on 01-18-2018 4:59 PM
Hi community,
I want to block access to parts of my HTML5 application to certain users using SAP Cloud Platforms "Application Permissions" concept.
For that, I included the following into my neo-app.json
"securityConstraints": [{
"permission": "myPermission",
"description": "description",
"protectedPaths": [
"/webapp/index.html?hc_reset#/protected/",
"/webapp/index.html/protected/",
"/webapp/index.html#/protected/"
]
}]
And indeed, it blocks access to "/webapp/index.html/protected/", but "/webapp/index.html#/protected/" (which is automatically used by the UI) and "/webapp/index.html?hc_reset#/protected/" remain unprotected.
I have tried using wildcards and escaping #, but that didn't work.
How can I fix that?
Thank you very much for responding!
I found a (somewhat hacky) workaround. Instead of protecting the path of the specific subpage (as in my question), I am not protecting directly the view and the controller of that page.
"protectedPaths": [
"/webapp/controller/page.controller.js",
"/webapp/view/page.view.xml"
],
Now, before navigating to that page, I can check the permission by an HTTP request to either of the resources. If the answer is 403 (forbidden), I do not navigate, if it is 200 (ok), I do.
That's probably not the way, it was supposed to be used, but it works at least.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
69 | |
8 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.