Thanks Vadim,

For your response, Can you please provide some links for the same.

Regards,

Farooq.

Hi Farooq,

You can find this being mentioned in description of features / capabilities of Java HTTP adapter in 7.3 release - check this blog written by Alejandro Pertierra. In addition to this, usage of set form functionality in HTTP receiver adapter can be found in SAP Help.

Please note that using standard configuration, you can assign the value of the payload to a given parameter in the generated HTTP body. Given you need to add multiple parameters and values for them in the body (such as 'username' and 'password'), I suggest following approach:

1. In HTTP receiver channel configuration, explicitly set HTTP header 'Content-Type' assigning it value 'application/x-www-form-urlencoded',
2. Using Java mapping program or XSL transformation (XSL transformation might be more appropriate here to achieve this goal both from implementation complexity and supportability/maintainability perspectives), construct message payload that has to be put into HTTP body. Output of the mapping shall be a String that shall contain &-delimited key/pair values, where key and value are =-delimited - it shall not be XML document (which means, graphical mapping will not play well here), but only plain String composed of concatenated key/value pairs. In your example, the output of the mapping shall be: username=xyz&password=abc

Regards,

Vadim

Hi Vadim,

When you say the output should be only "username=xyz&password=abc" it means this value also should be in some xml tags with xml header??

Regards,

Farooq

Hi Farooq,

No, there shall be no XML wrapper - the whole entire target payload produced by the mapping shall be a String of delimited key-value pairs, with no XML document declaration or any other XML tags.

Regards,

Vadim

Hi Vadim,

Can you help with the sample XSLT code to produce the required string output.

Also in the password has = in the starting as "username=xyz&password==);"

Thanks,
Farooq

Hi Vadim,

& is causing the problem, it is making the second value to end with ; symbol but while giving it again same problem.

Regards,

Farooq

Hi Farooq,

For XSLT development, there are quite a lot of good materials on SAP Community as well as other resources that can help with - this is very wide topic to be put in a single forum thread, as I don't know what will be source of user/password (for example, will it come from any source message payload fields, or originate from somewhere else as an outcome of lookup?) - hence, don't have enough details to suggest the exact transformation implementation.

Regarding your enquiries:

• For content type 'application/x-www-form-urlencoded', '=' symbol in values shall be encoded following URL encoding principles. In particular, '=' shall be replaced with %3D.
• For '&' symbol that causes a problem for you, you can give a try to applying XML escape sequence for it (replacing it with '&') and checking if for XSL transformation's output, you set method="text".

Regards,

Vadim

Hi Vadim,

Yes the username and password coming from source.

I have tried with both having the = and its equivalent %3D.

My username is " abcd_ws_acct "and password is " =-)=x,1234 ".

While i am getting the below error. I have tried '&' and & also.

Transformer Configuration Exception occurred when loading XSLT removen.xsl; details: The entity name must immediately follow the '&' in the entity reference.
See error logs for details

Kindly suggest .

Thanks,

Farooq.

Hi Vadim,

Also the username and password can be hardcoded in XSLT. Can you share that xslt code which you are suggesting if possible?

Thanks,
FA

Hi Farooq,

From security and maintenance perspective, hardcoding user credentials in the mapping / imported archive containing XSL transformation is not recommended. Security wise, this means that anybody that has at least display access imported archives in ESR, can get credentials of that user. Supportability and maintenance wise, whenever credentials need to be updated, it will require update of the XSL transformation, as well as if credentials are different across landscape (for example, between Development, QA and Production), it will be additional overhead, as XSL transformation (ESR's imported archive object that contains it) is transportable object, and it is not recommended to make manual update of it directly in non-development environment (changes shall originate in Development and get through the landscape using transport system).

To overcome these pitfalls, may I suggest you looking into possibility of using parameterized mapping or other options that will allow you making credentials maintenance more flexible? Usage of parameterized mapping will not completely resolve the concern related to security, as by default, values for parameterized mappings are entered in ICo/iFlow in plain text, but it can be at least an option to introduce flexibility and increase maintainability to your solution, as values for parameterized mappings don't require transportation across landscape and can be maintained directly in the target system using Integration Directory (for ICo) or NWDS (for iFlow).

Below, I provide one of possible implementations for XSL transformation to handle this sort of requirements, assuming that user and password are external parameters that come to XSL transformation via parameterized mapping concept (corresponding parameters used by the transformation, are named 'User' and 'Password'), and they both are already escaped. Applying URL/HTML escaping using XSLT 1.0 is not that straightforward - you will need to make use of embedded functions to achieve this. You might look into an alternative, which is usage of XSLT 2.0 in mappings, where escaping is simplified and is handled using built-in functions - to make use of XSLT 2.0 in PO, you need to follow steps mentioned in SAP Note 1893110. In sake of simplicity, I assume that values that are passed in parameters to XSL transformation, are already escaped and we don't need to validate / apply extra escaping to them within transformation. Before going further, I would strongly recommend reading the blog written by evgeniy.kolmakov, where he demonstrates and describes way how mapping parameterization can be used in pure XSL transformations, without usage of Java extensions - as major part of the code provided below, is based on re-use of Evgeniy's approach and example:

<?xml version="1.0" encoding="UTF-8"?>


<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
	xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:inpar="com.sap.aii.mapping.api.InputParameters"
	xmlns:xsltc="http://xml.apache.org/xalan/xsltc"
	exclude-result-prefixes="xs inpar xsltc" version="1.0">


	<xsl:output method="text" omit-xml-declaration="yes" />


	<xsl:param name="inputParameter" />
	<xsl:variable name="user"
		select="inpar:getValue(xsltc:cast('com.sap.aii.mapping.api.InputParameters',$inputParameter),'User')" />
	<xsl:variable name="password"
		select="inpar:getValue(xsltc:cast('com.sap.aii.mapping.api.InputParameters',$inputParameter),'Password')" />


	<xsl:template match="/">
		<xsl:text>User=</xsl:text>
		<xsl:value-of select="$user" />
		<xsl:text>&Password=</xsl:text>
		<xsl:value-of select="$password" />
	</xsl:template>
</xsl:stylesheet>
<br>

Regards,

Vadim

Thanks Vadim,

For the detailed response. I know it should not be hardcoded. But to make it work first i wanted to hardcode. I am aware of the parameterized mapping both in java and xslt /graphical. But only concern is to make this call working first then later i will take care of security.

Will check the code what you provided. But was checking to hardcode in the xslt initially and make it work first.

Regards,

Farooq.

Hi Vadim,

Copy pasted your code exactly and provided the username and password which throwed error.

Transformer Configuration Exception occurred when loading XSLT removenode.xsl; details: The reference to entity "Password" must end with the ';' delimiter.
See error logs for details

Regards,

Farooq.

Hi Farooq,

Looks like escaping of '&' symbol that you have to use and that I put in the provided code, got unescaped by the editor tool here, when I pasted here - I don't see it being properly escaped in my earlier reply. Before 'Password' text, '&' shall be escaped as '&'. Let me post screenshot of transformation's code here, so that you see how it looks like in the original version that I referred to:

Regards,

Vadim

Hello Vadim Klimov

Your valuable thoughts on this please.

https://answers.sap.com/questions/12879150/how-to-send-http-body-parameters-in-sap-po-75.html

Thanks alot in advance.!

Hi Vadim , I have a similar requirement to pass , username & password in a json body for our token APi to fetch the token.

Could you please let me know if we can enable Oauth 2.0 for our main api , becuase i unable to fetch access token as we need to pass a body with credentials to our token api. PFB a sc

reenshot for your reference.