cancel
Showing results for 
Search instead for 
Did you mean: 

ITS security issue when download, execute program warning

Emre_tr
Active Participant
0 Kudos
506

Hi,

We have a problem when use download to excel functionality in ALV screen via ITS webgui screen. After downloading a warning popup appears and says not allowed to execute and to configure WEBCONFIG.CFG

I have searched in scn and sap note found limited information to solve. Try something but no success to solve. Also i have found sap note 1555523 but it's not clear to solve and solution in client side is not a best solution i think.

Our sap version 740  Sp-level 0004

Can any one able to help?

Best regards

View Entire Topic
Emre_tr
Active Participant
0 Kudos

Hi Oisin,

I have traced error and result is below. But i have no success to access WEBGUI.CFG file it's not working, ITS is not check this file. I am not sure about path is correct.

C:\Users\emre\AppData\WEBGUI_CFG_DIR\WEBGUI.CFG

Error Log;

security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://aaaaaa.com:8000/sap/public/icmandir/its/lsgui/applets/ws.jar

security: Validate the certificate chain using CertPath API

security: Grant socket perm for http://aaa.com:8000/sap/public/icmandir/its/lsgui/applets/ws.jar : java.security.Permissions@111b47a (

("java.net.SocketPermission" "aaa.com" "connect,accept,resolve")

)

security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://aaa.com:8000/sap/public/icmandir/its/lsgui/applets/ws.jar

security: Validate the certificate chain using CertPath API

basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms

security: Missing Application-Library-Allowable-Codebase manifest attribute for: http://aaa.com:8000/sap/public/icmandir/its/lsgui/applets/ws.jar

security: Validate the certificate chain using CertPath API

ruleset: Non-jnlp rule id:

        title: SAPGUI For HTML Applet

        location: http://aaa.com:8000/sap(cz1TSUQlM2FBTk9OJTNhdGl0YW55dW1fQ1JEXzAwJTNhN3VFdWJkMUtJd29YME9kejJwMXFvNEdq...?

        jar location: http://aaa.com:8000/sap/public/icmandir/its/lsgui/applets/

        jar version: null

        isArtifact: true

ruleset: finding Deployment Rule Set for

        title: SAPGUI For HTML Applet

        location: http://aaa.com:8000/sap(cz1TSUQlM2FBTk9OJTNhdGl0YW55dW1fQ1JEXzAwJTNhN3VFdWJkMUtJd29YME9kejJwMXFvNEdq...?

        jar location: http://aaa.com:8000/sap/public/icmandir/its/lsgui/applets/

        jar version: null

        isArtifact: true

ruleset: RuleId compare: (http, evypid01.evyap.com.tr, -1, ) to url: http://aaa.com:8000/sap(cz1TSUQlM2FBTk9OJTNhdGl0YW55dW1fQ1JEXzAwJTNhN3VFdWJkMUtJd29YME9kejJwMXFvNEdq...?

ruleset: RuleId compare: (http, plutonyum.carrefoursa.com, -1, ) to url: http://aaa.com:8000/sap(cz1TSUQlM2FBTk9OJTNhdGl0YW55dW1fQ1JEXzAwJTNhN3VFdWJkMUtJd29YME9kejJwMXFvNEdq...?

ruleset: no rule applies, returning Default Rule

security: SSV validation:

    running: 1.7.0_71

    requested: 1.6.0.31

    range: null

    javaVersionParam: null

    Rule Set version: null

network: Created version ID: 1.7.0.71

network: Created version ID: 1.6.0.31

preloader: Delivering: AppletInitEvent[type=CallConstructor]

preloader: Enqueue: com.sun.javaws.progress.PreloaderDelegate$4@93f0c6

preloader: Start progressCheck thread

basic: Applet loaded.

