Today's article is from Li Bening (Ben), a senior programmer and architect at SAP Chengdu Research Institute.
As one of several colleagues in the Chengdu Research Institute who is proficient in three programming languages, namely Java, JavaScript and ABAP, Ben has served as the architect of the Chengdu CRM Fiori development team, the S4CRM development team and an unreleased cloud product development team. .
Ben's responsibilities in these three teams are the product architecture design and the writing of some functional codes, as well as the code review of other colleagues in the group.
In addition to his strong skills in architecture design and programming, Ben also has a lot of experience in teaching and solving puzzles. Ben is an Agile Software Enginnering coach within SAP Research Institute, and a lecturer for several internal training courses at SAP Chengdu Research Institute. His courses have helped many young colleagues just out of college on the professional path from writing toy code at school to real enterprise software development.
Every developer who is proficient in several programming languages with different styles at the same time always has his own set of experiences and methods to integrate these languages for his own use. So how does Ben do it? Perhaps it can be seen from Ben's hobbies. Ben likes football and Go, and is not too bad among amateurs. To be able to control the two hobbies of movement and stillness, firmness and softness, yang and yin at the same time, apart from Ben, I can only think of these masters:
1. When people reach middle age, Guo Jing, a hero who has practiced the Eighteen Palms of Subduing the Dragon to surpass the attainments of Hong Qigong.
Who knows that Guo Jing has been practicing the Nine Yin Sutra diligently for the past twenty years. At first, his true power was not revealed. After dozens of strokes, the power of the Eighteen Palms of Subduing the Dragon suddenly became stronger and weaker . The magical effect of giving birth to the most soft , that is the magical power that Hong Qigong could not comprehend in those days.
2. Zhou Zhiruo, the head of the Emei beauty with a short knife in his left hand and a long whip in his right.
Zhou Zhiruo took out the soft whip, and with a flick of her right hand, the whip immediately rolled into more than ten large and small circles. The heroes had seen the power of her soft whip yesterday, but they were surprised that her left hand was still able to use a knife at the same time, one long and one short, one soft and one rigid , they were two completely different swords. Under the admiration of the heroes, their spirits were lifted.
3. Tianweixing nine-patterned dragon Shi Jin.
Although there are several heroes in the Outlaws of the Margin whose military power is above the table, such as Lu Junyi, Shi Wengong, and Lin Chong, they only use one type of weapon from beginning to end in the book. When Shi Dalang was desperately fighting with others on the battlefield, he used three different weapons successively, including the meteor hammer, a difficult weapon that few ancient Chinese generals dared to try.
Shi Jin said furiously, "How dare the thief be so rampant!" Then he took a three-pointed, two-edged, four-orifice and eight-ringed saber and took Lan Sheng directly. Lan Sheng hurriedly raised the one-legged bronze man, and the enemy lived in Shi Jin. Both showed their martial arts skills and fought bravely.
Shi Jin changed to a point steel zhangba snake spear and came out suddenly. When Ha Yunsheng saw it, he held out the five-branched fork in his hand and rushed towards Shi Jin. The two of them didn't talk, the two horses crossed each other, crossed their spears, and went back and forth. I saw Shi Jin's spear, high and low, front and back, left rushing, right swept, swinging up and down, all spear shadows.
It was too late, but it was too late, Shi Jin had already carried a meteor hammer , replaced a tall horse, and rushed to the front of the battle. Lan Sheng flew up the bronze figurines and attacked them, and the two of them gathered together. Shi Jin rounded the meteor hammer to block the three.
The Shi Dalang mentioned in the book, under the guidance of Wang Jin, the head of the 800,000-strong Imperial Army, was proficient in all eighteen martial arts, and he really deserved his reputation.
And Li Beining was appointed as the architect in the three development teams of SAP Chengdu Research Institute using Java, JavaScript and ABAP respectively, and the comprehensiveness of technology is not inferior to that of Shi Dalang.
As far as I know, Li Bening's favorite star is Nedved, who has been dubbed "Desperate Saburo" and "Iron Man" by fans. Li Beining hopes that he can also be a desperate Saburo like Nedved on the court.
Jerry is not a fan, I only know that there is also a desperate Saburo in our history:
As a post-80s generation, Jerry spent a lot of money on these cards in his childhood. If you have the same collection hobby, welcome to communicate in the background.
Below is the text of Li Bening.
