0

RTC_SCRIPT NW 7.4 SP12 Portal

Apr 10 at 11:33 PM

17

Netweaver 7.4 SPS12 Portal

Linking to http(s)://<server-name>:<port-number>/irj/servlet/prt/rtc_script/ exposes

function RTMFClientConstants() {

var MSG_PARAM_CLIENT_SESSION_ID = "client_session_ID";
this.MSG_PARAM_CLIENT_SESSION_ID = MSG_PARAM_CLIENT_SESSION_ID;

.....

var CLIENT_ID = "xx.xx.xx.xx";
this.CLIENT_ID = CLIENT_ID;

var RTMF_URL = "/irj/servlet/prt/rtmf";
this.RTMF_URL = RTMF_URL;
var ERR_RQ_USER_WITH_NO_AUTHENTICATION = "You are not authorized to use Real-Time Collaboration. Contact your system administrator for details."
this.ERR_RQ_USER_WITH_NO_AUTHENTICATION = ERR_RQ_USER_WITH_NO_AUTHENTICATION;
var RTMF_ERR_CLIENT_ALREADY_EXISTS = "client already exists"
this.RTMF_ERR_CLIENT_ALREADY_EXISTS = RTMF_ERR_CLIENT_ALREADY_EXISTS;
}

Note that the value assigned to variable CLIENT_ID is an IP address that matches the internal address for the Java server behind the portal. My customer's portal is an external facing portal, and they are concerned about the exposure of the internal IP address.

My initial thoughts were to investigate the note "1445998- Disabling invokerservlet", but the Invoker Servlet has been disabled by default as of Java release 7.20. I have worked out that I can disable access to this particular servlet within the BWA, and I can also (probably) limit access to "internal" client IP address's using icm/HTTP/auth but I'd like to know if there's a "proper" way of doing this, and more importantly, the impact on Portal functionality.

- For example, is the /irj/servlet/prt/rtc_script/ a necessary function for a particular function within the portal (like Real Time Collaboration or the Real-Time Messaging Framework) ?

FWIW, For plenty of other examples, just google /irj/portal and work it out from there :)

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers