Skip to Content
0

SAP WebDynpro java clickjacking issue

Apr 05 at 08:01 AM

60

avatar image
Former Member

Hi All,

We are using SAP webdynpro java 7.4, we want to implement whitelist service for clickjacking Framing protection but fail to do so, not able to find

"tc~lm~itsam~service~clickjacking" (as suggested on SAP 2170590) to enable "ClickjackingProtectionService", under Java system properties ->application.

Please help.

Regards,

Rohit

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Szabolcs Renyo
Apr 05 at 09:18 AM
1
Show 6 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Szabolcs Renyo,

Yes , I am looking the same option but when I click Java system properties -> Application tab, Under application name "

tc~lm~itsam~service~clickjacking" I am not able to find , please suggest.

0

Hi Rohit,

It is interesting. As I see application "tc~lm~itsam~service~clickjacking" is part of SCA "LMNWAUIFRMRK". I would suggest to check in your component information whether this SCA is installed on your system or not. If not install it if it is already there I would suggest to redeploy.


(Help to fin the component information:

1757810- How to get the complete list of software components on your NetWeaver Application Server Java

Help to Deploy:

1715441 - Deploy/Undeploy/Redeploy SCA/ SDA/ EAR/ WAR files on SAP servers:7.1, 7.2, 7.3, 7.4 and 7.5 )

Best regards,

Szabolcs

1

Hi Former Member,

Did my answer help?


Thank you and best regards,
Szabolcs

0
Former Member
Szabolcs Renyo

Hi Szabolcs,

sorry for late replying, thank you Szabolcs its helpful answer but I have one issue, I have Webdynpro 7.4 & patch 11.

In every whitelist SAP note they mention patch 12 for whitelist based clickjacking.

Is their any other way apart from patch 12 , we can resolve this.

If we use X- Frame Option, how helpful this option too.

Regards,

Rohit

0

Hi Rohit,

I think we should clarify what you said before. If the problem related to Patch level it shouldn't be a problem. It is not a big work to install the latest patches.

If you thought for SP level it is a bigger problem. (I suppose you wanted to write SP level based on the KBA 2170590)

In that case the only way if you perform a System upgrade to (at least) SP12. There is no other way. Btw if you decide to have an upgrade I would recommend always the latest SP with the latest patches but it should be you decision.

Best regards,
Szabolcs

0
Former Member
Szabolcs Renyo

Hi Szabolcs,

Issue is I am not able to find "tc~lm~itsam~service~clickjacking", by going through SAP note, I understand that this is not available because I have webdynpro 7.4 SP level 11 and this will be available on and after SP 12 only.

Currently we cannot update from SP 11 to SP 12 or higher level that's why I asked.

If we use X- Frame Option, how helpful this option too.

Regards,

Rohit

0
MEGHAL SHAH Apr 05 at 08:13 AM
0

Please check Note 2169722 and 2582222 .

Regards,

Meghal Shah

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Meghal Shah,

Checked the suggested SAP note # 2169722 and 2582222 but did not find the

com.sap.portal.runtime.clickjackingprotection. under Application module.

Reagrds,

Rohit

0

Hi Rohit,

I think you need to apply the patches after that It will appear. patches are mentioned in the notes.

Regards,

Meghal Shah

0