This is a blog post showing how we can make use of Query String aka URL Parameters in Web Dynpro ABAP. Query String is useful for Web Dynpro that needs to be displayed dynamically based on the URL given e.g. URL link to Web Dynpro in email notifications (refer to previous post).
In the previous post, I mentioned that authorization check should be in place at the start of the Web Dynpro for security purposes. However, in some cases, authorization check may not be possible. In this blog, with Password Reset as an example, I am going to show you how we can create a Web Dynpro without such authorization check.
Business Scenario
A Web Dynpro that allows user to reset their SAP account’s password. Below is the authentication process for the password reset:
- User key in “User ID” and “Email Address”
- Web Dynpro verifies “User ID” and “Email Address”
- If correct, Web Dynpro will send an email to authenticate user
- User click on the URL link in the email to redirect them to the password reset page
Design Approach
First create a Web Dynpro with fields “User ID” and “Email Address” for user to key in.
When user clicks on the “Submit” button, system will verify the User ID and Email Address against User Master or HR Master depend on your system design. When verified correct, system will generate an authentication key (in this case I used UUID) and append into a customized table for tracking. Below is the function module calling and code:
FUNCTION z_su_reset_auth_table_insert . *"---------------------------------------------------------------------- *"*"Local Interface: *" IMPORTING *" REFERENCE(USERNAME) TYPE XUBNAME *" EXPORTING *" REFERENCE(UUID) TYPE SYSUUID_C *" EXCEPTIONS *" INSERT_ERROR *"---------------------------------------------------------------------- DATA: ls_line TYPE ztbsu008, lv_uname TYPE xubname. lv_uname = username. SET LOCALE LANGUAGE 'E'. TRANSLATE lv_uname TO UPPER CASE. SET LOCALE LANGUAGE ' '. SELECT SINGLE * INTO ls_line FROM ztbsu008 WHERE uname = lv_uname. IF sy-subrc = 0. "Record already exist uuid = ls_line-uuid. ELSE. "Record not exist; Create record and UUID ls_line-uname = lv_uname. CALL FUNCTION 'SYSTEM_UUID_C_CREATE' IMPORTING uuid = ls_line-uuid. IF ls_line-uuid IS INITIAL. RAISE insert_error. ENDIF. MODIFY ztbsu008 FROM ls_line. IF sy-subrc <> 0. RAISE insert_error. ELSE. uuid = ls_line-uuid. ENDIF. ENDIF. ENDFUNCTION.
Below is the customized table - Password Reset Authentication Table:
After authentication key is created and appended to the authentication table, system will email user with the URL and authentication key as one of the query string:
Example of the URL that user will receive:
- http://<domain>/sap/bc/webdynpro/sap/<web_dynpro_application>?action=y&username=NEWYQ&uuid=E2936FEF9C0D17F1AF603640B58D353F
- http://<domain>/sap/bc/webdynpro/sap/<web_dynpro_application>?action=n&username=NEWYQ&uuid=E2936FEF9C0D17F1AF603640B58D353F
Above URL links will open the Password Reset Web Dynpro application which will first call “HANDLEDEFAULT” method in the window. In this method, system will verify the username and authentication key against the authentication table. If action is “Y”, system will proceed to reset the password and unlock the account. Else if action is “N”, system will proceed to delete the record from the authentication table.
METHOD handledefault . DATA: lv_action TYPE c, lv_username TYPE xubname, lv_uuid TYPE sysuuid-c, lv_exist TYPE boolean. DATA lo_componentcontroller TYPE REF TO ig_componentcontroller . DATA lo_nd_message TYPE REF TO if_wd_context_node. DATA lo_el_message TYPE REF TO if_wd_context_element. DATA ls_message TYPE wd_this->element_message. lv_action = action. lv_username = username. lv_uuid = uuid. "Check whether is Reset Request from email IF lv_action IS NOT INITIAL AND lv_username IS NOT INITIAL AND lv_uuid IS NOT INITIAL. "navigate from <CONTEXT> to <MESSAGE> via lead selection lo_nd_message = wd_context->get_child_node( name = wd_this->wdctx_message ). "get element via lead selection lo_el_message = lo_nd_message->get_element( ). "Verify authenticity of Reset Request CALL FUNCTION 'Z_SU_RESET_AUTH_TABLE_VERIFY' EXPORTING username = lv_username uuid = lv_uuid IMPORTING exist = lv_exist. IF lv_exist = abap_true. "Reset Request verify correct SET LOCALE LANGUAGE 'E'. TRANSLATE lv_action TO UPPER CASE. SET LOCALE LANGUAGE ' '. IF lv_action = 'Y'. "User click "YES" in email, process password reset "Reset Password wd_comp_controller->resetpassword( username = username ). ELSE. "User click "NO" in email, cancel password reset "Insert Cancel Audit Trail CALL FUNCTION 'Z_SU_RESET_AUDIT_TABLE_INSERT' EXPORTING username = lv_username datestamp = sy-datum timestamp = sy-uzeit action = 'C' EXCEPTIONS insert_error = 1 OTHERS = 2. "Delete record in Authentication table CALL FUNCTION 'Z_SU_RESET_AUTH_TABLE_DELETE' EXPORTING username = lv_username. ls_message-header = wd_assist->if_wd_component_assistance~get_text( 'RH3' ). ls_message-body = wd_assist->if_wd_component_assistance~get_text( 'RS2' ). ls_message-showbackbutton = abap_true. ls_message-showtryagain = abap_false. lo_el_message->set_static_attributes( EXPORTING static_attributes = ls_message ). ENDIF. *--------------------------------------------------------------------* ELSE. "Reset Request verify wrong ls_message-header = wd_assist->if_wd_component_assistance~get_text( 'RH2' ). ls_message-body = wd_assist->if_wd_component_assistance~get_text( 'RE3' ). ls_message-showbackbutton = abap_false. ls_message-showtryagain = abap_true. lo_el_message->set_static_attributes( EXPORTING static_attributes = ls_message ). ENDIF. wd_this->fire_to_message_plg( ). ENDIF. ENDMETHOD.
Once password is reset successfully, system will send the new password to the user email and VOILA, password reset with email authentication completed. 
Hope this blog post will give you a detailed idea on how to use Query String in Web Dynpro ABAP. Do feel free to share with us on how you use Query String for different scenarios. Cheers! 