I am trying to customize direct update by getting all the messages from an adapter.
I am not getting adapter success callback if direct update is triggered.
I want to show a dialog giving option to the user to cancel direct update.
Below is the code I am trying with:
wl_directUpdateChallengeHandler.handleDirectUpdate = function (directUpdateData,directUpdateContext){
console.log("Test for directUpdate");
var invocationData = {
adapter : 'DirectUpdateCustomizationAdapter',
procedure : 'getConfig',
parameters : ["android","1.9.0"]
};
var result = WL.Client.invokeProcedure(invocationData,{timeout: 30000,
onSuccess : function(success){
console.log("Adapter call success" + JSON.stringify(success));
},
onFailure : function(failure){alert(3);console.log("Adapter call fail" + JSON.stringify(failure));},
});
};
I am using the below security test:
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
If direct update is not triggered and adapter call is outside challenge handler then adapter call is successful.
Please guide.
What does direct update has to do with adapters?
You cannot invoke or handle it in adapters; it must be handled on the client-side, as it is the client-side SDK that handles direct update, and not adapters, which reside on the server-side.
for such flow to work , the method DirectUpdateCustomizationAdapter#getConfig must be stripped from any security and use unprotected access.
meaning: in the DirectUpdateCustomizationAdapter adapter's xml file
the method getConfig should have an additional property :
<procedure name="getConfig" securityTest="wl_unprotected" />
since getConfig returns non-confidential data I believe its ok to un-secure it.
such change in the adapter code requires to re-deploy the adapter file to the Worklight server.
Nevertheless, retrieving data from remote server during direct update handler is not recommended. As Idan stated here, the best approach to customize the title,body and other text elements is actually having those strings in some property file on the device (network hop does cost time).
Updating such property file with new text can be done via the direct update mechanism itself (just like updating any other web resource).
Related
I want to understand how do we execute multiple test cases using testNg. Suppose my web application consists of 10 pages.Then how do we execute the below test cases.
1) 1st TC- Traversing or navigating to page 1,2,3,4,5&6.
2) 2nd TC- Traversing or navigating to page 1,2,3,8,9&10.
3) 3rd TC- Traversing or navigating to page 1,2,6,7,8.
all pages have corresponding priorities. Page 1 has priority 1, Page 2 has priority 2 etc.
Is it that we need to call related methods(methods defined in each page.) in each #Test annotations.
Thanks!
It seems like you have one #Test annotated method for each page. If they can traverse correctly logically as you have mentioned, then to run them for your test cases , I would remove priorities from TC's and use this xml with preserve-order="true" , so they run in same order. You can add more TC to below in same manner. Have a look at this
Below xml will call methods in that order , you need to make sure they can go to your pages correctly
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd">
<suite name="yourSuiteName" >
<test name="1stTC" preserve-order="true">
<classes>
<class name="yourPackage.YourClass" >
<methods>
<include name="method1" />
<include name="method2" />
<include name="method3" />
<include name="method4" />
<include name="method5" />
<include name="method6" />
</methods>
</class>
<classes>
</test>
<test name="2ndTC" preserve-order="true">
<classes>
<class name="yourPackage.YourClass">
<methods>
<include name="method1" />
<include name="method2" />
<include name="method3" />
<include name="method8" />
<include name="method9" />
<include name="method10" />
</methods>
</class>
</classes>
</test>
</suite>
If you have multiple pages then you can have Page object class for each web page. that class can have multiple methods which implemented as operation that could be performed on that page and may return object of next page it is navigating to. Using such objects of Page object classes and their methods, you can design your test method that will be considered as Test case.
E.g.
- for Login page, define Login.java with all the required elements on the page and define method as below
public Homepage loginAction(String Username, String Password){
// write code to perform login opeartion
// it returns Homepage object that you can store in Homepage type variable and you can call other operations of Homepage on that object.
}
Once, you have all the Page object classes are ready to consume, you can write test cases by calling tat methods.
E.g.:
#Test
public void TestCaseOne(){
Login loginpage = new Login();
Homepage homepage = loginpage.loginAction("ABC","XYZ");
homepage.selectAcc(1);
}
Hi I am trying to connect to production server and do App authenticity (native android app). But I Am getting following error "App authenticity security check failed".
What I am doing at MFP project level.
In authconfig xml.
<customSecurityTest name="AuthSecurityTest">
<test realm="wl_antiXSRFRealm" step="1" />
<test realm="wl_authenticityRealm" step="1" />
<test realm="wl_remoteDisableRealm" step="1" />
<test isInternalUserID="true" realm="AuthRealm" step="1" />
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true"
step="2" />
</customSecurityTest>
<realm loginModule="AuthLoginModule" name="AuthRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="AuthAdapter.onAuthRequired" />
<parameter name="logout-function" value="AuthAdapter.onLogout" />
</realm>
<loginModule name="AuthLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
My application descriptor :
<nativeAndroidApp xmlns="http://www.worklight.com/native-android-descriptor"
id="MFP_Android"
platformVersion="7.1.0.00.20160401-2103" securityTest="AuthSecurityTest" version="1.0">
<displayName>MFP_Android</displayName>
<description>MFP_Android</description>
<accessTokenExpiration>3600</accessTokenExpiration>
<publicSigningKey>MIIBHSAKJHDFKJHFKHDFKJHDKJHDFSKJHFDSKJHFDSKJDFHKJDFHDFHJDSKDFSHKDJFSHKJFDHSKJDFSHKJDFSHKJDFSHKJDFHSKJDFHlkasalJAscnmxzcncxmnzksjdadskjdsjsdjskjdksjdakjdssdjksdaj</publicSigningKey>
<packageName>com.mfp</packageName>
<targetCategory>UNDEFINED</targetCategory>
<licenseAppType>APPLICATION</licenseAppType>
</nativeAndroidApp>
I am calling the challenge hander on connect.
