This repository has been archived by the owner on Aug 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 31
api session
BorisNen edited this page Jun 11, 2021
·
5 revisions
Represents the Session with its fields and methods.
- SAP Help
https://help.sap.com/doc/3de842783af24336b6305a3c0223a369/2.0.03/en-US/$.Session.html
- Module
https://github.com/SAP/xsk/tree/main/modules/api/api-xsjs/src/main/resources/xsk/session
- Sample usage:
var session = $.session;
var response = require('http/v4/response');
var username = session.getUsername()
var timeout = session.getTimeout()
var token = session.getSecurityToken()
var authType = session.authType
// Check the language of the session
response.println("Session language: " +session.language)
// Check if a particular user has the "Administrator" role
if (username === "dirigible" && session.hasAppPrivilege("Administrator")) {
// Check a specific system privilege for that user
if (session.hasSystemPrivilege("Dirigible")) {
// Perform some operation with his session's information
response.println("Username: " +username+ " with session authentication type: " +authType+ " token: " +token+ " and timeout " +timeout);
}
} else {
// Assert that the user is a Developer in all other cases
try {
session.assertAppPrivilege("Developer");
// Check the authentification type
if (authType === "BASIC") {
// Use the information from the current session
response.println("Username: " +username+ " with session authentication type: " +authType+ " token: " +token+ " and timeout " +timeout);
}
} catch(error) {
//Display the missing role that was being asserted
response.println("User does not have the role: " +error.privilege)
}
}
// After all calls are complete, check the invocation count of the current session
response.println("Invocation count: " +session.getInvocationCount());
- Coverage
Members | Description | Status |
---|---|---|
authType | Authentication method that was used for the current session. | ✅ |
language | Language of the session in IETF (BCP 47) format. | ✅ |
samlAttribute | Provides the detailed content of the AttributeStatement tag which can be part of a SAML assertion. | ❌ |
samlUserInfo | Provides the materialized content of the AttributeStatement tag which can be part of a SAML assertion. | ❌ |
Methods | Description | Status |
---|---|---|
assertAppPrivilege(privilegeName) | Asserts that the logged-on user has a specified application privilege. | ✅ |
assertSystemPrivilege(privilegeName) | Asserts that the logged-on user has a specified system privilege. | ✅ |
getInvocationCount() | Returns the number of requests sent to the current session. | ✅ |
getSecurityToken() | Returns unique session-specific token that could be used for XSRF prevention. | ✅ |
getTimeout() | The timeout of the XS session in seconds. | ✅ |
getUsername() | Returns the username of the logged-on database user. | ✅ |
hasAppPrivilege(privilegeName) | Checks whether the logged-on user has a specified application privilege. | ✅ |
hasSystemPrivilege(privilegeName) | Checks whether the logged-on user has a specified system privilege. | ✅ |
- Issues
- Unit Tests
- Integration Tests ❌
✅ - Feature implemented and working as supposed.
❌ - Feature not implemented yet.