Web app security question

Hi,
I have a basic question about securing web applications. In our app, we have myRealm
pointing to an LDAP store. The store has (lets say) a group called 'dealers' and
it has a user 'dealer1'.
Now, in WEB-INF/weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
Does the role name in weblogic.xml map to the groups called dealers in LDAP? I
have no specific roles configured in myRealm.
Thanks,
John

"John Hryn" <[email protected]> wrote in message
news:3fce2328$[email protected]..
>
Hi,
I have a basic question about securing web applications. In our app, wehave myRealm
pointing to an LDAP store. The store has (lets say) a group called'dealers' and
it has a user 'dealer1'.
Now, in WEB-INF/weblogic.xml I have
<security-role-assignment>
<role-name>dealers</role-name>
<principal-name>dealer1</principal-name>
</security-role-assignment>
Does the role name in weblogic.xml map to the groups called dealers inLDAP? I
have no specific roles configured in myRealm.
Yes. http://e-docs.bea.com/wls/docs70/webapp/weblogic_xml.html#1036790
You can specify groups or individual usernames.

Similar Messages

  • HT1937 I forger my app security questions what I have to do please ?

    I forger my app security questions what I have to do please ?

    You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
    (100820)

  • Web app security + JAAS

    I'm working on the authentication/authorisation aspects of a fairly
    large web application using WLS 6.0 (ie allowing users to login and
    access resources based on role etc).
    Its a standard JSP/Servlet/EJB type architecture and so far it seems
    the FORM-based authentication will serve our needs well. However, I've
    been instructed (by higher powers) to investigate JAAS authentication.
    It looks far more complex to implement so my question is, does it
    offer any significant advantages that justify the extra work?
    Thanks for your time.

    "john hryn" <[email protected]> wrote in message
    news:3fce2551$[email protected]..
    >
    Hi,
    I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
    app.
    I created an App and created a web project. In it, I deleted thecontroller, etc
    and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
    %>
    In web.xml I have
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Success</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>I think you should have dealers instead of *
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
    </login-config>
    <security-role>
    <role-name>*</role-name>And here too.
    </security-role>
    In weblogic.xml I have
    <security-role-assignment>
    <role-name>dealers</role-name>
    <principal-name>dealer1</principal-name>
    </security-role-assignment>

  • Web app security not working

    Hi,
    I am using WebLogic 8.1 platform. I am trying to create a very basic secure web
    app.
    I created an App and created a web project. In it, I deleted the controller, etc
    and just have index. jsp. All the index.jsp does is: <%= request.getRemoteUser()
    %>
    In web.xml I have
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Success</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
    </login-config>
    <security-role>
    <role-name>*</role-name>
    </security-role>
    In weblogic.xml I have
    <security-role-assignment>
    <role-name>dealers</role-name>
    <principal-name>dealer1</principal-name>
    </security-role-assignment>
    When I run the app, it just renders the JSP and does not challenge me to login.
    Can you please help what is that I am doing wrong here?
    Thanks,
    John

    "john hryn" <[email protected]> wrote in message
    news:3fce2551$[email protected]..
    >
    Hi,
    I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
    app.
    I created an App and created a web project. In it, I deleted thecontroller, etc
    and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
    %>
    In web.xml I have
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Success</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>I think you should have dealers instead of *
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
    </login-config>
    <security-role>
    <role-name>*</role-name>And here too.
    </security-role>
    In weblogic.xml I have
    <security-role-assignment>
    <role-name>dealers</role-name>
    <principal-name>dealer1</principal-name>
    </security-role-assignment>

  • Web Service Security Question

    I have created a web service in the NetWeaver portal using a Portal Service.  I have marked the service as requiring basic http authentication.  However, when I call the web service from the Enterprise Portal Web Services Checker in NWDS it just let's me supply the params of the web service and no authentication.  Any ideas?
    I also noticed that my web service does not appear under the Web Services Container or Web Services Security section in Visual Administrator.  Anybody have any idea why this is?
    Thanks in advance.
    Curtis

    Hi Curtis,
    My guess is that since you are logged into the Portal while calling this web service, it will use the current session cookie to authenticate automatically. I'm not sure on the second question, tried a restart?
    Regards,
    Raj

