Hi everyone.
I have searched the same answer but the document doesn't show a solution outside SAP. I read about Proxy Servlet but it isn't work on server application (jboss).
So, I created a class Proxy Servlet to call SAP and hide user and password on backend because the front-end is suicide.
I created a CRUD following SAP HOW-TO
But that example the authentication applied by SAP, if I install that application another environment I need to authentication on SAP (but How can I do it?).
So I created a class Proxy Servlet and applied secutity zone on jboss, so if you try access /scnblog2/home, jboss will ask JAAS authentication.
After authentication SAPUI5 is working but need to access SAP.
I changed the call to "/scnblog2/ProxyServlet?url=contact/"
Example: oModel2.loadDataNew("/scnblog2/ProxyServlet?url=contact/", handleSuccess, handleError, oParameters, true, 'POST');
so, ProxyServer call SAP and return to browser the response.
Below my project
https://code.google.com/p/desapui5/downloads/detail?name=scnblog2.zip&can=2&q=#makechanges