I'm sure you're all aware of the recent #blogtheft issue - where some rogue has been lifting content lock stock and barrel from here and reproducing it - sans author name - on their website www.sap-abap4.com. Stop Thief - It's #blogtheft! and Stolen Content have blogged about it here already.

In Craig's Friday Morning Report yesterday, I suggested:

13:32 qmacro: get SAP hosting to send alternative “STOLEN!” images to rogue referrer – Google “image theft apache” for examples

and straight after the conference call finished, I thought I'd demo how that could be done. I implemented such a mechanism for images on an SDN blog post of mine, images that just happened to be hosted on my machine. I wrote about how that was done in a weblog post:

Dealing with "#blogtheft" from SAP's Developer Network

This morning, @thorstenster alerted me to the fact that SAP have now implemented this for images hosted here on SDN:

Now that's a great reaction! Kudos to the SAP Community Network hackers who look after the servers here. To implement something like that in such a short space of time and on the production servers ... I take my hat off to you folks. Well done.

I posted a review of Packt Publishing's "SAP Business ONE Implementation" by Wolfgang Niefert:

 http://www.pipetree.com/qmacro/blog/2009/08/book-review-sap-business-one-implementation/

The review was favourable - see the weblog post for more information. Nice work Wolfgang!

It's been pretty much six years to the day since Dashboard as extension to R/3 and SAPGUI client, Nat Friedman's project and implementation of a realtime contextual information system. So I thought it fitting to make a short demo showing integration between Google Wave and SAP, inspired by the cluepacket-driven style shown so nicely with Dashboard.

I got my Wave Sandbox account a week or so ago, and have had a bit of time to have a look at how robots and gadgets work -- the two main Wave extension mechanisms. To get my feet wet, I built a robot, which is hosted in the cloud using Google App Engine (another area of interest to me) and the subject of this weblog entry. I used Python, but there's also a Java client library available too. You can get more info in the API Overview.

What this robot does is listen to conversations in a Wave, automatically recognising SAP entities and augmenting the conversation by inserting extra contextual information directly into the flow. In this example, the robot can recognise transport requests, and will insert the request's description into the conversation, lending a bit more information to what's being discussed. 

The robot recognises transport requests by looking for a pattern:

trkorr_match = re.search(' (SAPKw{6}|[A-Z0-9]{3}Kd{6}) ', text)

In other words, it's looking for something starting SAPK followed by six further characters, or something starting with 3 characters, followed by a K and six digits (the more traditional customer-orientated request format). In either case, there must be a space before and a space following, to be more sure of it being a 'word'.

How does it retrieve the description for a recognised transport request? Via a simple REST-orientated interface, of course :-) I use the excellent Internet Communication Framework (ICF) to build and host HTTP handlers so I can Forget SOAP - build real web services with the ICF. Each piece of data worth talking about is a first class citizen on the web; that is, each piece of data is a resource, and has a URL.

So the robot simply fetches the default representation of the recognised request's 'description' resource. If the request was NSPK900115, the description resource's URL would be something like:

http://hostname:port/transport/request/NSPK900115/description

Once fetched, the description is inserted into the conversation flow.

I've recorded a short screencast of the robot in action.

One of the best underlying mechanisms to be introduced into the Basis / NetWeaver stack in the past few years is the Internet Communication Framework (ICF), which is a collection of configuration, interfaces, classes and a core set of processes that allow us to build HTTP applications directly inside SAP.

If you're not directly familiar with the ICF, allow me to paraphrase a part of Tim O'Reilly's Open Source Paradigm Shift, where he gets audiences to realise that they all use Linux, by asking them whether they've used Google, and so on. If you've used WebDynpro, BSPs, the embedded ITS, SOAP, Web Services, or any number of other similar services, you've used the ICF, the layer that sits underneath and powers these subsystems.

One of my passions is REpresentational State Transfer (REST), the architectural approach to the development of web services in the Resource Orientated Architecture (ROA) style, using HTTP for what it is - an application protocol. While the ICF lends itself very well to programming HTTP applications in general, I have found myself wanting to be able to develop web applications and services that not only follow the REST style, but also in a way that is more aligned with other web programming environments I work with.

An example of one of these environments is the one used in Google's App Engine. App Engine is a cloud-based service that offers the ability to build and host web applications on Google's infrastructure. In the Python flavour of Google's App Engine, the WebOb library, an interface for HTTP requests and responses, is used as part of App Engine's web application framework.

Generally (and in an oversimplified way!), in the WebOb-style programming paradigm, you define a set of patterns matching various URLs in your application's "url space" (usually the root), and for each of the patterns, specify a handler class that is to be invoked to handle a request for the URL matched. When a match is found, the handler method invoked corresponds to the HTTP method in the request, and any subpattern values captured in the match are passed in the invocation.

So for instance, if the incoming request were:

GET /channel/100234/subscriber/91/

and there was a pattern/handler class pair defined thus:

'^/channel/([^/]+)/subscriber/([^/]+)/$', ChannelSubscriber

then the URL would be matched, an object of class ChannelSubscriber instantiated, the method GET of that class invoked, and the values '100234' and '91' passed in the invocation. The GET method would read the HTTP request, prepare the HTTP response, and hand off when done.

