Security about OData services

Dear All,
how much secure about accessing business data with OData?
I Have seen that any one can access OData services by changing URL parameters from cache . In this case is there any option to secure business data other than authorization check for each service in back end ECC?
THanks,
kiran.

Hi,
Have a look at the Shared Services Import/Export utility, it should be in :-
\Hyperion\common\utilities\CSSImportExportUtility
Cheers
John

Similar Messages

SL5 client accessing an secured (HTTPS) Odata service

I have a SL5 client that is hosted on Windows Azure.
I have some OData WCF services that work perfectly fine. Calling the odata services from the SL5 client works fine both running locally and remotely on Azure. The problem is https. I've uploaded the bought certificate and I can call the odata wcf services
secure by using https from Fiddler2 and it gets the proper results.
When I run the SL5 client locally in my VS2012 environment it also works fine calling the https endpoint. After deployment to Windows Azure the client stops working and the calls to the https endpoints don't work anymore :-(
anybody has a clue?

hi RiccardoBecker,
Thanks for posting!
Base on my experience, when hosted WCF service on windows azure, we could use Service Bus (http://msdn.microsoft.com/en-us/library/windowsazure/ee173579.aspx )to access
it on client side in intranet or internet. So if you used in intranet, I suggest you could create service bus to access it. Or if you use internet, I suggest you check your endpoint address setting. You need use your cloud address to access
wcf service on client side. You could download those code sample (http://code.msdn.microsoft.com/windowsazure/CSAzureWCFServices-20c7d9c5 &
http://www.codeproject.com/Articles/188464/Host-WCF-Services-in-an-Azure-Worker-Role ) and try it.
Any question, please let me know.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

Getting Error while accessing the data using odata service

Hi All,
Iam new to SAP FIORI.
Iam getting the below error while accessing the data using odata service.
"Failed to load resource: the server responded with a status of 404 (Not found)"
"No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin "
i have tried all the solutions like changing the url pattern "proxy/htttp".
and disabled - security in chrome (Chrome is Updated version).
i tried with IE still got the same problem.
And installed all the required software in eclipse
While installing GWPA plugin i got the following error.
let me know if any one have idea.
Thanks in advance.

> Do you want to add and/or update the data in the already existing tables or do you want to replace the content completely?
>
> so in that way :
> bot the options are fine what ever take less time.
Sorry mate, but YOU have to know what you want here.
I gave you an easy to follow set of steps.
As you don't seam to mind the outcome, just might just use them...
> I wanted to know weathe i can use the loadercli for thie export import or not? if yes then is there any new steps to do before i do the export import?
We had this discussion before...
>
> For that the easiest option would be just to drop the tables of SAPR3 and run the import again.
>
> For ease of use you could also just do:
> - logon as superdba
> - drop user SAPR3
> - create user SAPR3 password SOMEPW not exclusive dba
>
> After these steps you can easily pump the data into the database again.
>
> So here in th above given steps , i am creating a new SAPR3 user and why it is not exclusive dba ?
> i already have that user SAPR3 can i use the same.
Yes, you do have the SAPR3 user.
But you don't seem to like to read documentation or learn about how the tools work or anything like that.
Therefore I gave you s simple way to reach your goal.
Of course it's possible to reuse the user.
But then you would have to deal with already existing tables, already existing data etc.
You don't seem to be able to do that. So, the easy steps might be better suited for your needs.
regards,
Lars

SOAP Header Security in Oracle Service Bus

Currently we are in the process of implementing the SOAP Header Security through Oracle Service Bus. We have a requirement that BPEL need to call a external web service. That web service will be registered in OSB. While making the call, the OSB need to add the SOAP security header(user name & Pwd) in proxy service before forwarding the request to business service. Can you please help me find some information about that.

