Skip to Content

Feasibility of using Fiori application for Java Stack system

Hi Experts

I am a beginner for SAP Fiori/UI5 technology. We have one complex requirement in terms of architecture design to implement a Fiori app for our system landscape. Let me explain about our system and requirement.

Our system(SAP CLM) is a web based application deployed on SAP Netweaver appication server which is a JAVA stack system.

Users and Roles are present in LDAP (central system) and our system is integrating with Enterpirse portal(EP) for Single Sign-on .

We have the possibility to host RESTful webservices from our CLM server. SAP has a road map to release Standard Fiori apps for our system in upcoming release (by 2017 end). But we got this requirement to develop a custom Fiori app by this year end.

Kindly help me out in solving my below queries

First thing is that we cannot embed gateway component on our system as it is a JAVA stack system. So we have only option to go for Central Hub Deployment. Based on our requirement and scope we should use only central hub deployment option.

1) As SAP gateway is the component which is required for Fiori App implementation, How we can integrate Gateway (ABAP stack) with our CLM (Java Stack) system? Does this integration is needed as we have our own Restful webservices hosted on our system?

2) If this Integration is not needed then what are the prerequisites for consuming our RESTful Webservices in UI5/Fiori Application. How will our web services authentication will be automated at run-time based on the user role? I think this can be limited via Tile catalog role in Gateway based on user role?

3) How sap.ui.model.odata.OdataModel() constructor will automatically pass the webservice autentication at runtime from Fiori Launchpad when it was hosted on external system? How to design webservice autentication in this aspect when launching from Fiori launchpad?

4) Where the difference will lie while consuming OData service from Gateway system and Restful Web service of our system(External).

5) As Fiori is a Role based Application, how can we assign or integrate roles and users which we are using in LDAP with PFCG Roles used in SAP Gateway?

6) Do we need to create new users and roles in gateway and PFCG? Is there any option to Integrate with LDAP system using the same credentials?

7) Does this kind of requirement is feasible to implement? Will it be a consistent solution?

Kindly suggest the best architecture needed to implement this requirement. Actually i am much confused about how to integrate Users and Roles present in LDAP and our system with Gateway.

Any Architects could help me out in solving my queries


Phani Poorna

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Posted on Aug 09, 2016 at 07:17 AM

    Hi Phani

    Ok .. I would suggest you break this up a bit into separate discussions. In the above you are asking:

    * Gateway deployment questions

    * OData architecture questions

    * Launchpad and tile questions

    * User security and authentication questions

    That makes for a very confusing list as often different people have different specialities and interests Particularly 3) and 4) are quite specific and deserve a thread of their own.

    Essentially you are asking how to design and build a custom Fiori app. At a high level:

    * Gateway Hub mode is the recommended mode of deployment for Fiori anyway.

    * Your custom Fiori app needs to call the OData services

    * OData options depend on your Gateway release - get up to the highest release you can is the best advice

    * OData V2 is supported on earlier Gateway releases... but current release now supports OData V4

    * There is often a relationship between business roles and PFCG security roles... I like to think of it in 2 parts:

    1. (frontend permissions) what apps does a user need to use?

    2. (backend permissions) what authorisations does the user need for a particular app?

    Suggest you start your explorations with the central collaboration document All Things SAP Fiori This will lead you into all the areas you need to put together your app.

    It's a little difficult to judge your level of knowledge from the question above... If you are just beginning it's worth knowing there are Open SAP Courses BYO Fiori (2016) and Developing Web Apps with SAPUI5 will help you get started. There are also tutorials on the SAPUI5 SDK SAPUI5 SDK - Demo Kit as well as in SCN.



    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Masayuki,

      Can you also help me out like how to authenticate our external RESTful webservice from UI5 application from the front-end server.

      If you share any reference document or code snippet for this particular requirement to authenticate external services, it will be much helpful for me 😊

      Also please give some high-level clarity on how to create front end user accounts w.r.t Enterprise portal user accounts and roles.


      Phani Poorna

  • Posted on Aug 09, 2016 at 11:36 AM

    Hi Phani,

    An on-premise Gateway has two major functions:

    a) Host OData Services sourced from ABAP systems. An alternative is to use Hana Cloud Integration services on the Cloud.

    b) Act as the frontend server (runtime/deployment) environment for SAPUI5 apps such as OOTB Fiori apps listed in the Fiori Apps Library, and including the Fiori Launchpad. Again there are some alternatives here.. e.g. you can use Enterprise Portal, or HCP offerings such as Fiori Cloud Edition

    No you do not need it to run your OData services from CLM.

    However from what you describe it sounds like you are already running Gateway in which case it may still make sense to use that to host your Fiori apps regardless of which OData Services they use.

    Again please ask your security roles question as a separate discussion.

    The topics are already becoming confused.... and they are really not all that closely related.

    You do not assign backend roles to frontend apps.

    You assign a frontend role in your frontend server to determine which apps appear in the frontend launchpad.

    You assign backend roles in the backend system to grant permissions to access your backend data.

    From what you describe I understand your question is really how to map the user identity from whatever frontend server you use to host the app to the backend CLM OData service. That's an involved question and deserves its own discussion.



    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Jocelyn

      Sure thing.

      I started the discussion to know about "Architecture of Fiori app Implementation for SAP CLM".

      For our requirement there was no document or traces available in our SCN community and also else where.

      It is a new requirement for our entire team.Hence i tried to cover all the things to find the best architecture .

      Really now i feel it is very confusing with all the mix.Definitely i will break into parts now.

      Thank you for the support.


      Phani Poorna

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.