Class: Session

$. Session

new Session()

Represents an SAP HANA XS session.

Members

<readonly> authType :string|null

Authentication method that was used for the current session. For authenticated sessions, authType contains one of the strings "Basic", "Form", "Logon Ticket", "SAML", "SPNEGO", and "X.509". If the current session is not authenticated (when using public apps), authType is null. If the authentication type cannot be determined, authType contains the string "unknown".
Type:
  • string | null

<readonly> language :string

Language of the session in IETF (BCP 47) format. This property contains the language that is used in the session. The value is a string in the format specified by the IETF (BCP 47) standard.

Contains an empty string unless a language is explicitly set by the XS session layer.

Type:
  • string

samlAttribute :Array.<$.Session~SamlAttributeObject>

Provides the detailed content of the AttributeStatement tag which can be part of a SAML assertion. In contrary to the samlUserInfo object samlAttribute can contain a list of multiple values belonging to the same attribute. The samlAttribute object contains name/value pairs where name is the content of "Attribute Name='aName'" and value is the content of AttributeValue. This object is only available when the authentication method SAML is used.
Type:
Example
// this is an extract from the SAML assertion
<Attribute Name="groups">
  <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Manager</AttributeValue>
  <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Admin</AttributeValue>
  <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Developer</AttributeValue>
</Attribute>

//this can be used like this
var group = $.session.samlAttribute.groups[0].value; // value will be "Manager"

samlUserInfo :object

Provides the materialized content of the AttributeStatement tag which can be part of a SAML assertion. It is an object of name/value pairs where name is the content of "Attribute Name='aName'" and value is the content of AttributeValue. This object is only available when the authentication method SAML is used.
Remark: samlUserInfo does not support a list of values. Please refer to samlAttribute for a complete implementation
Type:
  • object
Deprecated:
  • since HANA SP 11
    Example
    var emailAdress = $.session.samlUserInfo.mail;

    Methods

    assertAppPrivilege(privilegeName)

    Asserts that the logged-on user has a specified application privilege The specified privilege is checked and, if the user does not have the privilege, an exception is thrown. The exception contains an attribute 'privilege' which contains the name of the privilege.
    Parameters:
    Name Type Description
    privilegeName string The fully qualified name of the application privilege to test
    Throws:
    Throws an error containing a privilege property naming the missing privilege.
    Example
    try {
        $.session.assertAppPrivilege("sap.xse.test::Execute");
    }
    catch(ex) {
        $.response.setBody(ex.privilege);
        $.response.status = $.net.http.INTERNAL_SERVER_ERROR;
    }

    assertSystemPrivilege(privilegeName)

    Asserts that the logged-on user has a specified system privilege The specified privilege is checked and, if the user does not have the privilege, an exception is thrown. The exception contains an attribute 'privilege' which contains the name of the privilege.
    Parameters:
    Name Type Description
    privilegeName string The fully qualified name of the system privilege to test
    Throws:
    Throws an error containing a privilege property naming the missing privilege.

    getInvocationCount() → {Number}

    Returns the number of requests sent to the current session
    Returns:
    The number of requests sent to the current session
    Type
    Number

    getSecurityToken() → {string}

    Returns unique session-specific token that could be used for XSRF prevention
    Returns:
    The security token
    Type
    string

    getTimeout() → {integer}

    Returns:
    The timeout of the XS session in seconds.
    Type
    integer
    Example
    var timeout = $.session.getTimeout();

    getUsername() → {string}

    Returns the username of the logged-on database user.
    Returns:
    The username of the logged-on database user.
    Type
    string

    hasAppPrivilege(privilegeName) → {boolean}

    Checks whether the logged-on user has a specified application privilege The specified privilege is checked, and the method returns true if the user has the privilege. If the user does not have the specified privilege, the method returns false.
    Parameters:
    Name Type Description
    privilegeName string The fully qualified name of the application privilege to test
    Returns:
    Returns true if the user does have the specified privilege and false if the user does not
    Type
    boolean
    Example
    if (!$.session.hasAppPrivilege("sap.xse.test::Execute")) {
        $.response.setBody("Privilege sap.xse.test::Execute is missing");
        $.response.status = $.net.http.INTERNAL_SERVER_ERROR;
    }

    hasSystemPrivilege(privilegeName) → {boolean}

    Checks whether the logged-on user has a specified system privilege The specified privilege is checked, and the method returns true if the user has the privilege. If the user does not have the specified privilege, the method returns false.
    Parameters:
    Name Type Description
    privilegeName string The fully qualified name of the system privilege to test
    Returns:
    Returns true if the user does have the specified privilege and false if the user does not
    Type
    boolean

    Type Definitions

    SamlAttributeObject

    Type:
    • object
    Properties:
    Name Type Description
    type String xsi:type of the AttributeValue.
    value String the actual value of the AttributeValue. Please note that nested structures (by using private xsi:type) are not supported and will be handled as a plain string.