For a real-world example, see coffeeshop.py (part of my REST-orientated, HTTP-based publish/subscribe (pubsub) mechanism), in particular from line 524 onward. You can see how this model follows the paradigm described above.

def main():
  application = webapp.WSGIApplication([
    (r'/',                                MainPageHandler),
    (r'/channel/submissionform/?',        ChannelSubmissionformHandler),
    (r'/channel/(.+?)/subscriber/(.+?)/', ChannelSubscriberHandler),
    (r'/message/',                        MessageHandler),
    (r'/distributor/(.+?)',               DistributorWorker),
    [...]
  ], debug=True)
  wsgiref.handlers.CGIHandler().run(application)

This model is absolutely great in helping you think about your application in REST terms. What it does is help you focus on a couple of the core entities in any proper web application or service -- the nouns and the verbs. In other words, the URLs, and the HTTP methods. The framework allows you to control and handle incoming requests in a URL-and-method orientated fashion, and leaves you to concentrate on actually fulfilling the requests and forming the responses.

So where does this bring us? Well, while I'm a huge fan of the ICF, it does have a few shortcomings from a REST point of view, so I built a new generic handler / dispatcher class that I can use at any given node in the ICF tree, in the same style as WebOb. Put simply, it allows me to write an ICF node handler as simple as this:

method IF_HTTP_EXTENSION~HANDLE_REQUEST.

  handler( p = '^/$'                                          h = 'Y_COF_H_MAINPAGE' ).
  handler( p = '^/channel/submissionform$'                    h = 'Y_COF_H_CHANSUBMITFORM' ).
  handler( p = '^/channel/([^/]+)/subscriber/submissionform$' h = 'Y_COF_H_CHNSUBSUBMITFORM' ).
  handler( p = '^/channel/([^/]+)/subscriber/$'               h = 'Y_COF_H_CHNSUBCNT' ).
  handler( p = '^/channel/([^/]+)/subscriber/([^/]+)/$'       h = 'Y_COF_H_CHNSUB' ).

  dispatch( server ).

endmethod.

The handler / dispatcher consists of a generic class that implements interface IF_HTTP_EXTENSION (as all ICF handlers must), and provides a set of attributes and methods that allow you, in subclassing this generic class, to write handler code in the above style. Here's the method tab of Y_DISP_COFFEESHOP, to give you a feel for how it fits together:

The classes that are invoked (Y_COF_H_* in this example) all inherit from a generic request handler class which provides a set of attributes and methods that allow you to get down to the business of simply providing GET, POST, PUT and other methods to handle the actual HTTP requests.

Here's an example of the method list of one of the request handler classes:

One interesting advantage, arguably a side-effect of this approach, is that you can use nodes in the ICF tree to 'root' your various web applications and services more cleanly, and avoid the difficulties of having different handlers defined at different levels in the child hierarchy just to service various parts of your application's particular url space.

I'd like to end this weblog post with a diagram that hopefully shows what I've been describing:

If you're interested in learning more, or sharing code, please let me know. I'm using this for real in one of my projects, but it's still early days.

Update 01/05/2012 I've re-added images to this post that were lost when SDN went through the migration to the new platform. This project is now called ADL - Alternative Dispatcher Layer and is on the SAP Code Exchange here: https://cw.sdn.sap.com/cw/groups/adl

Background

Using my A new REST handler / dispatcher for the ICF, I can adopt a Resource Orientated Architecture (ROA) approach to integration. This gives me huge advantages, in that I can avoid complexity, and expose data and functions from SAP as resources - first class citizens on the web. From here, I can, amongst other things:

• use off-the-shelf cacheing mechanisms to improve performance
• easily debug and trace integration with standard logging and proxying tools
• even make statements about the resources using RDF

This is all because what we're dealing with in a REST-orientated approach is a set of resources -- the nouns -- which we manipulate with HTTP methods -- the verbs.

As an example, here's a few of the channel-related resources that are relevant in my Coffeeshop project; in particular, my implementation of Coffeeshop in SAP. The resource URLs are relative, and rooted in the /qmacro/coffeeshop node of the ICF tree.

(For more info on these and more resources, see Coffeeshop's ResourcePlan page).

Problem

This is all fine, but often a degree of access control is required. What if we want to allow certain groups access to a certain resources, other groups to another set of resources, but only allow that group, say, to be able to read channel information, and not create any new channels? In other words, how do we control access following a resource orientated approach -- access dependent upon the noun, and the verb?

Perhaps we would like group A to have GET access to all channel resources (read-only administration), group B to have GET and POST access to a particular channel (simple publisher access) and group C to have POST access to the channel container and DELETE access to individual channels (read/write administration)?

What does SAP standard offer?

Before looking at building something from scratch, what does standard SAP offer in the ICF area to support access control?

When you define a node in the ICF tree, you can specify access control relating to the userid in the Logon Data tab:

This is great first step. It means that we can control, on a high level, who gets access generally, and who doesn't. Let's call this 'Level 1 access'.

You can also specify, in the Service Data tab, a value for the SAP Authorisation field ('SAP Authoriz.'):

The value specified here is checked against authorisation object S_ICF, in the ICF_VALUE field, along with 'SERVICE' in the ICF_FIELD field.