basic: Applet resized and added to parent container

preloader: Delivering: AppletInitEvent[type=CallInit]

preloader: Enqueue: com.sun.javaws.progress.PreloaderDelegate$4@893f08

ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 409950 us, pluginInit dt 17653813 us, TotalTime: 18063763 us

basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 409950 us, pluginInit dt 17653813 us, TotalTime: 18063763 us

basic: Applet initialized

basic: Starting applet

basic: completed perf rollup

preloader: Delivering: AppletInitEvent[type=CallStart]

preloader: Enqueue: com.sun.javaws.progress.PreloaderDelegate$4@10f305b

ui: Pushing modality for applet ID 4 with dialog com.sap.webgui.ws.InfoDialog[dialog0,200,200,498x190,invalid,layout=java.awt.BorderLayout,APPLICATION_MODAL,title=Güvenlik uyarısı]

basic: Applet made visible

basic: Applet started

basic: Told clients applet is started

preloader: Stop progressCheck thread queue.size()=0

former_member194364
Active Contributor
0 Kudos

Hello Emre,

I do not see any issue with the path

C:\Users\emre\AppData\WEBGUI_CFG_DIR\WEBGUI.CFG

could you pleasereview the note

1920875 - ITS Up/Down: different problems in java plugin because of

new security restrictions.

See also note

2137739 - ITS Up/Down: use of TLS 1.2 with java 8 patch 25 and above

Regards,

Oisin

cris_hansen
Advisor
Advisor
0 Kudos

Hello Emre,

Please open a command line interface (command prompt) and execute:

set | findstr APPDATA

You need to create the WEBGUI_CFG_DIR inside %APPDATA% directory, as mentioned in SAP note 1555523:

"...

All white lists or black lists have to be included into a configuration file named "WEBGUI.CFG", which lays in the configuration directory:

    • windows: "APPDATA" environment variable + pathseperator + "WEBGUI_CFG_DIR"

..."

In my case, %APPDATA% is: C:\Users\<my user ID>\AppData\Roaming

For testing purposes, I wrote insice WEBGUI.CFG:

trace=3

then the java console brought me the following information:

"...

content of config file:

trace=3

ChangeConfigFile: false

...

ConfigDir: C:\Users\<my user ID>\AppData\Roaming\WEBGUI_CFG_DIR\

KeysFile: C:\Users\<my user ID>\AppData\Roaming\WEBGUI_CFG_DIR\AUTHORIZED_KEYS

ExeCookieFile: C:\Users\<my user ID>\execookie.txt

FileDialogFile: C:\Users\<my user ID>\AppData\Roaming\WEBGUI_CFG_DIR\WS_Util.CFG

WebguiConfigFile: C:\Users\<my user ID>\AppData\Roaming\WEBGUI_CFG_DIR\WEBGUI.CFG

SapWorkDir: C:\Users\<my user ID>\SapWorkDir\

TempDir: C:\Users\<my user ID>\AppData\Local\Temp\

..."

Let me know whether the directory is the correct one.

Thanks and kind regards,

Cris

Emre_tr
Active Participant
0 Kudos

Hello Cristiano,

Thanks for valuable response. I have put my config file to the relevant directory but no success, system don't check this file.

I tried for test pursose we solved this problem after some kernel update and implement notes.

C:\Users\<my user ID>\AppData\Roaming\WEBGUI_CFG_DIR\WEBGUI.CFG

Best regards,

Emre

Emre_tr
Active Participant
0 Kudos

Hi Oisin,

We have solved this problem with  kernel update and implement some notes.

Thank you.

former_member194364
Active Contributor
0 Kudos

Hello Emre,

Can you tell us more about the notes and the Kernel upgrade that you applied?

Regards,

Oisin

Emre_tr
Active Participant
0 Kudos

Hi Oisin,

Basis team updated Kernel to 742  no:114 , but a click error happened and we implement this note 2163839, then we faced another error about ITS download functionality.

We implemented another note 2006931 it didn't solve.

Finaly SAP advise to us update kernel again to upper version. After updated kernel patch no to 210,  it works.

Current state is ;

SAP kernel: 742

Patch no : 210

Add note links Message was edited by: Oisin ONidh