SAP Chengdu Research Institute Li Sanlang: SCP Application Router Introduction

Today's article from Li Bening (Ben), SAP Chengdu Research Institute's Senior program Ape and architect.

As one of several colleagues in the Chengdu Research Institute who is also proficient in the three programming languages of Java, JavaScript and ABAP, Ben has served as the architect of the Chengdu CRM Fiori development team, the S4CRM development team, and a cloud product development team that has not yet been released.

Ben's responsibilities in these three teams are the product architecture design and the writing of some functional code, as well as code reviews from other colleagues in the group.

In addition to its own architectural design and programming-related skills, Ben also has a lot of experience in preaching questions about the industry. Ben is an agile software enginnering instructor within the SAP Institute and a lecturer in several in-house training courses at the SAP Chengdu Institute. His courses have helped many young colleagues who have just stepped out of their college campuses from writing their toy code in school to becoming a true enterprise software development professional.

Every developer who is proficient in several different programming languages has its own set of ideas and methods to integrate these languages and use them for their own purposes. So how did Ben do it? Maybe you can see something from Ben's hobby. Ben likes football and go, and the level is not too bad for amateurs. Can simultaneously control this move a static, a just a soft, a yang a yin of two hobbies, except Ben, I can think of is only these several masters:

1. People to middle age, the Dragon 18 to practice more than the flood of seven male attainments of the warrior Guo Jing.

Cruised Guo Jing Nearly 20 years can practice nine yin canon, at the beginning of the true force is not revealed, dozens of strokes, 18 palm of the strength suddenly strong and weak, suddenly swallow and spit, from the beginning to the soft magical, it is Hong Seven public that was not understood the magic?

2. Left knife, the right-handed long whip Emei beauty Zhou Zhijo.

Zhou Zhijo take out the soft whip, the right hand a shake, whip rolled into more than 10 large and small circle, good-looking, left-hand turn, green light flashing, exposing a dagger. The warlords yesterday had seen her soft whip power, do not have her left hand can also use the knife, a long a short, a soft one just , that is two diametrically different wepons. Under the shock of the spirits, the spirit of all.

3. The day MSI nine Stripes Dragon history enters.

Although there are several armed forces in the water margin, such as Lu Junyi, Sven Gong, Lin these, but in the book they only use a weapon from beginning to end. While Starong on the battlefield and others desperately, has used three different weapons, including the ancient Chinese generals have very few dared to try the high-level weapon-meteor hammer.

History into furious way: "Thief back son dare so rampant!" "Then the three-pointed and two-edged four-body eight ring knife , straight take the orchid." Lansheng urgent to lift the copper man, the enemy live in history. Two under each show martial arts, courageously fight.

He changed a point steel Zhang Eight snake spear , sudden horse out. Han See, will hold the hands of five days fork, a horse rushed, straight take history into. Two people also do not play words, both horses intersect, fork Spear simultaneously, one to go. See the history of the spear, suddenly high and low, suddenly and suddenly after, suddenly left, and then right sweep, waving his body, full of a spear shadow.

Then, clapped, he already portable Meteor Hammer , changed a horse, rushed to the front. Lansheng fly up the brass, Sha two people together save. He play round that Meteor hammer, blocking three people.

Starong in the book mentioned in the 800,000 death dealers coach Wangjin, under the guidance of terrorize everything proficient, is truly worthy of reputation.

and Li Bening, in the SAP Chengdu Research Institute Three separate use Java, JavaScript and ABAP development team are appointed as architects, the comprehensive technology is not lost in Starong.

As far as I know Li Bening like the star is by the fans dubbed "desperately three Lang", "Iron Man" title of the Nedved, like him in the field at the strength of the run that kind of blood style. Li Bening hopes to be able to make a desperate three francs on the pitch like nedved.

Jerry is not a fan, only that we have a history of a desperate three lang:

As a 80, Jerry was young on these cards without spending less. If you have the same favorite hobby, welcome backstage communication.

The following is the text of Li Bening.

Hello everyone, my name is Li Bening, I can also call me Ben, currently in the SAP Chengdu Research Institute, a cloud product project team as a senior Development engineer and architect.