[O] S_ICF
 |
 +-- ICF_FIELD
 +-- ICF_VALUE

This is clearly a 'service orientated' approach, and is at best a very blunt mechanism with which to control access.

As well as being blunt, it is also unfortunately violent. If the user that's been authenticated does have an authorisation with appropriate values for this authorisation object, then the authorisation check passes, and nothing more is said. But if the authenticated user doesn't have authorisation, the ICF returns HTTP status code '500', which implies an Internal Server Error. Extreme, and semantically incorrect -- there hasn't been an error, the user just doesn't have authorisation. So, violent, and rather brutal. Then again, service orientation was never about elegance :-).

What's our approach, then?

Clearly, what the SAP standard offers in the ICF is not appropriate for a REST approach to integration design. (To be fair, it was never designed with resource orientation in mind).

What we would like is a three-level approach to access control:

Level 1 - user authentication: Can the user be authenticated, generally? If not, the HTTP response should be status 401 - Unauthorised. This level is taken care of nicely by the ICF itself. Thanks, ICF!

Level 2 - general resource access: Does the user have access, generally, to the specific resource? If not, the HTTP response should be status 403 - Forbidden.

Level 3 - specific resource access: Is the user allowed to perform the HTTP method specified on that resource? If not, the HTTP response should be status 405 - Method Not Allowed. As well as this status code, the response must contain an Allow header, telling the caller what methods are allowed.

This will give us an ability to implement a fine-grained access control, allowing us to set up, say, group access, as described earlier.

How do we get there?

Clearly, we're not going to achieve what we want with the SAP standard. We'll have to construct our own mechanism to give us Levels 2 and 3. But, SAP standard does offer us a couple of great building blocks that we'll use.

Building block: Authorisation Concept

Why re-invent an authorisation concept, when we have such a good one as standard? Exactly. So we'll use the standard SAP authorisation concept.

So we'll create an authorisation object, YRESTAUTH, with two fields -- one for the method, and one for the (relative) resource. This is what it looks like:

[O] YRESTAUTH
 |
 +-- YMETHOD HTTP method
 +-- YRESOURCE resource (relative URL)

We can then maintain as many combinations of verbs and nouns as we like, and manage & assign those combinations using standard SAP authorisation concept tools. Heck, we could even farm that work out to the appropriate security team! Then, when it comes to the crunch, and the ICF is handling an incoming HTTP request, our mechanism can perform authorisation checks on this new authorisation object for the authenticated user associated with the request.

Building block: Stacked Handlers

One of the most fantastic things about the generally excellent ICF is the ability to have a whole stack of handlers, that are called in a controlled fashion by the ICF infrastructure, to respond to an incoming HTTP request. The model follows that of Apache and mod_perl, with flow control allowing any given handler to say whether, for example, it has responded completely and no further handlers should be called to satisfy the request, or that it has partially or not at all been able to respond, and that other handlers should be called.

So for any particular ICF node that we want to have this granular 3-level access control, what we need is a pluggable handler that we can insert in the first position of the handler stack, to deal with authorisation. Like this:

As you can see, we have the main coffeeshop handler , and before that in the stack, another handler, Y_AUTH, to provide the Levels 2 and 3 access control. So when an HTTP request comes in and the ICF determines that it's this node ([/default_host]/qmacro/coffeeshop) that should take care of the request, it calls Y_AUTH first.

Y_AUTH is a handler class just like any other HTTP handler class, and implements interface IF_HTTP_EXTENSION. It starts out with a few data definitions, and identifies the resource specified in the request:

method IF_HTTP_EXTENSION~HANDLE_REQUEST.

  data:
      l_method     type string
    , l_is_allowed type abap_bool
    , lt_allowed   type stringtab
    , l_resource   type string
    , l_resource_c type text255
    , l_allowed    type string
    .

* What's the resource?
  l_resource = server->request->get_header_field( '~request_uri' ).

* Need char version for authority check
  l_resource_c = l_resource.

Then it performs the Level 2 access check - is the user authorised generally for the resource?

* Level 2 check - general access to that resource?
  authority-check object 'YRESTAUTH'
    id 'YMETHOD'   dummy
    id 'YRESOURCE' field l_resource_c.

  if sy-subrc <> 0.
    server->response->set_status( code = '403' reason = 'FORBIDDEN - NO AUTH FOR RESOURCE' ).
    exit.
  endif.

If the authority check failed for that resource generally, we return a status 403 and that response is sent back to the client.

However, if the authority check succeeds, and we pass Level 2, it's time to check the specific combination of HTTP method and resource - the verb and the noun. We do this with a call to a simple method is_method_allowed() which takes the resource and method from the request, and returns a boolean, saying whether or not the method is allowed, plus a list of the methods that are actually allowed. Remember, in the HTTP response, we must return an Allow: header listing those methods if we're going to send a 405.

* Level 3 check - method-specific access to that resource?
  l_method =  server->request->get_header_field( '~request_method' ).
  translate l_method to upper case.

  call method is_method_allowed
    exporting
      i_resource   = l_resource
      i_method     = l_method
    importing
      e_is_allowed = l_is_allowed
      e_allowed    = lt_allowed.

