ICF Services

Use

Once you have installed the Application Server ABAP (AS ABAP) all
Internet Communication Framework (ICF) services are available in an
inactive state for security reasons. After the installation you have to decide
which services must be activated for the applications you want to use.

Caution
Activated ICF services represent a security risk because they can be
accessed directly by the HTTP protocol from the Internet. You therefore
need to use suitable methods for restricting access, for example, only
permitting access to the ICF service for users with the appropriate
authorizations.

Since multiple services can be executed when you call a URL, all service
nodes must be activated in the SICF tree. The URL path is mapped in ICF
subnodes (services). For example, if you want to activate the services for
URL /sap/public/icman, you have to activate the service
tree default_host in transaction SICF. Then you have to activate
services sap, public and icman separately.

You activate an ICF service as follows:

1. Select the required ICF service in the ICF tree in transaction SICF.

2. Activate the ICF service in one of the following ways:
o Using menu option   Service/Host   Activate  .
o Using the context menu and choosing Activate Service.

You can either activate only a selected service node ( Yes), or the selected
service node including all the subservices maintained for it
in SICF ( Yes with tree icon):
   

For SAP Gateway you need to activate the following services:

 /sap/public/opu
Note that /sap/public/opu/resources is needed for loading
resources, such as images in the MIME repository. For example, the
generic player gets a service document which contains links to
images which the player should display for a Sales Order. Then the
generic player downloads the image via URL from the MIME
Repository; for
example, http://.../sap/opu/resources/pic1.png.
 /sap/opu/odata with its sub-nodes.
This is the standard mode for all new applications. When creating a
service a new node is created automatically.
 /sap/opu/sdata with the following sub-nodes:
o /sap/opu/sdata/iwcnt
o /sap/opu/sdata/iwfnd
o /sap/opu/sdata/sap

This is the node used for old applications, it is called Compatibility

Mode for SP02.

  

If you use Web service based scenarios, that is, if content is consumed
which is provided via Web services, then you also need to activate the
following nodes on your target system:

 /sap/bc/srt/xip/sap
 /sap/bc/webdynpro/sap/saml2
  /sap/public/bc
 /sap/public/bc/ur
 /sap/public/mysssocnt
Note
If the default_host node is inactive in transaction SICF, the HTTP
requests could result in an ABAP runtime error RAISE_EXCEPTION with
the following short text:

Exception condition "HOST_INACTIVE" triggered.

If a service is inactive in transaction SICF, an error text appears when you

try to access the service.

You can also activate services from the SAP Implementation Guide (IMG).
In transaction SPRO, choose Display SAP Reference IMG. The path in the
Implementation Guide for SAP NetWeaver is:   Application Server   
Internet Communication Framework    Activate HTTP Services   
or Activate Services in Installation.

Note that the system performs a check against the authorization object

S_ICF_ADM when an ICF node is created.

Standard Mode

This standard mode refers to the ICF node /sap/opu/odata. This node

is available for OData Channel based applications. When creating a service
a new node is created automatically.

Note
The standard mode is the default for all new applications. All new
development will be done on this mode. New functions and features
will be available for this mode.

The request handler for this node

is /IWFND/CL_SODATA_HTTP_HANDLER.
The following list consists of the differences of the standard mode as
opposed to the compatibility mode for SP02:

 XSRF protection
See also Cross-Site Request Forgery Protection
 Content-Type required for Put/Post request
An unsupported media type error is thrown if Content-Type is not set
for Put/Post requests. Set parameter:
 Content-Type=application/xml
 XSRF Security Token
 Security Session Id
 $format parameter
$format=xml leads to an error except for service document. Do not
use it for all requests except for those to get service document .
 Null values in Put/Post Request
Empty property elements (for example, <name/>) are not allowed
anymore. Nullable needs to be set properly, and besides that, if an
entry with a null string is to be created set m:null="true", for
example, <name m:null="true" />.
 Null values in the response of a Get/Put request
Intial values for date time fields in combination with nullable
properties are rendered as <...m:null="true" />.
 Values of keys in Post request in case of server generated keys
If the keys are generated on the server the values need to be filled in
the post request anyway. m:null is not allowed.
 Rendering of key predicates
See http://www.odata.org/developers/protocols/
overview#AbstractTypeSystem .
 Key properties
Sending properties that are not key fields in an URI is not longer
possible.
 String parameters
Quotation marks enclosing string parameters (for example, search
string) are now required and removed.
 Parameters for function imports
 Parametrize with literals, for example, datetime.... See
also http://www.odata.org/developers/protocols/overview#AbstractTy
peSystem .
 Inverted commas in URI
Inverted commas in URI, for example, $filter=name eq
'Jame''s shop' can now be properly escaped by an inverted
comma.
 OData error response
The OData error response has been enhanced.
See http://www.odata.org/media/6655/%5Bmc-apdsu%5D
%5B1%5D.htm#_Toc246716641 .
The code field is now either build from the leading error message of
the message container or build from the text id of the exception.
The structured inner error section is available showing Extended
Passport (EPP) transaction ID. All messages of the message
container and the additionally provided error details are shown in a
special format (micro format).
 Things
The workspace for Things, element <app:workspace
sap:semantics="things">, is no longer available.
 Service maintenance
The service maintenance transaction distinguishes between services
of the Standard Mode and of the Compatibility Mode for SP02.
Alias Handling in ICF

The ICF standard function of external aliases is also available for

SAP Gateway for the Standard Mode, that is, for ICF
node /sap/opu/odata. Thus you can define an external alias for your
service if you have registered
class /IWFND/CL_SODATA_HTTP_HANDLER as handler in the Handler
List for your service node.

Note
Note that external aliases are not supported for namespaces in SICF.
If the handler /IWFND/CL_SODATA_HTTP_HANDLER is not yet registered
for your service node, enter the handler name on tab Handler List and
activate your service. After the handler has been set, you can define the
external alias.

More Information
 Administration of ICF server functions (authorization
assignment): Server Function Administration
 Administration of ICF client functions (creation of RFC destinations,
and so on): Client Function Administration
 ICF services: Creating and Configuring an ICF Service
 Authentication: Defining the Logon Procedure