  • Web app security exception: Bad URLMatchMap

    Can anyone help me diagnose an error? I am simply trying to place a security constraint
    on a servlet within an ear-deployed web-application.
    The exception occurs as the first POST comes to the servlet I am trying to protect:
    <Apr 16, 2001 12:40:09 PM EDT> <Error> <Kernel> <ExecuteRequest failed
    java.lang.IllegalArgumentException: bad URLMatchMap path: 'version="1.0"'
    at weblogic.servlet.utils.URLMatchMap.get(URLMatchMap.java:196)
    at weblogic.servlet.security.internal.WebAppSecurity.getConstraint(WebAp
    pSecurity.java:135)
    at weblogic.servlet.security.internal.SecurityModule.checkTransport(Secu
    rityModule.java:177)
    at weblogic.servlet.security.internal.BasicSecurityModule.checkA(BasicSe
    curityModule.java:48)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess
    (ServletSecurityManager.java:150)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
    rvletContext.java:1250)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
    pl.java:1622)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
    >
    <?xml version="1.0" ?>
    <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN'
    'http://java.sun.com/j2ee/dtds/web-app_2.2.dtd'>
    <web-app>
    <display-name>ANSWeb</display-name>
    <description>no description</description>
    <servlet>
    <servlet-name>UPMessageServlet</servlet-name>
    <display-name>UPMessageServlet</display-name>
    <description>no description</description>
    <servlet-class>com.aether.ans.gateway.up.UPMessageServlet</servlet-class>
    </servlet>
    <servlet>
    <servlet-name>ANSServlet</servlet-name>
    <display-name>ANSServlet</display-name>
    <description>no description</description>
    <servlet-class>com.aether.ans.server.ANSServlet</servlet-class>
    <load-on-startup />
    </servlet>
    <servlet>
    <servlet-name>WCTPServlet</servlet-name>
    <display-name>WCTPServlet</display-name>
    <description>no description</description>
    <servlet-class>com.aether.ans.gateway.wctp.WCTPServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>UPMessageServlet</servlet-name>
    <url-pattern>/UPMessage</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>ANSServlet</servlet-name>
    <url-pattern>/Server</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>WCTPServlet</servlet-name>
    <url-pattern>/WCTPCallback</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>30</session-timeout>
    </session-config>
    <resource-ref>
    <description>no description</description>
    <res-ref-name>url/ANS.dtd</res-ref-name>
    <res-type>java.net.URL</res-type>
    <res-auth>Container</res-auth>
    </resource-ref>
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected Server</web-resource-name>
    <url-pattern>/Server</url-pattern>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>Client</role-name>
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    </login-config>
    <security-role>
    <role-name>Client</role-name>
    </security-role>
    <ejb-ref>
    <description>no description</description>
    <ejb-ref-name>ejb/ANSServer</ejb-ref-name>
    <ejb-ref-type>Session</ejb-ref-type>
    <home>com.aether.ans.server.ANSServerHome</home>
    <remote>com.aether.ans.server.ANSServer</remote>
    </ejb-ref>
    <ejb-ref>
    <description>no description</description>
    <ejb-ref-name>ejb/Alert</ejb-ref-name>
    <ejb-ref-type>Entity</ejb-ref-type>
    <home>com.aether.ans.entity.AlertHome</home>
    <remote>com.aether.ans.entity.Alert</remote>
    </ejb-ref>
    </web-app>
    <?xml version="1.0" ?>
    <!DOCTYPE weblogic-web-app PUBLIC '-//BEA Systems, Inc.//DTD Web Application 6.0//EN'
    'http://www.beasys.com/servers/wls600/dtd/weblogic-web-jar.dtd'>
    <weblogic-web-app>
    <description>no description</description>
    <security-role-assignment>
    <role-name>Client</role-name>
    <principal-name>Client</principal-name>
    </security-role-assignment>
    <reference-descriptor>
    <resource-description>
    <res-ref-name>url/ANS.dtd</res-ref-name>
    <jndi-name>ans.url.dtd</jndi-name>
    </resource-description>
    <ejb-reference-description>
    <ejb-ref-name>ejb/Alert</ejb-ref-name>
    <jndi-name>ejb.Alert</jndi-name>
    </ejb-reference-description>
    <ejb-reference-description>
    <ejb-ref-name>ejb/ANSServer</ejb-ref-name>
    <jndi-name>ejb.ANSServer</jndi-name>
    </ejb-reference-description>
    </reference-descriptor>
    </weblogic-web-app>

