Filtering URLs by using Permission Table in SAP Web Dispatcher
Let us say, you have installed a Web Dispatcher in the DMZ and it is used so that the business partners can send SOAP messages over the internet to you. From a security perspective, you may want the business partners to access the SOAP URLs alone; they should even be calling admin related URLs. To achieve this, you can use a permission table (ptab) in the Web Dispatcher. Create a file (say ptabfile) which allows SOAP URL pattern /XISOAPAdapter/MessagingServlet*, so that a call to the SOAP URL (http://<host>:<port>/XISOAPAdapter/MessagingServlet?channel=<party>:<sendersystem>:<CC_sender>) is permitted. The contents of the file would then be: P /XISOAPAdapter/MessagingServlet* D * Add the following parameter to the web dispatcher profile file: wdisp/permission_table = <absolute_path_to_ptabfile> Restart web dispatcher for the change to get activated. When a call to the web dispatcher is made containing the pattern...