SAPUI5应用程序使用后端登录并获取数据
[英]SAPUI5 Application login with the Backend and get Data
问题描述
I asked a similar question before but didn't get a right answer because my question was not meaningful or not understandable. 
我之前曾问过类似的问题,但由于我的问题没有意义或无法理解,所以没有得到正确的答案。
so I try it again.. 所以我再试一次
My Problem is I don't understand how the login works. 我的问题是我不了解登录方式。 My Situation: I have created a full Application it works, also with the backend. 我的情况:我已经创建了一个完整的应用程序,并且可以在后端使用。 My destination is connected to the Cloud Connector .. and it is deployed on the SAP Cloud platform. 我的目的地已连接到Cloud Connector ..,并且已部署在SAP Cloud平台上。 It works all with the Odata and the SAP GATEWAY Client For now, I log in with my SAP login data in the application. 它可以与Odata和SAP GATEWAY Client一起使用。目前,我在应用程序中使用SAP登录数据登录。 The thing about it, the application is for all Employees, and all have their sap login. 关于它的事情,该应用程序适用于所有员工,并且所有人都有其SAP登录。 My Application should filter the models according to the staffnumber which is in the sap backend. 我的应用程序应根据SAP后端中的人员编号过滤模型。 That's why I need the login. 这就是为什么我需要登录。 Because all Employees should only see his entries. 因为所有员工都只能看到他的条目。
Now it looks like this 现在看起来像这样
I want a login page.. and after that, I want to get the staffnumber and pass it through the whole app filters. 我想要一个登录页面..之后,我想获取人员编号并将其通过整个应用程序过滤器。
I hope you understand what I mean.. It's like an application for the Employees and the Employees login in with the SAP Data and sees only their entries according to the staffnumber. 我希望您能理解我的意思。这就像一个针对员工的应用程序,而员工使用SAP数据登录,并且仅根据人员编号查看他们的条目。
Do I need this? 我需要这个吗? Is there a better way? 有没有更好的办法?
1 个解决方案
解决方案1
0 2018-10-06 07:34:43
current setup 当前设置
In your current setup, your frontend (ui5 app) is accessed anonymously. 在当前设置中,匿名访问您的前端(ui5应用程序)。 When the app accesses the backend through the destination and cloud connector for the first time, the backend asks the user to authenticate themselves. 当应用程序首次通过目标和云连接器访问后端时,后端会要求用户进行身份验证。 From now on, each request to backend is executed with this user context. 从现在开始,对后端的每个请求都使用该用户上下文执行。
So perfectly fine from authentication point of view (except that you would like to see a nice login screen) 从身份验证的角度来看非常好(除了您希望看到一个漂亮的登录屏幕)
possible solution(s) 可能的解决方案)
If you want the user to authenticate on a screen in the cloud, I see two variants: 如果您希望用户在云中的屏幕上进行身份验证,我会看到两个变体:
Simple screen with two input fields for user/pw.
简单屏幕,其中有两个用于用户/密码的输入字段。 And doing an Ajax call to backend using BasicAuth header. 并使用BasicAuth标头对后端进行Ajax调用。 Potential security flaw: you could also send the user/pw somewhere else. 潜在的安全漏洞:您也可以将用户/密码发送到其他地方。 So the user must trust your app!! 因此,用户必须信任您的应用程序! Set up Single Sign On using SAML2 (more complex)
使用SAML2设置单一登录(更复杂)
Update : Just came to mind that your current setup has the same security flaw as the variant 1: the user has to trust your app that it is the backend behind that destination, and not some man-in-the-middle system. 更新 :刚想到您当前的设置与变体1具有相同的安全漏洞:用户必须信任您的应用程序,它是该目标背后的后端,而不是某些中间人系统。 So, variant 1 would not introduce any additional risks. 因此,变体1不会带来任何其他风险。 And in an enterprise scenario you can ensure by other means that the app and destination can be trusted. 并且在企业场景中,您可以通过其他方式确保应用程序和目标可以被信任。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.