cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP => PI => Proxy synchronous scenario with DTD: Disable DTD check?

Go to solution
JaySchwendemann
Active Contributor

on ‎10-17-2014 3:46 PM

0 Kudos

Hi all,

I'm on PI 7.4 AEX and I have a synchronous scenario Sender (SOAP) => PI => ERP (Proxy) where the sender sends an XML containing a DTD like so



<?xml version="1.0" encoding="ISO-8859-1" ?>


<!DOCTYPE PreisBestandsanfrage SYSTEM "http://www.shkbranchenportal.de/shop/dtd/PreisBestandsanfrage.dtd">


<PreisBestandsanfrage>


    <Message id="123" sender="123456" receiver="123" passwd="12345" />


    <Artikeldaten>


        <kndnr>12345</kndnr>


        <artnr>2008066</artnr>


        <menge>70</menge>


        <mengeneinheit>PCE</mengeneinheit>


    </Artikeldaten>


    <Artikeldaten>


        <kndnr>12345</kndnr>


        <artnr>2008055</artnr>


        <menge>10</menge>


        <mengeneinheit>PCE</mengeneinheit>


    </Artikeldaten>


</PreisBestandsanfrage>

I could successully remove the doctype either via Java or via XSL mapping (currently using XSL) but getting the following error in communication channel monitoring when testing the scenario



SOAP: Call failed: com.sap.aii.adapter.xi.routing.RoutingException: Cannot parse message payload to determine operation for receiver determinationjava.net.UnknownHostException: www.shkbranchenportal.de

I suppose PI is trying to get to shkbranchenportal.de in order to verify the incoming XML angainst the purported DTD.

Now I got this resolved by specifying a DNS server at UNIX (OS) level but then SAP PI wants to directly call shkbranchenportal.de host, bypassing the proxy. This is not wanted. We need to have PI use our proxy server for all outgoing traffic. We cannot force the sender to not send the DTD within the XML.

My questions about this situation:

  1. Is there any way to tell PI to use our proxy server for accessing the internet on that operation.
    Please be aware that this is a sender SOAP channel and I cannot specify a proxy there (at least not without any module parameters I do not know about).
  2. If we cannot force PI to use our proxy server for that, is there a way to disable the DTD check (for this scenario or globally)

Many thanks

Cheers

Jens

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JaySchwendemann
Active Contributor
‎03-12-2015 10:29 PM
0 Kudos

Haven't found any indication that such mentioned global (to whole NW) parameter for setting the HTTP proxy exists.

IPTable didn't work also, according to our Basis.

As SAP neither does support disabling DTD checking nor setting of a system wide proxy, we opted for opening outgoing port for shk domain directly from PI. Not really a great solution but works.

Other alternative would probably? be using Java mapping. But I didn't try that, so YMMV

Cheers

Jens

Show replies
Show replies

Answers (2)

Answers (2)

iaki_vila
Active Contributor
‎03-12-2015 11:07 PM
0 Kudos

Hi Jens,

Thank you for your feedback in this and your other last posts, there are not normal issues and we can learn considerably with your experience. It's the first time that i've heard the sender DTD check in PI. I haven't check it, but have you seen if the Sender SOAP Axis has any proxy characteristic?. Another alternative is like you said to do a java mapping or to deploy a servlet in you PI to take first the message, but it seems to be a bit complicated and difficult to maintain. I remember one servlet that did in my first years with XI 3.0 (with different purpose that your problem) , and it was a really headache   .

Regards.

Show replies
Show replies
JaySchwendemann
Active Contributor
‎03-18-2015 9:01 AM
0 Kudos

Thanks for pointing out posibiltiy for Axis adapter. That gave me the idea to check whether HTTP Sender Adapter does behave the same way ordinary SOAP Sender does. (because we don't actually use soap envelope anyways).

Will try and report back here (mental nod to to Forgetful Jones - Muppet Wiki)

Cheers

Jens

JaySchwendemann
Active Contributor
‎07-28-2015 10:43 AM
0 Kudos

Hi Iñaki

I just stumbled upon this response of yours to another thread . This might be a solution to my problem which is still only fixed in a workaround fashion by opening the firewall to allow PI system to directly communicate with the very host shkbranchenportal.de.

So coming back to the possible solution: When using the following parameter...



namespace1.Plain2XMLService.class = com.sap.aii.af.sdk.xi.adapter.XSLTConversion


namespace1.XSLTService.XSLTConversion.XSLTFileName = Data/DemoConversion.xsl

... where exactly has the xsl file to go? Is it the same directory path (relative to) like we can specify for example the file sender (NFS) adapter?

So thanks for pointing that out, will try to implement and share the results here

Cheers

Jens

iaki_vila
Active Contributor
‎07-28-2015 11:19 AM
0 Kudos

Hi Jens,

I don't see clearly that the XSLT mapping at adapter level could help you in your scenario. Is the DTD schema always the same?, anyways how are you going to avoid the PI will try to connect externally?

AFAIK you have to set the full path and i don't know if you will can do parametrizable that parameter, i mean you have to set it as constant.

Regards.

JaySchwendemann
Active Contributor
‎07-28-2015 12:01 PM
0 Kudos

Yeah, I'm not sure if this will work, either. I'm particularly unsure about where that DTD check happens within message flow.

My guts feeling is that it is checked before regular mapping, because my already in place XSL in message mapping which kills the DTD line does not do the trick. It removes  the DTD but the check already happens before that.

So if the transformation on Adapter Level would happen before the DTD check I'll be fine.

The DTD is always the same for all Messages of that specific Interface, BTW.

Thanks for your Input about the path of the XSL, will check and Report back here.

Cheers

Jens

kirill_smirnov
Explorer
‎10-17-2014 5:11 PM
0 Kudos

Hello Jens,

Most probably you would need to configure something like iptables on the UNIX side to explicitly redirect all traffic/requests to http://www.shkbranchenportal.de to go through the proxy to achieve the 1st option.

Regarding the second one - all that comes to my mind is to use an adapter module (something similar to an XML Anonymizer Bean) to clean up the undesired line.

Hope that helps.


BR,
KS

Show replies
Show replies
JaySchwendemann
Active Contributor
‎10-20-2014 6:53 PM
0 Kudos

Hi Kirill,

About 1.)

thanks for the valuable input about iptables. I will check with Basis if this is feasible.

About 2.)

I already dismiss DTD using XSLT but seems like Adapter Engine does this DTD check even before executing the mapping. Bummer. Not sure when adapter modules come into play, though. May be worth a try but I think there ought to be a more generic way to handle this 🙂

@All: Please let me know if you have any other suggestions.

Many thanks.

Jens

JaySchwendemann
Active Contributor
‎11-13-2014 11:05 AM
0 Kudos

Just a short update on this: Opened a call at SAP and got back the answer that there is no option to disable this check neither is there an option to specify a HTTP proxy for the SOAP sender channel.

I heard rumor that there ought to be a global (global to NW AS Java) setting to specify a HTTP proxy. But that would open the door for every arbitrary java snippet to send stuff to the internet, definitely a situation that is not wanted.

==> I'm still checking with networks / OS guys whether iptables would be an option. Maybe some of you guys can give me a hint where to set the system wide proxy or if there's maybe some adapter module to disable DTD check or specify a proxy after all.

Many thanks

Jens

Ask a Question