I joined SAP in 09, before in Shanghai Citigroup Software Center has done 4 years of banking system development, into SAP after the first two years in the Shanghai Institute of SAP, at the end of 11 transferred to the SAP Chengdu Research Institute until now, calculated to stay in Chengdu for nearly seven years.

In addition to programming, I also have two of iron-fixed hobbies, football and go, the level of the distinction is a Community star class and street amateur Master level ... I think these two things one can keep the vitality of the body, one can maintain the vitality of the mind, so so far has insisted on playing a ball and the next few games of chess rhythm, of course, but also as the rest of the relaxation.

This article is an introduction to a component application Router (hereinafter referred to as app Router) used on the SAP Shuyun platform for a cloud product being developed by SAP Hybris.

SCP App Router is one of the core modules on the SAP Cloud Platform (SCP), as an application that runs independently in the SCP Cloud foundry environment, and it supports the following two core functions:

• Reverse proxy: Distribute external requests to different applications within the SCP Cloud foundry environment.

• Security Integration: UAA seamlessly integrates with the core security components on the SCP Cloud Foundry, providing security-related features such as user authentication, session management, and more.

Speaking of which, you may soon think of Nginx, an excellent open source Web server, used to do similar reverse proxy functions. If my application wanted to use Nginx, could it? In fact, the SCP is not limited to use the app router--it is a completely open platform, you can deploy any of the components you want to serve the application, but SAP has already provided a series of infrastructure components, this set of SAP native components provides better integration and collaboration, the APP Router is one of them.

Understand the technology selection of app router

App router is a standard web app built with node. js.

It is well known that node. js, as an open technology environment, has inherent advantages in building HTTP-based Web applications: simple, efficient. and node. JS has been very mature and stable over the past few years, plus the open source community provides a rich library, and node. JS has become a powerful application development environment on the server side. SAP chose node. js as the technology stack for its core components on the cloud strategy platform, and from this choice we can see that SAP's approach to cloud strategy is gradually moving towards openness.

You might ask, node. JS is a single-threaded model, and according to the example diagram above, all of the backend accesses deployed on the SCP Cloud foundry through app Router, which brings performance issues? In fact, this is a misunderstanding of the node. JS runtime model, referring to a node. js Runtime schema diagram:

node. JS provides only a single-threaded programming model for the application side, but its underlying operating architecture is not a single-threaded model. In node. js, the various HTTP accesses, the database reads and writes, the file IO Access is asynchronously the proxy to the underlying V8 engine, the main thread is not blocked, and the underlying V8 engine has the very powerful concurrency processing ability, will quickly return each event concurrent processing result through the event polling way to the main thread. As long as the main thread of node. JS does not do a lot of CPU operations (such as large-scale business logic operations, scientific calculations, etc.), such a node. js application can have good performance.

App Router has exactly the typical features described above: In user authentication will identify the user identity and permissions of the work agent to Cloud Foundry UAA to do, business requests forwarded to the individual deployment cloud Foundry application, You just do some simple HTTP parameter conversion and validation, request forwarding, and request response return.

Routing (routing) on the APP router

The implementation of the router on the app is done by defining a series of destination, specifically configuring the route and destination in the Xs-app.json of the app router. and configure the URL of the corresponding destination in MANIFEST.YML:

MANIFEST.YML:

Briefly explain the main parameters:

Routes

• source: Can be a URL or a regular expression that defines what kind of request path the current route is to match

• target:?? How the current request is rewritten to the destination address

• destination:? which destination address in the current request is routed to manifest

• AuthenticationType:? There are three options, XSUAA, none and Basic,xsuaa and none represent whether the current request on the app router user security authentication, the next section will be described in detail. Basic is a default security validation support when integrating with SAP Hana.

Destination

• Name: Used to match the destination configuration in Xs-app.json

• URL: Target Application real clould foundry address

• forwardauthtoken:?? If the request has an OAuth token, whether to forward the OAuth token to the target application. App Router also supports the partial check function of OAuth token, so the user can choose not to forward the oauth?token according to the specific situation, just in the app router-side check

In addition to the basic routing features, APP router also provides rich WEB application-related features such as connection management, Session management, extended HTTP headers, cross-domain, Web sockets, and more.

Secure integration of APP router and SCP UAA

As mentioned in the previous section, APP router provides users with secure authentication support when routing. Configuring the authentication type of the route to Xsuaa,app router checks whether the request sent by the front end has a legitimate session. If not, APP router will direct the user to the SCP UAA user authentication interface, and when the user re-authenticates successfully, a new legitimate session will be generated and the session will be returned to the front-end application.

The entire certification process is in collaboration with SCP APP router and SCP UAA, an SCP UAA is an encapsulation of the security Components UAA (User account and authentication Service) provided by SAP to the Cloud foundry , the Cloud Foundry UAA is a authorization server,sap that implements the standard OAuth 2.0 protocol, which is based on a number of custom enhancements, but is consistent with the native UAA on the interface, so that OAuth can be as Client-side programs provide compatibility.

Cloud Foundry UAA Official documentation:

Https://docs.cloudfoundry.org/api/uaa/version/4.10.0/index.html#overview

OAuth2.0 process for SCP standard:

If you are familiar with the OAuth2.0 protocol, you will soon see from this flowchart that the app router and UAA interact through authorization Code Grant flow, which acts as an OAuth client and OAuth during the interaction. The role of the server.

For OAuth2.0, see:? https://oauth.net/2/

See here you might ask, why not a front-end browser as an OAuth Client? In addition to security considerations,? Another benefit of app router to hiding the OAuth process from the front end is that the various front-end applications do not need to know the details of UAA such as client ID, client secret, providing better security.

Second, SAP at the product level, for its standard products in the UI technology consistency, including SCP products are mostly based on SAP UI5 to build front-end UI, and UI5 is based on HTML5 technology, namely, these products are browser-based rich client applications. As a result, implementing the OAuth2.0 process within the Standard app router allows SAP's various front-end applications to focus on the details of the certification process. As shown in the app router, after completing the certification process and finally getting token, it does not return the token to the browser, but instead generates a session on the app router and associates the session with the token, and the app Router plays an intermediary role here, interacting with the front-end unified session and using tokens for the backend.

SCP, in addition to the standard implementation of the default support browser-side applications, as an open platform, of course, also support the integration of mobile-native applications, this is not discussed here, specific details can refer to the SCP development documentation.

Session Management on APP router

Session Management on APP router takes advantage of node. JS's session-express framework, which caches the session by default in instance memory (line 79th):

The session stickiness policy is then used to ensure that, in the case of multi-instance deployments, requests for the same session are sent to the same instance to ensure that the sessions can continue.

Session stickiness:

Https://stackoverflow.com/questions/10494431/sticky-and-non-sticky-sessions

The advantage of this is that both the high performance of the instance memory and the high reliability can be ensured to a certain extent. But at the expense of the ability to dynamically scale, this instance cannot be closed once an app router instance has a session in use.

Fortunately, app router is using the open source Express-session framework, which does not only store the session in instance memory, The node. JS Open Source community already offers a variety of express-session external storage scenarios. At least technically, you can replace the instance memory storage provided by app router with external storage without much customization, so that multiple app router instances can share the same set of session stores.

The scalability of APP router

As long as it comes to SAP's products, extensibility is an unavoidable topic, which is determined by the nature of SAP's business-oriented enterprise customers. SAP has also been working from platform to framework, to the top of the product, as much as possible to the SAP customers to provide good scalability. APP router is no exception, Thanks to the direct use of node. JS's connect framework, this is a rich, extensible middleware framework that provides filtering and interception of node. JS requests and responses in a pluggable way, so you can refer to the home page of Connect.

App router is based on connect, and of course the app router users get direct access to the various middleware offered by Connect, and the app router offers some of its own middleware:

Isn't it very simple and straightforward? Use these middleware without needing to modify the code inside the native app router.

This is no longer a router of the various middleware one by one on the app, and the details can be found in the GitHub documentation for the app router.

In summary, the app router is a simple, easy-to-use, and extensible reverse proxy component that provides more choice and convenience for the vast majority of SAP users developing applications on the SCP.

Thank you for reading.

To get more original Jerry's technical articles, please follow the public number "Wang Zixi" or scan the QR code below:

SAP Chengdu Research Institute Li Sanlang: SCP Application Router Introduction