SSLSocketFactory of your choice. To pass the tunneling SSL socket to the HTTPS URL stream handler, you would set the setSSLSocketFactory()
method's parameter with a socket factory that returns the tunneling SSL socket that you created previously.
To do this, you would wrap the code discussed previously in an SSLTunnelSocketFactory class that extends from the SSLSocketFactory class. The SSLSocketFactory is an
abstract class. To extend it, you must implement the createSocket() method to return the tunneling SSL socket that you created earlier:
12 public SSLTunnelSocketFactory(String proxyhost, String proxyport){
13 tunnelHost = proxyhost;
14 tunnelPort = Integer.parseInt(proxyport);
15 dfactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
16 }
44 public Socket createSocket(Socket s, String host, int port,
45 boolean autoClose)
46 throws IOException,UnknownHostException
47 {
48
49 Socket tunnel = new Socket(tunnelHost,tunnelPort);
50
51 doTunnelHandshake(tunnel,host,port);
52
53 SSLSocket result = (SSLSocket)dfactory.createSocket(
54 tunnel,host,port,autoClose);
55
56 result.addHandshakeCompletedListener(
57 new HandshakeCompletedListener() {
58 public void handshakeCompleted(HandshakeCompletedEvent event) {
59 System.out.println("Handshake finished!");
60 System.out.println(
61 "\t CipherSuite:" + event.getCipherSuite());
62 System.out.println(
63 "\t SessionId " + event.getSession());
64 System.out.println(
65 "\t PeerHost " + event.getSession().getPeerHost());
66 }
67 }
68 );
69
70 result.startHandshake();
71
72 return result;
73 }
Notice that the SSLTunnelSocketFactory contains a default SSLSocketFactory object. The default SSLSocketFactory object can be instantiated from a call to the static
method getDefault() (line 15). You need this SSLSocketFactory object to overlay the tunnel socket with the SSL socket, as discussed earlier. You also call the default
object's getDefaultCipherSuites() and getSupportedCipherSuites() methods when implementing the corresponding abstract methods of the SSLSocketFactory super
class. For implementation details, please refer to the complete source code for the SSLTunnelSocketFactory in Resources.
Tunnel through the proxy via URLConnection
To tunnel through the proxy via URLConnection in your JSSE application, after you call the openConnection() method, check if the returned object is that of the
HttpsURLConnection. If so, you instantiate your SSLTunnelSocketFactory object and set it in the setSSLSocketFactory() method (lines 22 through 25):
10 public class URLTunnelReader {
11 private final static String proxyHost = "proxy.sg.ibm.com";
12 private final static String proxyPort = "80";
13
14 public static void main(String[] args) throws Exception {
15 System.setProperty("java.protocol.handler.pkgs",
16 "com.sun.net.ssl.internal.www.protocol");
17 //System.setProperty("https.proxyHost",proxyHost);
18 //System.setProperty("https.proxyPort",proxyPort);
19
20 URL verisign = new URL("https://www.verisign.com");
21 URLConnection urlc = verisign.openConnection(); //from secure site
22 if(urlc instanceof com.sun.net.ssl.HttpsURLConnection){
23 ((com.sun.net.ssl.HttpsURLConnection)urlc).setSSLSocketFactory
24 (new SSLTunnelSocketFactory(proxyHost,proxyPort));
25 }
26
27 BufferedReader in = new BufferedReader(
28 new InputStreamReader(
29 urlc.getInputStream()));
30
31 String inputLine;
32
33 while ((inputLine = in.readLine()) != null)
34 System.out.println(inputLine);
35
36 in.close();
37 }
38 }
You can then access the HTTPS URLs using the APIs provided by the URLConnection class. You don't need to worry about the format of the http GET and POST commands,
which you would if you used the SSL Socket APIs.
The complete source code for the SSLTunnelSocketFactory and the application code that connects to a secure URL using proxy tunneling is included in Resources. To
compile and run the application, you would need to download and install Sun's JSSE from its Website, also listed in Resources.
Conclusion
If your JSSE application could not tunnel through your organization's firewall, you need to implement your own tunneling socket. The sample code included with the JSSE
distribution shows you how to open an SSL socket tunnel. This article goes one step further to show you how to pass the tunneling socket to the HTTPS URL stream handler,
and saves you the trouble of rewriting a http handler
I hope this will help you.
Thanks
Bakrudeen

