Skip to content

ABAP Keyword Documentation →  ABAP − Reference →  Data Interfaces and Communication Interfaces →  ICF - Internet Communication Framework →  ICF Examples 

Calling an HTTP Service

This example demonstrates how an ICF HTTP service is called directly using a Web browser.

Other versions: 7.31 | 7.40 | 7.54

Source Code

    IF icf_node IS INITIAL.
      RETURN.
    ENDIF.

    DATA carrid TYPE spfli-carrid VALUE 'AA'.
    cl_demo_input=>request( CHANGING field = carrid ).

    DATA(url) = icf_node &&
                `?sap-client=` && sy-mandt &&
                `&sap-language=`
                  && cl_i18n_languages=>sap1_to_sap2( sy-langu ) &&
                `&carrid=`     && carrid.

    cl_demo_output=>display_html(
      |<html>| &&
      |<body>| &&
      |Link to HTTP-Service:

| &&
      |<a href="{ url }" target="_blank">{ url }</a>| &&
      |</body>| &&
      |</html>| ).

Description

Any HTTP service defined in the service transaction SICF can be tested here. If the URL of the service is known, it can be called from the Internet, for example by entering an address in a browser. In this example, a service of this type is called using a generated webpage, which contains a link to the URL of the service. The URL is constructed from the host and port of the current AS Instance, the path in the service tree, and a form field. The host and port are filled using the method CL_HTTP_SERVER=>GET_LOCATION. The form field carrid is filled with the content of a field filled previously by user input. When this link is chosen, the browser displays the HTML page returned by the service. The content of the form field carrid can be modified in the input field of the browser, to display different data.

The called HTTP service is defined as the node /sap/bc/abap/demo in the transaction SICF. The assigned HTTP request handler is the class CL_HTTP_EXT_SERVICE_DEMO. If a form field "...&carrid=..." is added to the URL of the service, the content of this field is used as a key for selecting associated data from the database table SPFLI. This is achieved by the class CL_HTTP_EXT_SERVICE_DEMO implementing the interface IF_HTTP_EXTENSION and its method HANDLE_REQUEST. This method is called by ICF and a reference is passed to a server object that implements the interface IF_HTTP_SERVER. The attributes REQUEST and RESPONSE of this interface refer to objects, which are implemented by the interfaces IF_HTTP_REQUEST or IF_HTTP_RESPONSE. The REQUEST object is used to read the form field. The RESPONSE object returns the result.

METHOD if_http_extension~handle_request.

  SELECT *
         FROM spfli
         WHERE carrid = @( to_upper(
           cl_abap_dyn_prg=>escape_quotes(
             val = escape( val = server->request->get_form_field(
                                                    name = `carrid` )
                           format = cl_abap_format=>e_xss_ml ) ) ) )
         INTO TABLE @DATA(connections) ##no_text.

  "cl_demo_output=>get converts ABAP data to HTML and is secure
  server->response->set_cdata(
    data = cl_demo_output=>get( connections ) ).

ENDMETHOD.

The built-in function escape and the method ESCAPE_QUOTES of the class CL_ABAP_DYN_PRG are using to prevent cross site scripting and SQL injections. The content of the internal table connections (filled in accordance with the passed form field) is converted to HTML using the class CL_DEMO_OUTPUT before it is passed to the RESPONSE object.


Note

The HTTP service must be activated in transaction SICF before the example can work.