ARTICLE
Calling an HTTP Service
This example demonstrates how an ICF
HTTP service is called directly using a Web browser .
ABAP_SOURCE_CODE
ABAP_EXEC
ABAP_DESCRIPTION
Any HTTP service defined in the service transaction
SICF can be tested here. If the URL of
the service is known, it can be called from the Internet, for example by
entering an address in a browser. In this example, a service of this
type is called using the function module CALL BROWSER , which
starts a Web browser for the URL of the service. The
URL is constructed from the host and port of the
current application server, the path in the service tree, and a form
field. The host and port are filled using the function
module TH_GET_VIRT_HOST_DATA . The form field is filled with the
content of a field filled previously by user input. The browser displays
the HTML page returned by the service.
The called HTTP service is defined as the node
/sap/bc/abap/demo in the transaction SICF .
The assigned HTTP request handler is the class
CL_HTTP_EXT_SERVICE_DEMO . If a form
field "... carrid=..." is added to the URL of the
service, the content of this field is used as a key for selecting
associated data from the database table SPFLI . This is achieved
by the class CL_HTTP_EXT_SERVICE_DEMO implementing the interface
IF_HTTP_EXTENSION and its method
HANDLE_REQUEST . This method is called by ICF and a
reference is passed to a SERVER object that implements the
interface IF_HTTP_SERVER . The
attributes REQUEST and RESPONSE of this interface refer to
objects, which are implemented by the interfaces
IF_HTTP_REQUEST or
IF_HTTP_RESPONSE . The REQUEST
object is used to read the form field. The RESPONSE object
returns the result.
METHOD if_http_extension~handle_request.
DATA carrid TYPE string.
DATA connections TYPE TABLE OF spfli.
carrid =
to_upper(
cl_abap_dyn_prg=>escape_quotes_str( val =
escape( val = server->request->get_form_field( name = `carrid` )
format = cl_abap_format=>e_xss_ml ) ) ) ##NO_TEXT.
SELECT *
FROM spfli
INTO TABLE connections
WHERE carrid = carrid.
server->response->set_cdata(
data = cl_demo_output=>get( connections ) ).
ENDMETHOD.
The predefined function escape and
the method ESCAPE_QUOTES_STRING of the class
CL_ABAP_DYN_PRG are using to
prevent cross site scripting and
SQL injections . The content of
the internal table connections (filled in accordance with the
passed form field) is converted to HTML using the class
CL_DEMO_OUTPUT before it is passed
to the RESPONSE object.
Note
The HTTP service must be activated in transaction
SICF before the example can work.
Documentation extract taken from SAP system, � Copyright SAP AG. All rights reserved