I am using Worklight 6.2 for my application and it has adapter-based authentication.
I am using the SubmitAdapterAuthentication() function for authenticating the user and there is correct implementation for isCustomResponse and handleChallenge functions.
The issue is, if the WL Server is not reachable and the request timeouts, the console immediately says that the REQUEST TIMEOUT happened but the same is not caught on the application to indicate to the user.
While doing an invokeProcedure(), this is never an issue as the onFailure function handles the timeout.
Am I missing something in this?
UPDATE :
From login button onClick() we are calling the SubmitAdapterAuthentication() function.
When we get a response from worklight server, it is parsed through the isCustomResponse() function and that is further handled by handleChallenge().
But in case of a Request-timout, none of the functions handle that response and as a result, we cannot determine when the timeout happened.
Is there a way to check timeout event when using SubmitAdapterAuthentication() ?
Thanks,
Vishal
What are you sending as part of the submitAdaterAuthentication() function? This function accepts a standards options object, meaning onSuccess and onFailure.
So the question is if you have implemented the onFailure, because in case of a request timeout the onFailure callback function should then be called.
Additionally I would make sure that you did not place a securityTest on the your submit authentication adapter procedure.
Related
This might sound a bit crazy but is there a way to call a procedure synchronously?
I am using MobileFirst Platform Foundation 7.1 and I am writing an app in javascript for the browser. I usually call my javascript adapter by:
WL.Client.invokeProcedure({
adapter: 'MyAdapter',
procedure: 'myProcedureName',
parameters: []
}).then(function(res) {
...
});
But in this particular case I need to open another window after getting some data from the server. Since browsers will block windows when they come from async ajax my new windows does never open.
A way to solve this would be to do the ajax request sync. Is this possible with WL.Client apis? Is there a way for constructing the request manually so I can set the sync ajax flag by myself?
PS: in my case doing sync ajax request would work nice since I show a "Loading ..." view on top of everything to prevent user interaction while the request is being done.
WL.Client.connect() does not support .then. Additionally, starting 7.0 you should use the REST API method WLResourceRequest: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-1/foundation/server-side-development-category/
Lastly, you could just put the second request in the onSuccess callback of the first...
When working with a large-sized data response from an HTTP Adapter, the size of the response appears to cause our challenge handler to fire a handleChallenge() method.
My question is, why would the size of the response cause the mobilefirst security challenge handler to fire, when the session is still valid?
More Details:
Our application uses an ISAM security appliance with Header based authentication. When an HTTP adapter call we make comes back with a content-length greater than 20,377, the adapter call triggers the handleChallenge() method of our challenge handler. When inspecting the response, we have seen that the responseJSON is actually populated with our required data, so really the handleChallenge should never have fired.
When we ping the adapter directly through the browser with the same parameters, it works fine. We've been able to isolate that this problem is occurring in the worklight.js / mobilefirst realm.
Does anyone have any idea if, or why, the Challenge Handler in worklight.js would not function as expected with a very large response size?
The bottom line is that it should. There is no reason for it not to.
If you have not been able to resolve this otherwise, my suggestion is to open an IBM PMR (support ticket) to have the development team investigate the issue.
We ended up ( sort of ) diagnosing it. At a certain payload size, the "/*secure {" fell off the response ( of which we're still not certain why. Our loginChallengeHandler function was based off of some example we found in some IBM documentation, and would improperly mark the response as a login form if the /*secure wasn't present. Once we tightened up the challenge handler, it worked.
In websphere commerce, when a session expires (login timeout occurs), where is the control transferred? Or to be more clear, what command calls the Logoff cmd?
the main problem is that the storeId parameter is not set before calling the Logoff cmd, which causes generic error page to be displayed
thanks for your help!
Are you sure the problem came from storeId and note other parameter ? Anyway, the code that calls the logoff is located int HTTP Adapter that is called in the RuntimeServletFilter, but I don't think it will help you with your case.
Check if the storeId has been set correctly before the time out, and if you can show us some traces it will be good.
If you are still interested to know the class then read below,
The OOB class LoginTimeoutHelper has a method called handleLoginTimeout. This method checks for the session timeout and calls the logoffcmd and then the redirect is done by the logoffcmd.
I am facing to a trouble with 2 adapters based authentication. My app is agenda (hybrid app). All adapter's functions must be protected by security.
my app uses adapters based authentication, like written in samples on DeveloperWorks.
My first adapter (loginAdapter) is dedicated for login (beginning of the mobile app). I developed a handler (handlerLogin, mobile side) with methods isCustomResponse, handlechallenge, etc.. This adapter works.
This adapter allows to get a userId from login and password.
As soon as connected, the user can download his agenda. The mobile calls an other adapter based auth (calendarAdapter). I have an other handler (handlerCalendar) with methods (isCustomResponse, handlechallenge).
When the mobile calls the method getCalendarData (protected method, CalendarAdapter), the server detects that the user is not registered for this adapter, that is why the server send an error (structure authrequired + errorMessage) via the function onAuthRequired.
At this step, all works fine.
Actually, the trouble comes from, that, the first handler (handlerLogin) catches this error, whereas it schould be the second handler (handlerCalendar).
Given that it is catched by the handlerLogin, isCustomResponse and handlechallenge are called, and I do not have the expected result ! I do not know why.
Why it is not catched by the handlerCalendar ?
I verified my code, variable's names, files, etc.. All things are ok.
For informations, I first declared the handlerLogin before the CalendarLogin.
Do you have any ideas, suggestions ??
Thank you in advance
It looks like you used the same realm.
The isCustomResponse function job is to find out if this challenge-handler should take care of this specific request. If you use the same realm for both adapters then the 2 challenge-handlers will react to it.
Client code attempts to invoke adapter. This triggers authentication to the appropriate realm. It is possible that the user does not have suitable credentials and eventually wants to stop trying. I can provide a "Give Up" button, and we can use the challegeHandler to tell Worklight to stop the authentication effort like this:
this.challengeHandler.submitFailure();
This works to the extent that the login attempt terminates, but it seems that code calling the adapter gets no callback and hence any Deferred objects that might be waiting for resolution are left in limbo.
The question is whether we can arrange to get the authentication failure back to the caller of the adapter procedure?
I have been informed of a workaround to this issue whereby you call:
challengeHandler.activeRequest.onUnresponsiveHost()
Before actually calling:
challengeHandler.submitFailure()
This will trigger the failure and reject the deferred as intended.
This is a workaround though so it might not work in future versions. I am going to raise a request for enhancement (link pending) and I would appreciate it if you could vote it up as well to ensure this functionality is available in the future.
First of all, submitFailure() will not call adapter. It will notify client side framework that authentication has failed completely so the framework will dispose of any stored requests that are waiting for authentication to finish.
If you want to wipe user identity on a server side you have two options
create an adapter procedure which doesn't require authentication and call WL.Server.setActiveUser("realm-name",null). This will terminate any userIdentity.
call WL.Client.logout("realm-name") in your app