Solved: SAP OData Requester information

former_member286664 · ‎02-15-2016

Dear Experts,

I would like to make sure that odata service is only accessible by my application only not even browser.

I need to implement following requirement

1. I have an OData Service created in my netweaver gateway system.

2. I need to implement some kind of mechanism so that users who even have users in the system should not be able to call

Odata service by browser or any other application.

I have thought of an idea to check the incoming request and extract the information about the caller application.

I found one parameter in call sequence of program "/IWFND/CL_MGW_SHORTCUT_PROXY" has IS_REQUEST_DETAILS-TECHNICAL_REQUEST-REQUEST_HEADER, which provides me the caller details (Please check screen shot).

I am unable to find an API which reads this information in my DPC class.

Please help.

Thanks,

Anurag.

former_member184867 · ‎02-15-2016

The option that I can think in this case,is to check "user-agent" HTTP field in your DPC.

A sample code in DPC may look like


data:     lo_facade type ref to /IWBEP/IF_MGW_DP_INT_FACADE ,
             lt_client_headers    TYPE tihttpnvp .
            

  lo_facade ?= /iwbep/if_mgw_conv_srv_runtime~get_dp_facade( ).
  lt_client_headers = lo_facade->get_request_header( ).

Here you get the list of http request headers

Also you can pass additional custom headers from your application.

However it may not be completely safe to depend only on HTTP http headers, as they can be changed/modified/mimicked.

https://blogs.msdn.microsoft.com/ie/2008/02/21/the-internet-explorer-8-user-agent-string/

http://www.enhanceie.com/ua.aspx

http://stackoverflow.com/questions/9949198/changing-http-request-headersuser-agent-chrome-firefox

Regards

Atanu

SAP OData Requester information

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: Partitioning a table in HANA using Range Parti...

sap.m Table image as barcode

Re: SAP PI - Determine the receiver based on Sourc...

Re: SAP PI - Determine the receiver based on Sourc...

Re: SAC Story Filters: Advanced Filtering with BW ...