Exercise: Implementing authentication and authorization in Java Spring application

Objective

After completing this lesson, you will be able to Implementing authentication and authorization in Java Spring application.

Implementing authentication and authorization in Java Spring application

Description

In this exercise, you will learn how to implement authentication and authorization in Java Spring application deployed in SAP BTP. In addition, we will also test the authentication and authorization mechanism using an SAPUI5 application.

Prerequisites

For the complete execution of the following task, you must execute the following activities first:

  1. Execute the following exercises:
    • Creating your free trial account in SAP BTP
    • Complete the exercise Deploying Java Spring application to SAP BTP

Task 1: Implementing authentication and authorization in Java Spring application

In this exercise, you will learn how to implement authentication and authorization in Java Spring application deployed in SAP BTP.

Steps

  1. Checkout the branch javaspring_v6.0_jwt in SAP Business Application Studio

    1. Open SAP Business Application Studio.

    2. Run the following commands in the terminal. Make sure current working directory is /home/user/projects/cloud-sdk-learning-journey.

      Code Snippet
      Copy code
      Switch to dark mode
      12
      cd ~/projects/cloud-sdk-learning-journey git checkout -f javaspring_v6.1_jwt
  2. Edit the manifest.yaml file under approuter folder to point to your backend URL and region

    1. Determine your backend URL and region by navigating to your application in SAP BTP. See figure below. In the image below, your backend URL is https://bpstandardvdm-agilbpe-chimpanzee-pn.cfapps.us10.hana.ondemand.com and the region is us10.

    2. Edit the manifest.yml file under approuter folder with the values obtained above. See image below.

      At point 4 of the figure, replace the whole url with the url of your running bpstandardvdm application.

      At point 5 of the figure, replace the last part of the URL, from the regional identifier us10 to the end. Use the corresponding part from the URL of your running approuter application.

  3. Build and push the project to SAP BTP

    1. Build and push the application to SAP BTP by running the following commands in the terminal. Note: You will have to login to your SAP BTP Cloud Foundry account before running the cf commands

      Code Snippet
      Copy code
      Switch to dark mode
      12345678910
      cd bpstandardvdm cf create-service destination lite mydestination cf create-service xsuaa application mysecurexsuaa -c xs-security.json mvn clean install -Dmaven.test.skip=true cf push cf set-env bpstandardvdm API_KEY YOUR_APIKEY_GOES_HERE cf restage bpstandardvdm cd ../approuter/ cf push

      Note

      You will have to login to your SAP BTP Cloud Foundry account before running the cf commands. Since the application depends on xsuaa and destination service, we need to create an instance of these services before deploying the application
    2. Verify that the application is successfully deployed in SAP BTP and the mysecurexsuaa and mydestination services are bound to the application. Then remove the myxsuaa service that is bound to the application by clicking on the delete icon

    3. Verify that the bpdestination is created at the subaccount. This is a step from the prerequisite exercise. See image below. If not present, make sure to complete the prerequisite exercise.

  4. Query the Business Partner API of SAP S/4HANA Cloud

    1. Find out the URL of the approuter application. After successful completion of the command cf push, the URL is displayed on the screen. Alternatively, you can click on approuter application in SAP BTP to find out the URL

    2. Open a new tab and browse to https://APPROUTER_URL/service/businessPartners; APPROUTER_URL is the URL you copied after executing the cf push command

    3. Verify that it prompts you to login (OR) logs you in automatically if SSO is enabled

    4. Verify that you receive an authorization failed error saying you don't have the Admin or Viewer role.

    5. Assign the Java Spring SDK Tutorial Admin and Java Spring SDK Tutorial Viewer role collection to the user at the subaccount level. Please follow the steps in the figure below

    6. Open a new incognito window and browse to https://APPROUTER_URL/service/businessPartners; APPROUTER_URL is the URL you copied after executing the cf push command

    7. Verify that you are now able to retrieve the business partners

  5. Optional: Review code in the following source files

    1. Code walk-through

      File nameComments on code changes
      BusinessPartnerController.java

      Code logic is as follows...