Hi Manoj,
The request payload which is going to the target is
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
</soap:Header>
<soapenv:Body>
<man:GetDefaultRechargeValuesRequest xmlns:man="http://www.NII.com/ManagePrepaidRecharge/workflow/ManagePrepaidRecharge">string</man:GetDefaultRechargeValuesRequest>
</soapenv:Body>
</soapenv:Envelope>
whereas the target expects the soap header populated. the payload expected by the target is
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<gsa:Authentication xmlns:gsa="http://www.nextel.com.br/Wbs/Gsa">
<gsa:Account>test</gsa:Account>
<gsa:Password>test</gsa:Password>
<gsa:Guid>f65748e63b01</gsa:Guid>
</gsa:Authentication>
</soap:Header>
<soapenv:Body>
<man:GetDefaultRechargeValuesRequest xmlns:man="http://www.NII.com/ManagePrepaidRecharge/workflow/ManagePrepaidRecharge">string</man:GetDefaultRechargeValuesRequest>
</soapenv:Body>
</soapenv:Envelope>
The Problem now is, when i call a business service(WSDL of the target) from a proxy service and when i set the above expression to the $header using replace action in the proxy service itself, the above expression,instead of going as a request to the business service, it is populated in the response.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<gsa:Authentication xmlns:gsa="http://www.nextel.com.br/Wbs/Gsa">
<gsa:Account>test</gsa:Account>
<gsa:Password>test</gsa:Password>
<gsa:Guid>f65748e63b01</gsa:Guid>
</gsa:Authentication>
</soap:Header>
<soapenv:Body>
<ns0:GetDefaultRechargeValuesResponse xmlns:ns0="http://www.NII.com/ManagePrepaidRecharge/workflow/ManagePrepaidRecharge">
<ns0:StandardHeaderBlock>
<ns2:ServiceState xmlns:ns2="http://xmlns.oracle.com/apps/StandardHeaderBlock">
<ns2:errorCode>SOA_ERR_TARGET_SYSTEM_FAILURE</ns2:errorCode>
<ns2:errorDesc>
OSB Service Callout action received an error response
</ns2:errorDesc>
</ns2:ServiceState>
</ns0:StandardHeaderBlock>
</ns0:GetDefaultRechargeValuesResponse>
</soapenv:Body>
</soapenv:Envelope>
Since the authentication details are not reaching the target, it is giving a target system failure. Can you suggest a remedy to this please.

How to use Alias name in OData service in SAP HANA

Hi,
     I need to change one column name with alias of another name in odata service definition or odata url running in rest client. I am trying to give alias name with as key in the service definition like sql query.
ex:
There is one table with column name of PRODUCT_ID. I exporting that table via odata service to SAP UI. In the UI i dont want the product id column as PRODUCT_ID. It should be ike "Prodcut". Like we are using in SQL example
select "PRODUCT_ID" as "Product" from "producttab";
But i can't use as key for alias name. So i am getting syntax error.
I have tried in rest client also ie executing odata file in rest based service. But i got error only.
If anyone knows about this alias name in odata service, Please help me to resolve this issue..

Hi Thomas
     Thanks for your reply.
     Actually in odata service definition i am using attribute and calculation views only. But in some case from the model view itself i need to use some alias names to the UI through odata service.
     For example in attribute view i have some columns with name col1,col2... I am getting those columns in UI using odata service, for particular col2 column i need to change column name as product. And i am using the same view as source of another odata service in that service i need to change that column name as productname.
     In that case i need alias name usage. So that only i am searching alias keyword in odata service.
     Is there any possibility to use alias names in odata service.

How to deploy an WCF OData Service in windows azure

I am having a WCF OData service in visual studio which i need to deploy in windows azure for accessing in IPad app.
thanks in advance

Hi Pilid,
Thanks for posting!
About this issue, I suggest you could refer to those documents:
OData Team Blog:Deploying an OData Service in Windows Azure
Docs and code sample :Windows Azure WCF Data Service
Please try it.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

How to expose odata service for input parameter based procedure.

i have created one procedure in my schema.
CREATE PROCEDURE TEST
(in id varchar) AS
BEGIN
SELECT * FROM "table" WHERE "ID" = :id;
END;
and i am able to call the procedure from console.
CALL "schema"."TEST"('1')
my question is how to expose this procedure as odata service.
is there any way to do it. ???

hello Avinash. this is where i stuck in my code. i dont know how to wrap procedure in calculation view..
My procedure code is below.
create procedure "Get_User_for_Project"(in PROJECT_ID VARCHAR(255), out OUTPUT_TABLE "schema"."test_table")
language SQLSCRIPT sql security definer as
BEGIN
truncate table "schema"."test_table";
OUTPUT_TABLE = SELECT "ID", "FIRST_NAME", "LAST_NAME" FROM "schema"."U_USER" WHERE "ID" IN (SELECT "USER_ID" FROM "schema"."U_USER_PROJECT" WHERE "PROJECT_ID" = :PROJECT_ID);
END;
my procedure is working fine. i just need help to wrap in calculation view with input parameter.