    Hi Andrew,
    Even without moderation enabled, any submission made through the BC platform is filtered through our protection engine to prevent XSS. Any type of potentially malicious code is immediately stripped from the submission, and this is not done at a client-side level.
    Kind Regards,
    Alex

  • Web app security ... i don't get it

    I do not get it how do one configure web.xml
    I want every page to be protected against unlogged user and some pages only to some of them
    From what I read it's only necessary to have only one root role that every user is part of and then any sub-role is recognized
    My use case:
    every page should be protected against unauthorized user
    <security-constraint>
            <display-name>Restrictie de vizualizare pe orice pagina jsf</display-name>
            <web-resource-collection>
                <web-resource-name>JSF Pages</web-resource-name>
                <url-pattern>/faces/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>fullaccess</role-name>
            </auth-constraint>
            <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
        </security-constraint>and I want that managers only to have access to /managers so I guess that a new </security-constraint> must be issued to allow the users that have managers role to access the resource.
    <security-constraint>
            <display-name>Restrictie de vizualizare pe orice pagina jsf</display-name>
            <web-resource-collection>
                <web-resource-name>JSF Pages</web-resource-name>
                <url-pattern>/faces/manager/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>managers</role-name> ????
            </auth-constraint>
            <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
        </security-constraint> What are the roles that must be declared in web.xml knowing that
    <security-role-assignment>
             <role-name>fullaccess</role-name>
             <principal-name>public</principal-name>
         </security-role-assignment>
    </weblogic-web-app> and in the realm public group has a member 'managers' (that in my opp must not be mapped)?
    ..on the moment there is only
      <security-role>
            <description>acces pe toate paginile web</description>
            <role-name>fullaccess</role-name>
        </security-role>thanks, Florin POP

    Hi guys.
    A username and password info to connect to BC is the following:
    Username - Your adobe ID email
    Password - Your password.
    To connect to SFTP its...
    Server: Just the address (yoursite.businesscatalyst.com)
    username - yoursite.businesscatalyst.com/[email protected]
    Password - your password.

  • Web app security & IIS?

    I'm trying to get the security working for a web app. I'm using JAAS and the BASIC
    authentication. I don't want to use FORM because the original Perl app (from which
    my web app is derived) also used BASIC and I don't want the interface to change.
    I've found that the security works great if I go directly to the weblogic server,
    so it looks like the problem is with IIS (we're fowarding requests from IIS to
    WebLogic). I think the problem lies in my web.xml. It has this in it:
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>MLV Users Only</realm-name>
    </login-config>
    From what I can tell, weblogic just uses the realm-name as a label in the dialog
    box that pops up, and for nothing else. My guess is that IIS is really trying
    to use this as a security realm.
    Am I on the right track? Anyone got any hints?
    Gary

    "john hryn" <[email protected]> wrote in message
    news:3fce2551$[email protected]..
    >
    Hi,
    I am using WebLogic 8.1 platform. I am trying to create a very basicsecure web
    app.
    I created an App and created a web project. In it, I deleted thecontroller, etc
    and just have index. jsp. All the index.jsp does is: <%=request.getRemoteUser()
    %>
    In web.xml I have
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Success</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>*</role-name>I think you should have dealers instead of *
    </auth-constraint>
    </security-constraint>
    <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
    </login-config>
    <security-role>
    <role-name>*</role-name>And here too.
    </security-role>
    In weblogic.xml I have
    <security-role-assignment>
    <role-name>dealers</role-name>
    <principal-name>dealer1</principal-name>
    </security-role-assignment>

  • Web App Security Fallback (client-cert then form-based)

    Can you setup a web application to fall back to form-based login if the
    client-cert (i.e. identity assertion token) is not available. I think this
    would be very valuable because once you've configured the web app to use the
    "client-cert" authentication, you can't access the web app directly (i.e.
    browser->weblogic server). You will always need to go through the perimeter
    authenticator so the token gets sent.

    Solution found:
    The trick is to return "401" in response if ticket is not valid (do nothing else). This will end the negotiate between client and server
    In your web.xml, forward your 401 code to login page:
    <error-page>
    <error-code>401</error-code>
    <location>/form_login_page.html</location>
    </error-page>
    There might be a more straightforward way to do this (have all the page management within servlet), but I did not have time to investigate it further. This one at least works

  • Web App Security Firewall Using Catalyst 6500 w/ CSM

    We are evaluating web application security firewalls. The other products can recognize application level attacks such as SQL insertion and deranged parameters. Some of my colleagues believe that the CSM (which we already have deployed) has these sorts of capabilities.
    While the CSM has some layer 7 capabilities, my read of the specs does not suggest that it is suited to this function.
    Anyone have experience or input?
    Thanks!

