Reputation: 8992
IBM MobileFirst 7.1 - Calling adapters from their URL failing with global variables and setActiveUser()
I have a very simple hybrid sample app which has 3 adapters.
- submitAuthStep1(username, password)
- submitAuthStep2(answer)
- getSecretData()
Adapter 1 and 2 are using the "wl_unprotected" security test. Adapter 3 is using "AuthRealm"
var userIdentity;
function onAuthRequired(headers, errorMessage){
WL.Logger.warn(" in OAuth Reuired...");
WL.Logger.debug(" in OAuth Reuired...");
errorMessage = errorMessage ? errorMessage : null;
WL.Logger.debug(" in OAuth Reuired errorMessage..."+errorMessage);
return {
authRequired: true,
authStep: 1,
errorMessage: errorMessage
};
}
function submitAuthStep1(username, password){
if (username === "wl" && password === "wl"){
WL.Logger.debug("Step 1 :: SUCCESS");
userIdentity = {
userId: username,
displayName: username,
attributes: {}
};
return {
authRequired: true,
authStep: 2,
question: "What is your pet's name?",
errorMessage : ""
};
}
else{
WL.Logger.debug("Step 1 :: FAILURE");
return onAuthRequired(null, "Invalid login credentials");
}
}
function submitAuthStep2(answer){
if (answer === "wl2"){
WL.Logger.debug("Step 2 :: SUCCESS");
WL.Server.setActiveUser("AuthRealm", userIdentity);
WL.Logger.debug("Authorized access granted");
return {
authRequired: false
};
}
else{
WL.Logger.debug("Step 2 :: FAILURE");
return onAuthRequired(null, "Wrong security question answer");
}
}
function getSecretData(){
/*return {
secretData: "A very very very very secret data"
};*/
WL.Logger.info(" Active User INfo "+JSON.stringify(WL.Server.getActiveUser("AuthRealm")));
WL.Logger.info(" .... User INfo "+ WL.Server.getClientRequest().getSession().getAttribute("AuthRealm"));
return userIdentity;
}
function onLogout(){
userIdentity = null;
WL.Server.setActiveUser("AuthRealm", userIdentity);
WL.Logger.debug("Logged out");
}
function signOut(){
userIdentity = null;
WL.Server.setActiveUser("AuthRealm", userIdentity);
WL.Logger.debug("Logged out");
}
When invoking this code with the hybrid application it works fine, when I try to test and invoke these adapters using eclipse (Call MobileFirst Adapter option) submitAuthStep1 works, then when I get to submitAuthStep2 my global variable 'userIdentity' is gone. I have also tried to invoke the adapters in sequence using their corresponding URL's in a chrome browser tab with the same result!
worklight.properties is using session dependence
mfp.session.independent=false
mfp.attrStore.type=httpsession
Why is this happening?
Upvotes: 0
Views: 191
Answers (1)
Reputation: 49371
The "Call Adapter" feature of the MobileFirst Studio cannot be used to test authentication and security. The way it works, it gets direct access to the resource and skips all of the MobileFirst security framework. It is meant to test regular adapters.
Same thing if you try to get to the adapter directly from the browser.
You have no MobileFirst session, therefore you start fresh for every request. Global variables won't be carried on to the next request.
You can only test authentication and security features using an application.
Upvotes: 2
Related Questions
- IBM Mobilefirst 7.1 performance issue to transfer calls from its adapter
- ibm mobilefirst post calling between adapters
- IBM MobileFirst Adapters with external libraries
- MobileFirst 8 javascript adapters and messages
- IBM Mobilefirst 7.1 - Java HTTP Adapter Calling
- IBM MobileFirst 7.1 - WL.Server.getActiveUser returning null immediately after being set
- MobileFirst 7.1 Authentication.IsSessionIndependent throwing NullPointerException accessing app and adapters
- Mobilefirst server side - Working with adapters without client calling
- SAP Adapters in IBM MobileFirst
- IBM Worklight 6.1.0.1, trouble with 2 adapters based authentication