Security in Web services

I am new to web services so please pardon me if what I am asking is really dumb.....
I have created a simple PL/SQL web service using JDeveloper that I have published to an installation of 9iAS. My client is calling this URL directly passing the parameters in the URL and getting the SOAP message back. Everything works great.
Now I need to secure this somehow. This is an internal application, so I am not terribly concerned with security, but we do need something that will prevent somebody who stumbles across this URL to start using it.
I have read a lot of documentation on securing web services, but it all seems to be around creating clients, but I don't want a client, I just want to be able to call the URL directly from external systems programmatically.
One option is obviously to pass username / pw in as parameters and then validate this in PL/SQL, but this is obviously not very secure.
Another things I was thinking was to use the owa_util.get_cgi_env('REMOTE_ADDR') inside by PL?SQL function to get the IP Address of the client calling and then validate this to make sure this client is allowed to access the web service. This function returns ORA-06502. Does anybody know anything about how to get the IP address of the client calling? I know there are ways to limit access to certain IP addresses on the web server level, but this server is used for other things so I don’t want to do that.
Is there anything else I can do to secure a web service like this?
Any help is appreciated.

More reading and code sample (see end of this post) of what is coming and what is possible today:
http://www.oracle.com/oramag/oracle/02-jul/index.html?o42special_web.html
http://otn.oracle.com/oramag/webcolumns/2003/techarticles/smith_wss.html
This article from Vipin Samar gives the state of WS-Security pretty accurately:
http://otn.oracle.com/tech/webservices/standards/Samar_Security.htm
Accompanying paper:
http://otn.oracle.com/tech/webservices/pdf/33206.pdf
And, this code sample/tutorial illustrates SSL with Web services:
http://otn.oracle.com/sample_code/tutorials/wspki/toc.htm
Mike.

Security of Web Services, Agents and Sequantial Calling of Web Services

I want to ask about the secure invocation of web services and the role of agents.
Suppose that I have greet() web service:
public String greet() {
String S1=sayHello(); // A web service, actually its proxy
String S2=sayGoodMorning(); // A web service, actually its proxy
return S1+" "+S2;
It calls two other webservices and they return "HELLO" and "Good Morning". Also assume that I need to secure all my web services but I need these calls to work!
I put an agent in front of those two web services and require them to check a SAML token. I also attach an agent to greet() to authenticate the inbound and sign and add SAML token for outbound.
But I think these two calls fail because the SAML is not created on each call. (Is it?)
How can I make those two calls, secure each web service and at the same time keep the security code out of business code, in other words keep my web service security agnostic?
Thank you in advance.
Best Regards
Farbod

Any Comments on this?

Essbase EAS - Refresh Security from Shared Services

Hi All,
Just went live with Essbase. We are using MSAD Groups in Shared Services for our users. I noticed that if we add a new user to a provisioned group, they don't automatically get access to Essbase. I believe I have to select 'Refresh Security From Shared Services' in EAS. I am nervous about doing this with users in the system as I don't want to accidentally boot them out. Is there any risk? Reports stopped? Users forced to logout? Smartview implications?
I feel like I did it before and disrupted some users during development but I am not sure.
Much Appreciated,
Mike

Thx. I just did it and it didn't seem to disrupt anything. I tested with a user with a smartview open, a report running and a WA dashboard on screen. It did mention that after refreshing the essbase server would be disconnected and i would have to reconnect but it didn't actually boot me out or disrupt any process.
I guess it's okay to do on a live production system. ?
Thx,
Mike

Refresh Security from shared services.

