I would like to obscure the querystring that is generated by Managed Reporting's Report Assistant.
For our structured ad-hoc WebFOCUS application, we are using javascript in a method similar to Graph hangs when drill down parameter exceeds certain number of values to convert GET requests to POST, since some of the data that is used in the drill-downs are sensitive.
Now we are starting to set up Managed Reporting, and I would like to extend this functionality to the Report Assistant. I tried adding the SET JSURL command to the Reporting Object under Other but that seemed to have no effect. I also tried adding the javascript code to ibigbl.js (I know that is not the best thing to do), which worked for everything except the Report Assistant, which does not seem to import any javascript files when running a report.

Anybody have any ideas?

Note: This environment is running version 7.6.10 (Dev Studio, WF, and RS).

This message has been edited. Last edited by: DivisionByZero,

There is an exit in the WF Client called the WFTRANSINOUT exit. Essentially, this exit is called just before the client will invoke the WFRS to execute the request (well that is actually half of it, as it is called again once the WFRS returns the answer). If you - or one of your team - write a java exit here, you could add the SET JSURL command to the request. There is enough info available in the process that you could do some fancy string manipulation to determine if it is a MRE request coming from Report Assistant.

The only downfall with this is that once you implement it, is that it would be appended to every report weather you want it or not.

this is interesting
need to try this

Thank you dhagen, that is a great suggestion, but I am hoping for a simpler solution that does not involve creating custom Java classes.

Does anyone know if there is a template that is used by the Report Assistant when generating a report, or is it created dynamically by the servlet?

IBI support helped me with the solution to this.
1. Create a javascript file named post.js in [drive]:\ibi\WebFOCUS76\webapps\webfocus76\assist (code below)
2. Under the -SUFFIX in the Reporting Object, add:

  		-HTMLFORM BEGIN
		<HTML><HEAD>
		<SCRIPT type=text/javascript id=postJS src='assist/post.js'>
		</SCRIPT>
		</HEAD><BODY>
		</BODY></HTML>
		-HTMLFORM END

Javascript code:

/*
  File Name:   post.js
  Script Purpose:  Convert GET to POST
 
  Notes:
  This script can be called by a focus executable by adding
  this line of code to the beginning of the report procedure:
 
   SET JSURL=/approot/baseapp/post.js
 
  This javascript file must reside in ..\ibi\apps\baseapp.
*/
 
 
function getReport(qs,winTarget) {
/*
  The getReport function copies the querystring into form elements.
  qs: The querystring
  winTarget: The original target (_self or _blank) of the selected link */
 
 var submit_form = document.getElementById('submit_form');
 var docBody = document.getElementsByTagName('body')[0];
 
 var i, j;
 var children, len;
 var qsValues, keyPairs, keyValues, input;
 
 if(!submit_form) {
  createForm();
 }
 else {
  children = submit_form.childNodes;
  len = children.length;
  for(i = len-1; i >= 0; i--) {
   submit_form.removeChild(children[i]);
  }
 }
 
 qs = decodeURI(qs);
 qsValues = qs.split('?');
 submit_form.action = qsValues[0];
 submit_form.method = 'post';
 submit_form.target = winTarget;
 
 keyPairs = qsValues[1].split("&");
 for (j=0; j<keyPairs.length; j++) {
  if (keyPairs[j] != "") {
   keyValues = keyPairs[j].split("=");
   input = document.createElement('input');
   if(input) {
    input.type = 'hidden';
    input.name = keyValues[0];
    input.id = keyValues[0];
    input.value = keyValues[1];
    submit_form.appendChild(input);
   }
   else {
    alert('input control not created.');
   }
  }
 }
 
 submit_form.submit();
} 
 
 
function changeAllA() {
/*
  Converts all hyperlinks on the page into a javascript call.
  The link target must be _self to run the script, but the
  original target is passed to getReport and added as a form target.
*/
 
 var k, m;
 var anchorList = document.getElementsByTagName('a');
 var submitUrl;
 
 for (m = 0; m < anchorList.length; m++) {
  if(anchorList[m].href.indexOf('javascript') < 0) {
   anchorList[m].onclick = 'return true;';
   anchorList[m].name = 'anchor' + m;
   anchorList[m].id = 'anchor' + m;
   submitUrl = 'javascript:getReport(\'' + encodeURI(anchorList[m].href)+ '\',\'' + anchorList[m].target + '\');';
   anchorList[m].href = submitUrl;
   anchorList[m].target = '_self';
  }
 }
}
 
function createForm() {
/*
  Creates a FORM element in the document body.
*/
 
 var docBody = document.getElementsByTagName('body')[0];
 
 var submit_form = document.createElement('form');  submit_form.name = 'submit_form';  submit_form.id = 'submit_form';  docBody.appendChild(submit_form); }
 
/*
  Create a form and convert hyperlinks when the page has loaded.
*/
 
if (window.addEventListener) {
 window.addEventListener('load', changeAllA, false);  
 window.addEventListener('load', createForm, false); 
} 
else if (window.attachEvent) {  window.attachEvent('onload', changeAllA);
  window.attachEvent('onload', createForm); 
} 
else {  
  alert("Browser not supported."); 
}

Another option is to use WFServlet Scripting.

e.g. Add something like the following within:
WF Admin Console -> Configuration -> Custom Settings

TRIGGER EQ "MYREQ"
#Add any variables you want to set here
#if non standard you will have to also
#set a pass
IBIMR_action=MR_RUN_FEX
IBIF_ex=ABCDEFG
MyVar=MyValue
MyVar (pass)


You would then pass TRIGGER=MYREQ for those variables to be used.

As long as you have a small subset of variables you're trying to hide this will make it not possible for the end-user to see the values.

The disadvantage of the JavaScript is that while the values are obscured and hidden, an ambitious individual could find them.

Thanks for the servlet scripting example... that will probably come in handy for many people.
We are not trying to hide the value from the user generating the reports, so using javascript in this manner is okay as long as you are using SSL. The end user should be able to see the values, but anyone sniffing the network traffic should not.