Skip to Content
0
Oct 27, 2020 at 02:34 PM

CF Cloud SDK Destinations: Auth problems

4635 Views Last edit Oct 27, 2020 at 02:43 PM 2 rev

Hi all,

I can't seem to access secured Destinations using the cloud SDK inside of my Spring application. The destination is configured to use Athentication: OAuth2SAMLBearerAssertion without a system user.If I set "System User" inside of my destination then it works perfectly, but I would like to use the currently logged in user, not a predefined one.

I have the following code:

Destination destination = DestinationAccessor.getDestination("sap_sf_odata");

but I'm receiving the following error:

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get destination with name 'sap_sf_odata'.] with root cause

OUT com.sap.cloud.sdk.cloudplatform.security.principal.exception.PrincipalAccessException: Could not read a principal from neither a given JWT nor a given Basic Authentication header.

I'm able to retrieve my user tokens from the Approuter/XSUAA service, I just don't know how to configure my SDK Destination to use it.

I can consume the destination manually by using the following code with the correct authorization and x-user-token headers:

XsuaaTokenFlows tokenFlows = new XsuaaTokenFlows(new DefaultOAuth2TokenService(), new XsuaaDefaultEndpoints(xsuaaUri), new ClientCredentials(clientid, clientsecret));

String clientToken = tokenFlows.clientCredentialsTokenFlow().execute().getAccessToken();
XsuaaToken userToken = (XsuaaToken) SpringSecurityContext.getToken();

HttpHeaders headers = new HttpHeaders();
headers.set("authorization", "Bearer " + clientToken);
headers.set("x-user-token", userToken.getTokenValue());
HttpEntity<String> entity = new HttpEntity<String>(headers);

ResponseEntity<Destination> respEntity = restTemplate.exchange("https://xxxxx/destination-configuration/v1/destinations/sap_sf_odata", HttpMethod.GET, entity, Destination.class);

I then receive a URL and token that works correctly with my destination. But I would like to use the SDK for this, so that I can also use the OData client from the SDK.

I've tried to search for examples or anything that might help, but I seem to be stuck. So any help would be very much appreciated. Please let me know if I should share any more information from my side.

Kind regards

Albert