on 05-28-2007 12:38 PM
Hi
In the Http client used to communicate with the http adapter, we enter the username and password of the user who has SAP_XI_APPL_SERV_USER role in IS? Is there a means to hide this credential info?
2.how to avoid that a HTTP sender would take the identity of another sender?
regards
krishna
Krishna,
Exactly why you have the concept of Access Control List.
Check these blogs and see if they help you problem,
/people/rahul.nawale2/blog/2006/06/16/acl--confine-users-sending-messages
/people/community.user/blog/2006/11/15/security-access-control-via-assigned-users
Regards
Bhavesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bhavesh,
That's Wonderful
Thanks for the info.
But How can I hide the credential info found in the request URL??
regards
krishna
Krishna,
The User id and passwrod has to be a part of the Http URL as this is how when the call hits the IE , it is validated against the user credentials.
As you are using the HTTP Client currently, you are able to see the Generated URL,. but in a real time you will be hiding the actual URL being generated from the End User and so this should not be an issue.
Regards
Bhavesh
hi,
use SOAP adapter to do HTTP call
this way you will not have credentials in your http string
(in SOAP adapter you can use noSOAP mode - which can
be used for http "non web service" calls)
Regards,
michal
-
<a href="/people/michal.krawczyk2/blog/2005/06/28/xipi-faq-frequently-asked-questions"><b>XI / PI FAQ - Frequently Asked Questions</b></a>
Thank you "experts" for your answers
Bhavesh,
>>>>>but in a real time you will be hiding the actual URL being generated from the End User and so this should not be an issue
how the URL will be actually hidden. Without the URL , they wont be able to communicated with XI right??
Michal,
IS there any available doc on using SOAP adapter with the "no-soap" option set?
Can you give more details on the same??
Thanks and regards
Krishna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bhavesh
Really, you have given me a very high level info:).
Application code..Where do i write it in the server side?
How will the external request from the client side be? What URL he will use to connect to the application code which will in turn trigger XI?
Did i get your suggestion right?
Can you flash a "bright light" ?
Regards
krishna
Krishna,
This can be any application. A J2Se application , a J2EE application etc.
A Application programmer would know what needs to be done.
The basic idea is that the URL is hidden from the intiator of the call.
The URL will be XI's URL as you seen in the HTTP Client but the end user need not necesarily see this URL. It is hidden in the Aplplication code.
Regards
Bhavesh
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.