on 08-16-2019 8:25 AM
Hi There
When following the tutorial https://developers.sap.com/tutorials/xsa-cap-add-uaa.html the srv-Module (srv_api) is protected when called via AppRouter.
But as far as I see, the srv-Module still can be called directly (not via AppRouter) and then, the srv is not protected.
If using a CDS oData Service based on CAPM template, it would be possible to add some annotations for access restriction, for example @(requires:'authenticated-user') --> see https://answers.sap.com/questions/784681/more-info-on-cds-requires-statement-cloud-applicat.html
But if doing so, then the srv-Module can not be called directly or via AppRouter, there will be error message "Forbidden".
Therefore I would like to know how it is possible to secure an oData srv-Module by means that it is protected if called via AppRouter or called directly on the srv-Instance.
Best regards,
Ben
Nearby one year ago and I'm facing the same problem. As Benjamin told:
JWT token is not delivered to or recognized from the srv-Module because when I call the oData Service (srv-Module) via AppRouter, I am routed to the login page and after successful login, the oData response still is "forbidden".
Are there new ideas, solutions ? I tried a lot, but unfortunately nothing works.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
68 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.