From 39335c8c9b11c7f3bc1c0ca435328ad2bcc69e73 Mon Sep 17 00:00:00 2001 From: Johannes Vogt Date: Fri, 21 Mar 2025 16:52:51 +0100 Subject: [PATCH] cds add xsuaa --for production --- app/router/xs-app.json | 60 +++++++++++++++++++++--------------------- mta.yaml | 47 ++++++++++++++++++++------------- package.json | 8 +++++- xs-security.json | 6 +++++ 4 files changed, 72 insertions(+), 49 deletions(-) create mode 100644 xs-security.json diff --git a/app/router/xs-app.json b/app/router/xs-app.json index ffd1574e..22713929 100644 --- a/app/router/xs-app.json +++ b/app/router/xs-app.json @@ -2,46 +2,46 @@ "welcomeFile": "app/bookshop/index.html", "routes": [ { - "source": "^/app/(.*)$", - "target": "$1", - "localDir": ".", + "source": "^/app/(.*)$", + "target": "$1", + "localDir": ".", "cacheControl": "no-cache, no-store, must-revalidate" }, { - "source": "^(.*)$", - "target": "$1", - "localDir": ".", + "source": "^(.*)$", + "target": "$1", + "localDir": ".", "cacheControl": "no-cache, no-store, must-revalidate" }, { - "source": "^/admin/(.*)$", - "target": "/admin/$1", - "destination": "bookstore-api", + "source": "^/admin/(.*)$", + "target": "/admin/$1", + "destination": "bookstore-api", "csrfProtection": true - }, - { - "source": "^/browse/(.*)$", - "target": "/browse/$1", - "destination": "bookstore-api", + }, + { + "source": "^/browse/(.*)$", + "target": "/browse/$1", + "destination": "bookstore-api", "csrfProtection": true - }, - { - "source": "^/user/(.*)$", - "target": "/user/$1", - "destination": "bookstore-api", + }, + { + "source": "^/user/(.*)$", + "target": "/user/$1", + "destination": "bookstore-api", "csrfProtection": true - }, - { - "source": "^/odata/v4/orders/(.*)$", - "target": "/odata/v4/orders/$1", - "destination": "orders-api", + }, + { + "source": "^/odata/v4/orders/(.*)$", + "target": "/odata/v4/orders/$1", + "destination": "orders-api", "csrfProtection": true - }, - { - "source": "^/reviews/(.*)$", - "target": "/reviews/$1", - "destination": "reviews-api", + }, + { + "source": "^/reviews/(.*)$", + "target": "/reviews/$1", + "destination": "reviews-api", "csrfProtection": true - } + } ] } diff --git a/mta.yaml b/mta.yaml index 501c9c0a..3902f477 100644 --- a/mta.yaml +++ b/mta.yaml @@ -27,6 +27,7 @@ modules: srv-url: ${default-url} requires: - name: samples-db + - name: samples-auth - name: samples-db-deployer type: hdb @@ -44,24 +45,25 @@ modules: disk-quota: 256M memory: 256M requires: - - name: orders-api - group: destinations - properties: - name: orders-api - url: ~{srv-url} - forwardAuthToken: true - - name: reviews-api - group: destinations - properties: - name: reviews-api - url: ~{srv-url} - forwardAuthToken: true - - name: bookstore-api - group: destinations - properties: - name: bookstore-api - url: ~{srv-url} - forwardAuthToken: true + - name: orders-api + group: destinations + properties: + name: orders-api + url: ~{srv-url} + forwardAuthToken: true + - name: reviews-api + group: destinations + properties: + name: reviews-api + url: ~{srv-url} + forwardAuthToken: true + - name: bookstore-api + group: destinations + properties: + name: bookstore-api + url: ~{srv-url} + forwardAuthToken: true + - name: samples-auth provides: - name: app-api properties: @@ -74,3 +76,12 @@ resources: parameters: service: hana service-plan: hdi-shared + - name: samples-auth + type: org.cloudfoundry.managed-service + parameters: + service: xsuaa + service-plan: application + path: ./xs-security.json + config: + xsappname: samples-${org}-${space} + tenant-mode: dedicated diff --git a/package.json b/package.json index fd0e125b..ab37a597 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,8 @@ "author": "daniel.hutzel@sap.com", "dependencies": { "@sap/cds": ">=8", - "@cap-js/hana": "^1" + "@cap-js/hana": "^1", + "@sap/xssec": "^4" }, "workspaces": [ "./bookshop", @@ -44,6 +45,11 @@ "cds": { "sql": { "native_hana_associations": false + }, + "requires": { + "[production]": { + "auth": "xsuaa" + } } } } diff --git a/xs-security.json b/xs-security.json new file mode 100644 index 00000000..e1d39923 --- /dev/null +++ b/xs-security.json @@ -0,0 +1,6 @@ +{ + "scopes": [], + "attributes": [], + "role-templates": [], + "authorities-inheritance": false +}