icf_service_abexa

Get Example source ABAP code based on a different SAP table
  


ARTICLE

Calling an HTTP Service
This example demonstrates how an ICF HTTP service is called directly using a Web browser.

ABAP_SOURCE_CODE
ABAP_EXEC

ABAP_DESCRIPTION
Any HTTP service defined in the service transaction SICF can be tested here. If the URL of the service is known, it can be called from the Internet, for example by entering an address in a browser. In this example, a service of this type is called using the function module CALL BROWSER, which starts a Web browser for the URL of the service. The URL is constructed from the host and port of the current application server, the path in the service tree, and a form field. The host and port are filled using the function module TH_GET_VIRT_HOST_DATA. The form field is filled with the content of a field filled previously by user input. The browser displays the HTML page returned by the service.
The called HTTP service is defined as the node /sap/bc/abap/demo in the transaction SICF. The assigned HTTP request handler is the class CL_HTTP_EXT_SERVICE_DEMO. If a form field '...<(> <)>carrid=...' is added to the URL of the service, the content of this field is used as a key for selecting associated data from the database table SPFLI. This is achieved by the class CL_HTTP_EXT_SERVICE_DEMO implementing the interface IF_HTTP_EXTENSION and its method HANDLE_REQUEST. This method is called by ICF and a reference is passed to a SERVER object that implements the interface IF_HTTP_SERVER. The attributes REQUEST and RESPONSE of this interface refer to objects, which are implemented by the interfaces IF_HTTP_REQUEST or IF_HTTP_RESPONSE. The REQUEST object is used to read the form field. The RESPONSE object returns the result. METHOD if_http_extension~handle_request.
DATA carrid TYPE string.
DATA connections TYPE TABLE OF spfli.

carrid =
to_upper(
cl_abap_dyn_prg=>escape_quotes_str( val =
escape( val = server->request->get_form_field( name = `carrid` )
format = cl_abap_format=>e_xss_ml ) ) ) ##NO_TEXT.

SELECT *
FROM spfli
INTO TABLE connections
WHERE carrid = carrid.

server->response->set_cdata(
data = cl_demo_output=>get( connections ) ).

ENDMETHOD.
The predefined function escape and the method ESCAPE_QUOTES_STRING of the class CL_ABAP_DYN_PRG are using to prevent cross site scripting and SQL injections. The content of the internal table connections (filled in accordance with the passed form field) is converted to HTML using the class CL_DEMO_OUTPUT before it is passed to the RESPONSE object.

Note
The HTTP service must be activated in transaction SICF before the example can work.