Encrypting authentication details - HTTP URL Connection

Hi,
We have a Java application which retreives HTML content from intranet page using HTTPURLConnection, displays the portion of the content. The site to which we are connecting using HTTPURLConnection requires baisc user authentication and we are passing the user name and passowrd using BASE 64 encoding in the request header. Now this intranet site is going to be hosted externally. Just wanted to know the different options on how to send the user name and password in ecnrypted format.Is the recommendation is just to enable HTTPS for that site and pass user name and password using HTTP URL Connection API? Or are there any other options? Appreciate any inputs.
Thanks.

http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html

Expose an FM or RFC as an http url (invoke FM by opening url in browser)

Hi,
We have a function module e.g. Z_PROCESS_ORDERS, it does not have any import parameters, and there are no export parameters. the FM basically performs some action in SAP. e.g inserting a value a ztable.
is it possible to invoke this FM over the internet url.
I am not speaking about webservice.
I am talking about a plain http url. something like: http://sapserver:xxxx/blahblah/Z_PROCESS_ORDERS/xyz/something
if anyone clicks or opens this url in Internet explorer, the FM should be invoked in sap.
i searched on sdn, and found that webservice is an option, but to invoke it we need a webservice client or consumer proxy.
but my end user doesnot have that, and he wants just a IE link (http link) to invoke this function.
let us know webdynpro abap could serve this purpose.
thanks in advance,
Madhu_1980

the browser window should be closed
you can use an exit plug in your WDA App and provide a little javascript in the SICF-node of your app, that closes the window
or should display a message "the FM is invoked, you can close this window"
Simply use a TextView UIElement on your default view
Kind regards
Andreas

Accessing https url EBS R12.1.3 leads to "Internet Explorer cannot display the webpage"

Hi all,
DB:11.2.0.3.0
EBS:12.1.3
O/S:Solaris SPARC 64 bits
I.E Browser: 9.0
Problem Description
Cloned target database TEST1 from source database TEST2 RMAN full backup. But on accessing https url EBS R12.1.3 leads to "Internet Explorer cannot display the webpage"?
Autoconfig completes successfully on both DB and Apps Tier and have also ran ojspcompile but still the same issue.
$ perl ojspCompile.pl --compile --flush -p 2
logfile set: /t000/test1/inst/apps/TEST1_Hostname/logs/appl/rgf/ojsp/ojsp
starting...(compiling all)
using 10i internal ojsp ver: 10
synchronizing dependency file:
loading deplist...8095
enumerating jsps...8095
updating dependency...0
initializing compilation:
eliminating children...6024 (-2071)
translating and compiling:
translating jsps...6024/6024 in 7m50s
compiling jsps...6024/6024 in 35m17s
Finished!
Bounced the services there after still the same issue. Could anyone please share the fix if encountered such an issue before.
Thanks for your time,
user10088255

Apache logs have the below entry:
[Sun Oct 27 02:30:11 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 02:30:11 2013] [notice] Accept mutex: fcntl (Default: fcntl)
[Sun Oct 27 03:03:02 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 03:03:02 2013] [notice] Accept mutex: fcntl (Default: fcntl)
[Sun Oct 27 04:04:59 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 04:04:59 2013] [notice] Accept mutex: fcntl (Default: fcntl)
[Sun Oct 27 04:29:54 2013] [notice] configured -- resuming normal operations
[Sun Oct 27 04:29:54 2013] [notice] Accept mutex: fcntl (Default: fcntl)

HTTP URL

Similar Messages

Maybe you are looking for