handleChallenge() being trigger even handleSuccess() in mfp authentication

Question

Good day,

I have a mobile app that will call through mfp8 to my channel service.

In my front end angular code, I have create the mfp securityCheckChallengHadler, and call the mfp login, the following is my code of front end:

this.userLoginChallengeHandler = null;
        this.userLoginChallengeHandler = WL.Client.createSecurityCheckChallengeHandler(this.securityCheckName);
        this.userLoginChallengeHandler.securityCheckName = this.securityCheckName;
        this.userLoginChallengeHandler.handleSuccess = (loginSuccess) => {
            console.log("handleSuccess");
            this.isChallenged = false;
            if (this.currentEventHandler != this.eventHandler.success) {
                this.currentLoginGrantType = this.processLoginGrantType;

                //alert("initEventHandler|loginSuccess=
" + JSON.stringify(loginSuccess));
                this.mfpAuthResponse = {
                    id: loginSuccess.id,
                    accessToken: loginSuccess.user.attributes.access_token,
                    tokenType: loginSuccess.user.attributes.token_type,
                    expiresIn: loginSuccess.user.attributes.expires_in,
                    scope: loginSuccess.user.attributes.scope,
                    clientId: loginSuccess.user.attributes.client_id
                };

            }
            this.currentEventHandler = this.eventHandler.success;
        };

        this.userLoginChallengeHandler.handleFailure = (loginError) => {
            console.log("handleFailure");
            this.isChallenged = false;
            if (this.currentEventHandler != this.eventHandler.failure) {
                this.authFailureEvent.emit(loginError);
            }
            this.currentEventHandler = this.eventHandler.failure;
        };

        this.userLoginChallengeHandler.handleChallenge = (challenge) => {
            console.log("handleChallenge");
            this.isChallenged = true;
            this.challengeResponseModel = challenge;
            this.authChallengeEvent.emit(challenge);
            this.currentEventHandler = this.eventHandler.challenge;
        };

And this is the part call the WLAuthorizationManager.login(this.securityCheckName, authObj):

if (this.isChallenged) {
            console.log("mfp-performLogin|submitChallengeAnswer=");
            this.userLoginChallengeHandler.submitChallengeAnswer(authObj);
        } else {
            console.log("mfp-performLogin|WLAuthorizationManager.login=");
            WLAuthorizationManager.login(this.securityCheckName, authObj).then(
                () => {
                    console.log("mfp-performLogin|WLAuthorizationManager.login.performed=" + performed + "
mfpAuthResponse=
" + JSON.stringify(this.mfpAuthResponse) + "

");
                    if (!performed) {
                        this.ngZone.run(() => {
                            this.authSuccessEvent.emit(this.mfpAuthResponse);
                        });
                    }
                    performed = true;

                },
                (err) => {
                    console.log("mfp-performLogin|WLAuthorizationManager.login.err=

" + JSON.stringify(err) + "
");
                    console.log('wllogin err => ', err);
                    this.authFailureEvent.emit(err);
                }
            );
        }

During WLAuthorizationManager.login(this.securityCheckName, authObj), I saw the handleSuccess() being trigger, as my understanding, this is means my authentication with mfp is successful, and I can proceed to call any protected resource. However, not only handleSuccess(), I saw handleChallenge() being trigger as well.

And because of this, I cant get the accessToken value by calling the following mfp function, even the bad response also not show:

WLAuthorizationManager.obtainAccessToken(userLoginChallengeHandler.securityCheckName).then(
    function (accessToken) {
        WL.Logger.debug("obtainAccessToken onSuccess");
        showProtectedDiv();
    },
    function (response) {
        WL.Logger.debug("obtainAccessToken onFailure: " + JSON.stringify(response));
        showLoginDiv();
});

However, everything will be smooth if I remove my scope-elements mapping and mandatory application scope in mfp console.

For your information, I keep seeing this in my mfp log:

[2/10/21 22:52:17:035 MYT] 00000289 p.server.security.internal.context.ClientSecurityContextImpl E FWLSE4054E: Failed to externalize the security checks. The security checks are deleted for client: bdfe187e-f881-4678-a65a-335de2f0a427
java.io.NotSerializableException: java.util.logging.Logger
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
    at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
    at java.util.LinkedList.writeObject(LinkedList.java:1131)
    at sun.reflect.GeneratedMethodAccessor501.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1128)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1496)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
    at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
    at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
    at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
    at java.io.ObjectOutputStream.writeFatalException(ObjectOutputStream.java:1577)
    at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:351)
    at com.ibm.mfp.server.security.internal.context.SecurityChecksState.toExternalString(SecurityChecksState.java:114)
    at com.ibm.mfp.server.security.internal.context.SecurityChecksState.toExternalString(SecurityChecksState.java:29)
    at com.ibm.mfp.server.security.internal.context.ExternalState.buildDataItemFromCurrentState(ExternalState.java:90)
    at com.ibm.mfp.server.security.internal.context.ExternalState.store(ExternalState.java:68)
    at com.ibm.mfp.server.security.internal.context.ClientSecurityContextImpl.store(ClientSecurityContextImpl.java:270)
    at sun.reflect.GeneratedMethodAccessor276.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
    at com.sun.proxy.$Proxy165.store(Unknown Source)
    at com.ibm.mfp.server.persistency.internal.transaction.StorageManagerImpl.storeLayer(StorageManagerImpl.java:79)
    at com.ibm.mfp.server.persistency.internal.transaction.StorageManagerImpl.doWithStorage(StorageManagerImpl.java:61)
    at com.ibm.mfp.server.security.internal.rest.PreAuthorizationEndpoint.authorize(PreAuthorizationEndpoint.java:78)
    at sun.reflect.GeneratedMethodAccessor434.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:776)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:705)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:868)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1287)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:778)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1158)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:81)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:928)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:341)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:470)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:404)
    at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:284)
    at com.ibm.ws.http.channel.internal.inbound.HttpICLReadCallback.complete(HttpICLReadCallback.java:66)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:929)
    at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1018)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

I tried to google for these, but cant get any answer, is it my configuration having some problem?

I tried to troubleshoot for this for weeks, but until now cant get any clue. Hope someone can help me please.

For your information, this is my scope element mapping from my mfp console:

handleChallenge() being trigger even handleSuccess() in mfp authentication

Answers (1)

Related Questions