Which freaking PaaS should I use (2/2)?
This time i will not just deploy the applications as is but have a look into the source code and make the app a bit more enterprise ready (hey we are SAP ;-).
I will exclusively focus on command line tools. I’m rather one of the old fashioned guys which believe that vi is the ultimate RAD tool for real developers. Well, or at least for some specific use cases. All of this should of course work with Eclipse/EGit which is the preferred IDE for NW Cloud.
Step 1: Get the sources from github
$git clone https://github.com/lpintosil/OSIL
This took roughly 1-2 seconds.
Step 2: Enable Authentication for the application
I would like to secure the application and enable user authentication. In order to do this i’m following the documentation on Securing SAP NetWeaver Cloud Applications.
I will use the SAP ID Service which is the default identity provider for NetWeaver Cloud. All SCN community members can use their credentials to login to the now secured application. You can configure trust to your Customers IdP and thus use the existing corporate user base. If you are interested in more details, and you are in Las Vegas next week, then have a look at the session presented by Martin Raepple :
For the Enablement of the User Authentication i will add declarative Authentication by simply changing the web.xml of the application.
After this i have changed the welcome screen of the app and made it a bit more personal. In the jsp i get the userId of the authenticated user and use this in the welcome greeting.
String userId = request.getRemoteUser();
Now, the welcome screen looks like this:
Step 3: Rebuild the Application with Enabled Authentication
Luckily the sample application already uses Apache Maven as the build tool. Maven is as well the tool of choice for ISVs working with the NetWeaver Cloud SDK. The SDK already contains a comprehensive set of samples which show how to build, deploy and test web applications with NetWeaver Cloud.
I’m starting Maven in the source folder of the application.
SpringGrannyMVC$mvn clean install
This takes roughly 10 seconds and produces a new version of the war file which includes my modifications in the web.xml. I’ll deploy and start the application with the same commands as described in my first blog. Now only registered SCN users are able to access the application and they have to authenticate before they can use the application.
Step 4: Protect the Application against XSS (Cross Side Scripting)
Securing the application, including several compile, build, deploy and run iterations was very simple and possible within a very short time. Using popular open source frameworks is supported very well and maven is a very powerful tool which enables this process. Of course you can check the new Enterprise ready application on NetWeaver Cloud. The usage is still at you own risk. I don’t plan to productise the app or take it through the SAP product standards, that would take significantly more time.
The app is now live at this location: https://notgrannyharald.netweaver.ondemand.com/ and you might have noticed that i gave it a new name: Not Grannys Adressbook, powered by SAP NetWeaver Cloud.