    The same as a SYN attack protection feature.
    That's all.
    It does not have content analysis for intrusion detection.
    Regards,
    Gilles.

  • HT5312 I need to reset my app security questions

    Hi
    I'm sure the answers I have for the security questions are correct, but somehow the system just wouldn't let go through.
    I would like to change them. How am I supposed to do?

    You need to contact Apple, either through the link in that article or by phoning them.
    (77316)

  • Web app security in NW

    Hi SDN,
    Can someone suggest or point to help/documentation on any NW settings related to the following three security items:
    1. Cross-site Scripting
    2. MYSAPSSO2 Cookie encryption (as it is, is it secure?),
    3. SQL Injection
    Is there a comprehensive config doc including these issues?
    I will really appreciate any help.
    Shahid

    Hi Shahid,
    For cross site scripting the below link will be helpful
    [http://help.sap.com/saphelp_nw70/helpdata/EN/81/233d54d8c744c09b4434babf7b0879/frameset.htm]
    The SAP Internet Transaction Server (SAP ITS) is integrated into the kernel of the SAP Web Application Server 6.40 as an Structure Internet Communication Framework (ICF) service called the integrated ITS. this needs to be configured and requires kernel and service parameters.
    For MYSAPSSO2 which is a cookie available at service parameters:
    [http://help.sap.com/saphelp_nw70/helpdata/EN/07/496884370b11d480a000c04f99fbf0/frameset.htm]
    For SAP injection
    [http://help.sap.com/saphelp_nw70/helpdata/EN/a8/813dcc006141719086e9f0f27ab8b3/frameset.htm]
    All these are pertaining to secure user intefaces which includes all these three.
    Hope this is heplful
    Regards,
    Shaila

  • Web App Security

    Hello,
    I'll soon be developing a web application in which security is a major concern, and I'd like some advices about some technologies I'm evaluating to get the job done. I couldn't get comparisons on security power offered by each.
    - Web tier: I have some experience on JSP and JS; besides HTTPS, JSF seems to provide better, out-of-the-box, support for some of our requirements (internationalization, better security, AJAX) and some soon-useful fancy features like little html modal boxes; even considering the learning curve to use JSF (I never used it before), is there a better candidate for this layer? (I'm thinking of RichFaces or MyFaces)
    - Business tier: I can use EJB3 or Hibernate + Spring or whatever combinations works best, I simply couldn't be sure if one can be considered safer than the other (I will use roles as well).
    I'll be using JBoss (4.x) and MySQL DB.
    Thanks

    I'm not familar with JSF, only JSP, but here is the run down on security as I understand it (you can suppliment it with further research).
    * Use MVC design where the presentation layer only displays data and submits back to the server (example: update button). There is no business logic or database logic in the JSP page. A JSP tag that queries the database is a bad idea from a security point of view since a hacker may be able to reverse engineer it and alter the query.
    * In your database layer (MVC design), put all your database access. Use only prepared statements (never regular statements). Pass parameters into the prepared statement. Example: update person set person_id=?. You are therefore not subject to SQL injection as is the statement object (research SQL injection if your not familar with it).
    * Use javascript for basic client side validation checks (field cant be null, field is incorrect date format, field has a value too large) and block submitting to the server via update button if not pass. Duplicate the client side validation back on the server, and also provide any advanced valiation checks. This way, a hacker can't bypass your validaiton on the client side and submit bad data. To be really strict, consider every possible keyboard value a user can type in and validate it to determine if those special chars are allowed.
    *Click 'view source' on the browser and look at what HTML was generated by the JSP. Is there any variables on the page that is sensitive that you don't want the user to see? Such as the name of database tables or database fields? If so, you will have to crate an alias on the JSP that maps back to the name of the datbase table or field after you submit the page.
    * Each user should be restircted to a role that limits what JSP pages he can see, and what he can alter on those JSP pages. Example, you have an admin role and endUser role. Note your application has a userID/password to access the database (with a fair amount of access to each table), each user doesn't have his own userID/password to the database (with restricted access to a subset of tables). The userID/password should be stored in the context file of your applicaiton and accessed via JNI. Example, if your application is called myAppl, then the context file under tomcat is called myAppl.xml (its automatically geneated by Eclipse when you launch your application).
    * The end user shouldn't be able to call up a JSP page by navigating directly to that JSP page via its URL (they should be redirected either to the login page or an error page).
    Instead, all urls should have to go through a central servlet to check to see if he's logged in and is within a valid session. The servlet then dispatches to the correct JSP page. This example is not Struts or Spring framework, but instead, a single controller servlet design. You'll have to look up what Struts and Spring alternatively does in such a situation.
    * You should research buffer overflow attack and how to avoid it.
    * For the business layer, I believe its Either EJB3 OR Spring, not both (I could be wrong).
    * Hibernate is used in the database layer. I suggest you you JDBC with DAO instead until you are very familar with it before doing a project in Hibernate. You should know what Hibernate buys you over that of JDBC/DAO before justifying using it.
    * You should allow a new user to create a new password. The password should validated to ensure its a strong password. You should also use SSL to communicate to the server.
    * I think Spring is an alternative to EJB3 and therefore both shouldn't be used. I suggest using only Spring. Create a two or three page JSP page project (with login), refactor the heck out of it (create a clean MVC design), then let your team add all the rest of the project to it.

