Description
In this exercise, you will learn how to implement authentication and authorization in Java Spring application deployed in SAP BTP. In addition, we will also test the authentication and authorization mechanism using an SAPUI5 application.
Prerequisites
For the complete execution of the following task, you must execute the following activities first:
- Execute the following exercises:
- Creating your free trial account in SAP BTP
- Complete the exercise Deploying Java Spring application to SAP BTP
Task 1: Implementing authentication and authorization in Java Spring application
In this exercise, you will learn how to implement authentication and authorization in Java Spring application deployed in SAP BTP.
Steps
Checkout the branch javaspring_v6.2_jwt in SAP Business Application Studio
Open SAP Business Application Studio.
Run the following commands in the terminal. Make sure current working directory is /home/user/projects/cloud-sdk-learning-journey.
Code Snippet12cd ~/projects/cloud-sdk-learning-journey git checkout -f javaspring_v6.2_jwt
Edit the manifest.yaml file under approuter folder to point to your backend URL and region
Determine your backend URL and region by navigating to your application in SAP BTP. See figure below. In the image below, your backend URL is https://bpstandardvdm-agilbpe-chimpanzee-pn.cfapps.us10.hana.ondemand.com and the region is us10.
Edit the manifest.yml file under approuter folder with the values obtained above. See image below.
At point 4 of the figure, replace the whole url with the url of your running bpstandardvdm application.
At point 5 of the figure, replace the last part of the URL, from the regional identifier us10 to the end. Use the corresponding part from the URL of your running approuter application.
Build and push the project to SAP BTP
Build and push the application to SAP BTP by running the following commands in the terminal. Note: You will have to login to your SAP BTP Cloud Foundry account before running the cf commands
Code Snippet12345678910cd bpstandardvdm cf create-service destination lite mydestination cf create-service xsuaa application mysecurexsuaa -c xs-security.json mvn clean install -Dmaven.test.skip=true cf push cf set-env bpstandardvdm API_KEY YOUR_APIKEY_GOES_HERE cf restage bpstandardvdm cd ../approuter/ cf pushNote
You will have to login to your SAP BTP Cloud Foundry account before running the cf commands. Since the application depends on xsuaa and destination service, we need to create an instance of these services before deploying the applicationVerify that the application is successfully deployed in SAP BTP and the mysecurexsuaa and mydestination services are bound to the application. Then remove the myxsuaa service that is bound to the application by clicking on the delete icon
Verify that the mydestination is created at the subaccount. This is a step from the prerequisite exercise. See image below. If not present, make sure to complete the prerequisite exercise.
Query the Business Partner API of SAP S/4HANA Cloud
Find out the URL of the approuter application. After successful completion of the command cf push, the URL is displayed on the screen. Alternatively, you can click on approuter application in SAP BTP to find out the URL
Open a new tab and browse to https://APPROUTER_URL/service/businessPartners; APPROUTER_URL is the URL you copied after executing the cf push command
Verify that it prompts you to login (OR) logs you in automatically if SSO is enabled
Verify that you receive an authorization failed error saying you don't have the Admin or Viewer role.
Assign the Java Spring SDK Tutorial Admin and Java Spring SDK Tutorial Viewer role collection to the user at the subaccount level. Please follow the steps in the figure below
Open a new incognito window and browse to https://APPROUTER_URL/service/businessPartners; APPROUTER_URL is the URL you copied after executing the cf push command
Verify that you are now able to retrieve the business partners
Optional: Review code in the following source files
Code walk-through
File name Comments on code changes BusinessPartnerController.java Code logic is as follows...
- SAP Cloud SDK provides a convenience feature to extract the JWT from the request object. Use the AutTokenAccessor to get the current token
- If there is an exception getting the token, throw a TenantAccessException
- If the retrieved JWT token is null, throw an HttpException saying authentication failed - This way, the only way to access the Java module is through the approuter
- If JWT is available, make sure the user has the proper roles to perform the desired action
requests.http Provides various HTTP requests that can be submitted to query the Business Partner API commands.txt Provides various commands that can be run on the terminal
Task 2: Testing CRUD functionality with SAPUI5 application
In this exercise, you will learn how to test CRUD functionality with SAPUI5 application.
Prerequisites
For the complete execution of the following task, you must execute the following activities first:
- Execute the following exercises:
- Creating your free trial account in SAP BTP
- Complete the exercise Setting up the mock server
- Complete the exercise Activating the APIs in SAP S/4HANA Cloud
- Complete the exercise Deploying Java Spring application to SAP BTP
Steps
Deploy the mock server to SAP BTP Cloud Foundry environment
Open SAP Business Application Studio.
Choose File → Open Folder... and open projects/cloud-s4-sdk-book.
Run the following commands in the terminal.
Code Snippet12cd ~/projects/cloud-s4-sdk-book git checkout mock-serverEdit the manifest.yaml file.
In the line just after the memory attribute, include the additional assignment random-route: true.
Remove the whole routes: section, including the existing route.
Edit the server.js. Modify the default port number from 3000 to 8081.
Edit the package.json file. Modify the node value to use ^20.9.0. See image.
Run the following commands in the terminal
Code Snippet12npm install cf push
Edit the mydestination to point to the mock server URL. We do this because the SAP Business Accelerator Hub does not support CUD operations.
In the SAP BPT Cockpit, from the subaccount overview screen, navigate to the dev space, then to the odata-mock-server app and get the Application Route.
Back to the the subaccount overview screen, navigate to Connectivity → Destinations
Edit mydestination and change the URL with the route of the odata-mock-server .
Deploy the SAUI5 application to SAP BTP Cloud Foundry environment
Open SAP Business Application Studio.
Choose File → Open Folder... and open projects/cloud-sdk-learning-journey.
Run the following commands in the terminal.
Code Snippet12cd ~/projects/cloud-sdk-learning-journey git checkout -f javaspring_v7.2_ui
Edit the manifest.yaml file under approuter folder to point to your backend URL and region
Determine your backend URL and region by navigating to your application in SAP BTP. See figure below. In the image below, your backend URL is https://bpstandardvdm-agilbpe-chimpanzee-pn.cfapps.us10.hana.ondemand.com and the region is us10.
Edit the manifest.yml file under approuter folder with the values obtained above. See image below.
At point 4 of the figure, replace the whole url with the url of your running bpstandardvdm application.
At point 5 of the figure, replace the last part of the URL, from the regional identifier us10 to the end. Use the corresponding part from the URL of your running approuter application.
Deploy the UI application to SAP Cloud Foundry
Run the following commands in the terminal
Code Snippet1234cd approuter cf push cf restage bpstandardvdmVerify that the application is deployed to SAP BTP Cloud Foundry environment. Run the approuter application from SAP BTP Cloud Foundry environment
Change the last name of John Doe and move out of the field. Click Update button on the top right.
The last name is now updated. Refresh the browser window to verify that the Last Name is not changing.