* If not allowed, need to send back a response
  if l_is_allowed eq abap_false.

    concatenate lines of lt_allowed into l_allowed separated by ','.
    server->response->set_status( code = '405' reason = 'METHOD NOT ALLOWED FOR RESOURCE' ).
    server->response->set_header_field( name = 'Allow' value = l_allowed ).

So we send a 405 with an Allow: header if the user doesn't have authorisation for that specific combination of HTTP method and resource. (The is_method_allowed() works by taking a given list of HTTP methods, and authority-checking each one in combination with the resource, noting which were allowed, and which weren't.)

Finally, if we've successfully passed the Levels 2 and 3 checks, we can let go and have the ICF invoke the main handler for this ICF node - Y_DISP_COFFEESHOP. In order to make sure this happens, we tell the ICF, through the flow control variable IF_HTTP_EXTENSION~FLOW_RC, that while our execution has been OK, we still need to have a further handler executed to satisfy the request completely:

* Otherwise, we're golden, but make sure another handler executes
  else.

    if_http_extension~flow_rc = if_http_extension~co_flow_ok_others_mand.

  endif.

endmethod.

And that's pretty much it!

To finish of, here are some examples of the results of this mechanism.

In the first call, the wrong password is specified in authentication, so the status in the HTTP response, directly from the ICF, is 401. This is Level 1.

In the second call, the user is authenticated ok, but doesn't have access generally to the /qmacro/coffeeshop/ resource, hence the 403 status. This is Level 2.

In the third call, we're trying to make a POST request to a specific channel resource. While we might have GET access to this resource, we don't specifically have POST access, so the status in the HTTP response is 405. In addition, a header like this: "Allow: GET" would have been returned in the response. This is Level 3.

I hope this shows that when implementing a REST approach to integration, you can control access to your resources in a very granular way, and respond in a symantically appropriate way, using HTTP as designed - as an application protocol.

REST (which stands for REpresentational State Transfer) is an architectural style that is informed to a large extent by, but theoretically not limited to, the HTTP application protocol (yes, _application_ protocol, not transport protocol!). As an approach to application integration, REST has often been compared to its 'rival' Service Orientated Architecture (SOA), although a RESTful approach to integration architecture known as Resource Orientated Architecture (ROA) might be a better comparison fit.

Fans of REST and ROA (I'm one of them!) state many advantages over SOA, such as:

• loose coupling vs tight coupling
• flexible vs brittle interfacing
• simple vs complex implementation
• easier vs harder to debug

and subtly, but importantly, ROA is a lot more deserving of the word "Web" in the phrase "Web Services", as it works and flows _with_ Web concepts, rather than, as in the case of SOA, fighting *against* them. SOA, incidentally, has been referred to as "CORBA with angle brackets", which is as funny as it is true.

REST concepts and ideas have been around SAP for quite a while now; there is of course some coverage here on SDN, such as:

"Forget SOAP - build real web services with the ICF" (me, Jun 2004)

"Real Web Services with REST and ICF" (me, June 2004, again)

"REST Web Services in XI (Proof of Concept)" (Wiktor Nyckowski, Mar 2009)

"A new REST handler / dispatcher for the ICF" (me, Sep 2009)

"VCD #16 - The REST Bot: Behind the scenes" (Uwe Fetzer, Sep 2009)

"REST-orientation: Controlling access to resources" (me, Sep 2009, again)

and recently:

"Put SOAP to REST using CE" (Werner Steyn, Nov 2009)

What especially delighted me was the coverage that REST concepts and ideas got at SAP TechEd 2009 in Vienna. Lots of people were talking about it, and mentioning it in presentations. Over half the DemoJam contestants mentioned REST too. I personally had a fascinating and very rewarding chat with SAP guru Thomas Ritter during RIA Hacker Night, and have also corresponded with the very knowledgable Juergen Schmerder. It seems that there is a lot of interest in REST at SAP.

But what about REST _in_ SAP? How might you use it, be guided by it and ultimately _build_ things with SAP NetWeaver technologies? 

If you're interested, you might want to attend our upcoming Mentor Monday session

"REpresentational State Transfer (REST) and SAP - An Overview", on Monday 25th Jan at 13:00-14:00 PST. 

You can get more information on the SAP Mentor Monday wiki page.

Hope to see you there!

(I posted this on my own blog on my way back from SAP #DKOM and a good friend suggested I repost it here too. So here it is).

At SAP TechEd Madrid (November last year) I wrote about the Developer Renaissance, covering my interview with Aiaz Kazi from the Technology & Innovation Platform, and SAP's re-focus on developers.

This week I had the great honour of being invited to, and speaking at SAP DKOM (Development Kick-Off Meeting) in Karlsruhe. It was a truly great event - thousands of SAP developers attending many tracks and sessions on everything from Analytics, through Database & Technology, to Cloud, and more besides. As I sit here in Frankfurt airport on my way home, I've been reflecting on perhaps the best single takeaway from this event. Yes the content of the talks was great (and I enjoyed giving my session on SAP NetWeaver Gateway too). Yes the venue and organisation was second to none. Yes it was great to see the SAP Mentor wolfpack and our illustrious leader Mark Finnern.