Hello everyone, my name is Li Beining, you can also call me Ben, I am currently working as a senior development engineer and architect in a cloud product project team of SAP Chengdu Research Institute.
I joined SAP in 2009. I worked for 4 years in banking system development in Shanghai Citigroup Software Center. After joining SAP, I worked in SAP Shanghai Research Institute for two years. At the end of 2011, I transferred to SAP Chengdu Research Institute until now. In all, I have been in Chengdu for almost seven years.
In addition to programming, I have two unstoppable hobbies, football and Go, which can be regarded as a small ball star and a street amateur master respectively... I think one of these two things can maintain physical vitality. , One can maintain the vitality of the mind, so I have always insisted on the rhythm of playing a ball and playing a few games of chess every week, and of course, it is also used as a relaxation after work.
This article introduces the Application Router (hereinafter referred to as App Router), a component used by a cloud product under development of SAP Hybris on the SAP cloud platform.
SCP App Router is one of the core modules on the SAP Cloud Platform (hereinafter referred to as SCP). As an application running independently in the SCP Cloud Foundry environment, it mainly supports the following two core functions:
Reverse proxy: Distribute external requests to different applications within the SCP Cloud Foundry environment.
Security integration: Seamless integration with UAA, the core security component on SCP Cloud Foundry, provides security-related functions such as user authentication and session management.
Speaking of which, you may immediately think of Nginx, an excellent open source web server that functions like a reverse proxy. If my application wants to use Nginx, is it possible? In fact, SCP is not limited to App Router - it is a completely open platform, you can deploy any component you want to serve the application, but SAP has provided a series of infrastructure components on it. SAP native components provide better integration and collaboration, and App Router is one of them.
Understand the technical selection of App Router
App Router is a standard web application built with Node.js.
As we all know, Node.js, as an open technical environment, has inherent advantages in building HTTP-based web applications: simple and efficient. And Node.js has become very mature and stable after rapid iteration and development in recent years. Coupled with the rich libraries provided by the open source community, Node.js has become a powerful application development environment on the server side. SAP chose Node.js as the technology stack of the core components on its cloud strategy platform. From this choice, we can also see that SAP's cloud strategy is gradually opening up.
You may ask, Node.js is a single-threaded model, according to the example diagram above, all access to the backend deployed on SCP Cloud Foundry goes through App Router, will this cause performance issues? In fact, this is a misunderstanding of the Node.js runtime model. Refer to a Node.js runtime architecture diagram:
Node.js only provides a single-threaded programming model for the application side, but its underlying running architecture is not a single-threaded model. In Node.js, various HTTP access, database read and write, and file IO access are all delegated to the underlying V8 engine in an asynchronous manner, the main thread will not be blocked, and the underlying V8 engine has very powerful concurrent processing The ability to quickly return the concurrent processing results of each event to the main thread through event polling. As long as a large number of CPU operations (such as large-scale business logic operations, scientific computing, etc.) are not performed in the main thread of Node.js, such Node.js applications can have good performance.
App Router just has the above-mentioned typical characteristics: in user authentication, it delegates the work of identifying user identities and permissions to Cloud Foundry UAA, and forwards business requests to each independently deployed Cloud Foundry application, and only does some work by itself. Simple conversion and validation of HTTP parameters, forwarding of requests, and return of request responses.
routing on App Router
The implementation of routing on App Router is achieved by defining a series of destinations. Specifically, route and destination are configured in xs-app.json of App Router, and the url corresponding to destination is configured in manifest.yml:
manifest.yml:
Briefly explain the main parameters:
Routes
source : It can be a URL or a regular expression, which defines what kind of request path the current route matches
target : how the current request is rewritten to the target address
destination : to which destination address in the manifest the current request is routed to
authenticationType : There are three options, xsuaa, none and basic, xsuaa and none respectively represent whether to perform user security authentication on App Router for the current request, which will be described in detail in the next section. Basic provides default security authentication support when integrating with SAP HANA.
Destination
Name : used to match the destination configuration in xs-app.json
URL : The real Cloud Foundry address of the target application
ForwardAuthToken : If there is an oauth token in the request, whether to forward the oauth token to the target application. App Router also supports some verification functions of oauth token, so users can choose not to forward the oauth token according to the specific situation, just on the App Router side check
In addition to basic routing functions, App Router also provides rich support for web application-related functions, such as connection management, session management, extended http headers, cross-domain, Web Socket, and more.
