Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cloud Foundry – Read user roles using NodeJS and XSJS (Part 1)

former_member191692
Explorer
‎12-09-2019 1:49 PM
In this blog post we will read the roles created in previous blog. This blog explains how to assign the custom roles to a user, develop APIs for XSJS and NodeJS to read the roles assigned to a user.

In case of XSJS we have the $.session which gives a lot of information regarding the user, scopes assigned, etc.

$.session.user – Gives the user name who is calling the API
$.session.securityContext.scopes – Gives the list of scopes assigned to user

You can debug to find out more details about this. "openid" scope is assigned to all users by default.

The XSJS shows the scopes assigned using the $.session:

In case of NodeJS the request object gives the details about the user.
req.user.id – Gives username who is calling the API
req.authInfo.scopes - Gives the list of scopes assigned to user


We have devided the sections into 5 parts.
Part 1: Define the roles and scopes
Part 2: Assign roles to Role Collection
Part 3: Assign the Role Collection to user
Part 4: Implement NodeJS API for user roles
Part 5: Testing the User role API

Part 1: Define the roles and scopes

We will first create a xsuaa servcie and specify the roles and scopes. We have created a user and an admin role. We then bind this service to our NodeJS app if not already bound. I found out two ways to define the role. One is using the xs-security.json file in the WebIDE and add this to the xsuaa service in the mta.yaml file. On successful deployment the roles gets assigned to the bounded application. The other way is as mentioned below if the roles are not visible for your application which is still in the build stage and not yet deployed.

  1. On the SCP Cockpit select your application from the space, navigate to “Service Bindings” and select “Bind Service” choose xsuaa service

  2. Choose Plan as application.

  3. Copy the xs-security.json file contents/ specify your scope details.
    Copy the below contents:
    {
    
  "xsappname": "routingMTA",
    
  "tenant-mode": "dedicated",
    
  "description": "Security profile of called application",
    
  "scopes": [
    
    {
    
      "name": "uaa.user",
    
      "description": "UAA"
    
    },
    
    {
    
      "name": "$XSAPPNAME.USER",
    
      "description": "User role"
    
    },
    
    {
    
      "name": "$XSAPPNAME.ADMIN",
    
      "description": "Admin role"
    
    }
    
  ],
    
  "role-templates": [
    
    {
    
      "name": "Token_Exchange",
    
      "description": "UAA",
    
      "scope-references": [
    
        "uaa.user",
    
        "xs_authorization.read"
    
      ]
    
    },
    
    {
    
      "name": "READ_USER",
    
      "description": "Read user Role",
    
      "scope-references": [
    
        "uaa.user",
    
        "$XSAPPNAME.USER"
    
      ]
    
    },
    
    {
    
      "name": "ADMINISTRATOR",
    
      "description": "Admin Role",
    
      "scope-references": [
    
        "uaa.user",
    
        "$XSAPPNAME.ADMIN"
    
      ]
    
    }
    
  ]
    
}​


  4.  On successful configuring the xsuaa you can see the roles in the Security tab:

  5. Click on “Show sensitive data” button.

    We get the client Id and secret code which we use later to authenticate our API calls:


We have successfully configured the roles and binded the UAA to our application. In next part we will look at how to assign these roles to a specified user.

 

Thanks,
Mayur
Labels in this area
Popular Blog Posts