But most of all, I saw, felt, and experienced something that I last remember from over 20 years ago in my SAP career: The Developer Connection.

Back in the day, when I was (more) innocent, certainly a lot younger, and waist-deep in IBM mainframe tech, I moved around implementing and supporting R/2 installations in the UK and Europe. Esso Petroleum in London, Deutsche Telekom in Euskirchen, and so on. In those days you could catch up with all the OSS notes on your favourite topics over a couple of coffees. Most importantly however, you had connections to the developers at SAP who were building and shipping the code that you were implementing. We knew each other's names, and in many cases, shared phone numbers or email addresses too. There was a strong bond between customers and developers - and we worked together to make the software better.

That connection lost its way over the next few years, when SAP (consciously or unconsiously) built barriers between us. It became almost impossible in some cases to even find out the name of the developer or team responsible, let alone contact them directly.

Well - that connection is back. And better than ever before. Both at SAP TechEd Madrid, and this week at DKOM, developers were coming and saying hello. Developers who are building the great stuff we're exploring and using, like SAPUI5 and NetWeaver Gateway. People like you and me. We are connecting again. I think there are a number of reasons for this.

First, there's the amazing community called the SAP Community Network (SCN - although for me it will always be the SAP Developer Network - SDN) that brings together developers from all sources. Then there's SAP's re-focus on developers, and the corresponding coupling of empowerment and responsibility that SAP is giving directly to those developers. Further, there's the inexorable turning inside out manoeuvre that SAP began a few years ago now, moving cautiously at first but now gathering pace as more and more technology directions that SAP are following are from outside the SAP universe, not inside. SAP developers naturally are connecting with the wider development community in general.

Whatever the reason, it's a great sign that the future looks exciting for SAP development as a whole. Connections, collaboration and cooperation is returning. The Developer Connection is here again.

We're well into Day 1 at SAP TechEd 2012 in Madrid, and while SAP NetWeaver Gateway has already been mentioned in this morning's keynote (even though the keynote was more Sapphire-focused than TechEd-focused), and is noted as an enabler in various conversations public and private, there's a particular part of Gateway that is shining through as today's story for me: OData.

Just now, I attended the SAPUI5 Q&A session with Tim Back and Oliver Graeff, where they presented a great overview of the libraries, tools and features of what is becoming an ever more popular platform for outside-in UI development. After all, it's almost policy at SAP to use SAPUI5 for development projects, where appropriate. ("Where appropriate" means in many circumstances except probably heavy power user application UI paradigms).  One of the key features of SAPUI5, and in particular the DataTable controls, is the ridiculously easy consumption of data. In particular, data made available by Gateway, in the form of OData. Sure, as I've noted before, SAPUI5 can consume arbitrary XML and JSON too, but the data exposed in the related, resource-oriented fashion by Gateway, OData in other words, is where the magic happens.

Start with controlled definition of resources, and the relationship between them, done in your systems of record using the IW_BEP backend Gateway component building Model and Data providers, either manually or using the Service Builder. Then expose those resources and relations to your UI developers using the core Gateway components (GW_CORE and IW_FND). Then, you're off. Within no time you can start to see an application form around that data, with the right layer performing the right function with minimum friction. And that speed comes from the investment SAP has made in OData, an investment to make it all pervasive and all consumable.

So we know about Gateway being a key mechanism to expose OData for ABAP stack systems. Is there anything else? You bet. SAP HANA, full of data, can expose that data in an OData context. Use the magic of xsodata, create a definition marking a HANA table or view in a schema as an Entity,  and *boom* you have a consumable OData service. And it doesn't stop there. There are facilities in the NetWeaver Cloud to produce OData too.

What does all this mean? Well, to me it means two things. The first thing is that it means that Gateway has already been a great success. It Just Works(tm). I recently completed a customer project which went live earlier this year, and Gateway was a key component in the integration architecture. And after setting Gateway up and defining our entities and the relations between them, we moved up a layer in the stack and never really had to work hard on Gateway at all. It did exactly what it said on the tin. We started to use, and reuse, entities that we'd defined, in building out the features in the consuming application.

The second thing is how important your investment in Gateway is. Embrace Gateway and by definition you're embracing OData. Before you know it you and your fellow developers are conversant in Entities, Entity Sets, Associations and Navigations (the relationships) -- the building blocks of information in OData. And while this is a super end in itself, you're also setting yourself up to move out into the cloud, and across onto HANA. Have a look at the speed with which you can put together an app that consumes data supplied to it from Gateway. And then consider you're investing in that speed, and that speed across platforms.

During SAP TechEd 2012 I attended CD163 "SAP HANA - Application Services Basics" which really helped firm up my knowledge of XS, thanks to the great presentation and exercises. What was interesting was that not only was SAPUI5 used for the UI components of the demos and exercises, but even the code snippets that the attendees would have to type in were made available to copy-n-paste, via a simple SAPUI5 Shell interface.

