Skip to Content
0
Nov 21, 2019 at 04:31 PM

Cloud Foundry Portal HTML5 Apps Repo Authorization

1484 Views Last edit Nov 22, 2019 at 11:59 AM 2 rev

Hello everybody,

I create a Node.js application on Cloud Foundry with an HTML5 application that is stored in the HTML5 Apps Repo and accessible via a Launchpad module.

When calling the backend (the Node.js app) from the HTML5 application in the launchpad, the backend returns 401 unauthorized.
When accessing the backend (the Node.js app) directly via the App Router, the user is first redirected to the login screen and after successful login the backend can be accessed.

Do i have to make any further configuration to access the backend via the app router from the launchpad app.

App Router xs-app.json

{
    "authenticationMethod": "route",
    "welcomeFile": "/cp.portal",
    "routes": [
        {
            "source": "^/api/v4/(.*)$",
            "target": "$1",
            "destination": "api-service",
            "authenticationType": "xsuaa",
            "csrfProtection": false
        },
        {
            "source": "^(/.*)",
            "target": "$1",
            "service": "html5-apps-repo-rt",
            "authenticationType": "xsuaa"
        }
    ]
}

HTML5 Module xs-app.json

{
    "welcomeFile": "/index.html",
    "authenticationMethod": "route",
    "logout": {
        "logoutEndpoint": "/do/logout"
    },
    "routes": [
        {
            "source": "^/api/(.*)$",
            "target": "/api/$1",
            "destination": "DevAppRouter",
            "authenticationType": "xsuaa",
            "csrfProtection": false
        },
        {
            "source": "^(.*)$",
            "target": "$1",
            "service": "html5-apps-repo-rt",
            "authenticationType": "xsuaa"
        }
    ]
}

Die Destination DevAppRouter wurde im Dev Space in der Service Instance zum Destination Service erstellt.

server.js of the backend

...
var passport = require('passport');
var xsenv = require('@sap/xsenv');
var JWTStrategy = require('@sap/xssec').JWTStrategy;
...
var app = express();
var services = xsenv.getServices({ uaa: { tag: "xsuaa" } });
passport.use(new JWTStrategy(services.uaa));
app.use(passport.initialize());
app.use(passport.authenticate('JWT', { session: false }));

Configuration mta.yaml

- name: api-service
      type: nodejs
      path: modules/api-service/srv
      parameters:
          disk-quota: 512M
          memory: 256M
      provides:
          - name: api-service
            properties:
                url: ${default-url}
      requires:
          - name: application-logging
          - name: hdi-container
          - name: uaa
          - name: connectivity-tunnel
          - name: destination
- name: app-router
      type: approuter.nodejs
      path: scp/app-router
      parameters:
          disk-quota: 256M
          memory: 128M
          SAP_JWT_TRUST_ACL: [{ "clientId": "*", "identityzone": "*" }]
      requires:
          - name: api-service
            group: destinations
            properties:
                forwardAuthToken: true
                strictSSL: false
                name: api-service
                url: ~{url}
          - name: frontend-portal-resources
          - name: frontend-html5-repo-runtime
            properties:
                forwardAuthToken: true
          - name: application-logging
          - name: uaa
          - name: connectivity-tunnel
          - name: destination
      properties:
          SEND_XFRAMEOPTIONS: false

xs-security.json

{
    "xsappname": "DemoApp",
    "tenant-mode": "dedicated",
    "description": "Security profile of called application",
    "scopes": [
        {
            "name": "uaa.user",
            "description": "UAA"
        }
    ],
    "role-templates": [
        {
            "name": "Token_Exchange",
            "description": "UAA",
            "scope-references": ["uaa.user"]
        }
    ]
}

Attachments

destination.png (19.0 kB)