我们目前在连接到 SAP HANA 的 Python 连接器中使用基本身份验证。在我们当前的连接字符串中,我们使用 SQLAlchemy,它看起来像这样:
def get_engine(host_name):
return create_engine('hana://{user}:{password}@{host_name}:{port}/HUP'.format(
user=request.json['username'],
password=base64.b64decode(bytes(request.json['password'], encoding='utf-8')).decode('utf-8'),
host_name=host_name,
port=current_app.config['HANA_PORT']
)
)
我们现在需要过渡到使用 HANA Oauth,因此不再需要在连接字符串中输入用户名和密码。理想情况下,应该有一种方法可以将 JWT 输入到连接详细信息中。我在网上找不到太多资源来真正说明如何使用 Oauth 使用 HANA 创建基于 Python 的连接器。这里的任何帮助将不胜感激。
我是这样设置的。。
Identity Provider
(IDP)到数据库。你的json config
通过xs-security
将允许权限范围。首先下载Python:sap_xssec
lib。它应该允许你获取 JWT 令牌的属性。
其次,设置你的服务和安全
//import these lib. after downloading
from sap import xssec
from cfenv import AppEnv
// get your env.
myEnv = AppEnv()
// get your UAA service
myService = myEnv.get_service(name='<uaa_service_name>').credentials
// now your JWT access token for
contextWithAccessToken = xssec.create_security_context(access_token, myService)
接下来配置你的xs-security
文件
Example xs-security.json File
{
"xsappname" : "node-hello-world",
"scopes" : [ {
"name" : "$XSAPPNAME.Display",
"description" : "display" },
{
"name" : "$XSAPPNAME.Edit",
"description" : "edit" },
{
"name" : "$XSAPPNAME.Delete",
"description" : "delete" }
],
"attributes" : [ {
"name" : "Country",
"description" : "Country",
"valueType" : "string" },
{
"name" : "CostCenter",
"description" : "CostCenter",
"valueType" : "int" }
],
"role-templates": [ {
"name" : "Viewer",
"description" : "View all books",
"scope-references" : [
"$XSAPPNAME.Display" ],
"attribute-references": [ "Country" ]
},
{
"name" : "Editor",
"description" : "Edit, delete books",
"scope-references" : [
"$XSAPPNAME.Edit",
"$XSAPPNAME.Delete" ],
"attribute-references" : [
"Country",
"CostCenter"]
}
]
}
// 为你的环境准备好用户值。 XS_APPLICATIONUSER
或者$env.user.value
设置你 @sap/hana-client 调用 connection.session.XS_APPLICATIONUSER = <JWT TOKEN>;
不要忘记设置sap-jwt/py-jwt
用于验证 jwt 令牌的库
刚设置
USE_SAP_PY_JWT = true
你完成了!