<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>Question Re: How to Secure Your Cloud Foundry Python Application w... in Technology Q&amp;A</title>
    <link>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaa-p/13995679#M4900533</link>
    <description>&lt;A href="https://developers.sap.com/tutorials/btp-cf-buildpacks-python-create..html" target="_blank"&gt;https://developers.sap.com/tutorials/btp-cf-buildpacks-python-create..html&lt;/A&gt;</description>
    <pubDate>Fri, 24 Jan 2025 10:57:49 GMT</pubDate>
    <dc:creator>Becerra</dc:creator>
    <dc:date>2025-01-24T10:57:49Z</dc:date>
    <item>
      <title>How to Secure Your Cloud Foundry Python Application with XSUAA.</title>
      <link>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaq-p/13736667</link>
      <description>&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;H1&gt;How to Secure Your Cloud Foundry Python Application with XSUAA&lt;/H1&gt;&lt;H2&gt;Introduction&lt;/H2&gt;&lt;P&gt;Securing applications in the cloud is critical to ensure that sensitive data and operations are protected from unauthorized access. SAP Cloud Foundry offers a robust way to handle authentication and authorization using the XSUAA (Extended Services User Account and Authentication) service. By leveraging XSUAA, developers can implement security measures that integrate seamlessly with SAP Cloud Platform, providing OAuth 2.0-based security mechanisms.&lt;/P&gt;&lt;P&gt;In this blog post, I'll walk you through the process of applying XSUAA security to a Python application deployed on Cloud Foundry using the Python Buildpack. Whether you're new to SAP Cloud Platform or looking to secure your existing applications, this guide will help you understand the steps involved and save you time in the process. We'll cover everything from setting up your environment to deploying and testing your secure application, ensuring you have a comprehensive understanding of the entire workflow.&lt;/P&gt;&lt;P&gt;Let's dive in and secure your Python application with XSUAA on Cloud Foundry!&lt;/P&gt;&lt;H2&gt;Step-by-Step Guide&lt;/H2&gt;&lt;H3&gt;1. Setting Up Your Environment&lt;/H3&gt;&lt;P&gt;Create a new project directory:&lt;/P&gt;&lt;PRE&gt;mkdir cf-python-xsuaa
cd cf-python-xsuaa&lt;/PRE&gt;&lt;H3&gt;2. Create hello.py file&lt;/H3&gt;&lt;P&gt;Create a new file named hello.py with the following content:&lt;/P&gt;&lt;PRE&gt;import os
from flask import Flask, request, abort
from cfenv import AppEnv
import jwt
from sap import xssec

app = Flask(__name__)
env = AppEnv()

port = int(os.environ.get('PORT', 3000))
uaa_service = env.get_service(name='xsuaa_service_name').credentials

@app.route('/')
def hello():
     if 'authorization' not in request.headers:
         abort(403)
     access_token = request.headers.get('authorization')[7:]
     print(jwt.decode(access_token, options={"verify_signature": False}))
     security_context = xssec.create_security_context(access_token, uaa_service)
     isAuthorized = security_context.check_scope('uaa.resource')
     print(isAuthorized)
     print(security_context)
     print(access_token)
     if not isAuthorized:
         abort(403)

     return "Hello World"

