Skip to Content
avatar image
Former Member

Role based authorizarion for views in SAPUI5

I have created a simple CRUD application having 3 views using SAPUI5 with java as backend. I am not maintaing any user details in backend.

i am trying to protect few pages with admin permission. Roles i have mentioned in cockpit also mapped admin permission to the created role.

i have added securityContraints attribute in neo-app.json as follows

"securityConstraints": [{ "permission": "admin", "description": "Access User Data", "protectedPaths": [ "/" ], "excludedPaths": [ "/home" ] }]

This is protecting the entire application for other user who doesnt have admin permission including home view even though it is mentioned in excludedPaths.

is there a way to protect particular views(like folder wise, protect admin folder ("/admin") instead of "/")?

note: i tried giving "/admin/** - where admin is folder under view","/viewOne - url pattern" didn work

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Nov 07, 2017 at 08:28 AM

    Hi Abirami,

    Is your UI part of the static resources of the Java backend? Or do you deploy it separately? For the first, you can secure the individual paths on the backend side.



    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 27, 2017 at 10:14 AM

    Hi colleagues,

    I've got the same problem and tried to secure all kinds of subpaths, but nothing works.

    Did you find a solution Abirami?

    Best Regards,


    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I could not find any solution for securing subpaths. I have deployed 2 different applications, 1 for admin (securing all path - protectedpath: '/') & 1 for others. I know this not a solution, but i left with no choice.

  • Dec 22, 2017 at 06:39 PM

    I am confused.

    The following is a configuration example that restricts a complete application to the accessUserData permission, with the exception of all paths starting with "/logout":

    "securityConstraints": [
                "permission": "accessUserData",
                "description": "Access User Data",
                "protectedPaths": [
                "excludedPaths": [

    Have added this permission to your admin users via cockpit?

    Wildcards should work. So if you have "/admin/**" as protected paths it should block everything underneath the admin folder for your app.

    I believe what you need to do is reverse the logic. Make the folder "admin" protected and exclude the "home" from the permission so every user will be able to access it.


    Add comment
    10|10000 characters needed characters exceeded