Reputation: 55897
Worklight authentication: multiple realms
Want to check that this approach is reasonable. At first sight it seems to work.
Scenario is that we have different classes of users, when validating their credentials we can determine their class. We plan to have a "Master" realm which manages authentication and some subsidiary realms that we use to control access to particular adapter procedures, for example a "Gold".
We can then protect procedureOrdinary() with realm Master and procedureSpecial() with realm Gold.
In the Master authenticating code (derived from the DoubleStepAdapter example) we can write
WL.Server.setActiveUser("Master", userIdentity);
if ( some criteria are met )
WL.Server.setActiveUser("Gold", userIdentity);
We never actually set up a challenge handler for the Gold realm, authentication to the realm is handled via the Master realm.
Any issues with this idea.
Upvotes: 0
Views: 311
Answers (1)
Reputation: 3166
Technically - it will work. However big assumption here is that user will NEVER try to access a procedure protected by "gold" realm before authenticating. To overcome this problem I'd recommend following approach - you need to define login-function and logout-function for each realm. Make sure that all of your login-functions return same JSON piece (or use same login-function in all realms). This way it doesn't matter with realm triggered the authentication - you will always get a same piece of JSON as a challenge and your app knows how to process it.
Upvotes: 2
Related Questions
- Worklight application login in multiple devices with same user at same time
- Explicit Login with Worklight
- Worklight Adapter based auth - Direct login
- Login Authentication In IBM Worklight
- Worklight Adapter Authentication in one session shared across another
- login authentication in worklight
- Worklight session memory replication
- Worklight Online + Offline Authentication
- IBM Worklight 6.0.0.1 - Application Authentication
- Single sign on with Worklight apps