Secure integration of App Router and SCP UAA
As mentioned in the previous section, App Router provides user security authentication support when routing. Configure the Authentication Type of the route to xsuaa, and App Router will check whether the request from the front end has a valid session. If not, App Router will direct the user to the user authentication interface of SCP UAA. When the user is successfully re-authenticated, a new valid session will be generated and this session will be returned to the front-end application.
The entire authentication process is completed by SCP App Router and SCP UAA. SCP UAA is an encapsulation of the security component UAA (User Account and Authentication Service) provided by Cloud Foundry by SAP. Cloud Foundry UAA is an implementation of the standard Oauth 2.0 The authorization server of the protocol, SAP has made some custom enhancements on this basis, but the interface is consistent with the native UAA, so as to provide compatibility with the OAuth client program as much as possible.
Cloud Foundry UAA official documentation:
https://docs.cloudfoundry.org/api/uaa/version/4.10.0/index.html#overview
SCP standard OAuth2.0 process:
If you are familiar with the OAuth2.0 protocol, you can quickly see from this flowchart that the App Router and UAA interact through the Authorization Code Grant Flow. During the interaction, they act as OAuth Client and OAuth Server respectively. .
For OAuth2.0, see: https://oauth.net/2/
Seeing this, you may ask, why not the front-end browser as the OAuth Client? In addition to security considerations, another advantage of App Router hiding the OAuth process from the front end is that various front-end applications do not need to know details such as Client ID and Client Secret on the UAA, providing better security.
Secondly, there is the consideration of SAP at the product level. For the consistency of its standard products in UI technology, most of the products on SCP are based on SAP UI5 to build front-end UI, and UI5 is based on HTML5 technology. Come, that is, these products are browser-based rich client applications. In this way, implementing the OAuth2.0 process in the standard App Router allows various front-end applications of SAP to not need to pay attention to the details of the authentication process. As shown in the figure above, after App Router completes the authentication process and finally gets the token, it does not return the token to the browser, but generates a session on the App Router and associates the session with the token. It plays the role of an intermediary here. For the front-end, the session is used for interaction, and for the back-end, the token is used for interaction.
In addition to supporting browser-side applications by default, SCP, as an open platform, of course also supports the integration of mobile-side native applications. I won't go into details here. For details, please refer to SCP's development documentation.
Session management on App Router
Session management on App Router utilizes Node.js's session-express framework, which caches sessions in instance memory by default (line 79 in the figure below):
Then the session stickiness strategy is adopted to ensure that in the case of multi-instance deployment, requests for the same session will be sent to the same instance to ensure that the session can continue.
Session Stickiness:
https://stackoverflow.com/questions/10494431/sticky-and-non-sticky-sessions
The advantage of this is that it not only utilizes the high performance of instance memory, but also ensures high reliability to a certain extent. However, the cost is the ability to dynamically scale. Once an App Router instance has a session in use, the instance cannot be closed.
Fortunately, App Router uses the open source express-session framework, which does not only store sessions in instance memory. The Node.js open source community has provided a variety of external storage solutions for express-session. At least technically, the instance memory storage provided by App Router can be replaced with external storage without much custom development, so that multiple App Router instances can share the same set of session storage.
Extensibility with App Router
When it comes to SAP products, extensibility is an inevitable topic, which is determined by the characteristics of SAP's business for enterprise customers. SAP has also been committed to providing SAP customers with as much scalability as possible from the platform to the framework to the upper-level products. App Router is no exception, because it directly uses the connect framework of Node.js, which is a middleware framework that provides rich extensions by itself, and can filter requests and responses of Node.js in a pluggable way. And interception, you can refer to the homepage of connect for details .
App Router is based on connect. Of course, users of App Router can directly obtain various middleware provided by connect. In addition, App Router also provides some middleware of its own:
Is it very simple and straightforward? Use these middleware without modifying the code inside the native App Router.
The various middleware on App Router will not be repeated here. For details, please refer to the Github documentation of App Router.
To sum up, App Router is a reverse proxy component that is simple in design, easy to use, and provides good scalability, providing more choices and convenience for the majority of SAP users to develop applications on SCP.
Thanks everyone for reading.
To get more Jerry's original technical articles, please follow the public account "Wang Zixi" or scan the QR code below:
