cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

hyperlink to ABAP report in web portal

former_member498918
Participant

on ‎12-13-2004 5:21 PM

0 Kudos

Is there a way of linking to an abap report in the web portal system without using the www_get_selscreen function? R/3 version 4.0 and an ITS server is being used.

The abap reports all work from system>services>reporting in the portal, but I'd like to offer a web page which just lists a couple of reports.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

athavanraja
Active Contributor
‎12-14-2004 6:14 AM
0 Kudos

May be this weblog is useful for you.

/people/durairaj.athavanraja/blog/2004/09/23/pass-parameter-to-its-url-upadated-21st-june-2008

Regards

Raja

Show replies
Show replies
former_member498918
Participant
‎12-14-2004 11:02 AM
0 Kudos

Thank-you for your reply.

The use of http://<ITS_SERVER>:<port>/scripts/wgate/webgui/?client=<client>&login=<userid>&password=<password>&language=<language>&transaction=ks03&CSKSZ-KOSTL=425100&okcode=GRUN works well.

Do you know if there is an easy way to hide the web address so the user can't see which transaction they are logging into, or use this format to access a transaction they shouldn't be able to.

athavanraja
Active Contributor
‎12-14-2004 11:04 AM
0 Kudos

Then you need to use HTML form and have some hidden fields with the values and use them to direct to this URL.

or you can place an iframe within the page and load the page with this url. The user wont see this url.

There are many ways we can handle this within HTML form.

If you want code sample do let me know.

Regards

Raja

former_member498918
Participant
‎12-14-2004 12:47 PM
0 Kudos

Can you send me some code. Do I just need to set up hidden fields called ~transaction etc.. and then fill in the values when the user clicks the link. Do the hidden fields need to be anywhere specific in the form.

ralph_resech
Explorer
‎12-14-2004 5:35 PM
0 Kudos

Hi Karen,

from the security point of view it's not a good idea to submit user/pw via HTTP (at least HTTPS). If you use a technical user for this (means everyone uses the same user/pw) it's better to copy the webgui service to a different name and add the user/pw information to the service file. But please keep in mind that anybody can use this technical user to access your system so restrict the permissions for this user to only the reports you really need.

Regards Ralph

athavanraja
Active Contributor
‎12-15-2004 6:38 AM
0 Kudos

Hi,

As Ralph pointed out from the security point of view we should not be using the user id password in the URL at all. The example i gave you was just to show how that can be done.

With regard to calling the url inside an iframe use the below code.

<iframe name="I1" src="<your ITS report url" width="690" height="566"></iframe>

Regards

Raja

former_member185704
Contributor
‎12-15-2004 8:42 AM
0 Kudos

Hi Durairaj,

I'm afraid the only safe way to avoid passing a clear text username / password combination via the network is to work with ITS-service-files or with encryption as Ralph described above.

Whether you try to hide the URL-string-parameters through an iframe or an html form - both methods are insecure. A user just has to record the HTTP Headers the browser sends to the web server via a network sniffer or (even easier) a browser plugin (like HTTPWatch for Internet Explorer or LiveHTTPHeaders for Mozilla Browsers). There you can read username and password in clear text.

Best regards,

Henning.

athavanraja
Active Contributor
‎12-15-2004 9:49 AM
0 Kudos

Hi Henning,

My iframe sample is not to hide userid / password , i understand the security concerns and people can get this info in so many ways. The original thread poster wanted to know how he can hide the transaction code from being displayed in the URL. Again this is not a foolproof method.

Regards

Raja

former_member185704
Contributor
‎12-15-2004 11:09 AM
0 Kudos

Hi Durairaj, hi Karen,

Well, if the transaction code is static and the username and password are static (meaning: technical user) it shouldn't be a lot of work to create an ITS-service-file that contains transaction, username and password hardcoded (and is also configured to prevent the user from changing the transaction within webgui).

It prevents malicious users from getting to know the content of these parameters (because they aren't submitted anywhere and therefor you don't have to hide them) and through that you can also avoid to be able to change the transaction code (the service should be configured to prevent the user from changing the transaction within webgui).

Then you would be on the safe side and you could also use an iframe to make the url calling the ITS service invisible too.

OK: If there are three transactions needed there would be the need for three service files. But if it is a limited number of transactions this shouldn't be a lot of work.

Karen, please contribute to this discussion and tell us if we are still helping you to solve your problem. ;o)

Best regards,

Henning.

former_member498918
Participant
‎12-15-2004 3:41 PM
0 Kudos

It was the transaction code that I wanted to hide.

I have written a javascript that uses window.open() to create a link dynamically when the uses clicks the hyperlink for the relevant transaction. By setting the address bar to not be visible this has solved the problem. The users never see the full URL.

Thanks for your help

Karen

athavanraja
Active Contributor
‎12-16-2004 7:31 AM
0 Kudos

Hi Karen,

If your question is answered, can you mark this thread as answered.

You may also want to look at this weblog.

/people/mark.finnern/blog/2004/08/10/spread-the-love

Regards

Raja

Ask a Question