cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

403 Access denied in Component HTTP_FILTER

Go to solution
Former Member

on ‎07-17-2012 10:27 AM

0 Kudos

Hello

We are running NW 7.3 with a single stack Java installation.

When attempting to run "complex" html code in the portal I am getting the infamous access denied screen:

403 Access denied

You do not have the permissions to access this resource

Error: -13

Version: 7200

Component: HTTP_FILTER

Date/Time: Tue Jul 17 10:15:07 2012 

Module: http_auth_mt.c

Line: 603

Server: <server>

Error Tag: {00120fff}

Detail: Content filter matched: Permission denied

Since we are only running a Java stack disabling the content filter on the ICM as suggested here: http://scn.sap.com/thread/1597847 is not relevant in our case.

I am assuming that there is some sort of a content filter on the Java Web dispatcher but can't seem to locate it.

I tried disabling the icm/HTTP/mod parameter as (http://help.sap.com/saphelp_nw73/helpdata/en/48/49c7403a79350ce10000000a42189d/frameset.htm) but it didn't help.

Any idea what needs to be changed here?

Thanks

Roy

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JPReyes
Active Contributor
‎07-17-2012 10:41 AM
0 Kudos

Check parameter icm/HTTP/auth_0

http://help.sap.com/saphelp_nw70/helpdata/en/16/12e34143b15f24e10000000a1550b0/content.htm

Regards, Juan

Show replies
Show replies
Former Member
‎07-17-2012 10:47 AM
0 Kudos

Thanks Juan.

I also thought about this but we don't even have this parameter set in the Java dispatcher and my assuming that if it is not there then it can't be it

Also this parameter is to protect incoming requests, we are editing content from inside the portal therefore looks like outgoing requests are being filtered.

Plus I think this parameter is to configure Web dispatcher, we are not running any web dispatcher just the plain Java dispatcher comes with the app server.

Roy

JPReyes
Active Contributor
‎07-17-2012 11:00 AM
0 Kudos

My next guess if that your portal and this particular code must be trying to read a backend system. Maybe you should be looking at the ICM settings of the backend.

Regards, Juan

Former Member
‎07-17-2012 11:24 AM
0 Kudos

It is not happening when trying to read backend data as the code doesn't read any backend data, just doing javascript manipulations on the HTML.

Former Member
‎07-17-2012 12:13 PM
0 Kudos

I am getting the problem on this simple script:

<script language="javascript" type="text/javascript">

function testFunction()

{

     alert('test');

}

</script>

<h1>Heading</h1>

<p>... some text ...</p>

saar_dagan
Employee
Employee
‎07-18-2012 8:20 AM
0 Kudos

Hi Roy,

Take a look here and see if this is configured properly:

http://help.sap.com/saphelp_nw70/helpdata/en/16/12e34143b15f24e10000000a1550b0/frameset.htm

Best Regards,

Saar

Former Member
‎07-18-2012 8:31 AM
0 Kudos

Thanks Saar, I was actually about to update this thread.

This parameter was suggested by Juan (see above) and I commented that I don't see this parameter set in our ICM therefore assumed it is not blocking anything therefore not relevant.

Here's what I found out: Our basis team sent me the raw text file of the instance profile attributes and because I didn't see this property there I've made the assumption above. However, if you look at the ICM GUI through NW Administrator you see that this attribute actually exists and set to the default one.

I guess the logic is if it doesn't exist in the raw file fallback to the default.

With this in mind we decided to set an entry that disables the filter:

icm/HTTP/auth_0= PREFIX=/

and when we did it actually overridden the default and resolved the access denied problem.

Roy

Former Member
‎10-16-2012 1:52 PM
0 Kudos

Hello Roy,

    We are also running NW 7.3 with a single stack Java installation and I am get the same error when

I try to edit and save a KM document.  Where in the NWA can we access the ICM GUI?

Any help or pointers greatly appreciated.

Thanks,

Arvind

Former Member
‎10-16-2012 2:05 PM
0 Kudos

Availability and Performance -> System Overview -> Click on ICM -> Administrate ICM

Former Member
‎10-16-2012 3:22 PM
0 Kudos

Thanks Roy.  I was able to access the link but I could not login as administrator.  I get the

following message:

401 Authorization required

 

Error:-29
Version:7200
Component:HTTP_ADM
Date/Time:Tue Oct 16 10:16:42 2012
Module:http_adm_mt.cpp
Line:1657
Server:xxxxxxx_02
Error Tag:{-}
Detail:authorization required

I shall continue to investigate.

Former Member
‎10-17-2012 9:23 PM
0 Kudos

Hi Roy,

   

I had to follow the following to setup the web administraction interface and create icmadm user, 

http://help.sap.com/saphelp_nw73/helpdata/en/48/49c7403a79350ce10000000a42189d/frameset.htm

http://help.sap.com/saphelp_nw73/helpdata/en/48/80c48a109a1b5ae10000000a42189c/frameset.htm

I was able to login with userid icmadm.

For now I we have disabled the SAP filter to over come the problem, but we will soon adjust the filter to be able to do the work we need to do with the filter.

Thanks,

Arvind

Answers (1)

Answers (1)

Former Member
‎07-30-2012 10:55 PM
0 Kudos

Hi Roy,

I found you thread and it helped a lot. However you can disable the access handler using the Web Administration Interface of the ICM just like you would using the SMICM. Just use option Access Handler under HTTP Handler.

This did the trick for me.

Best regards,

Andrés Acero

Show replies
Show replies
Former Member
‎07-30-2012 11:06 PM
0 Kudos

Thanks for the tip!

Ask a Question