May 2020

Welcome to the notes for the May 2020 release for the CAP framework. Find the most noteworthy news and changes in the following sections.

See also: Latest Changelog

Docs and Samples

New cap/samples Based on Java

Find the new bookshop sample application based on CAP Java on GitHub.

New Look and Feel for Code Blocks

For commands that are specific to bash, command prompt, and PowerShell, we introduced a new look and feel. Switch between these versions selecting the tab you need. See section Deploy to cloud using cf push.

Improvements for Mobile Usage of the Documentation

We take feedback seriously and therefore we’ve improved the mobile usage of our documentation.

New and Revised Sections and Guides

New Guides and Sections:

Revised Guides and Sections:

Java Runtime

Important Changes ❗️

  • The CDS Data Store automatically generates UUID values on input if no value is provided. UUIDs are lowercased on input.

Model Reflection API

Query Builder / Service Consumption API


Input Validation

Support for input validation on ordinal types (@assert.range) and string expressions (@assert.format) has been added. All valid constraints defined on entity elements of simple type are checked in an early BEFORE-handler of the CDS service. CUD-Requests, which don’t match one of the constraints, are rejected.

  • @assert.range (see Cookbook > Providing Services > Input Validation) validates the ranges on ordinal data types such as numbers, dates, and times (enums not yet supported):

      entity RangeEntity {
          key ID : UUID;
          @assert.range: [0, 23] hour: Integer;
          @assert.range: [0.001, 9.999] lessThan10: Double;
          @assert.range: ['2018-01-01', '2018-12-31'] in2018: Date;
          @assert.range: ['23:00:00', '23:59:59'] time: Time;
          @assert.range: ['2008-02-13T09:00:00Z', '2020-02-20T09:00:00Z'] datetime: DateTime;
  • @assert.format (see Cookbook > Providing Services > Input Validation) provides a powerful tool to make sure that input strings match a regular expression in ECMA 262 format:

       entity FormatEntity {
          key ID : UUID;
          @assert.format: '^\p{Lu}.*' authorName : String(30);
          @assert.format: '[\\w|-]+@\\w[\\w|-]*\\.[a-z]{2,3}' email: String;
          @assert.format: '^\d+(\.\d+)?' chapter: String;
          @assert.format: '[a-zA-Z][a-zA-Z][a-zA-Z]' threeChars: String;

CSV Import

CSV file import has been enhanced with some helpful features, which make it more flexible:

  • File locations and file endings of the CSV files has been made configurable (example shows the default values):

          csvFileSuffix: .csv
            - db/data/**
            - db/csv/**
            - ../db/data/**
            - ../db/csv/**
    All paths ending with /** are searched recursively.
  • More flexible header line delimiters: either ; or , is accepted.
  • More detailed error messages on import data that is inconsistent with the CDS model.

OData V4 Protocol Adapter

The OData adapter accepts GET requests with $value URI suffix on primitive entity properties. Whereas the path to a single property delivers a full OData JSON-response:

$ curl http://acme/odata/v4/Catalog/Authors(01a4c48c-0dfc-4507-abc6-9b54a431b78a)/name

$value picks the value property for the response only:

$ curl http://acme/odata/v4/Catalog/Authors(01a4c48c-0dfc-4507-abc6-9b54a431b78a)/name/$value`
William Shakespeare


  • Instance-based authorization is active by default, that means, where conditions of @restrict-annotated entities are evaluated for events READ, UPDATE, and DELETE. There are some limitations related to paths in the where expression, see Java > Advanced > Security.
  • Introduced enhanced expression parser for the where condition, which allows automatic type conversion of user attributes.
  • Grants for draft-related events such as draftEdit, DRAFT_CANCEL, or DRAFT_NEW etc. are derived from grants of standard CQN events. For instance, granted event CREATE implies also DRAFT_NEW. Before that, draft events had to be listed in @restrict annotations in order to permit access.
  • The where condition of @restrict won’t apply anymore for draft entities on events READ, DELETE, and UPDATE. This allows to create and edit draft entities, which temporarily don’t match the condition. The condition will be checked when activating the draft entity.
  • Support for new keyword $unrestricted in user attribute value lists. Soon XSUAA will issue JWT tokens with potential $unrestricted string values in attribute lists of unrestricted users. Unrestricted attributes will be dropped by the runtime when evaluating where-conditions of @restrict annotated entities during instance-based authorization. The former logic - unrestricted access indicated by empty attribute value lists - will be removed in a later version after some transition period.


  • Enhanced temporal data support: Allow date only values (for example, 2020-04-24) for sap-valid-from, sap-valid-to, and sap-valid-at request parameters.

Bug Fixes

  • Fixed server error on malformed OData requests that contain an unknown action or function.
  • The default ON-handlers for AuthorizationService now have a proper default order number. This enables custom handlers to override them on demand.
  • $expand=* isn’t supported for draft enabled entities. This is reflected with an improved error message now.