cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UI5 App without authentification shows popup in browser (HTTP 401) due to call of /sap/bc/lrep

Go to solution
Tim_T
Participant

on ‎03-09-2018 1:30 PM

0 Kudos

I would like to host a UI5 App without authentification. The app works well in Fiori Launchpad and via the direct link to the service in my user context.

To achieve it without authentification I entered a system user in the corresponding SICF services for the UI5 and the OData service. (like described here: https://blogs.sap.com/2015/08/05/disable-csrf-token-for-odata-calls-using-sap-netweaver-gateway/)

Example for the UI5 service:

Now I can call my two services without authentification:

/sap/bc/ui5_ui5/sap/z_system_info

/sap/opu/odata/sap/z_sm_system_info_srv

But the problem is that the browser shows a logon window like this:

As I found out this is caused by a call to sap/bc/lrep/flex/data/com.yourcompany.z_system_info.Component

All other resources are loaded fine and when I abort the message I can use the app without problems.

I thought about a problem with the CSRF Token, but the entry ~CHECK_CSRF_TOKEN=0 in the GUI_CONFIGURATION of the service as mentioned in the linked article did not change anything.

So I got the idea to switch the logon error page for the lrep service from explicit to system logon:

The result is that instead of a 401 the call gets back with a 200 status and a page where the user normally should log on:

But because it is loaded in the background it will never show up to the user.

I am aware that this is just a dirty workaround, so I would be interested if someone got the same problem or if there is a better solution to this problem? (Especially without modifying the lrep service.)

Show replies
Show replies
Tim_T
Participant
‎04-13-2018 8:29 AM
0 Kudos

Hi,

now after a month without answers I would just like to know if there is a problem with the question or just nobody has been experiencing this problem so far?

I am curious about your feedback.

Answer
View Entire Topic
ertugrul
Participant
‎11-06-2023 6:29 AM
0 Kudos

Hi Tim,

We also encountered the same problem. But we used smart structures. In this case, can't we prevent this service from being triggered from the front end? If there is no possibility, the following result occurs. Shouldn't we use smart in public applications ?

Show replies
Show replies
Tim_T
Participant
‎11-06-2023 6:54 AM
0 Kudos

Hi Ertuğrul,

I' m sorry, but I have no experience with smart structures, therefore I' m afraid, that I can't help you.

ertugrul
Participant
‎11-06-2023 8:01 AM
0 Kudos

Hi Tim,

I found the solution thanks to mihaly.ducz with this answer 🙂

Normally, when I control it from the network, it triggers the following service.

When I added the following code block, it stopped calling this service.

sap.ui.getCore().attachInit(function() {
  ...
  sap.ui.require(["sap/ui/fl/FakeLrepConnectorLocalStorage" 
    ], function (FakeLrepConnectorLocalStorage) { 
      FakeLrepConnectorLocalStorage.enableFakeConnector( 
        null, 
        "tl.ibp.manage.demand.lifecycle", // the ID of your project or namespace
        "1.0.0" // can be anything
      );
  });
  ...

instead it called the following js files

Ask a Question