Skip to Content

BO4 - Tomcat security + ensuring business objects functionality

May 17 at 09:29 AM


avatar image
Former Member


We have BO4.2 SP05 on a development platform along with the bundled Tomcat (8.5.13) and use the BOE/BI, BOE/BILaunchpad and /BOE/CMC applications for webi reporting, also use IDT/UDT and some dashboards.

From security perspective we've been asked if number of interfaces available could be limited.

For instance ca see lots of services listed at http://<servername>/dswsbobje/services/listServices

What is the best way of achieving this but ensuring access to the above applications and business objects enterprise platform and above applications isn't affected adversely.

Had a look in the web.xml file in dswsbobje to see if some configurable parameters such as services.visible which could set to false but would still allow functionality but nothing obvious.


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
avatar image
Former Member May 17 at 03:03 PM

Have you tried the following :

There is a services.xml file for each Web Service.

The following examples shows you how to deactivate the BICatalog service.

1. Locate and open the services.xml file for the service. For example, in a default Windows installation, the file for the BICatalog service is located at C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\dswsbobje\WEB-INF\services\bicatalog\META-INF\

2. Add an activate property to the service tag and set the value to false. For example, if you are disabling BICatalog service, this is what your changes must look like: .

3. Restart your web application server.

For more details check out Web Services Administrator guide at

Hope this helps!

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thanks for useful link and advice.

Had initially thought about commenting out the text listing the services in

<install_folder>\tomcat\webapps\dswsbobje\axis2-web\index.jsp so couldn't click on list of available services.

Notice when set the property active to false no longer shows as available. Was wondering if it would show the list but just show status as Inactive - good that makes it invisible

One question have

With regards the list of services if set BI PLatform to false under the dswsbobje folder assume would that still allow normal functionality of the BOE/BI + BOE/CMC applications via these urls as notice BOE different webapp folder to dswsbobje. Is this the case?
Former Member

Just noticed lists the de-activated service as faulty service

Assume this is default if service de-activated.