Skip to Content
avatar image
Former Member

SAP Hana XSA: Protected route not accessible via the web module

Hello everyone,

I try to use a node-module which makes use of JWT (passport/xsuaa) to protect the route (/api). Unfortunately, it is only partly working. The route is protected. I receive an unauthorized message when I try to access the route directly. This is fine. But when I try to access the route via the HTML5-module I get the unauthorized message as well. It seems like that the token is not forwarded correctly. What did I wrong?

Best regards,

Lukas

mta.yaml:

ID: node_tutorial
_schema-version: '2.0'
version: 0.0.1

modules:
 - name: myapp
   type: nodejs
   path: myapp
   requires:
    - name: demo_uaa  
   provides:
    - name: myapp_api
      properties:
         url: ${default-url}

 - name: web
   type: html5
   path: web
   requires: 
     - name: demo_uaa   
     - name: myapp_api
       group: destinations 
       properties: 
         name: js_api_url 
         url: ~{url}
         forwardAuthToken: true

resources:
  - name: demo_uaa
    type: com.sap.xs.uaa

start.js (Node.js Module)

"use strict";

var express = require('express');
var xsenv = require('sap-xsenv');
var passport = require('passport');
var JWTStrategy = require('sap-xssec').JWTStrategy;

var app = express();
var services = xsenv.getServices({uaa:{tag:"xsuaa"}}).uaa;

passport.use(new JWTStrategy(services.uaa));
app.use(passport.initialize());
app.use(passport.authenticate('JWT', { session: false }));

app.get('/api', function (req, res) {
  res.send('Hello World!');
});

var port = process.env.PORT || 3000;
app.listen(port, function () {
  console.log('myapp listening on port ' + port);
});

index.html (HTML 5 Module)

<!DOCTYPE HTML>
<html>
<head>
    <title>Test API</title>
</head>
<body>
    <script>
	var xhr = new XMLHttpRequest();
	xhr.open('GET', "https://********************:51081/api/", false);
	xhr.send();
  </script>
</body>
</html>

xs-app.json

{
      "welcomeFile": "index.html",
      "authenticationMethod": "route",
      "routes": [{
         "source": "^/api/(.*)$",
         "destination": "js_api_url"
    }]
}
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers