on 07-17-2012 10:27 AM
Hello
We are running NW 7.3 with a single stack Java installation.
When attempting to run "complex" html code in the portal I am getting the infamous access denied screen:
403 Access denied
You do not have the permissions to access this resource
Error: -13
Version: 7200
Component: HTTP_FILTER
Date/Time: Tue Jul 17 10:15:07 2012
Module: http_auth_mt.c
Line: 603
Server: <server>
Error Tag: {00120fff}
Detail: Content filter matched: Permission denied
Since we are only running a Java stack disabling the content filter on the ICM as suggested here: http://scn.sap.com/thread/1597847 is not relevant in our case.
I am assuming that there is some sort of a content filter on the Java Web dispatcher but can't seem to locate it.
I tried disabling the icm/HTTP/mod parameter as (http://help.sap.com/saphelp_nw73/helpdata/en/48/49c7403a79350ce10000000a42189d/frameset.htm) but it didn't help.
Any idea what needs to be changed here?
Thanks
Roy
Check parameter icm/HTTP/auth_0
http://help.sap.com/saphelp_nw70/helpdata/en/16/12e34143b15f24e10000000a1550b0/content.htm
Regards, Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Juan.
I also thought about this but we don't even have this parameter set in the Java dispatcher and my assuming that if it is not there then it can't be it
Also this parameter is to protect incoming requests, we are editing content from inside the portal therefore looks like outgoing requests are being filtered.
Plus I think this parameter is to configure Web dispatcher, we are not running any web dispatcher just the plain Java dispatcher comes with the app server.
Roy
Hi Roy,
Take a look here and see if this is configured properly:
http://help.sap.com/saphelp_nw70/helpdata/en/16/12e34143b15f24e10000000a1550b0/frameset.htm
Best Regards,
Saar
Thanks Saar, I was actually about to update this thread.
This parameter was suggested by Juan (see above) and I commented that I don't see this parameter set in our ICM therefore assumed it is not blocking anything therefore not relevant.
Here's what I found out: Our basis team sent me the raw text file of the instance profile attributes and because I didn't see this property there I've made the assumption above. However, if you look at the ICM GUI through NW Administrator you see that this attribute actually exists and set to the default one.
I guess the logic is if it doesn't exist in the raw file fallback to the default.
With this in mind we decided to set an entry that disables the filter:
icm/HTTP/auth_0= PREFIX=/
and when we did it actually overridden the default and resolved the access denied problem.
Roy
Thanks Roy. I was able to access the link but I could not login as administrator. I get the
following message:
Error: | -29 |
Version: | 7200 |
Component: | HTTP_ADM |
Date/Time: | Tue Oct 16 10:16:42 2012 |
Module: | http_adm_mt.cpp |
Line: | 1657 |
Server: | xxxxxxx_02 |
Error Tag: | {-} |
Detail: | authorization required |
I shall continue to investigate.
Hi Roy,
I had to follow the following to setup the web administraction interface and create icmadm user,
http://help.sap.com/saphelp_nw73/helpdata/en/48/49c7403a79350ce10000000a42189d/frameset.htm
http://help.sap.com/saphelp_nw73/helpdata/en/48/80c48a109a1b5ae10000000a42189c/frameset.htm
I was able to login with userid icmadm.
For now I we have disabled the SAP filter to over come the problem, but we will soon adjust the filter to be able to do the work we need to do with the filter.
Thanks,
Arvind
Hi Roy,
I found you thread and it helped a lot. However you can disable the access handler using the Web Administration Interface of the ICM just like you would using the SMICM. Just use option Access Handler under HTTP Handler.
This did the trick for me.
Best regards,
Andrés Acero
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.