On reviewing the exercise text today, I noticed this bit:

The URL that pointed to the SAPUI5 Shell that contained the code to copy-n-paste had a query string in it, and that sub=3.1 caused the browser to go straight to a subitem in the Shell's workset item collection:

(please ignore the 256-colour quality of that shot)

I thought that was a nice touch, and dug around to see what they'd done. I was pretty certain I hadn't seen that as a feature described in the official and comprehensive SAPUI5 docu, so was curious.

What they'd done is added a small function to parse out the value of the "sub" parameter in the query string, and set the selected workset item accordingly. Here's that small function, getURLParameter:

function getURLParameter(name) {

    return decodeURI(

        (RegExp(name + '=' + '(.+?)(&|$)').exec(location.search)||[,null])[1]

    );

}

(In case you're wondering, the ||[,null] bit towards the end just makes sure there's no exception when the requested parameter isn't found by the regex).

The workset items were defined in the Shell object like this:

oController.oShell = new sap.ui.ux3.Shell("myShell", {

  appIcon : "./images/sap_18.png",

  appIconTooltip : "SAP",

  appTitle : "CD163 Exercise Templates",

  showInspectorTool : false,

  showFeederTool : false,

  showSearchTool : false,

  content: html21,

  worksetItems: [new sap.ui.ux3.NavigationItem("NI_2",{key:"ni_2",text:"Exercise 2", subItems:[

    new sap.ui.ux3.NavigationItem("NI_2_1",{key:"ni_2_1",text:"2.1 Hello World"})]}),

    new sap.ui.ux3.NavigationItem("NI_3",{key:"ni_3",text:"Exercise 3", subItems:[

      new sap.ui.ux3.NavigationItem("NI_3_1",{key:"ni_3_1",text:"3.1 Simple OData"}),

      [...]

and the requested workset item was set as selected, with the corresponding content, in a large switch statement like this:

  switch (getURLParameter("sub")){

    case "2.1":

      oController.oShell.setSelectedWorksetItem("NI_2_1");

      oController.oShell.setContent(html21);

      break;

    case "3.1":

      oController.oShell.setSelectedWorksetItem("NI_3_1");

      oController.oShell.setContent(html31);

      break;

    case "3.2":

      oController.oShell.setSelectedWorksetItem("NI_3_2");

      oController.oShell.setContent(html32);

      break;

    [...]

Nice effect.

I wanted to confirm this for myself, and try to use fewer lines of code than SAP had done, as it looked a little bit verbose. So I wrote a little standalone snippet, available in my Github repo 'sapui5bin'. The snippet is https://github.com/qmacro/sapui5bin/blob/master/snippets/shell_wsi_nav.html and defines a Shell with a few items / subitems like this:

  var oShell = new sap.ui.ux3.Shell({    

      appTitle: "Shell WorksetItem Navigation",

      worksetItems:[

        new sap.ui.ux3.NavigationItem("id_wsiA", {key:"wsiA",text:"A",subItems:[ ]}),

        new sap.ui.ux3.NavigationItem("id_wsiB", {key:"wsiB",text:"B",subItems:[

          new sap.ui.ux3.NavigationItem("id_wsiB.1", {key:"wsiB.1", text:"B.1"}),

          new sap.ui.ux3.NavigationItem("id_wsiB.2", {key:"wsiB.2", text:"B.2"}),

        ]}),

      ]

    });

Note that my convention is to name the IDs the same as the keys, but with a prefix of 'id_'.

I used the same getUrlParameter() function, but then used a simpler method to dynamically set the selected workitem and content based on the value of the 'sub' query parameter, like this:

  var subId = "id_wsi" + getUrlParameter("sub");

    var wsi = sap.ui.getCore().byId(subId) ? subId : 'id_wsiA';

    oShell.setSelectedWorksetItem(wsi);

    oShell.setContent(getContent(wsi));

In the second of these 4 lines, I'm just making sure I handle the case where the user hacks the URL query string to specify a sub item that doesn't exist: I make sure that I can find an element with the ID specified (knowing that if it begins 'id_wsi' then it's a workset item) and defaulting to the first workset item if I can't.

And that's it. Not a huge deal, but I was intrigued, and thought you might be too. For more info, see the complete snippet shell_wsi_nav.html.

Share and enjoy!

Recently I've found myself making references to a small but growing collection of runnable SAPUI5 snippets that I've been collecting together, called "sapui5bin". It started from early discussions in this space on SCN, and I thought I'd try and capture the "executable output" of those discussions, blog posts and so on.

Here's a few examples of the bits and pieces that are contained in this repo:

• from my blog post "Jump to Shell Workset Item from URL" we have an example of URL-based Shell workset item navigation, improved upon by John Patterson

• from a discussion with Andreas Kunz we have a snippet that shows how to bind a Paginator control to a model

• from a YouTube video I recorded - "Re-presenting my site with SAPUI5" - we have an MVC style collection of code (blogui)

• conditional data binding from an early discussion in this space

John Patterson has kindly sent me a pull request (which I accepted and which he's subsequently updated) which represents an "OData Cart"

Please have a browse, clone the repository, try the examples and snippets out, and feel free to contribute too!

The repo is here: https://github.com/qmacro/sapui5bin

Share and enjoy!