  • Java Studio Enterprise 8 - Web App Developing question

    Hi,
    I just installed the Sun Java Studio Enterprise 8 one wek ago(self training) and have a basis familiarity with the product, because I'm working in a very important project at work.
    I read (PDF, links, etc) information but I really have a problem, I need to know how to work with the runtime window to watch the application an JSP & Servlets running?, maybe it's something that I'm doing wrong. The runtime window has :
    Servers: Sun Java System Application Server 8.1
    Bundled Tomcat (5.5.7)
    Processes: <No Processing Running>
    Databases: Folder Drivers
    two jdbc pointbase (broken)
    Http Server: Running
    VCS Commands: Empty
    Web Services: Empty
    XML Entity Catalogs: with info
    I really appreciate any given information about it !!!
    Thanks in advance.
    tgfch.

    If you are working with JSPs and Servlets this means you are working with a web module. This type of application is executed on the Web or Application Server such as the Sun Java System Application Server.
    In order for the module's bits to get to the server you need first to deploy it there. However this is done by the IDE transparently for you.
    Thus if you want to see the output of the JSPs - choose "Run Project" from your Web Module project's context menu. This will open a web browser with your project's root page preloaded and you will be able to work with/test your project.

  • My iPod 4 will prompt me to update security questions when I try to install an app then it will continuously ask for my password so I cannot get anymore apps,  I already tried going online to update scurity, will I be able to get any apps again?

    Won't let me install apps, security question pops up, repeatedly asks for my password, won't even let me view account on ipod

    The Best Alternatives for Security Questions and Rescue Mail
        a. Send Apple an email request at: Apple - Support - iTunes Store - Contact Us.
        b. Call Apple Support in your country: Customer Service: Contact Apple support.
        c. Rescue email address and how to reset Apple ID security questions.

Maybe you are looking for

  • Some error in cluster alertlog but the cluster and database is normal used.

    hi.everybody i used RAC+ASM,RAC have two nodes and ASM have 3 group(+DATA,+CRS,+FRA),database is 11gR2,ASM used ASMlib,not raw. When i start cluster or auto start after reboot the OS,in the cluster alertlog have some error as follow: ERROR: failed to

  • Windows 7 Professional (64bit) installation using bootcamp

    I've read a 100 different posts on this forum regarding slightly different issues on this problem, but failed to solve it myself. I'm installing a copy of windows 7 professional (64-bit) through bootcamp on my iMac (bought late 2009) running OSX 10.6

  • How can I back up all my apps in IPad 2 ?

    I need to back up all my apps from my ipad2 and thanks / because of a glitch in the operating system I had a an dollar account in Tanzania (weird I know) and apple cannot give me access to my apps to download again (should they be deleted or I upgrad

  • Problem while using:RSDRC_CUBE_DATA_GET

    Hi ,   I am extracting data from a basic infocube using fm :RSDRC_CUBE_DATA_GET . Unfortunately it is extracting the data from F-facttable only, and not extracting compressed data. Following are my selections in the function module. Please advice if

  • Regading deletion of existing order for customer

    hi friends i nedd to delete existing order for particular customer when creating new order for that customer by useing API. how to delete order by useing API and one more thing how to do i mean which parameter or procedure useing for that thanks cahn