Use

As rendered pages are usually displayed in Web Dynpro in a Web browser that is connected to the Internet, security must be taken into account in active UI elements, such as AcfExecute and AcfUpDownload:

• The active UI elements communicate only with authorized servers.
• Only authorized executables with specified signatures run on the client PC when using AcfExecut.
• Data can only be stored in authorized directories.
• Data can only be read from authorized directories.

The authorized servers and directories are in a white list, that is, an administrator has stored this information locally (transaction WDR_ACF_WLIST). If requests for access to directories or communication with servers are sent using HTTP or HTTPS, the control first checks whether this is allowed at all.

The white list is automatically transferred signed for every roundtrip and decrypted locally on the user's computer.

The administrator creates the public key (certificate) in the application system that is required for decoding. A certificate is needed for each SAP system and must be distributed to the computer of the user before using the white list for the first time.

The white list can only be maintained in its original system. An administrator must transport it from the original system into all subsequent systems.

Requirements

Prerequisite for the white list is the installation of SAPCRYPTOLIB.

Standard settings

Activities

1. Execute the activity.
2. Choose Change.
3. Choose New Entries.
4. Enter a name and short description for your new white list.
5. Make the settings for your application:
• For AcfExecute make your settings under Application.
Specify the allowed application, the application path, and any parameters.
• ForAcfUpDownload make your settings under Download (Server -> Directory) or Upload (Directory -> Server)
Enter the file storage path and type, i.e. server or directory. Specify the HTTP server and port that you specified in the transaction CSADMIN to specify the directories for the upload and download.
6. Save your entries.
7. Go back to the initial screen.
8. Select your white list and choose Install Certificate to create the certificate that you need to decode your white list.

   Choose Download Certificate to use a certificate that is already locally on your PC for the automatic installation.

   The system creates a white list with the name SAPFrontendService<original system name><GUID>.p12.

   You can display the XML file with Display .

Paths

For directories:

• If the path points to a file, the file is released.
• If the path points to a directory, the directory and all its subdirectories are released (whether or not the path ends with a/ ).

Directories and Applications

The following also applies:

• $TEMP points to System.getProperty("java.io.tmpdir").

  Example: $TEMP/foo.txt allows access to C:\Documents and Settings\<user>\Local Settings\Temp\foo.txt.

• Analogously$HOME points toSystem.getProperty("user.home").

  The system allows the user access to C:\Documents and Settings\<user>.

• You can access environment variables between dollar signs.

  Example: $windir$/system32: can access all files below C:\WINDOWS\system32.

Note that for reasons of security, abbreviations such as $HOME are not supported during the Microsoft Project Integration.

Server URLs

You can release entire domains by beginning your settings with *..
Example: *.wdf.sap.corp: releases all servers in the domain wdf.sap.corp.

If no log is specified, HTTP:// is used automatically.

Example

<?xml version="1.0" encoding="utf-8"?> 
<frontendServices version="7.0.0.0"> 
  <execute> 
    <extension>doc</extension> 
    <extension>jpeg</extension> 
    <extension>jpg</extension> 
    <extension>png</extension> 
    <extension>txt</extension> 
    <application path="$windir$/system32/mspaint.exe"> 
      <parameter position="01" type="STRING"> 
        <legalValue>*.txt</legalValue> 
      </parameter> 
    </application> 
    <application path="$windir$/system32/notepad.exe"> 
      <parameter position="01" type="STRING"> 
        <legalValue>*.asc</legalValue> 
        <legalValue>*.txt</legalValue> 
      </parameter> 
      <parameter position="02" type="STRING"> 
        <illegalValue>&amp;*</illegalValue> 
      </parameter> 
    </application> 
    <application path="$ProgramFiles$/Microsoft Office/Office12/WINWORD.EXE"> 
      <parameter position="01" type="STRING"> 
        <legalValue>*.txt</legalValue> 
      </parameter> 
    </application> 
  </execute> 
  <download> 
    <directory>c:\temp</directory> 
    <directory>c:\temp\download</directory> 
    <server>http://10.52.20.87:1090</server> 
    <server>http://pwdf0652.wdf.sap.corp:1090</server> 
    <server>http://pwdf2625.wdf.sap.corp:1090</server> 
    <server>http://pwdf2625:1090</server> 
  </download> 
  <upload> 
    <directory>$HOME/SAPWORKDIR</directory> 
    <server>*.WDF.SAP.CORP</server> 
    <directory>C:\temp</directory> 
    <directory>c:\temp\upload</directory> 
    <server>http://10.52.20.87:1090</server> 
    <server>http://pwdf0652.wdf.sap.corp:1090</server> 
    <server>http://pwdf2625.wdf.sap.corp:1090</server> 
    <server>http://pwdf2625:1090</server> 
  </upload> 
</frontendServices>

Notes

For more information about Web Dynpro, see the SAP Library for SAP NetWeaver on the SAP Help Portal at http://help.sap.com/nw_platform under UI Technologies in SAP NetWeaver.