If use the securityContext.getAuthenticatedUser(); command in a javascript adapter I get the authenticated user.
Is there a method to set the authenticated user object in order to include certain attributes (like setActiveUser in MobileFirst 7) ?
If not, how can session objects be stored? is WL.Server.getClientRequest().getSession().setAttribute still working in MobileFirst 8?
In MobileFirst Foundation 8.0, only security checks can set the authenticated user.
Also, 8.0 is session-independent, so there is no getSession.
In Java adapters, you can use
#Context
AdapterSecurityContext securityContext;
securityContext.getClientRegistrationData()
To get data attached to the current client ID.
You can then use storeClientRegistrationData to update this registration data.
This registration data is meant to be for lightweight data that relates to the security.
For anything else, you are expected to use some external database or data storage. You could use the client ID as they key.
In JavaScript adapters you can also getTokenIntrospectionData. You cannot set any attributes. So you need to use an external storage.
Related
Good Day,
I have modified two adapters, one is with Security Check - UserLogin Adapter, and another one is HttpAdapterJs (Javascript adapter) , HttpAdapterJs are work fine when i tested in Swagger (soap service).
when I called the Adapter HttpAdapterJs from UserLogin Adapter using AdapterAPI its will return null values.
HttpUriRequest req = adaptersAPI.createJavascriptAdapterRequest("HTTPAdapterJS", "getAuthenticationService", URLEncoder.encode(user_name, "UTF-8"),
URLEncoder.encode(pass_word);
org.apache.http.HttpResponse response = adaptersAPI.executeAdapterRequest(req);
Then, I read this : Unable to initialize AdaptersAPI Object in MobileFirst V8.0 adapter which is leading to NullPointerException
the Security check class does not allowed AdapterAPI.
My Next Solutions also does not work :
I have created new class and I called the object to get data, still it retun null values.
ServiceEmpImp testService = new ServiceEmpImp();
JSONObject objectJson= testService.validateAuthenticationfromService(dataAuth);
Any others solutions that work fine?
While security checks are implemented within adapters, the MobileFirst security-framework and adapter APIs are separate and cannot be mixed. Therefore, you cannot use an adapter API, such as the AdpatersAPI interface, in your security-check code, and you cannot use security-check APIs in adapter resource code.
Please refer https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/creating-a-security-check/
for details on implementing security check and developing adapters.
I'm using the adapter based authentication for protecting resources as well as managing the entire authentication logic (credentials validation).
If the user/password validation passed successfully, the WL.Server.setActiveUser method is called to create an authenticated session for the Realm, with user data stored in a userIdentity object.
The user/password validation process returns OK/Fail and also a cookie if the validation passed. And this cookie should be sent on the following adapter calls, so I'm adding it into the userIdentity data object as well.
My idea was to store it within the userIdentity object, since it can be retrieved on the others adapters (var userIdentity = WL.Server.getActiveUser();) for adding the cookie value into the adapter's request header and it works properly!
What's the problem? The adapter response can contain a new value for this cookie, so I should update the userIdentity object for replacing the cookie's old value by the new value.
Nevertheless, the userIdentity object is immutable so it always contains the original cookie the login process got.
Is there a way for updating the userIdentity object? Otherwise, how can I manage a mutable table for saving and updating a cookie linked to each user session in order to send it on the adapter request to the Backend?
Is there a better way to manage this backend cookie required on each user adapter request?
Many thanks!
Sergi
PS: There is a question that tries to solve this but the possible answer is not valid to me (IBM MobileFirst Platform Foundation 6.3: Can we edit the custom attributes of User Identity Object [MobileFirst Session]):
I have tried the following code for updating the userIdentity:
var newUserIdentity = {
userId: userIdentity.userId,
attributes: {
cookies: newValue
}
};
WL.Server.setActiveUser(realm, null);
WL.Server.setActiveUser(realm, newUserIdentity);
But when it's retrieved from another adapter (var userIdentity = WL.Server.getActiveUser()), it contains the original value!
You could remove the userIdentity (WL.Server.setActiveUser("realm", null);), and then set a new active user object.
If you can depend on HTTP Sessions (single server or sticky sessions), you can access the session object and store whatever you want. (WL.Server.getClientRequest().getSession())
If you do not want to use HTTP sessions, you can use an external storage mechanism such as SQL or Cloudant to store that information. You can use the Client-ID as the identifier (see example https://ibm.biz/BdXUHt).
We're currently working on a Worklight project using Dojo (more specifically dojox/app). We managed to create a basic example with a store, model, controller and a view. However, now we want to connect this to our Worklight adapter.
What is the best approach in connecting a Dojox/app application to the backend? We were thinking about feeding our store with the data from the Worklight adapter, however, we need to do all CRUD operations and our data should be in sync with the server because multiple users might be working at the same item.
The best general solution I can think about is using a JsonRest store, but we're using the WL.Client.invokeProcedure function that calls our adapter, so we're not directly using the service.
We found a solution by using the WL.JSONStore from WorkLight. The API of it isn't compatible with the dojo/store API (logically since it wasn't meant to be), but we wrote a dojo/store API based proxy class which does nothing more than translating and forwarding calls to the WL.JSONStore.
Architecture of project
my wcf expose 11 endpoints,one of the endpoint ment for authentication and autherization. which returns the accountid of the user.this accountid is sent by client in every method for recozination.
need
i dont want to send the account id to every method ,all i want a way that can give me the accoint id automatically if the client is loggedin
Limitation...
1> i cant use membership.
2>i can,t use persession mode of wcf becose it creates new session for every endpoint
3> cant use outgoinfheaders on client side ..
is there any custom way to solve this problem
That looks like scenario for federated security but it would conflict with some of your requirements.
You don't need membership.
You don't need per session services
You need somehow pass the token - if you cannot use custom outgoing SOAP header and configure it in some central place, you will have to pass the token inside the message body and you will have to configure it as a parameter for each service call.
I'm trying to return some custom Authentication data using the details and/or the principal fields from that interface (org.springframework.security.core.Authentication) but nothing happens.
The data returned on the other side of the Channel Set includes only the name and the authorities list (as Strings), and it's not useful enough
How can I transmit additional data on a Spring login request ?
Hopefully one can attach some custom data to a Spring Authentication instance (created by calling ChannelSet.login) as described in the following links:
http://forum.springsource.org/showthread.php?t=89736&highlight=AuthenticationProcessingFilter