Today’s post comes from Ben Li, senior programmer and architect at SAP Chengdu Research Institute.

As one of several colleagues in Chengdu Research Institute who are proficient in Java, JavaScript and ABAP programming languages, Ben has served as the architect of chengdu CRM Fiori development team, S4CRM development team and a cloud product development team that has not yet been released.

Ben’s responsibilities in all three teams were product architecture design and coding of some functions, as well as code review of other colleagues in the group.

In addition to his strong architectural design and programming skills, Ben is also very good at teaching and answering questions. Ben is the Internal Agile Software Enginnering coach at SAP Research And has been a lecturer at several internal training courses at SAP Chengdu Research Institute. His courses have helped many young colleagues fresh out of college on their way from writing toy code in school to a career in real enterprise software development.

Every developer who has mastered several languages of very different styles at the same time has his or her own set of tricks and techniques for integrating them into one language for his or her own use. So how did Ben do it? Ben: Maybe you can find a clue in his hobbies. Ben likes football and Go, and is not too bad for amateurs. Besides Ben, I can think of only a few masters who can simultaneously master the two hobbies of movement and stillness, firmness and softness, Yang and Yin:

1. Middle-aged man, the dragon 18 palm training to surpass Hong Qigong accomplished warrior Guo Jing.

Know Guo Jing nearly twenty years to practice nine Yin zhen jing, the beginning of the true force is not revealed, dozens of recruit, dragon eighteen palm strength suddenly strong and weak, suddenly swallow and spit, from to just had to give birth to soft magic, that is hong Qigong that can not understand the divine power

2. Left hand short knife, right hand long whip emei beauty boss Zhou Zhi if.

Zhou Zhi if take out soft whip, right hand a shake, whip suddenly rolled into more than ten large and small circles, look extremely, left hand over, green flash, revealing a short knife. The men had seen the power of her whip yesterday, but she could use a sword with her left hand at the same time, one long and one short, one soft and one strong, two completely different blades. Under the shock of the male, the spirit is refreshed.

3. The history of the dragon with nine stripes on the sky.

There are some heroes of the Water Margin, such as Lu Junyi, Shi Wengong and Lin Chong, who use only one weapon from beginning to end. And shi Dalang in the battlefield and others desperately, has used three different weapons, which also includes the ancient Chinese military commanders rarely dare to try the difficult weapon – meteor hammer.

Shi Jin said angrily: “How dare the thief run so rampant!” Then he took the knife with three points, two edges, four orifices and eight rings to get Lansheng. Lansheng rushed to the one-legged bronze man, the enemy of shi Jin. Both show their martial arts and fight bravely.

History jin changed a fulcrum steel zhang eight snake spear, sudden horse out. Ha Yun sheng saw, then stood in the hands of the five to the fork, a horse rushed to take history into. They did not talk. Their horses crossed each other, their spears and spears raised side by side, coming and going. I saw shi Jin’s spear go up and down, go back and forth, rush left and sweep right, swing body and bottom, all a piece of spear shadow.

At that moment, Shi Jin already took a meteor hammer in hand, changed a horse, rushed to the front. Lansheng flew the bronze man to fight, shamian two people together save up. Shi Jin rounded the meteor hammer to block the three.

The book mentioned in the history of lang in the eight hundred thousand ban army under the guidance of wang Jin, 18 martial arts all proficient, as expected.

Beining Li, who has been appointed as an architect in three development teams using Java, JavaScript and ABAP at SAP Chengdu Research Institute, is as comprehensive as Starang.

As far as I know, Li Bening’s favorite star is nedved, who is dubbed as “desperate Samlang” and “Iron Man” by fans. He likes his iron style of running on the court regardless of physical strength. Bening lee hopes he can also be a nedved on the pitch as a desperate three – man.

Jerry: Well, I’m not a football fan, but I know there was a man in our history who was a desperado.

As a child born in the 1980s, Jerry spent a lot of money on these cards as a child. If you have the same collection hobby, welcome backstage exchange.

The following is the text of Beining Lee.

Hello everyone, my name is Beining Li, or you can call me Ben. I am currently working as a senior development engineer and architect in a cloud product project team of SAP Chengdu Research Institute.

