Skip to end of metadata
Go to start of metadata


Scenarios involving web service consumptions like Xcelcious , needs crossdomain.xml access

Incase the system is a dual stack and the webservice is hosted in ABAP stack, then one should create the crossdomain.xml in the ABAP stack. The xml can be part of a bsp application or it can lie in the document root.This will need modifications on the ICM parameters of the ABAP server. The parameters will define the location of the crossdomain file.You can refer to

 But Incase there is a SAP Web dispatcher infront of the ABAP server which hosts the web services the url to fetch the xml becomes https://

Depending on the webdispatcher configuration this request  might be directed to Java server.

 There are scenarios where the Dual stack system has to be split - Note  1655335         

Executive Summary

Cross Domain XML application is available as part of the NW java. If there is a necessity that this xml should be served from the Java server, this wiki explains how to  modify the cross domain xml file in the NW Java server and also how to adjust the webdispatcher

 Modification of crossdomain.xml

The crossdomain.xml file is  part of the SDA  tc~je~crossdomain~xml~app . It is contained in the  LM-CORE  SCA

So one can extract the SDA and replace the content with the one that you desire based on the restrictions* *

Adjusting the SAP webdispatcher 

Changed configuration looks something like this

wdisp/system_0 = SID=XX1,, MSSPORT=<abapPort>,


wdisp/system_1 = SID=XX2,,

MSSPORT=<java port or ICM port of the java system>,


Adjusting the cross domain xml

As mentioned earlier the cross domain xml should reflect the restrictions that one likes to impose on the content

A below example allows only requests  from only  the domain ""

 <?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "


<cross-domain-policy><allow-access-from domain="*"

secure="false" to-ports="*"/>

<allow-http-request-headers-from domain="" headers=""/>


 When I access the cross domain xml file ,for some unknown reason the access gives some error like this

In such cases , I have removed the part which accesses the DTD

"<!DOCTYPE cross-domain-policy SYSTEM "


This DTD only validates the structure of the xml and hence, this should not be a big concern.

But the reason why it does not work is not known yet.

Related Content

  • No labels