if __name__ == '__main__':
  app.run(host='0.0.0.0', port=port)&lt;/PRE&gt;&lt;H3&gt;3. Create manifest.yml file&lt;/H3&gt;&lt;P&gt;Create a manifest.yml file with the following content:&lt;/P&gt;&lt;PRE&gt;---
applications:
- name: cf-python-xsuaa
  memory: 128MB
  disk_quota: 256MB
  random-route: true
  buildpack: python_buildpack
  command: python hello.py
  services:
  - xsuaa_service_name&lt;/PRE&gt;&lt;H3&gt;4. Create requirements.txt file&lt;/H3&gt;&lt;P&gt;Create a requirements.txt file with the following dependencies:&lt;/P&gt;&lt;PRE&gt;Flask
gunicorn
cfenv
sap-xssec
PyJWT&lt;/PRE&gt;&lt;H3&gt;5. Create xs-security.json file&lt;/H3&gt;&lt;P&gt;Create an xs-security.json file with the following content:&lt;/P&gt;&lt;PRE&gt;{
    "xsappname": "xsuaa_service_name",
    "tenant-mode": "dedicated"
}&lt;/PRE&gt;&lt;H3&gt;6. Install Dependencies and Run Locally&lt;/H3&gt;&lt;P&gt;Set up a virtual environment and install dependencies:&lt;/P&gt;&lt;PRE&gt;python -m venv venv
.\venv\Scripts\activate
pip install -r requirements.txt&lt;/PRE&gt;&lt;P&gt;Run the application locally:&lt;/P&gt;&lt;PRE&gt;python hello.py&lt;/PRE&gt;&lt;H3&gt;7. Deploy to Cloud Foundry&lt;/H3&gt;&lt;P&gt;Log in to Cloud Foundry:&lt;/P&gt;&lt;PRE&gt;cf login&lt;/PRE&gt;&lt;P&gt;Create the XSUAA service instance:&lt;/P&gt;&lt;PRE&gt;cf create-service xsuaa application xsuaa_service_name -c xs-security.json&lt;/PRE&gt;&lt;P&gt;Deploy the application:&lt;/P&gt;&lt;PRE&gt;cf push&lt;/PRE&gt;&lt;P&gt;Create a service key for the XSUAA service:&lt;/P&gt;&lt;PRE&gt;cf create-service-key xsuaa_service_name xsuaa_service_key&lt;/PRE&gt;&lt;P&gt;Retrieve the service key:&lt;/P&gt;&lt;PRE&gt;cf service-key xsuaa_service_name xsuaa_service_key&lt;/PRE&gt;&lt;H3&gt;8. Test Your Application with Postman&lt;/H3&gt;&lt;P&gt;Generate a token using Postman:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Open Postman and create a new POST request to the URL:&lt;/LI&gt;&lt;LI&gt;Example URL: &lt;A href="https://abc-interns.authentication.eu12.hana.ondemand.com/oauth/token?grant_type=client_credentials" target="_blank" rel="noopener"&gt;https://abc-interns.authentication.eu12.hana.ondemand.com/oauth/token?grant_type=client_credentials&lt;/A&gt;&lt;/LI&gt;&lt;LI&gt;Set the headers:&lt;UL&gt;&lt;LI&gt;Content-Type: application/json&lt;/LI&gt;&lt;LI&gt;Authorization: Basic Auth with your client_id and client_secret&lt;/LI&gt;&lt;UL&gt;&lt;LI&gt;Username: your_client_id&lt;/LI&gt;&lt;LI&gt;Password: your_client_secret&lt;/LI&gt;&lt;/UL&gt;&lt;/UL&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;Use the generated token to access your secure endpoint:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Create a new GET request in Postman to the URL of your deployed application:&lt;/LI&gt;&lt;LI&gt;Example URL: &lt;A href="https://cf-python-xsuaa-agile-cat-cs.cfapps.eu12.hana.ondemand.com/" target="_blank" rel="noopener"&gt;https://cf-python-xsuaa-agile-cat-cs.cfapps.eu12.hana.ondemand.com/&lt;/A&gt;&lt;/LI&gt;&lt;LI&gt;Set the headers:&lt;UL&gt;&lt;LI&gt;Content-Type: application/json&lt;/LI&gt;&lt;LI&gt;Authorization: Bearer YOUR_ACCESS_TOKEN&lt;/LI&gt;&lt;/UL&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;Replace YOUR_ACCESS_TOKEN with the token you obtained from the previous step.&lt;/P&gt;&lt;H2&gt;Conclusion&lt;/H2&gt;&lt;P&gt;By following these steps, you’ve successfully secured your Python application on Cloud Foundry using XSUAA. This method provides a robust authentication and authorization mechanism, ensuring that your application is protected from unauthorized access.&lt;/P&gt;&lt;H2&gt;Additional Resources&lt;/H2&gt;&lt;UL&gt;&lt;LI&gt;SAP Cloud Platform XSUAA Documentation&lt;/LI&gt;&lt;LI&gt;Cloud Foundry Documentation&lt;/LI&gt;&lt;LI&gt;Python Buildpack Documentation&lt;/LI&gt;&lt;/UL&gt;&lt;H2&gt;Call to Action&lt;/H2&gt;&lt;P&gt;Try securing your applications and help others also in comments and post your experiences in SAP Community.&lt;/P&gt;&lt;P&gt;Thanks and regards,&lt;/P&gt;&lt;P&gt;Harsh Tirhekar&lt;/P&gt;</description>
      <pubDate>Wed, 19 Jun 2024 19:27:50 GMT</pubDate>
      <guid>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaq-p/13736667</guid>
      <dc:creator>Harsh_Tirhekar</dc:creator>
      <dc:date>2024-06-19T19:27:50Z</dc:date>
    </item>
    <item>
      <title>Re: How to Secure Your Cloud Foundry Python Application w...</title>
      <link>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaa-p/13926852#M4890921</link>
      <description>&lt;P&gt;How to allow BTP Login screen to access the app?&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Sun, 03 Nov 2024 18:40:11 GMT</pubDate>
      <guid>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaa-p/13926852#M4890921</guid>
      <dc:creator>rakesh</dc:creator>
      <dc:date>2024-11-03T18:40:11Z</dc:date>
    </item>
    <item>
      <title>Re: How to Secure Your Cloud Foundry Python Application w...</title>
      <link>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaa-p/13995679#M4900533</link>
      <description>&lt;A href="https://developers.sap.com/tutorials/btp-cf-buildpacks-python-create..html" target="_blank"&gt;https://developers.sap.com/tutorials/btp-cf-buildpacks-python-create..html&lt;/A&gt;</description>
      <pubDate>Fri, 24 Jan 2025 10:57:49 GMT</pubDate>
      <guid>https://community.sap.com/t5/technology-q-a/how-to-secure-your-cloud-foundry-python-application-with-xsuaa/qaa-p/13995679#M4900533</guid>
      <dc:creator>Becerra</dc:creator>
      <dc:date>2025-01-24T10:57:49Z</dc:date>
    </item>
  </channel>
</rss>

