Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP POST to Google API results in unwanted user id/password pop-up

0 Kudos

Hello all,

I am attempting to do an HTTP Post from SAP using ABAP.

The exact same POST works fine from outside of SAP (e.g. using POSTMan).

In SAP, we get an unwanted Pop-Up Window which asks us for user id and password:

No matter what user Id and Password I enter I get an HTTP error 401 (Unauthorized).

I know I can disable this pop-up using the following code:

http_client->propertytype_logon_popup = http_client->co_disabled.

...however, we still get an HTTP error 401 (Unauthorized) if we disable the pop-up.

Question:

What is this Pop-Up really asking for?

I tried entering my SAP user id and Password and that did not work.

I tried entering the Google user id and password and that did not work either.

In fact we are supplying all of the authentication information in the HTTP POST so I should get no Pop-Up asking for user id and password.

Here is my code (I have made the Google Access Key and Access Token junk data for security reasons....) :


PROGRAM ZISUT_GOOGLE_HTTP_POST

         LINE-SIZE 500             " Page width

         LINE-COUNT 65             " Page height

         NO STANDARD PAGE HEADING

         MESSAGE-ID ZR.

************************************************************************

* Program: ZISUT_GOOGLE_HTTP_POST                                *

* Author : Chris Twirbutt                                              *

*                                                                      *

* Type   : Online                                                      *

* Purpose: HTTP POST from SAP to Google API to insert record into      *

*          Google's Fusion tables.                                     *

************************************************************************

* Change history                                                       *

*----------------------------------------------------------------------*

*UserID    |Date      |Change request & Reason for change              *

*----------|----------|------------------------------------------------*

*TWIRBUTTC |09/10/2013|DPWK913900 - SP332- Created program             *

*          |          |                                                *

*----------|----------|------------------------------------------------*

************************************************************************

************************************************************************

* Objects/Classes/Interfaces, etc:

DATA: http_client TYPE REF TO if_http_client .

************************************************************************

* Structures:

DATA: W_HTTP_ERROR_DESCR      TYPE STRING,

       W_HTTP_ERROR_DESCR_LONG TYPE XSTRING.

DATA: W_HTTP_RETURN_CODE  TYPE I.

************************************************************************

* Variables:

DATA: W_URL             TYPE string,

       W_XML_RESULT_STR  TYPE string.

DATA: L_XML_RESULT_XSTR TYPE XSTRING.

************************************************************************

* Selection Screen:

SELECTION-SCREEN BEGIN OF BLOCK MAIN WITH FRAME TITLE TEXT-S01.

   PARAMETERS: P_URL LIKE W_URL OBLIGATORY lower case.

SELECTION-SCREEN END   OF BLOCK MAIN.

INITIALIZATION.

   CONCATENATE 'https://www.googleapis.com/fusiontables/v1/query?'                                                            " GOOGLE API URL

               'sql=INSERT%20INTO%201CqwRGEEn4L0gN66JwGvCR5yOI8miNMVijcp4XlE%20(Name,%20Age)%20VALUES%20(\''Fred\'',%2034)'   " GOOGLE API SQL INSERT STATEMENT

* Note: Content Length = 0 since we are not putting anything in the Body of the HTTP Post,

*       we are putting it all in the URL:

               '&Content-length:=0'                                                                                           " HTTP POST CONTENT LENGTH (BODY)

               '&Content-type:=application/json'                                                                              " HTTP POST CONTENT TYPE

               '&key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'                                                                 " GOOGLE API ACCESS KEY

               '&access_token=ya29.XXXXXXXXXXXXXXXXXXXXXXXXXX'                                           " GOOGLE API ACCESS TOKEN

          INTO P_URL.

************************************************************************

* Main Program Logic/Flow:

START-OF-SELECTION .

* Create the HTTP client using the Google API URL:

   CALL METHOD cl_http_client=>create_by_url

     EXPORTING

       url                = P_URL

     IMPORTING

       client             = http_client

     EXCEPTIONS

       argument_not_found = 1

       plugin_not_active  = 2

       internal_error     = 3

       OTHERS             = 4.

*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Set up the HTTP Post to Google's API URL:

   CALL METHOD http_client->request->set_method

     EXPORTING

       method = 'POST'.

   CALL METHOD http_client->request->set_version

     EXPORTING

*     version = '1001'.

       version = if_http_request=>co_protocol_version_1_1.   " 1001

   http_client->request->set_header_field(

     name = 'Host'

     value = 'www.googleapis.com'

     ).

* Send the HTTP Post to the URL / Google's API:

   CALL METHOD http_client->send

     EXPORTING

       timeout                    = 15   " 15 Seconds

     EXCEPTIONS

       http_communication_failure = 1

       http_invalid_state         = 2.

*  We are getting an SAP POP-UP for User Id and Password. WHY ?????

* If I disable the pop-up we get an HTTP error (401 /Unauthorized).

*  http_client->propertytype_logon_popup = http_client->co_disabled.    "  POPUP for user id and pwd

*Read the Response from Google:

   CALL METHOD http_client->receive

     EXCEPTIONS

       http_communication_failure = 1

       http_invalid_state         = 2

       http_processing_failed     = 3.

* Get the HTTP return code from the HTTP POST:

   http_client->response->get_status( IMPORTING code   = W_HTTP_RETURN_CODE ).

   http_client->response->get_status( IMPORTING reason = W_HTTP_ERROR_DESCR ).

