Show TOC

ICF ServicesLocate this document in the navigation structure

Use

Once you have installed the Application Server ABAP (AS ABAP) all Internet Communication Framework (ICF) services are available in an inactive state for security reasons. After the installation you have to decide which services must be activated for the applications you want to use.

Caution

Activated ICF services represent a security risk because they can be accessed directly by the HTTP protocol from the Internet. You therefore need to use suitable methods for restricting access, for example, only permitting access to the ICF service for users with the appropriate authorizations.

Since multiple services can be executed when you call a URL, all service nodes must be activated in the SICF tree. The URL path is mapped in ICF subnodes (services). For example, if you want to activate the services for URL /sap/public/icman, you have to activate the service tree default_host in transaction SICF. Then you have to activate services sap, public and icman separately.

You activate an ICF service as follows:

  1. Select the required ICF service in the ICF tree in transaction SICF.

  2. Activate the ICF service in one of the following ways:

    • Using menu option Start of the navigation path Service/Host Next navigation step Activate End of the navigation path.

    • Using the context menu and choosing Activate Service.

You can either activate only a selected service node (Yes), or the selected service node including all the subservices maintained for it in SICF (Yes with tree icon).

For SAP Gateway you need to activate the following services:

  • /sap/public/opu

    Note that /sap/public/opu/resources is needed for loading resources, such as images in the MIME repository. For example, the generic player gets a service document which contains links to images which the player should display for a Sales Order. Then the generic player downloads the image via URL from the MIME Repository; for example, http://.../sap/opu/resources/pic1.png.

  • /sap/opu/odata with its sub-nodes.

    This is the standard mode for all new applications. When creating a service a new node is created automatically.

  • /sap/opu/sdata with the following sub-nodes:

    • /sap/opu/sdata/iwcnt

    • /sap/opu/sdata/iwfnd

    • /sap/opu/sdata/sap

    This is the node used for existing applications, it is called Compatibility Mode for SP02.

If you use Web service based scenarios, that is, if content is consumed which is provided via Web services, then you also need to activate the following nodes on your target system:

  • /sap/bc/srt/xip/sap

  • /sap/bc/webdynpro/sap/saml2

  • /sap/public/bc

  • /sap/public/bc/ur

  • /sap/public/mysssocnt

Note

If the default_host node is inactive in transaction SICF, the HTTP requests could result in an ABAP runtime error RAISE_EXCEPTION with the following short text:

Exception condition "HOST_INACTIVE" triggered.

If a service is inactive in transaction SICF, an error text appears when you try to access the service.

You can also activate services from the SAP Implementation Guide (IMG). In transaction SPRO, choose Display SAP Reference IMG. The path in the Implementation Guide for SAP NetWeaver is: Start of the navigation path Application Server Next navigation step Internet Communication Framework  Next navigation step Activate HTTP Services End of the navigation path or Activate Services in Installation.

Note that the system performs a check against the authorization object S_ICF_ADM when an ICF node is created.

Standard Mode

This standard mode refers to the ICF node /sap/opu/odata. This node is available for OData Channel based applications. When creating a service a new node is created automatically.

Note

The standard mode is the default for all new applications. All new development will be done on this mode. New functions and features will be available for this mode.

The request handler for this node is /IWFND/CL_SODATA_HTTP_HANDLER.

The following list consists of the differences of the standard mode as opposed to the compatibility mode for SP02:

  • XSRF protection

    See also Cross-Site Request Forgery Protection

  • Content-Type required for Put/Post request

    An unsupported media type error is thrown if Content-Type is not set for Put/Post requests. Set parameter:

     Content-Type=application/xml

     XSRF Security Token

     Security Session Id

  • $format parameter

    $format=xml leads to an error except for service document. Do not use it for all requests except for those to get service document .

  • Null values in Put/Post Request

    Empty property elements (for example, <name/>) are not allowed anymore. Nullable needs to be set properly, and besides that, if an entry with a null string is to be created set m:null="true", for example, <name m:null="true" />.

  • Null values in the response of a Get/Put request

    Intial values for date time fields in combination with nullable properties are rendered as <...m:null="true" />.

  • Values of keys in Post request in case of server generated keys

    If the keys are generated on the server the values need to be filled in the post request anyway. m:null is not allowed.

  • Rendering of key predicates

    See http://www.odata.org/developers/protocols/overview#AbstractTypeSystemInformation published on non-SAP site.

  • Key properties

    Sending properties that are not key fields in an URI is not longer possible.

  • String parameters

    Quotation marks enclosing string parameters (for example, search string) are now required and removed.

  • Parameters for function imports

    Parametrize with literals, for example, datetime.... See also http://www.odata.org/developers/protocols/overview#AbstractTypeSystemInformation published on non-SAP site.

  • Inverted commas in URI

    Inverted commas in URI, for example, $filter=name eq 'Jame''s shop' can now be properly escaped by an inverted comma.

  • OData error response

    The OData error response has been enhanced. See http://www.odata.org/media/6655/%5Bmc-apdsu%5D%5B1%5D.htm#_Toc246716641Information published on non-SAP site.

    The code field is now either build from the leading error message of the message container or build from the text id of the exception.

    The structured inner error section is available showing Extended Passport (EPP) transaction ID. All messages of the message container and the additionally provided error details are shown in a special format (micro format).

  • Things

    The workspace for Things, element <app:workspace sap:semantics="things">, is no longer available.

  • Service maintenance

    The service maintenance transaction distinguishes between services of the Standard Mode and of the Compatibility Mode for SP02.

Compatibility Mode for SP02

This compatibility mode for SAP Gateway 2.0 SP02 refers to the ICF node /sap/opu/sdata. This node is available for existing applications which might be based either on OData Channel or Generic Channel.

Caution

This node is in maintenance mode.

The request handler for this node is /IWFND/CL_SDATA_ODATA_APP.

Alias Handling in ICF

The ICF standard function of external aliases is also available for SAP Gateway for the Standard Mode, that is, for ICF node /sap/opu/odata. Thus you can define an external alias for your service if you have registered class /IWFND/CL_SODATA_HTTP_HANDLER as handler in the Handler List for your service node.

Note

Note that external aliases are not supported for namespaces in SICF.

If the handler /IWFND/CL_SODATA_HTTP_HANDLER is not yet registered for your service node, enter the handler name on tab Handler List and activate your service. After the handler has been set, you can define the external alias.

More Information
See the SAP NetWeaver documentation about:
  • Server Function Administration
  • Client Function Administration
  • Creating and Configuring an ICF Service
  • Defining the Logon Procedure