Hi
When ever there are any changes in the security at shared services(LDAP) , I am doing a refresh security from shared services(@EAS)
-in order to get these changes from shared services.
Which is taking 30 minutes refresh ever time in our systems.
Is there any other way to make quickone?
Version - 11.1.1.3
Thanks

strange? We are still on 931 (Essbase on 9.3.1.6) and refreshing security is not necessary at all any more. It is even deprecated functionality. I always though that 11 did not have it too.^^^The end (or most of the end) of Essbase.sec came in a late patch of 9.3.1. It isn't there yet in 11.1.1.3, I think. It is in 11.1.2. There was not a lot of fanfare about the change although it's there in the patch notes.
Regards,
Cameron Lackpour

Listview and details with Appbuilder (OData Service)

Hi,
I try to create an app with appbuilder, which shows me a list of items, and if i click one item in the list, i get to a new site and see the details.
For this i created an OData service, which works and is available in my browser.
Then I startet to create the app in the appbuilder. I followed the steps in this tutorial http://www.youtube.com/watch?v=iC3x7P5Cu1g
I added the ODataService in the DataSource, and added a ODataQuery for the details. After this I created a new SuperList with two sites, one for the complete list, and one for the detailed view. It all seems to work. I see the list with all my items and i can click on one item, to get to the detailed view. But there I see nothing. The fields of the detailview are empty, and I don't know why.
If I confirm my ODataQuery (with the button in the DataSource section) i get all the data i want, but the view is empty.
The only differents between my app and the app in the video is, that in the video the query uses the filter function (<url>...?$filter=...). This returns a table with one entry. I use an own OData service with the parameter. The service returns a structure, no table. Could this be the problem?
How can I fix this (hopefully without changing the OData Service..)
Thanks and Regards
Jens

Its quarterly billing, and on direct debit, so the whole point there is it takes care of itself.
It aso didnt hurt that as I said, I had no communication from BT in that year, no calls, emails, texts, letters nothing. They sent me no letter to say that there had been a missed payment, they took no action due to this, still something at this point that no one has been able to explain how that happened. Also the direct debit was set up by someon from their executive level complaints deaprtment, so you would think it would work ok. But apparantly 3 months later they didnt take a payment, and kept not taking payments or getting in touch with me about it, they just did notning. Then after a year, again without any warning or notification restricted my line, which as it turnds out was an automatic process, no one had any clue about what had been going on. Hence why the first manager I spoke to about it said she was going to have to investigate how this happened and obviously work out a repaymnt package. Though as par for the course from that point on I never received a callback from BT at any point, I called them often enough, but they never could be bothered it seemed to get back in touch.
Also my bills arent exaclty large, as I say the only reason I even have a landline is for my internet access for work so its not as if its a huge amount and its every 3 months so not something really on your radar. Again thats the point of DD and what you assume is a professional and capapble company.

OData Service Internal Server Error

Hello,
I developed SAP Netweaver Gateway Odata Service and I get "Internal Server Error" 500 on READ Operation. BAPI Itself does function well.
Where could be the problem?
Regards
Vladislav

Hi Vladislav,
You will get further information about the nature of the error by checking the error logs in the server(s), tcodes /iwbep/error_log and/or /iwfnd/error_log. If you have an embedded GW server, look in the /iwfnd logs.
You may find the list is blank until you use the 'Re-select' button and change the settings, so don't assume there are not errors to see!.
Make sure you have full trace access settings configured in views /IWFND/V_LOGV and /IWBEP/C_LOGV. These views are normally empty, there are two possible new entries that can be made and the possible values are on the F4 lists.
If this is a data translation error, you won't get a direct answer from the log but it can be used to pin down the nature of the exception.
If you can get this far, I can point you on to a technique for analysing the error during runtime - but it needs an error log result to be able to relate to.
Regards
Ron.