AndroidChallengeHandler challengeHandler = new AndroidChallengeHandler("AuthRealm");
WLClient client;
client.registerChallengeHandler(challengeHandler);
client.connect();
I am getting response as
/*-secure- {"reason":"App authenticity security check failed"}*/
y would I get such response.
I find it very strange that your package name is really "com.mfp" as seen in the descriptor XML file: <packageName>com.mfp</packageName>.
Are you absolutely sure this is your package name (that you can find in the AndroidManifest.xml file of your Android native project)?
Another possibility is that the key used to in the descriptor XML file does not match the key that was used to sign the .apk with.
Lastly, this could be due to the steps that you've defined in the Authentication Configuration XML file. Try changing the "wl_remoteDisableRealm" to be "step 2". This change will require you to re-deploy the updated .war file to your application server.
Getting the error alert after direct update success and app try to reload the application.
Server version: 7.0.0.00.20151020-1831
Project WAR version: 7.0.0.00.20151020-1831
Adapter name: WLClientLogReceiver. Version: 7.0.0.00.20151020-1831
Server authenticationConfiguration setting
<customSecurityTest name="CustomAppAuthenticitySecurity">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
Client error log: same error message in android and iOS while app try to reload after direct update.
2015-11-04 16:49:12.589 Direct[12642:47638] [TRACE] [WLNativeXHR] callback {"statusText":"Expected status code in (200-299), got 403","status":403,"headers":{"Pragma":"no-cache","X-Powered-By":"Servlet/3.0","Keep-Alive":"timeout=10, max=100","Connection":"Keep-Alive","Content-Type":"application/json; charset=UTF-8","P3P":"policyref=\"/w3c/p3p.xml\", CP=\"CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE\"","Date":"Wed, 04 Nov 2015 21:49:35 GMT","Content-Language":"en-US","Content-Length":"119","Cache-Control":"no-cache, no-store, must-revalidate","Expires":"Thu, 01 Jan 1970 00:00:00 GMT"},"responseText":"/-secure-\n{\"WL-Authentication-Failure\":{\"wl_authenticityRealm\":{\"reason\":\"App authenticity security check failed\"}}}/","wlFailureStatus":"","callbackId":"WLNativeXHRPlugin119420831"}
As mentioned in the comments, this question is tracked as PMR #08772,L6Q,000 as there seems to be no workaround for the error (authenticity failure after Direct Update), other than disabling authenticity...
Trying to setup security on a 6.1 worklight server (Full WAS 8.5.5)
Getting error:
SRVE0232E: Internal Server Error.
Exception Message: [com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.]
com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm.
IBM WebSphere Application Server
I have edited the following files before deploying the new WAR file...
worklight.properties:
#######################################################################################################################
# Protecting the Worklight Console
#######################################################################################################################
# You can protect the Worklight Console by defining user credentials required to access it.
# In addition to defining these two properties, you should also configure the authenticationConfig.xml file,
# located under <Worklight Root Directory>\server\conf.
console.username=consoleadmin
console.password=consolepassword
Authenticationconfig.xml:
<!-- Uncomment the next element to protect the worklight console and the first section in securityTests below. -->
<staticResources>
<resource id="worklightConsole" securityTest="WorklightConsole">
<urlPatterns>/console*</urlPatterns>
</resource>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: if using <testAppAuthenticity/> test below ,<publicSigningKey> element must be added to application-descriptor.xml as well. -->
<securityTests>
<customSecurityTest name="WorklightConsole">
<test realm="WorklightConsole" isInternalUserID="true"/>
</customSecurityTest>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
Looks to be related to the following questions:
SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user
https://www.ibm.com/developerworks/community/forums/html/topic?id=3ea7b2ae-b9f2-422d-8739-433fa01a190d
I'm using TestNG as Unit Test Framework and Jboss AS7.1.1 Final as server
The data provider and Test methods works well in Client Mode
The same dataprovider will return 10 rows and my Test method is getting executed nearly 100times in In container mode
Test method
#Test(groups="bean-tests",dataProvider="Presenter-Data-Provider")
public void findByIdPositiveTest(long presenterId,String expectedPresenterName)
{
}
Dataprovider method:
#DataProvider(name = "Presenter-Data-Provider")
public Object[][] presenterTestDataProvider()
{
EntityManagerFactory emf=null;
EntityManager em=null;
Object testcaseData[][]=null;
Session session=null;
try
{
emf=Persistence.createEntityManagerFactory("TestCaseDataSource");
em=emf.createEntityManager();
session=em.unwrap(Session.class);
Criteria query=session.createCriteria(TestPresenter.class).setFirstResult(0).setMaxResults(10);
List<TestPresenter> rowList=query.list();
testcaseData=new Object[rowList.size()][2];
for(int loopCount=0;loopCount<rowList.size();loopCount++)
{
TestPresenter row=rowList.get(loopCount);
testcaseData[loopCount][0]=row.getPresenterId();
testcaseData[loopCount][1]=row.getExpectedPresenterName();
}
}
catch(Exception exception)
{
mLog.error(exception.getMessage());
}
return testcaseData;
}
I'm running as Test Suite using folowing Suite configuration
<test name="Bean testing">
<groups>
<run>
<!-- This has to be added by default while using arquillian Test Runner -->
<include name="arquillian" />
<include name="bean-tests" />
</run>
</groups>
<classes>
<class name="blah.blah.blah.PresenterManagerBeanTest" />
</classes>
</test>
Pls let me know What I did was wrong
Or direct me how to get values from DB to Data provider and tests using In container mode
Thanks in advance
sathiya seelan
It looks like it's related to https://issues.jboss.org/browse/ARQ-1282. Issue is still open.