With reference to my recent post about the 'sapui5bin' repo on Github, I had also put together a Getting Started guide for SAPUI5 for some colleagues, with particular focus on getting up and running with a portable and independent environment you can have on your laptop. In the spirit of "you can never have too many getting started guides" (as I learn different things from different guides) I thought I'd make my guide available for your reading pleasure.

Here it is: Getting Started with SAPUI5

Taken from the Table of Contents, here's what it covers:

Introduction

Download and unpack SAPUI5

Choose a home development location

Set up Apache

Configure Apache

Access your local SAPUI5 docs

Set up git for Windows

Clone sapui5bin

Relax

Share & enjoy!

I created a Chrome "hosted app" manifest to get a large start page icon with which I could navigate directly to this excellent content resource. Now I can get to my favourite area on SCN in even less time! :-)

See the project on Github: https://github.com/qmacro/sapui5-chrome-icon

Share and enjoy!

As many of you might know (from my #YRS2013 tweets this month), I was involved again in Young Rewired State, an initiative that gathers kids all around the country, gives them a week-long opportunity to learn or improve in coding skills, embrace open data and understand the value of it, and work together to build hacks and apps using open source and that open data. I was centre lead for one of three Manchester-based centres this year, at MadLab, and the whole event, which culminated in the hundreds of kids and mentors from centres all round the country coming together for a weekend of show and tell (and prizes) in Birmingham, was a terrific success yet again.

From the show and tell and judging on the weekend, here's a quote from one of the kids during his team's presentation to the judges, to explain their use and choice of data sources and backend systems:

"<organisation> has an open API so we used that"

In my tweet I alluded to the fact that this was a sentiment echoed by all the participants at YRS - the kids building cool hacks on open data and sharing the source code are our future.

What are we doing to help form and guide this future? Well for a start, there are a great number of people who get involved with this sort of thing on a regular basis. John Astill for example took part in a "hyperlocal" instance of YRS - at YRS NYC, last month. And of course, for the second year running, SAP itself, through the guidance and steady hand of Thomas Grassl is headline sponsor, helping make the whole thing happen (thank you SAP, I'm proud to have been able to connect you with YRS in the first place, last year!). Ian Thain was there also and wrote up a piece on YRS this year too: SAP and the young Developers of tomorrow

As well as YRS there are other initiatives, regular events in the UK that take place. I wrote about what I've been involved with in a post on the Bluefin Solutions blog:

Computational Thinking and Kids - A Year in Review

In SAP's continous re-invention of itself, it is getting involved more and more in embracing a wider audience, engaging with those kids and students who are our future, and reaching out more broadly then ever. For this I applaud them. Yes, there are corporate goals and useful side-effects, such as bringing more developers closer to an SAP flavoured platform, and increasing the chances of SAP software longevity, but those side-effects have very real benefits in helping teach computational thinking and prepare our youngsters for a data-driven future.

If you're interested in this and more besides (such as the InnoJam and University Alliance initiatives), then watch this space - there will be a public SAP Mentor Monday event in September to cover these subjects. Hope to see you there. In the meantime, please let us know in the comments what you think, and what it might take for you to get involved too. Believe me, it is hugely rewarding as well as great fun.

I'm sitting in TLV airport waiting for my flight back to MAN via FRA. I've just spent a whirlwind 36 hours, more or less, in an amazing developer engine also known as SAP Labs Israel. Before I start though, I want to extend my gratitude and thanks to all those who made me so welcome (which is basically *everyone*) and especially to Aviad RivlinRafi BrylAmir BlichGabi Koifman and Keren Golan. Of course as you may know Aviad, who organised the whole event, was announced as one of the new SAP Mentors today. Congratulations! I did have the "insider knowledge" yesterday, hence the double meaning of my "flying the @SAPMentors flag" tweet yesterday evening on the roof terrace of the SAP Labs building :-)

It was a mind stretchingly great time, in the form of a Customer Corner Event which saw attendees from Danone, Coca Cola and Bluefin (me). Aviad had prepared a full agenda for Day 1, which included HANA related customer stories, roundtable discussions on various deeper-dive topic such as UI Integration Services, Portal-esque features for a solid integrated UI/app strategy, HANA XS, River, OData and more. There was also a panel discussion that covered topics such as cloud, HANA adoption, performance tuning, and "Kindergarten code" (yes, that phrase will stick!).

The second (half-day) gave me a chance to get a deeper dive look at some of the things we'd covered in Day 1. Specifically I'm thinking of SAP HANA Integration Services and River. There's too little time before my flight to cover these topics decently, so I'll keep it short for now and encourage you to take a look yourself, either in the existing docs or look to TechEd and beyond for the amazing River features. Not long to wait!

SAP HANA UI Integration Services

You've built a few SAPUI5-based apps. You're also looking at SAP Fiori. But have you thought about your overarching UI strategy? Moving from inside-out to outside-in based development isn't just about building great apps for multiple runtimes. It's about a consistent experience, role-based access to apps, common services (e.g. persistence), tools for non-developer/user roles such as designers and administrators, and the ability to give your users a unified entrypoint to all this.

