Reputation: 123
Protecting Java Adapter
We are making Java adapter, and want to protect by CustomAuthenticator and CustomLoginModule.
We started from sample project got from: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/custom-authenticator-login-module/custom-authenticator-login-module-hybrid-applications/
We then added simple Java Adapter.
Then, in the client code, we modified getSecretData() function in main.js so that it calls /adapters/JavaAdapter/users instead of original /adapters/DummyAdapter/getSecretData.
Finally, We added the @OAuthSecurity(scope="CustomAuthenticatorRealm") annotation to the adapter's hello() function.
But clicking "call protected adapter proc" button successfully returns the data from hello() without authentication.
What should we do so that authentication works for Java adapter calls?
Upvotes: 1
Views: 104
Answers (1)
Reputation: 49371
It means that your client (Browser? Emulator? Device?) Still has a valid session id with your server, from the time you tested with the javascript adapter.
I've tried your scenario and experienced the same thing. However I was able to get the correct behavior by clearing the cookies (for the ios emulator, by resetting the emulator).
It is expected behavior until you log out. The logout feature is not working correctly with Java Adapters in 7.0.
Upvotes: 2
Related Questions
- Adapter Security in MFP 8 with Default Scope
- Interceptor behaviour for mobile first platform
- Mobilefirst 7.0 protecting a Java Adapter fails with Custom Authenticator
- Worklight adapter security
- Authentication with Mobilefirst Java Adapter
- Protecting IBM MobileFirst adapter procedures to be accessible only from another adapters
- IBM Mobilefirst 7.0 -Java Adapter Invocation Client Side
- How to secure a MobileFirst adapter for backend process?
- Protecting applications IBM worklight
- Security in HTTP Adapters