on 01-30-2013 3:14 AM
I’m having an issue with a Web Dynpro application (hress_a_cats_1) exposed to the internet via the web dispatcher. We want to expose all of our SAP systems (ECC, SRM, Portal, PI) with one Proxy hostname – businesssystems.sap.ourcompany.com via https.
Therefore, we have configured a single web that sits in front of multiple systems and use URL Prefixes to control which SAP system the request gets forwarded to.
This link describes how we have setup our web dispatcher.
http://help.sap.com/saphelp_nw73/helpdata/en/c5/ec466f5544409982c7d3ca29ce1ad3/content.htm
wdisp/system_1 = SID=ECC, MSHOST=sapecc.int.ourcompany.com, MSPORT=8100, SRCURL=/ecc/
wdisp/system_2 = SID=TSD, MSHOST=sapsrm.int.ourcompany.com, MSPORT=8080, SRCURL=/srm/
wdisp/system_3 = SID=TPD, MSHOST=sapportal.int.ourcompany.com, MSPORT=8080, SRCURL=/irj/, SRCSRV=*:1090
So different URL paths control which system the client ends up in.
Portal
https://businesssystems.sap.ourcompany.com/irj/portal/QuickLink=App1
SRM
https://businesssystems.sap.ourcompany.com/SRM/srm_approval
ECC
https://businesssystems.sap.ourcompany.com/ECC/zbsp_application
We also setup a node in SICF in each system. So in ECC we created an ECC node. Underneath the ECC node we setup “references
to existing services”. So for the ECC application SICF has a node: ECCàzbsp_application that points to the real application at /default_host/sap/bc/bsp/sap/zbsp_application.
This setup allows us to only expose the specific applications to the internet that we want by controlling what we expose via SICF.
Everything is working great for our custom BSP applications, however the timesheet Web Dynpro application doesn’t work.
I’ve setup an SICF entry for the timesheet application underneath the ECC node that points to /default_host/sap/bc/webdynpro/sap/hress_a_cats_1
However, when we use the web dispatcher URL the web dynpro doesn’t display properly.
https://businesssystems.sap.ourcompany.com/ECC/hress_a_cats_1?sap-wd-configId=HRESS_AC_CATS_1
I’ve traced the requests and the Web Dynpro sends subsequent request to:
https://businesssystems.sap.ourcompany.com/sap/public/bc/ur/nw7/js/lightspeed.js?8650096598B0
https://businesssystems.sap.ourcompany.com/sap/public/bc/ur/nw7/js/domainrelax.js?8650096598B0
These don’t get forwarded by the web dispatcher because they don’t have the ECC prefix on the path.
I don’t want to expose our entire ECC WAS to the internet. I want the web dispatcher to reject any requests that don’t have the ECC prefix and I want SICF to reject any requests that get forwarded from the web dispatcher but don’t have a specific reference setup underneath the ECC node in SICF.
Is there any way to add our ECC prefix to the URL’s that get generated via the Web Dynpro application? I’ve tried to setup a record in the HTTPURLLOC
table that uses the host name of businesssystems.sap.ourcompany.com/ecc/, but I don't know if I have this setup correctly.
Is there better way to accomplish what I’m trying to do?
Thanks,
Jeff
You do not need to use URL prefixes in your multiple system setup, use modification rules instead. Then setup a generic URL filter on the Web Dispatcher to allow only the services you want to expose to the external network. This way you can get rid of the unneeded ICF complexity in the backend systems. See the attached links for details.
http://help.sap.com/saphelp_nw73/helpdata/en/c5/ec466f5544409982c7d3ca29ce1ad3/frameset.htm
http://help.sap.com/saphelp_nw73/helpdata/en/48/9ac19148c673e8e10000000a42189b/frameset.htm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the reponse Samuli. So in the suggested method, each system would have a different port assigned to it that the web dispatcher would know to forward those requests appropriately.
However, each application I want to expose via the Web Dispatcher then has to have specific filter setup in the Web Dispatcher.
I was thinking of using SICF to control which applications are exposed as the developers don't have access to the Web Dispatcher configuration, but your solution would work.
Thanks,
Jeff
You can either use ports, IP addresses or hostnames to route the requests to the right backend system. I'm not sure I understand your requirement regarding the URL Filter but yes you can either setup a URL Filter for all systems (list all the allowed ICF services, disallow everything else) or not use one at all meaning allow everything. In the latter case you can control by activation of ICF services which applications can be used. I do not recommend the latter approach if your systems are externally accessible.
User | Count |
---|---|
81 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.