I am following the HCP online help to secure the application descriptor file here: SAP HANA Cloud Platform.
However this does not work for me. My app descriptor is shown below... It should require no authentication for all pages of the app except if someone tries to access the neo-app.json file.
This file was just generated with WebIDE - I then added the "authenticationMethod" and "securityConstraints" sections as per the online help.
My test application is deployed at z_fiori_00 . You will notice that you can navigate to the neo-app.json file and see its contents without authentication which is wrong: https://zfiori00-p1081110trial.dispatcher.hanatrial.ondemand.com/neo-app.json.
(try it in a Chrome incognito window or equivalent.)
Additional to this error I am unable to create roles for html apps in my trial account. I enter the role name and click save and get a popup error saying: "Alert: Could not save role data: Bad Request (400)".
{
"welcomeFile": "index.html",
"authenticationMethod": "none",
"routes": [
{
"path": "/destinations/northwind",
"target": {
"type": "destination",
"name": "northwind"
},
"description": "Northwind OData Service"
},
{
"path": "/resources",
"target": {
"type": "service",
"name": "sapui5",
"entryPath": "/resources"
},
"description": "SAPUI5 Resources"
},
{
"path": "/test-resources",
"target": {
"type": "service",
"name": "sapui5",
"entryPath": "/test-resources"
},
"description": "SAPUI5 Test Resources"
},
{
"securityConstraints": [
{
"permission": "AccessApplicationDescriptor",
"description": "Access application descriptor",
"protectedPaths": [
"/neo-app.json"
]
}
]
}
]
}
Regards, Jason.