I'm using MobileFirst 6.3. I have an adapter, which procedures should be accessed only from another adapter of my application, but not from the client. What kind of security test can I use for that purpose? I couldn't find any so far. Or maybe there is another approach?
Uhm, if you don't want your client logic to use an adapter - don't call the adapter in that client logic. Call the adapter only from another adapter...
There is no security to apply here.
Related
I am trying to invoke worklight adapter from external application. I also got the answer in Calling Worklight adapter from external app thread. However I dont want to send adapter name, procedure name and parameters as query params. Rather, I want to send them as payload inside request body. Pls suggest answers.
If you were using MFP v7.0+ you know that each MFP adapter is exposed as a REST API as well.
you just need to remove the security so external applications can access that REST API easily.
Not sure if its healthy to reduce security.
but you can mark the (via the adapter xml file) method as "wl_unprotected"
We are working with MobileFirst 7.0 version. We want to achieve authentication using adapter based authetication process. Earlier we used HTTP Adapter and it worked. But we changed it to Java Adapter and want to acheive authentcation with Java Adapter Based authetication.
My questions are :
Is it possible?
If yes, how can we move forward?
If not, what is the alternative of doing authentication usig Java Adapter?
There is some documentation covering your question.
Here are links to get you started:
Authentication concepts in MFP 7.0: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/authentication-concepts/
Adapters overview: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/adapter-framework-overview/
Java adapters: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/java-adapter/
Adapter-based authentication: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/adapter-based-authentication/
You need to use a JavaScript adapter.
Read the documentation.
Use OAuth.
I found this blog entry, and in particular the second video answered many questions.
OAuth Blog
In all cases I have ever seen we set up a Worklight security Realm and use adapter-based authentication to authenticate to that Realm. Our OAuth-protected resources then reference that realm.
In principle we could define realms that do not depend upon a JavaScript adapter for authentication, the MFP Security model is open to extension. In practice this is probably more work than you want to do. I find that the JavaScript model is itself quite extensible, as it can call down to Java code when something complex is needed.
I just curious, why we need worklight adapter to communicate with the database? Why not can't using direct ajax? Last time I'm using direct ajax it's not working at all. After I switch to worklight adapter it's running like charm? No problem at all. Why?
You did not provide any specific details about your scenario, like Where is that backend system located, if there is any security involved, what is the topology, etc... so why it's not working with AJAX is impossible to answer.
As for why use Worklight adapters, read:
http://javatechig.com/cross-platform/ibm-worklight/how-to-create-a-http-adapter-in-ibm-worlight
Adapters provide templated (adapter types) connectivity settings to various backend systems - HTTP, SOAP, SQL, JMS and so on
Adapters provide a means to auto-generate an adapter for WSDL and sap web services
Adapters can also be pure Java JAX-RS web apps, allow far greater flexibility and functionality (in MFP 7.0)
You must use Worklight adapters if you intend on using the unified push notifications support
Adapters must be used if you intend to utilize any of the Worklight security features (adapter-based, custom login module, device provisioning, custom provisioning and so on)
and so on
I have multiple adapters that are public and require authentication.
Some of my adapters use a common adapter procedure that should not be visible to the public, but only visible to my adapters. Is there a way to create, a sort of private procedure which will be accessed only by other adapters?
The code that you put in an adapter is not public. No client can see this code. So you can put your method in one of the adapters and use it from other adapters.
More information regarding this issue can be found here:
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v620/04_11_Advanced_adapter_usage_and_mashup.pdf
Is it possible to reuse adapters between apps?
The only way I find is to have the adapter with the integration logic to reuse deployed in a specific app and then invoke that adapter from other other HTTP adapter in each App that want to invoke the first adapter. The invocation will be using REST.
Is it possible to do it in a smarter way?
Thank you.
Adapters are per-Worklight project.
As long as your adapters and applications reside under the same Worklight project, your apps could re-use these same adapters.
If your apps belong to different projects, you need to copy them and adjust them accordingly to be used by that project.