Asynchronous XS API

Class: Session

$. Session

new Session()

Represents an SAP HANA XS session.

Members

<readonly> authType :string|null

Authentication method that was used for the current session. For authenticated sessions, authType contains one of the strings "Basic", "Form", "Logon Ticket", "SAML", "SPNEGO", and "X.509". If the current session is not authenticated (when using public apps), authType is null. If the authentication type cannot be determined, authType contains the string "unknown".
Type:
  • string | null

<readonly> language :string

Language of the session in IETF (BCP 47) format. This property contains the language that is used in the session. The value is a string in the format specified by the IETF (BCP 47) standard.

Contains an empty string unless a language is explicitly set by the XS session layer.

Type:
  • string

samlAttribute :Array.<$.Session~SamlAttributeObject>

Provides the detailed content of the AttributeStatement tag which can be part of a SAML assertion. In contrary to the samlUserInfo object samlAttribute can contain a list of multiple values belonging to the same attribute. The samlAttribute object contains name/value pairs where name is the content of "Attribute Name='aName'" and value is the content of AttributeValue. This object is only available when the authentication method SAML is used.
Type:
Example
// this is an extract from the SAML assertion
<Attribute Name="groups">
  <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Manager</AttributeValue>
  <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Admin</AttributeValue>
  <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Developer</AttributeValue>
</Attribute>

//this can be used like this
var group = $.session.samlAttribute.groups[0].value; // value will be "Manager"

samlUserInfo :object

Provides the materialized content of the AttributeStatement tag which can be part of a SAML assertion. It is an object of name/value pairs where name is the content of "Attribute Name='aName'" and value is the content of AttributeValue. This object is only available when the authentication method SAML is used.
Remark: samlUserInfo does not support a list of values. Please refer to samlAttribute for a complete implementation
Type:
  • object
Deprecated:
  • since HANA SP 11
Example
var emailAdress = $.session.samlUserInfo.mail;

Methods

assertAppPrivilege(privilegeName)

Asserts that the logged-on user has a specified application privilege The specified privilege is checked and, if the user does not have the privilege, an exception is thrown. The exception contains an attribute 'privilege' which contains the name of the privilege.
Parameters:
Name Type Description
privilegeName string The fully qualified name of the application privilege to test
Throws:
Throws an error containing a privilege property naming the missing privilege.
Example
try {
    $.session.assertAppPrivilege("sap.xse.test::Execute");
}
catch(ex) {
    $.response.setBody(ex.privilege);
    $.response.status = $.net.http.INTERNAL_SERVER_ERROR;
}

assertSystemPrivilege(privilegeName)

Asserts that the logged-on user has a specified system privilege The specified privilege is checked and, if the user does not have the privilege, an exception is thrown. The exception contains an attribute 'privilege' which contains the name of the privilege.
Parameters:
Name Type Description
privilegeName string The fully qualified name of the system privilege to test
Throws:
Throws an error containing a privilege property naming the missing privilege.

getInvocationCount() → {Number}

Returns the number of requests sent to the current session
Returns:
The number of requests sent to the current session
Type
Number

getSecurityToken() → {string}

Returns unique session-specific token that could be used for XSRF prevention
Returns:
The security token
Type
string

getTimeout() → {integer}

Returns:
The timeout of the XS session in seconds.
Type
integer
Example
var timeout = $.session.getTimeout();

getUsername() → {string}

Returns the username of the logged-on database user.
Returns:
The username of the logged-on database user.
Type
string

hasAppPrivilege(privilegeName) → {boolean}

Checks whether the logged-on user has a specified application privilege The specified privilege is checked, and the method returns true if the user has the privilege. If the user does not have the specified privilege, the method returns false.
Parameters:
Name Type Description
privilegeName string The fully qualified name of the application privilege to test
Returns:
Returns true if the user does have the specified privilege and false if the user does not
Type
boolean
Example
if (!$.session.hasAppPrivilege("sap.xse.test::Execute")) {
    $.response.setBody("Privilege sap.xse.test::Execute is missing");
    $.response.status = $.net.http.INTERNAL_SERVER_ERROR;
}

hasSystemPrivilege(privilegeName) → {boolean}

Checks whether the logged-on user has a specified system privilege The specified privilege is checked, and the method returns true if the user has the privilege. If the user does not have the specified privilege, the method returns false.
Parameters:
Name Type Description
privilegeName string The fully qualified name of the system privilege to test
Returns:
Returns true if the user does have the specified privilege and false if the user does not
Type
boolean

Type Definitions

SamlAttributeObject

Type:
  • object
Properties:
Name Type Description
type String xsi:type of the AttributeValue.
value String the actual value of the AttributeValue. Please note that nested structures (by using private xsi:type) are not supported and will be handled as a plain string.