on 02-15-2016 4:40 AM
Dear Experts,
I would like to make sure that odata service is only accessible by my application only not even browser.
I need to implement following requirement
1. I have an OData Service created in my netweaver gateway system.
2. I need to implement some kind of mechanism so that users who even have users in the system should not be able to call
Odata service by browser or any other application.
I have thought of an idea to check the incoming request and extract the information about the caller application.
I found one parameter in call sequence of program "/IWFND/CL_MGW_SHORTCUT_PROXY" has IS_REQUEST_DETAILS-TECHNICAL_REQUEST-REQUEST_HEADER, which provides me the caller details (Please check screen shot).
I am unable to find an API which reads this information in my DPC class.
Please help.
Thanks,
Anurag.
The option that I can think in this case,is to check "user-agent" HTTP field in your DPC.
A sample code in DPC may look like
data: lo_facade type ref to /IWBEP/IF_MGW_DP_INT_FACADE ,
lt_client_headers TYPE tihttpnvp .
lo_facade ?= /iwbep/if_mgw_conv_srv_runtime~get_dp_facade( ).
lt_client_headers = lo_facade->get_request_header( ).
Here you get the list of http request headers
Also you can pass additional custom headers from your application.
However it may not be completely safe to depend only on HTTP http headers, as they can be changed/modified/mimicked.
https://blogs.msdn.microsoft.com/ie/2008/02/21/the-internet-explorer-8-user-agent-string/
http://www.enhanceie.com/ua.aspx
http://stackoverflow.com/questions/9949198/changing-http-request-headersuser-agent-chrome-firefox
Regards
Atanu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.