* http_client->response->GET_RAW_MESSAGE( IMPORTING data = W_HTTP_ERROR_DESCR_LONG ).

   W_HTTP_ERROR_DESCR_LONG = http_client->response->GET_RAW_MESSAGE( ).

* Write the HTTP Return Code / Description to the screen:

   WRITE:/ 'HTTP return Code/Description:'W_HTTP_RETURN_CODE no-gap, '/' no-gap, W_HTTP_ERROR_DESCR.

   skip 1.

* Refresh the Request after each POST:

   CALL METHOD http_client->refresh_request(

     EXCEPTIONS

       http_action_failed = 1

       others             = 2 ).

*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Write the data received back from the POST to the screen:

   CLEAR W_XML_RESULT_STR.

   W_XML_RESULT_STR = http_client->response->get_cdata( ).

   sy-tmaxl = strlen( W_XML_RESULT_STR ).

   FIELD-SYMBOLS: <FS>.

   ASSIGN W_XML_RESULT_STR TO <FS>.

   WRITE:/ <FS>(SY-TMAXL).

*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Check if we got back an HTTP Error:

   IF W_HTTP_RETURN_CODE EQ 200. " ok

* Close the HTTP connection:

     http_client->close( ).

   ELSE.

     MESSAGE S005(ZR) WITH 'Error: Return code = ' W_HTTP_RETURN_CODE.

   ENDIF.

END-OF-SELECTION.


1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Chris,

as part of the standard (e.g. bit older) HTTP protocol for a basic authentication, there is ability to include a username:password (key:value pair) as part of the HTTP URL, such as this example:

      https://username:password@www.example.com

There's a fuller explanation here at this link

http://en.wikipedia.org/wiki/Basic_access_authentication

So SAP is merely defaulting in a way to facilitate the HTTP basic authentication as part of their implementation of the HTTP transport stack protocol...some further reading on the SAP help portal for this part of the HTTP request is

http://help.sap.com/saphelp_nw70/helpdata/en/25/dda73e5b7a424de10000000a114084/frameset.htm

For the Google API's the attribute PROPERTYTYPE_LOGON_POPUP should probably be set to CO_DISABLED because Google is using OAuth2 for authentication.

…so in my opinion again: disable the pop up.

Note the you can further prove all this by examining the SCICM traces (turn on level 3), and you will be able to see the "authorization: Basic" with an encrypted parameter values built out as part of the HTTP when the logon pop-up is filled out.

6 REPLIES 6

Sougata
Active Contributor
0 Kudos

Chris,

Can you give this a go after you

CALL METHOD cl_http_client=>create_by_url and before you

CALL METHOD http_client->send

  me->http_client->propertytype_logon_popup = me->http_client->co_disabled.

    data:

     lv_uname      type string,

     lv_password type string.

    lv_uname       = |your_username|.

    lv_password  = |your_password|.

    call method me->http_client->authenticate

      exporting

        username   = lv_uname

        password    = lv_password.

Regards,

Sougata.

0 Kudos

Sougata,

Thank you for the reply but you did not understand my question.

I know how to pass a user id and password.

The problem is I do not have any user id and password...

I am already passing my authorization requirements in the HTTP POST to Google.

My question is: WHAT USER AND PASSWORD IS REQUIRED by the SAP Pop-Up window???

I tried my SAP user/pwd, I tried Google user/pwd... Nothing works....

You simply showed me how to pass the user id and pwd programmatically which I already know how to do...

Former Member
0 Kudos

Hi Chris,

as part of the standard (e.g. bit older) HTTP protocol for a basic authentication, there is ability to include a username:password (key:value pair) as part of the HTTP URL, such as this example:

      https://username:password@www.example.com

There's a fuller explanation here at this link

http://en.wikipedia.org/wiki/Basic_access_authentication

So SAP is merely defaulting in a way to facilitate the HTTP basic authentication as part of their implementation of the HTTP transport stack protocol...some further reading on the SAP help portal for this part of the HTTP request is

http://help.sap.com/saphelp_nw70/helpdata/en/25/dda73e5b7a424de10000000a114084/frameset.htm

For the Google API's the attribute PROPERTYTYPE_LOGON_POPUP should probably be set to CO_DISABLED because Google is using OAuth2 for authentication.

…so in my opinion again: disable the pop up.

Note the you can further prove all this by examining the SCICM traces (turn on level 3), and you will be able to see the "authorization: Basic" with an encrypted parameter values built out as part of the HTTP when the logon pop-up is filled out.

0 Kudos

EXCELLENT ANSWER THANK YOU FORREST !!!!!!!!!!!!!!!!!!

0 Kudos

Final comment/update:

Since the user name and password was not required, I simply disabled the Pop-Up (see comments above how to do that).

The remaining issues I had were simply syntax issues with my POST.

Thanks to as GREAT SAP sample program ("RSICFCLTST01"), I was able to test the POST using various different syntaxes by trial and error until I got it working (much easier than programming from scratch and checking the SMICM trace logs each time!...) ....

Thanks everyone for your input I hope I have provided someone else with a nugget of information in this nebulous domain ! 

former_member660488
Participant
0 Kudos

How can I solve this problem? I have encountered problems similar to yours