So you should be looking at a "frontend server" that might consolidate Gateway foundation/core, customisation and the repository for SAPUI5 runtime artifacts. The SAP HANA UI Integration Services provides the API layer as the foundation for this "unified shell", and is a very viable option (running on HANA) for such a "frontend server". Plus you get the toe-in-the-water benefits of a HANA system ready for trialling and experimentation. Stick this in the cloud and you're onto a winner.

Oh, and want portal-style ability to define multiple apps in the same 'site', communicating with each other via publish/subscribe, using an open standard? Add OpenSocial to the mix and you've got it. And they have. Define a simple SAPUI5 component with an OData model connection to a live backend service, have the data presented to you in that widget in familiar "Excel" format (rows and columns), and then pipe that data into another graph widget via pubsub. Excellent.

River Language (aka RDL)

River as a concept and in various concept/demo forms has been around for a while, dating back at least to 2010 when I got to see a demo at the Innovation Weekend before the SAP TechEd 2010 event in Berlin. Jacob Kleinwrote more recently about River, and was at the deep dive today at SAP Labs. 

What I saw today bowled me over. Imagine a JavaScript-like, part-declarative, part imperative language where in Eclipse, in one breath, if you want to, you can:

• define your data (entities, properties, relationships, etc)
• write procedural code in the form of functions to provide custom logic (when a simple entity read/write, for example, is not enough)
• declare authorisations and roles

and then, seconds later, use a table/column style UI still within Eclipse to create random / test data for the entities you've just defined, navigate those entities and jump between them via the relationships you also defined, and oh by the way have all the runtime artifacts generated automatically for you in the HANA backend. Further, the whole thing is exposed as an OData service with the appropriate entities, entitysets, associations, enumerations and function imports (I think you can guess which of these related to your data definitions in River).

Within the procedural code you can access any HANA-based data, or via adapters, reach out remotely to your (say) ABAP stack-based systems too. And yes, (I asked, and they showed me live) you can debug and single-step through this too. Debugging directly in Eclipse or triggering it via setting a header in the HTTP request from outside.

Rather impressive stuff.

So unfortunately I have to go and catch my flight (and find somewhere to sleep!). It was a pretty awesome (and packed) time and I was totally privileged to have been able to take part. Thank you all for having me!

SAP TechEd 2013 is fast approaching, and the excitement is building. Interested in SAPUI5 (you're reading this blog post in the UI Development Toolkit for HTML5 Developer Center space on SCN already!), you're looking to see what sessions to attend. And you're looking to build and improve your skills, and perhaps find out more about SAP Fiori.

Have I got the session for you!

CD168 "Building SAP Fiori-like UIs with SAPUI5" - 2hr Hands-On

What is Fiori? Well, from the http://experience.sap.com/fiori site, this is a good start:

"A collection of apps with a simple and easy to use experience for broadly and frequently used SAP software functions that work seamlessly across devices - desktop, tablet or smartphone."

What is Fiori built upon? You guessed it, SAPUI5. And specifically, the sap.m library (and a sprinkling of other more general controls). Fiori is part application set, part responsive design, part look and feel, and part state-of-mind. What makes a Fiori app? Well, amongst other things, it's the use of certain controls and design to achieve the consistent experience you might have already come to expect from Wave 1, which delivered the 25 ESS/MSS apps. Wave 2 is coming soon, and set to deliver many many more apps across a broader functional range.

I have the tremendous privilege of working with the SAPUI5 teams in Walldorf currently and know first hand the massive effort (love, intelligence and dedication) that has gone into building the foundation for Fiori. And for me as a developer, it's very important to understand what's going on under the Fiori hood, not only for building new apps but for supporting my customers.

So enter CD168, a two-hour hands-on session at SAP TechEd titled "Building SAP Fiori-like UIs with SAPUI5". If you want to find out how to build SAPUI5 apps with a Fiori flavour, to get a feel for what controls to use and how to use them, then you should seriously consider attending.

An intensive hands-on set of an introductory walkthrough of the developer toolset and environment, and then a series of ten exercises taking you from this to this:

where along the way you learn about databinding, localisation, resource models, XML-based views, formatter functions, best practices for application design & build and controls such as the responsive SplitApp, ObjectHeader& ObjectListItem, IconTabBar, SearchField and others.

The session is available at SAP TechEd Las Vegas, and also in Amsterdam where along with esteemed SAP colleagues, I am honoured to be co-presenting.

If I had not had the chance to contribute to the session materials and co-present, I would certainly have this session at the top of my must-attend list.

What about you? Get yourself along to the session site and find out more:

CD168 on Wed 06 Nov 17:00-19:00

CD168 on Thu 07 Nov 14:30-16:30

Perhaps see you in Amsterdam?

Update 08/11/2013

I recorded a screencast of the "end result" app that the participants will build:

Update 20/12/2013

I have put the source code to the app that features here and in the CD168 session as a repo up on Github:

SAPUI5-Fiori

I've put some notes in the repo's README (displayed on the repo's homepage) - please read them for more info. They have links to this blog post, and also to the screencast walkthrough of the app which is here: SAPUI5/Fiori - Exploration of an App

This screencast is part of a 2-part SAP CodeTalk session with me and Ian Thain on SAPUI5 and Fiori, the playlist for which is here: SAP CodeTalk - SAPUI5 and Fiori.