Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
rorymurphy
Advisor
Advisor
1,650

I have been writing a series of (very occasional) blogs about configuration issues which can cause lots of headaches for portal administrators and result in many support messages reaching SAP unnecessarily, based on my experience supporting the Enterprise Portal (the blogs are tagged as 'ep-support'). These configuration issues can often be the hardest to spot, which can result in long-running messages which of course nobody wants to see.

In this blog I want to talk about the use of preview URLs to call iViews, often from custom applications. By preview URLs I mean a URL like:

http://portal.sap.com:50000/irj/servlet/prt/portal/prtmode/preview/prtroot/pcd!3aportal_content!2fte...

It's easy to get a URL like this, by simply previewing the iView from the portal content catalog - you can then copy the URL from the browser address bar. However, I don't recommend you use such URLs! I've seen several issues with this approach recently.

In one case, an exit button on a custom WebDynpro ABAP (WDA) application was working correctly when called outside the portal, but not at all when the application was called from an iView loaded in a new portal window. The WDA exit button was raising a portal navigation event which was supposed to close the window - a standard client-side interaction between the WDA framework and the portal navigation. In this case the event was never handled however. It turned out that this was due to the fact that the iView was launched via a hyperlink to a preview URL, instead of an actual navigation. Since the iView was not launched by a navigation, the navigation JavaScripts were not loaded in the new window - hence no navigation client-side listener for the above navigation event.

Another example of issues with this approach is with launching transaction iViews. As a background, a recent security change to protect agains Cross-Site Request Forgery (XSRF) attacks on the ITS side requires that session termination notifications are sent by the portal to the backend between each start of an ITS service (even if the same service is restarted by clicking on the same navigation node again in the portal) - for further details you can refer to Note 1481392 'Cross Site Request Forgery Protection for ITS'. If that doesn't happen, the ITS throws the dreaded 'A:ITS_P:019 XSRF no sec_sesstoken' error. You can refer to KBA 1697470 ''XSRF no sec_sesstoken' error for ITS-based iViews in the Enterprise Portal' for some known reasons for this error to occur, but a category of issues which can be hard to identify is caused precisely by calling the appintegrator in a non-standard way, without a navigation. I've encountered several cases where portal administrators used custom components to launch the application integrator, and either used preview URLs or direct URLs to the com.sap.portal.appintegrator.sap.Transaction component. The portal session release agent is triggered by a navigation - it listens for navigation events - but not by - for example - reloading an iFrame with an iView in preview mode as its content. So, this results in no session termination notification being sent to the ITS between application starts, and the mentioned error being returned by the ITS.

My short tip is: avoid using preview URLs or direct URLs to portal components unless you have a (very) good reason to do so. There is a lot of client-side handling triggered by navigation events, and its best not to bypass it. In general, the best way to launch an iView is to create a navigation to it, either by using the NavigationTarget syntax or the Navigation Client-Side API.