Testing OData Service on SMP3

Here's what I've done so far:
Created an OData model in GWPA, deployed to SMP3 Integration Gateway, wide open access, I can pull up the service document on the Integration Gateway, I created an application definition in the Admin Cockpit, created a SQL Server JDBC destination, set service document URL to application connection, created a starter HTML5 hybrid application in GWPA, and exported the WAR file.
Questions
- Is there a way to test the JDBC destination connection that we create in the SMP Admin cockpit?
- I'm assuming SMP3 runs on a version of Tomcat. I dropped the HTML5 war file in C:\SAP\MobilePlatform3\Server\pickup, can I view it in browser? What's the URL to it?
I'm just trying to do an end-to-end proof of concept of creating an OData service in GWPA against a JDBC source, and consuming it with an HTML5 application.
Thanks!
DJ

Hi JK,
Thanks! I increased log level and still getting same errors:
Search "#error" (12 hits in 1 file)
C:\Users\dpascual\Desktop\New Text Document.txt (12 hits)
Line 607: 2014 07 02 09:13:37#0-1000#ERROR#com.sap.gateway.core.service.dao.ServiceDAO##anonymous#http-bio-8080-exec-5###Failed to Get Service. |
Line 608: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.dao.ServiceDAO##anonymous#http-bio-8080-exec-5###getSingleResult() did not retrieve any entities. javax.persistence.NoResultException: getSingleResult() did not retrieve any entities.
Line 970: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.repository.api.ServiceRepositoryAPIHandler##anonymous#http-bio-8080-exec-5###Error in get Services for Destination |
Line 970: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.repository.api.ServiceRepositoryAPIHandler##anonymous#http-bio-8080-exec-5###Error in get Services for Destination |
Line 971: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.repository.api.ServiceRepositoryAPIHandler##anonymous#http-bio-8080-exec-5###javax.persistence.NoResultException: getSingleResult() did not retrieve any entities. com.sap.gateway.core.service.exception.ServiceRepositoryException: javax.persistence.NoResultException: getSingleResult() did not retrieve any entities.
Line 1336: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.srvrepo.ServiceRepositoryProvider##anonymous#http-bio-8080-exec-5###Error in Getting the Service |
Line 1336: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.srvrepo.ServiceRepositoryProvider##anonymous#http-bio-8080-exec-5###Error in Getting the Service |
Line 1337: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.service.srvrepo.ServiceRepositoryProvider##anonymous#http-bio-8080-exec-5###Could not get the service com.sap.gateway.core.service.api.exception.ServiceRepositoryAPIException: Could not get the service
Line 1706: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.ip.runtime.GatewayIPODataProcessor##anonymous#http-bio-8080-exec-5###Error in Getting the Service com.sap.gateway.core.api.exception.TechnicalException: Error in Getting the Service
Line 1706: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.ip.runtime.GatewayIPODataProcessor##anonymous#http-bio-8080-exec-5###Error in Getting the Service com.sap.gateway.core.api.exception.TechnicalException: Error in Getting the Service
Line 2063: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.ip.runtime.GatewayIPODataProcessor##anonymous#http-bio-8080-exec-5###readEntitySet() failed: service = open/ingwtest, entity set = tailboards, content type = application/atom+xml;charset=utf-8;type=feed, message = com.sap.gateway.core.api.exception.TechnicalException: Error in Getting the Service |
Line 2064: 2014 07 02 09:13:38#0-1000#ERROR#com.sap.gateway.core.ip.odata.ODataErrorCallbackImpl##anonymous#http-bio-8080-exec-5###handleError(): failed to serve request for URI http://localhost:8080/gateway/odata/open/ingwtest;v=3/tailboards, message = Error in Getting the Service |
Any ideas?
You may check details about created destinations here
C:\SAP\MobilePlatform3\Server\deployed_content
Isn't this more for the services, not the destinations?
Thanks for your swift responses!

Creation of Odata Service

Hi Everyone,
I have created an Odata service which is related to Products. But while calling it from eclipse using NetWeaver Gateway no data is coming to the output.
Kindly help me in this matter that why no data is coming.
Regards,
Soumya

CAn you please try checking the same URL again in the browser ,(install a RestClient / JSON view extrension in chrome/firefox) to see if any data is being fetched
on the application side - please try disabling web security in chrome as per below
1)For Windows... create a Chrome shortcut on your desktop.
Right-clic > properties > Shortcut
Edit "target" path :
"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security
or
2) type below command in Windows RUN
chrome.exe --user-data-dir="c:/temp/chromedev" --disable-web-security
and try running the same application again.

Security about OData services

Similar Messages

Maybe you are looking for