Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to understand SCP Application Router. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Briefly explain the main parameters:

Routes

Source: can be a URL or a regular expression that defines what kind of request path the current route matches

Target: how the current request is rewritten to the destination address

Destination: which destination address in the manifest is the current request routed to

AuthenticationType: there are three options. Xsuaa, none and basic,xsuaa and none represent whether or not to authenticate users on App Router for the current request, which will be described in the next section. Basic provides default security authentication support when integrating with SAP HANA.

Destination

Name: used to match the destination configuration in xs-app.json

URL: the real Clould Foundry address of the target application

ForwardAuthToken: if there is oauth token in the request, whether to forward the oauth token to the target application. App Router also supports some of the verification features of oauth token, so users can also choose not to forward oauth token and verify it on the App Router side according to the specific situation.

In addition to basic routing functions, App Router also provides rich support for Web application-related functions, such as connection management, session management, extended http headers, cross-domain, Web Socket, and so on.

Security Integration of App Router and SCP UAA

As mentioned in the previous section, App Router provides secure authentication support for users when routing. Configuring the routed Authentication Type to xsuaa,App Router checks whether the request sent by the front end has a legitimate session. If not, App Router directs the user to SCP UAA's user authentication interface, and when the user's re-authentication is successful, a new legal session is generated and the session is returned to the front-end application.

The whole authentication process is completed by the cooperation of SCP App Router and SCP UAA. SCP UAA is an encapsulation of UAA (User Account and Authentication Service), a security component provided by SAP on Cloud Foundry. Cloud Foundry UAA is an authorization server,SAP that implements the standard Oauth 2.0 protocol and makes some custom enhancements on this basis, but it is consistent with the native UAA on the interface, so it can provide compatibility with OAuth Client programs as much as possible.

Cloud Foundry UAA official documentation:

Https://docs.cloudfoundry.org/api/uaa/version/4.10.0/index.html#overview

SCP standard OAuth3.0 process:

If you are familiar with the OAuth3.0 protocol, you can quickly see from this flowchart that App Router and UAA interact through Authorization Code Grant Flow, acting as OAuth Client and OAuth Server respectively.

For OAuth3.0, see: https://oauth.net/2/

When you see here, you may ask, why not the front-end browser as an OAuth Client? In addition to security considerations, another benefit of App Router hiding the OAuth process from the front end is that various front-end applications do not need to know the details of UAA, such as Client ID and Client Secret, providing better security.

Secondly, there is the consideration of SAP at the product level. For the consistency of its standard products in UI technology, most of the products on SCP, including products on SCP, are based on SAP UI5 to build front-end UI, while UI5 is based on HTML5 technology, that is, these products are browser-based rich client applications. In this way, the implementation of the OAuth3.0 process in the standard App Router can make the various front-end applications of SAP do not need to pay attention to the details of the authentication process. As shown in the figure above, after completing the authentication process and finally getting the token, App Router does not return the token to the browser. Instead, it generates a session on App Router and associates session with token. Here, App Router acts as an intermediary, using session for front-end interaction and token for back-end interaction.

In addition to supporting browser-side applications by default, SCP, as an open platform, also supports the integration of native applications on mobile devices. Please refer to the SCP development documentation for details.

Session Management on App Router

Session management on App Router takes advantage of Node.js 's session-express framework and caches session in instance memory by default (line 79 below):

Then the session stickiness strategy is used to ensure that in the case of multi-instance deployment, requests for the same session will be sent to the same instance to ensure that the session can continue.

Session Stickiness:

Https://stackoverflow.com/questions/10494431/sticky-and-non-sticky-sessions

The advantage of this is that it not only takes advantage of the high performance of instance memory, but also ensures high reliability to a certain extent. At the expense of dynamic scaling, however, once there is a session in use on an App Router instance, the instance cannot be shut down.

Fortunately, App Router uses the open source express-session framework, which not only stores session in instance memory, but also provides a variety of external storage solutions for express-session in the Node.js open source community. At least technically, the instance memory storage provided by App Router can be replaced with external storage without much customized development, so that multiple App Router instances can share the same set of session storage.

Scalability of App Router

When it comes to SAP products, extensibility is an inevitable topic, which is determined by the fact that SAP's business is oriented to enterprise customers. SAP has also been committed to providing SAP customers with good scalability from the platform to the framework, and then to the upper products. App Router is also no exception, because it directly uses Node.js 's connect framework, which itself provides a rich extension of the middleware framework, which can provide filtering and blocking of Node.js requests and responses in a pluggable way. For details, you can refer to connect's home page.

App Router is based on connect, and of course App Router users have direct access to all kinds of middleware provided by connect. In addition, App Router provides some of its own middleware:

Is it very simple and direct? Use these middleware without modifying the code in the native App Router.

I will not repeat all kinds of middleware on App Router here.

To sum up, App Router is a reverse proxy component with simple design, easy to use and good expansibility, which provides more choices and convenience for SAP users to develop applications on SCP.

The above is the editor for you to share how to understand SCP Application Router, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.