I joined SAP in 2009. Before that, I worked in Citigroup Software Center in Shanghai as a bank system developer for 4 years. After joining SAP, I worked in SAP Research Institute in Shanghai for 2 years, and transferred to SAP Research Institute in Chengdu at the end of 2011.

In addition to programming, I also have two unmovable hobbies, football and weiqi, which can be regarded as community star level and street amateur level respectively. I think these two things can keep the vitality of the body, the other can keep the vitality of the mind, so I have been adhering to the rhythm of playing a game of football and a few games of chess every week, of course, but also as a relaxation after work.

This article introduces an Application Router(App Router) component of a cloud product being developed by SAP Hybris on the SAP cloud platform.

SCP App Router is one of the core modules on SAP Cloud platform (hereinafter referred to as SCP). As an application running independently in SCP Cloud Foundry environment, SCP App Router mainly supports the following two core functions:

  • Reverse proxy: Distributes external requests to different applications within the SCP Cloud Foundry environment.
  • Security Integration: Seamless integration with UAA, the core security component on SCP Cloud Foundry, provides user authentication, session management and other security-related functions.

You might immediately think of Nginx, an excellent open source Web server that does something like reverse proxy. If my application wants to use Nginx, can I? SCP is not limited to using the App Router — it is a completely open platform where you can deploy any component you want to your application, but SAP already provides a set of infrastructure components on it that provide better integration and collaboration between SAP native components. App Router is one of them.

Understand the technology selection of App Router

App Router is a standard Web application built with Node.js.

As we all know, Node.js, as an open technology environment, has inherent advantages in building Web applications based on HTTP: simple and efficient. After rapid iteration and development in recent years, Node.js has become very mature and stable. Coupled with the rich libraries provided by the open source community, Node.js has become a powerful application development environment on the server side. SAP chooses Node.js as the technology stack of the core components on its cloud strategy platform. From this choice, we can also see that SAP is gradually moving towards openness in its cloud strategy.

You may ask that node.js is a single-threaded model. Based on the example diagram above, does all back-end access to SCP Cloud Foundry deployed through the App Router cause performance problems? This is a misunderstanding of the Node.js runtime model. See a diagram of the Node.js runtime architecture:

Node.js provides only a single-threaded programming model for the application side, but its underlying operating architecture is not a single-threaded model. In the Node. Js in various HTTP access, read and write the database, access file IO are the way of asynchronous agents to the bottom of the V8 engine, the main thread will not be blocked, and the underlying V8 engines have very strong ability of concurrent processing, quickly will the concurrent processing result through events polling way back to the main thread. Node.js applications can perform well as long as they don’t do a lot of CPU processing (large-scale business logic, scientific computation, etc.) in the main thread of Node.js.

The App Router has just one of the typical features mentioned above: In user authentication, the work of identifying user identity and permissions is delegated to Cloud Foundry UAA, the business requests are forwarded to each independent deployed Cloud Foundry application, and it only does some simple HTTP parameter conversion and verification, request forwarding, and request response return.

Routing on App Router

App Router routing is implemented by defining a series of destinations. Specifically, route and destination are configured in xS-app. json of App Router. And configure the url corresponding to destination in manifest.yml:

manifest.yml:

A brief explanation of the main parameters:

Routes

  • Source: can be a URL or a regular expression that defines which request path the current route matches
  • Target: How is the current request overridden to the target address
  • Destination: The destination address in the MANIFEST to which the current request is routed
  • AuthenticationType: There are three options, xsuaa, None, and Basic. Xsuaa and None represent whether to authenticate the user on the App Router for the current request, which will be described in the next section. Basic provides default security authentication support when integrated with SAP HANA.

Destination

  • Name: matches the destination configuration in xS-app. json
  • URL: The actual Clould Foundry address of the target application
  • ForwardAuthToken: Whether to forward the OAuth Token to the target application if the request has an OAuth token. The App Router also supports partial verification of the OAuth Token. Therefore, users can choose not to forward the OAuth Token and verify the OAuth token on the App Router as required

In addition to basic routing functionality, App Router also provides rich Support for Web application-related functionality, such as connection management, session management, extended HTTP headers, cross-domain, Web sockets, and more.

