Jan 09, 2022 at 09:22 PM
403 Forbidden error in CAP app when accessing from BTP
Hi All,
403 Forbidden error in CAP app when accessing from BTP either from HTML5 Application section or from Portal site in BTP. The application is working fine if testing locally from BAS tool using mock user .
The CAP service is accessing SAP HANA Cloud DB based on department attribute configuration. It’s displaying data when testing locally based on Department attribute but 403 error when accessing from SAP BTP after deployment. The required reader role is assigned to user.
Please suggest.
xs-security.json
{
"xsappname": "demoapp",
"tenant-mode": "dedicated",
"description": "authorization check",
"scopes": [
{
"name": "$XSAPPNAME.Reader",
"description": "Reader"
}
],
"attributes": [
{
"name": "Department",
"description": "Department",
"valueType": "s",
"valueRequired": false
}
],
"role-templates": [
{
"name": "Reader",
"description": "Reader",
"scope-references": [
"$XSAPPNAME.Reader"
],
"attribute-references": [
"Department"
]
}
{
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user"
]
}
],
"oauth2-configuration": {
"token-validity": 3600
}
}
xs-app.json
{
"welcomeFile": "/index.html",
"authenticationMethod": "route",
"routes": [
{
"source": "^/abc/(.*)$",
"csrfProtection": false,
"authenticationType": "xsuaa",
"scope": "$XSAPPNAME.Reader",
"destination": "demoapp-srv"
},
{
"source": "^/resources/(.*)$",
"target": "/resources/$1",
"authenticationType": "none",
"destination": "ui5"
},
{
"source": "^/test-resources/(.*)$",
"target": "/test-resources/$1",
"authenticationType": "none",
"destination": "ui5"
},
{
"source": "^(.*)$",
"target": "$1",
"service": "html5-apps-repo-rt",
"authenticationType": "xsuaa"
}
]
}
service.cds
using {test_order} from '../db/test';
service testService @(requires: 'authenticated-user') {
entity testentity @(restrict : [
{
grant : 'READ',
to : 'Reader',
where : 'department = $user.Department'
}
]) as projection on test_order.testentity;
};
Regards.
Punit