Kontakt

Ansicht
Dokumentation

WDA_WHITELIST - ACF: Create Allowlist

WDA_WHITELIST - ACF: Create Allowlist

Fill RESBD Structure from EBP Component Structure   CPI1466 during Backup  
This documentation is copyright by SAP AG.
SAP E-Book

As rendered pages are usually displayed in Web Dynpro in a Web browser that is connected to the Internet, security must be taken into account in active UI elements, such as AcfExecute and AcfUpDownload:

  • The active UI elements communicate only with authorized servers.
  • Only authorized executables with specified signatures run on the client PC when using AcfExecut.
  • Data can only be stored in authorized directories.
  • Data can only be read from authorized directories.

The authorized servers and directories are in an allowlist, that is, an administrator has stored this information locally (transaction WDR_ACF_WLIST). If requests for access to directories or communication with servers are sent using HTTP or HTTPS, the control first checks whether this is allowed at all.

The allowlist is passed, signed and decoded, automatically in each round-trip.

The administrator creates the public key required for decoding. The SAP GUI installation can distribute it to the necessary subsequent systems.

The allowlist can only be maintained in its original system. An administrator must transport it from the original system into all subsequent systems.

Prerequisite for the allowlist is the installation of SAPCRYPTOLIB.

  1. Execute the activity.
  2. Choose Change.
  3. Choose New Entries.
  4. Enter a name and short description for your new allowlist.
  5. Make the settings for your application:
  • For AcfExecute make your settings under Application.

Specify the allowed application, the application path, and any parameters.
  • ForAcfUpDownload make your settings under Download (Server → Directory) or Upload (Directory → Server)

Enter the file storage path and type, i.e. server or directory. Specify the HTTP server and port that you specified in the transaction CSADMIN to specify the directories for the upload and download.
  1. Save your entries.
  2. Go back to the initial screen.
  3. Select your allowlist and choose Install Certificate to create the certificate that you need to decode your allowlist.
Choose Download Certificate to use a certificate that is already locally on your PC for the automatic installation.
The system creates an allowlist with the name SAPFrontendService<original system name><GUID>.p12.
You can display the XML file with Display .

For directories:

  • If the path points to a file, the file is released.
  • If the path points to a directory, the directory and all its subdirectories are released (whether or not the path ends with a/ ).

The following also applies:

  • $TEMP points to System.getProperty("java.io.tmpdir").
Example: $TEMP/foo.txt allows access to C:\Documents and Settings\<user>\Local Settings\Temp\foo.txt.
  • Analogously$HOME points toSystem.getProperty("user.home").
The system allows the user access to C:\Documents and Settings\<user>.
  • You can access environment variables between dollar signs.
Example: $windir$/system32: can access all files below C:\WINDOWS\system32.

Note that for reasons of security, abbreviations such as $HOME are not supported during the Microsoft Project Integration.

You can release entire domains by beginning your settings with *..
Example: *.wdf.sap.corp: releases all servers in the domain wdf.sap.corp.

If no log is specified, HTTP:// is used automatically.

<?xml version="1.0" encoding="utf-8"?>
<frontendServices version="7.0.0.0">
  <execute>
    <extension>doc</extension>
    <extension>jpeg</extension>
    <extension>jpg</extension>
    <extension>png</extension>
    <extension>txt</extension>
    <application path="$windir$/system32/mspaint.exe">
      <parameter position="01" type="STRING">
        <legalValue>*.txt</legalValue>
      </parameter>
    </application>
    <application path="$windir$/system32/notepad.exe">
      <parameter position="01" type="STRING">
        <legalValue>*.asc</legalValue>
        <legalValue>*.txt</legalValue>
      </parameter>
      <parameter position="02" type="STRING">
        <illegalValue>&*</illegalValue>
      </parameter>
    </application>
    <application path="$ProgramFiles$/Microsoft Office/Office12/WINWORD.EXE">
      <parameter position="01" type="STRING">
        <legalValue>*.txt</legalValue>
      </parameter>
    </application>
  </execute>
  <download>
    <directory>c:\temp</directory>
    <directory>c:\temp\download</directory>
    <server>http://10.52.20.87:1090</server>
    <server>http://pwdf0652.wdf.sap.corp:1090</server>
    <server>http://pwdf2625.wdf.sap.corp:1090</server>
    <server>http://pwdf2625:1090</server>
  </download>
  <upload>
    <directory>$HOME/SAPWORKDIR</directory>
    <server>*.WDF.SAP.CORP</server>
    <directory>C:\temp</directory>
    <directory>c:\temp\upload</directory>
    <server>http://10.52.20.87:1090</server>
    <server>http://pwdf0652.wdf.sap.corp:1090</server>
    <server>http://pwdf2625.wdf.sap.corp:1090</server>
    <server>http://pwdf2625:1090</server>
  </upload>
</frontendServices>

For more information about Web Dynpro ABAP, see the SAP NetWeaver Library at Internet address help.sap.com/nw70 under SAP NetWeaver 7.0 Including Enhancement Package 2 Knowledge Center - SAP NetWeaver 7.0 Library (including Enhancement Package 2) - English.

Choose SAP Library → SAP NetWeaver Library → Schlüsselbereiche von SAP NetWeaver → Application Platform by Key Capability → ABAP Technology → UI Technology → Web UI Technology → Web Dynpro for ABAP.






TXBHW - Original Tax Base Amount in Local Currency   General Material Data  
This documentation is copyright by SAP AG.

Length: 8635 Date: 20240523 Time: 215709     sap01-206 ( 83 ms )