1

RTC_SCRIPT NW 7.4 SP12 Portal

Apr 10 at 11:33 PM

74

avatar image

Netweaver 7.4 SPS12 Portal

Linking to http(s)://<server-name>:<port-number>/irj/servlet/prt/rtc_script/ exposes

function RTMFClientConstants() {

var MSG_PARAM_CLIENT_SESSION_ID = "client_session_ID";
this.MSG_PARAM_CLIENT_SESSION_ID = MSG_PARAM_CLIENT_SESSION_ID;

.....

var CLIENT_ID = "xx.xx.xx.xx";
this.CLIENT_ID = CLIENT_ID;

var RTMF_URL = "/irj/servlet/prt/rtmf";
this.RTMF_URL = RTMF_URL;
var ERR_RQ_USER_WITH_NO_AUTHENTICATION = "You are not authorized to use Real-Time Collaboration. Contact your system administrator for details."
this.ERR_RQ_USER_WITH_NO_AUTHENTICATION = ERR_RQ_USER_WITH_NO_AUTHENTICATION;
var RTMF_ERR_CLIENT_ALREADY_EXISTS = "client already exists"
this.RTMF_ERR_CLIENT_ALREADY_EXISTS = RTMF_ERR_CLIENT_ALREADY_EXISTS;
}

Note that the value assigned to variable CLIENT_ID is an IP address that matches the internal address for the Java server behind the portal. My customer's portal is an external facing portal, and they are concerned about the exposure of the internal IP address.

My initial thoughts were to investigate the note "1445998- Disabling invokerservlet", but the Invoker Servlet has been disabled by default as of Java release 7.20. I have worked out that I can disable access to this particular servlet within the BWA, and I can also (probably) limit access to "internal" client IP address's using icm/HTTP/auth but I'd like to know if there's a "proper" way of doing this, and more importantly, the impact on Portal functionality.

- For example, is the /irj/servlet/prt/rtc_script/ a necessary function for a particular function within the portal (like Real Time Collaboration or the Real-Time Messaging Framework) ?

FWIW, For plenty of other examples, just google /irj/portal and work it out from there :)

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Martin English Apr 27 at 10:48 PM
1

I've done some further research, and unfortunately, the script that gets presented (.../irj/servlet/prt/rtc_script/rtc_script.js) is part of the HTML required for the Real Time Collaboration (RTC) component of the portal. As it turns out, if you know that this component is not required or used, or if you want to test that it is not required, you can disable the corresponding application.

I performed the following steps on a regression testing version of the portal, to allow testing of our functionality to ensure that it didn't impact anything that our particular implementation uses (I knew we didn't use RTC, but I wanted to make sure there were no other components that used parts of RTC). There are two ways to disable it; one is temporary and only lasts until the portal is restarted. The second is a permanent method of disabling the application. Separate instructions for both methods appear below.

1) Temporarily disable RTC application.

Using the Netweaver Administrator tool, follow the menu path -> Configuration --> Infrastructure --> Application Modules On "Module list", select More Actions --> "View Corresponding to Applications". filter the list on com.sap.netweaver.coll.appl.rtc

Stop the application com.sap.netweaver.coll.appl.rtc

Now when you attempt to access the URLs
.../irj/servlet/prt/rtc_script/rtc_script.js or
.../irj/servlet/prt/rtc_script,
you get a warning screen that the iView is not available

You can start / restart the application from the same screen. It will also restart when you restart the portal or the server.

2) Permanently disable RTC application.

See How to disable standard application into the SAP Enterprise Portal 7.3 for more detail, but using the Netweaver Administrator tool, follow the menu path --> Operations--> Systems --> Start & Stop

Goto "Java Applications" tab

Filter on "com.sap.netweaver.coll.appl.rtc"

select "com.sap.netweaver.coll.appl.rtc"

Use the radio button More Actions to select "Startup Filters"

Add a filter, with (in this case) the following entries

  • disable
  • sap.com
  • All Components
  • com.sap.netweaver.coll.appl.rtc

Save local filters.

You will see a message "In order for the changes to take effect, restart the cluster." Once the cluster (or portal) is restarted, an attempt to access the URLs
.../irj/servlet/prt/rtc_script/rtc_script.js or
.../irj/servlet/prt/rtc_script
will produce a warning screen that the iView is not available.

Additional Information

You may be able to use the steps steps described in "Activating Services for Real-Time Collaboration https://help.sap.com/doc/saphelp_nw74/7.4.16/en-US/4c/145f7a96b23de4e10000000a42189e/frameset.htm to help determine if, for example, the Collaboration Launchpad or Real Time Collaboration services have been defined or configured. In my case, nothing had been changed, which implied that RTC had not been configured, but this is no guarantee that the component (or part of it) is not in use, so use your test system !!

HTH

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Martin,

Good to see you around! I hadn't seen your name here in a while.

I added a couple more secondary tags that I think could be relevant for this question and that might help it gain some more exposure.

I'm a little unclear on whether you consider this to still be an open question, or whether it is becoming more of an open-ended discussion.

Cheers,
Matt

1