SAPUI5应用程序使用后端登录并获取数据 [英] SAPUI5 Application login with the Backend and get Data

问题描述

我之前问过类似的问题，但由于我的问题没有意义或无法理解，所以没有得到正确的答案.

I asked a similar question before but didn't get a right answer because my question was not meaningful or not understandable.

所以我再试一次.

我的问题是我不了解登录的工作方式. 我的情况: 我已经创建了一个完整的应用程序，它也可以在后端使用. 我的目的地已连接到Cloud Connector ..，并且已部署在SAP Cloud平台上.它可以与Odata和SAP GATEWAY Client一起使用 现在，我在应用程序中使用我的SAP登录数据登录.关于它的事情，该应用程序适用于所有雇员，并且所有人都有其SAP登录.我的应用程序应根据SAP后端中的人员编号过滤模型.这就是为什么我需要登录.因为所有员工都只能看到他的条目.

My Problem is I don't understand how the login works. My Situation: I have created a full Application it works, also with the backend. My destination is connected to the Cloud Connector .. and it is deployed on the SAP Cloud platform. It works all with the Odata and the SAP GATEWAY Client For now, I log in with my SAP login data in the application. The thing about it, the application is for all Employees, and all have their sap login. My Application should filter the models according to the staffnumber which is in the sap backend. That's why I need the login. Because all Employees should only see his entries.

现在看起来像此

我想要一个登录页面..之后，我想获取人员编号并将其通过整个应用程序过滤器.

I want a login page.. and after that, I want to get the staffnumber and pass it through the whole app filters.

希望您能理解我的意思.这就像一个员工的应用程序，员工使用SAP数据登录，并且仅根据员工编号查看他们的条目.

I hope you understand what I mean.. It's like an application for the Employees and the Employees login in with the SAP Data and sees only their entries according to the staffnumber.

我需要这个吗?有没有更好的办法?

Do I need this? Is there a better way?

推荐答案

当前设置

在当前设置中，匿名访问您的前端(ui5应用).当应用程序首次通过目标和云连接器访问后端时，后端会要求用户进行身份验证.从现在开始，对后端的每个请求都使用该用户上下文执行.

In your current setup, your frontend (ui5 app) is accessed anonymously. When the app accesses the backend through the destination and cloud connector for the first time, the backend asks the user to authenticate themselves. From now on, each request to backend is executed with this user context.

从身份验证的角度来看非常好(除了您希望看到一个漂亮的登录屏幕)

So perfectly fine from authentication point of view (except that you would like to see a nice login screen)

可能的解决方案

如果您希望用户在云中的屏幕上进行身份验证，我会看到两种变体:

If you want the user to authenticate on a screen in the cloud, I see two variants:

1. 一个简单的屏幕，带有两个用于用户/密码的输入字段.并使用BasicAuth标头对后端进行Ajax调用.潜在的安全漏洞:您还可以将用户/密码发送到其他地方.因此，用户必须信任您的应用程序！

1. Simple screen with two input fields for user/pw. And doing an Ajax call to backend using BasicAuth header. Potential security flaw: you could also send the user/pw somewhere else. So the user must trust your app!!

使用SAML2(更复杂)设置单点登录

Set up Single Sign On using SAML2 (more complex)

更新:刚想到您当前的设置具有与变体1相同的安全漏洞:用户必须信任您的应用程序，它是该目标背后的后端，而不是某些人中间系统.因此，变体1不会带来任何其他风险.并且在企业场景中，您可以通过其他方式确保应用程序和目标位置可以被信任.

Update: Just came to mind that your current setup has the same security flaw as the variant 1: the user has to trust your app that it is the backend behind that destination, and not some man-in-the-middle system. So, variant 1 would not introduce any additional risks. And in an enterprise scenario you can ensure by other means that the app and destination can be trusted.

这篇关于SAPUI5应用程序使用后端登录并获取数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！