      1. SAP Cloud SDK provides a convenience feature to extract the JWT from the request object. Use the AutTokenAccessor to get the current token
      2. If there is an exception getting the token, throw a TenantAccessException
      3. If the retrieved JWT token is null, throw an HttpException saying authentication failed - This way, the only way to access the Java module is through the approuter
      4. If JWT is available, make sure the user has the proper roles to perform the desired action
      requests.httpProvides various HTTP requests that can be submitted to query the Business Partner API
      commands.txtProvides various commands that can be run on the terminal

Task 2: Testing CRUD functionality with SAPUI5 application

In this exercise, you will learn how to test CRUD functionality with SAPUI5 application.

Prerequisites

For the complete execution of the following task, you must execute the following activities first:

  1. Execute the following exercises:
    • Creating your free trial account in SAP BTP
    • Complete the exercise Setting up the mock server
    • Complete the exercise Activating the APIs in SAP S/4HANA Cloud
    • Complete the exercise Deploying Java Spring application to SAP BTP

Steps

  1. Deploy the mock server to SAP BTP Cloud Foundry environment

    1. Open SAP Business Application Studio.

    2. Choose FileOpen Folder... and open projects/cloud-s4-sdk-book.

    3. Run the following commands in the terminal.

      Code Snippet
      Copy code
      Switch to dark mode
      12
      cd ~/projects/cloud-s4-sdk-book git checkout mock-server
    4. Edit the manifest.yaml file.

    5. In the line just after the memory attribute, include the additional assignment random-route: true.

    6. Remove the whole routes: section, including the existing route.

    7. Edit the server.js. Modify the default port number from 3000 to 8081.

    8. Edit the package.json file. Modify the node value to use ^20.9.0. See image.

    9. Run the following commands in the terminal

      Code Snippet
      Copy code
      Switch to dark mode
      12
      npm install cf push
  2. Edit the mydestination to point to the mock server URL. We do this because the SAP Business Accelerator Hub does not support CUD operations.

    1. In the SAP BPT Cockpit, from the subaccount overview screen, navigate to the dev space, then to the odata-mock-server app and get the Application Route.

    1. Back to the the subaccount overview screen, navigate to ConnectivityDestinations

    2. Edit mydestination and change the URL with the route of the odata-mock-server .

  3. Deploy the SAUI5 application to SAP BTP Cloud Foundry environment

    1. Open SAP Business Application Studio.

    2. Choose FileOpen Folder... and open projects/cloud-sdk-learning-journey.

    3. Run the following commands in the terminal.

      Code Snippet
      Copy code
      Switch to dark mode
      12
      cd ~/projects/cloud-sdk-learning-journey git checkout -f javaspring_v7.1_ui
  4. Edit the manifest.yaml file under approuter folder to point to your backend URL and region

    1. Determine your backend URL and region by navigating to your application in SAP BTP. See figure below. In the image below, your backend URL is https://bpstandardvdm-agilbpe-chimpanzee-pn.cfapps.us10.hana.ondemand.com and the region is us10.

    2. Edit the manifest.yml file under approuter folder with the values obtained above. See image below.

      At point 4 of the figure, replace the whole url with the url of your running bpstandardvdm application.

      At point 5 of the figure, replace the last part of the URL, from the regional identifier us10 to the end. Use the corresponding part from the URL of your running approuter application.

  5. Deploy the UI application to SAP Cloud Foundry

    1. Run the following commands in the terminal

      Code Snippet
      Copy code
      Switch to dark mode
      1234
      cd approuter cf push cf restage bpstandardvdm
    2. Verify that the application is deployed to SAP BTP Cloud Foundry environment. Run the approuter application from SAP BTP Cloud Foundry environment

    3. Change the last name of John Doe and move out of the field. Click Update button on the top right.

      The last name is now updated. Refresh the browser window to verify that the Last Name is not changing.

Log in to track your progress & complete quizzes