Security integration of App Router and SCP UAA

As mentioned in the previous section, the App Router provides user security authentication support during routing. If the Authentication Type of the route is set to xsuaa, the App Router checks whether the request sent from the front end has a valid session. If not, the App Router directs the user to the USER authentication interface of SCP UAA. After the user is successfully re-authenticated, a new valid session is generated and returned to the front-end application.

The whole authentication process is completed by SCP App Router and SCP UAA. SCP UAA is a encapsulation of User Account and Authentication Service (UAA) provided by SAP on Cloud Foundry. Cloud Foundry UAA is an authorization server that implements the standard Oauth 2.0 protocol. SAP has made some custom enhancements based on this, but the interface is consistent with native UAA. This provides compatibility with the OAuth Client as much as possible.

Cloud Foundry UAA

Docs.cloudfoundry.org/api/uaa/ver…

SCP standard OAuth2.0 process:

If you are familiar with the OAuth2.0 protocol, you can quickly see from this Flow chart that App Router and UAA interact through Authorization Code Grant Flow. During the interaction, they act as OAuth Client and OAuth Server respectively.

For OAuth2.0, see: oauth.net/2/

Seeing this you may ask, why not the front-end browser as the OAuth Client? In addition to security considerations, another advantage of App Router hiding OAuth processes from the front end is that various front end applications do not need to know details such as Client ID and Client Secret on UAA, providing better security.

Secondly, there is SAP’s consideration on the product level. In order to ensure the consistency of its standard products in UI technology, most of the products including SCP are based on SAP UI5 to build front-end UI, while UI5 is based on HTML5 technology, that is, these products are browser-based rich client applications. As a result, implementing the OAuth2.0 process inside the standard App Router can eliminate the need for SAP front-end applications to focus on the details of the authentication process. As shown in the figure above, after the App Router completes the authentication process and finally gets the token, it does not return the token to the browser. Instead, it generates a session on the App Router and associates the session with the token. App Router plays the role of an intermediary here. Session is used for front-end interaction and token is used for back-end interaction.

In addition to supporting browser-side applications by default, SCP is an open platform that also supports integration of mobile native applications. For details, please refer to the SCP development documentation.

Session management on the App Router

Session management on the App Router makes use of the Node.js session-Express framework to cache sessions in instance memory by default (line 79 below):

The Session stickiness strategy is then used to ensure that in a multi-instance deployment, requests for the same session are sent to the same instance to keep the session going.

Session Stickiness:

Stackoverflow.com/questions/1…

The advantage of this approach is that it not only takes advantage of the high performance of Instance Memory, but also ensures high reliability to a certain extent. At the expense of dynamic scaling, an App Router instance cannot be closed once it has a session in use.

Fortunately, the App Router uses the open source Express-Session framework, which does not only store sessions in instance memory. The Node.js open source community has provided a variety of express-Session external storage solutions. At least technically, it is possible to replace the instance memory storage provided by the App Router with external storage without much customization, so that multiple App Router instances can share the same set of session storage.

Scalability of App Router

When it comes to SAP products, extensibility is an inevitable topic, because SAP’s business is geared toward enterprise customers. SAP is also committed to providing as much scalability as possible to SAP customers, from platform to framework to upper level products. The App Router is no exception because it uses node.js’s Connect framework, a middleware framework that provides rich extensions to filter and block Node.js requests and responses in a pluggable way. For details, see the Connect home page.

App Router is based on Connect. Of course, users of App Router can directly obtain various middleware provided by Connect. In addition, App Router also provides some middleware of its own:

Is it very simple and straightforward? These middleware can be used without modifying the code in the native App Router.

The various middleware on the App Router will not be described here, but you can refer to the Github documentation for the App Router for details.

To sum up, App Router is a reverse proxy component with simple design, easy to use and good scalability. It provides more choices and convenience for SAP users to develop applications on SCP.

Thank you for reading.

For more of Jerry’s original technical articles, please follow the public account “Wang Zixi” or scan the following QR code: