Solved: Problem with Security Constraints / protected path...

former_member541986 · ‎01-18-2018

Hi community,

I want to block access to parts of my HTML5 application to certain users using SAP Cloud Platforms "Application Permissions" concept.

For that, I included the following into my neo-app.json

"securityConstraints": [{
		"permission": "myPermission",
		"description": "description",
		"protectedPaths": [
			"/webapp/index.html?hc_reset#/protected/",
			"/webapp/index.html/protected/",
			"/webapp/index.html#/protected/"
		]
	}]

And indeed, it blocks access to "/webapp/index.html/protected/", but "/webapp/index.html#/protected/" (which is automatically used by the UI) and "/webapp/index.html?hc_reset#/protected/" remain unprotected.

I have tried using wildcards and escaping #, but that didn't work.

How can I fix that?

Thank you very much for responding!

former_member541986 · ‎01-19-2018

I found a (somewhat hacky) workaround. Instead of protecting the path of the specific subpage (as in my question), I am not protecting directly the view and the controller of that page.

"protectedPaths": [
			"/webapp/controller/page.controller.js",
			"/webapp/view/page.view.xml"
		],

Now, before navigating to that page, I can check the permission by an HTTP request to either of the resources. If the answer is 403 (forbidden), I do not navigate, if it is 200 (ok), I do.

That's probably not the way, it was supposed to be used, but it works at least.

Problem with Security Constraints / protected paths for HTML5 application in SAP CP

Flexible workflow for PR via Purchasing Group.

Re: How to translate system effectively ?

How to translate system effectively ?

Description/Dictionary of ALL the Permissions

Wily Introscope offline no matter what :-(