stackoom
  简体   繁体   中英

SAPUI5 Application login with the Backend and get Data

 原文  2018-10-05 19:13:14       javascript/ odata/ sapui5

Question

I asked a similar question before but didn't get a right answer because my question was not meaningful or not understandable.

so I try it again..

My Problem is I don't understand how the login works. My Situation: I have created a full Application it works, also with the backend. My destination is connected to the Cloud Connector .. and it is deployed on the SAP Cloud platform. It works all with the Odata and the SAP GATEWAY Client For now, I log in with my SAP login data in the application. The thing about it, the application is for all Employees, and all have their sap login. My Application should filter the models according to the staffnumber which is in the sap backend. That's why I need the login. Because all Employees should only see his entries.

Now it looks like this

I want a login page.. and after that, I want to get the staffnumber and pass it through the whole app filters.

I hope you understand what I mean.. It's like an application for the Employees and the Employees login in with the SAP Data and sees only their entries according to the staffnumber.

Do I need this? Is there a better way?

1 answers

solution1
 0  2018-10-06 07:34:43

current setup

In your current setup, your frontend (ui5 app) is accessed anonymously. When the app accesses the backend through the destination and cloud connector for the first time, the backend asks the user to authenticate themselves. From now on, each request to backend is executed with this user context.

So perfectly fine from authentication point of view (except that you would like to see a nice login screen)

possible solution(s)

If you want the user to authenticate on a screen in the cloud, I see two variants:

  1. Simple screen with two input fields for user/pw. And doing an Ajax call to backend using BasicAuth header. Potential security flaw: you could also send the user/pw somewhere else. So the user must trust your app!!

  2. Set up Single Sign On using SAML2 (more complex)

Update : Just came to mind that your current setup has the same security flaw as the variant 1: the user has to trust your app that it is the backend behind that destination, and not some man-in-the-middle system. So, variant 1 would not introduce any additional risks. And in an enterprise scenario you can ensure by other means that the app and destination can be trusted.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SAPUI5 Login page? SAPUI5 Worklist/Demokit application explained - where are the data coming from? Refresh Fragment in SAPUI5 Application Create SAPUI5 application programmatically? SAPUI5 Association between 2 entities in the backend system? SAPUI5 Data Binding get the value changed in change event SAPUI5 pendingChanges get lost Get username for SAPUI5 in WebIDE sapui5 complex data binding SAPUI5 demo for non-split application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM