How to use @sap/xssec - 6 common examples
To help you get started, we’ve selected a few @sap/xssec examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
SAP / com.sap.openSAP.hana5.example / core_node / router / routes / jobactivity.js View on Github 
var client = req.db;
var query = 'select "jobId".NEXTVAL as nJobId from "DUMMY"';
var jname = req.body.jobname;
var jobid;
var timestamp;
var accessToken;
if (req.headers.authorization) {
accessToken = req.headers.authorization.split(' ')[1];
} else {
logger.error('Authorization header not found');
res.status(401).json({
message: 'Authorization header not found'
});
return;
}
xssec.createSecurityContext(accessToken, xsuaaCredentials, function(error, securityContext) {
if (error) {
logger.error('Invalid access token');
res.status(401).json({
message: 'Invalid access token'
});
return;
}
if (securityContext.checkScope(SCOPE)) {
client.exec(query, function(error, rows) {
if (error) {
logger.error('Error occured' + error);
} else {
jobid = rows[0].NJOBID;
timestamp = new Date().toISOString();initExpress: function() {
var xsenv = require("@sap/xsenv");
var passport = require("passport");
var xssec = require("@sap/xssec");
var xsHDBConn = require("@sap/hdbext");
var express = require("express");
//logging
var logging = require("@sap/logging");
var appContext = logging.createAppContext();
//Initialize Express App for XS UAA and HDBEXT Middleware
var app = express();
passport.use("JWT", new xssec.JWTStrategy(xsenv.getServices({
uaa: {
tag: "xsuaa"
}
}).uaa));
app.use(logging.expressMiddleware(appContext));
app.use(passport.initialize());
var hanaOptions = xsenv.getServices({
hana: {
tag: "hana"
}
});
hanaOptions.hana.rowsWithMetadata = true;
app.use(
passport.authenticate("JWT", {
session: false
}),var xsenv = require("@sap/xsenv");
var passport = require("passport");
var xssec = require("@sap/xssec");
var xsHDBConn = require("@sap/hdbext");
var express = require("express");
//logging
var logging = require("@sap/logging");
var appContext = logging.createAppContext();
var logger = appContext.getLogger("/Application");
var tracer = appContext.getTracer(__filename);
//Initialize Express App for XS UAA and HDBEXT Middleware
var app = express();
passport.use("JWT", new xssec.JWTStrategy(xsenv.getServices({
uaa: {
tag: "xsuaa"
}
}).uaa));
app.use(logging.expressMiddleware(appContext));
app.use(passport.initialize());
var hanaOptions = xsenv.getServices({
hana: {
tag: "hana"
}
});
//hanaOptions.hana.rowsWithMetadata = true;
app.use(
passport.authenticate("JWT", {
session: false
}),xssec.createSecurityContext(accessToken, this._xsuaaService.credentials, function (err, securityContext) {
if (err) {
debug(`Token exchange error: ${err}`);
return reject(err);
}
debug('Security context created successfully');
let grantType = xssec.constants.TYPE_USER_TOKEN;
if (securityContext.getGrantType() === 'client_credentials') {
grantType = xssec.constants.TYPE_CLIENT_CREDENTIALS_TOKEN;
}
securityContext.requestToken(this._credentials, grantType, {}, function (err, newToken) {
if (err) {
debug(`Token exchange error: ${err}`);
return reject(err);
}
debug('Token successfully exchanged');
return resolve(newToken);
});
}.bind(this));
}.bind(this));xssec.createSecurityContext(accessToken, this._xsuaaService.credentials, function (err, securityContext) {
if (err) {
debug(`Token exchange error: ${err}`);
return reject(err);
}
debug('Security context created successfully');
let grantType = xssec.constants.TYPE_USER_TOKEN;
if (securityContext.getGrantType() === 'client_credentials') {
grantType = xssec.constants.TYPE_CLIENT_CREDENTIALS_TOKEN;
}
securityContext.requestToken(this._credentials, grantType, {}, function (err, newToken) {
if (err) {
debug(`Token exchange error: ${err}`);
return reject(err);
}
debug('Token successfully exchanged');
return resolve(newToken);
});
}.bind(this));
}.bind(this));return new Promise(function(resolve, reject) {
if (!this._xsuaaService || !this._xsuaaService.credentials) {
return reject(new Error('XSUAA (Source of token) service binding missing'));
} else if (!this._credentials) {
return reject(new Error('Leonardo IoT service binding missing'));
}
xssec.createSecurityContext(accessToken, this._xsuaaService.credentials, function (err, securityContext) {
if (err) {
debug(`Token exchange error: ${err}`);
return reject(err);
}
debug('Security context created successfully');
let grantType = xssec.constants.TYPE_USER_TOKEN;
if (securityContext.getGrantType() === 'client_credentials') {
grantType = xssec.constants.TYPE_CLIENT_CREDENTIALS_TOKEN;
}
securityContext.requestToken(this._credentials, grantType, {}, function (err, newToken) {
if (err) {
debug(`Token exchange error: ${err}`);
return reject(err);
}@sap/xssec
XS Advanced Container Security API for node.js
SAP DEVELOPER LICENSE AGREEME…
Latest version published 4 days ago