I have multiple adapters that are public and require authentication.
Some of my adapters use a common adapter procedure that should not be visible to the public, but only visible to my adapters. Is there a way to create, a sort of private procedure which will be accessed only by other adapters?
The code that you put in an adapter is not public. No client can see this code. So you can put your method in one of the adapters and use it from other adapters.
More information regarding this issue can be found here:
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v620/04_11_Advanced_adapter_usage_and_mashup.pdf
Related
I am trying to invoke worklight adapter from external application. I also got the answer in Calling Worklight adapter from external app thread. However I dont want to send adapter name, procedure name and parameters as query params. Rather, I want to send them as payload inside request body. Pls suggest answers.
If you were using MFP v7.0+ you know that each MFP adapter is exposed as a REST API as well.
you just need to remove the security so external applications can access that REST API easily.
Not sure if its healthy to reduce security.
but you can mark the (via the adapter xml file) method as "wl_unprotected"
I have an worklight application which as two modules i.e; user module and admin module. How should I secure my adapters for respective module from not being accessed by other module.
So you have a single application with two separate logics in it - user and admin.
In an application you must specify the adapter name and procedure name of the adapter in order to call it.
So simply put, only call your adapter (and its procedure) in the right module (user or admin) - this is purely applicative as I see it. Don't call an adapter where it shouldn't be called, and it won't.
If this does not answer your question, please further explain the scenario.
We are working with MobileFirst 7.0 version. We want to achieve authentication using adapter based authetication process. Earlier we used HTTP Adapter and it worked. But we changed it to Java Adapter and want to acheive authentcation with Java Adapter Based authetication.
My questions are :
Is it possible?
If yes, how can we move forward?
If not, what is the alternative of doing authentication usig Java Adapter?
There is some documentation covering your question.
Here are links to get you started:
Authentication concepts in MFP 7.0: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/authentication-concepts/
Adapters overview: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/adapter-framework-overview/
Java adapters: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/java-adapter/
Adapter-based authentication: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/adapter-based-authentication/
You need to use a JavaScript adapter.
Read the documentation.
Use OAuth.
I found this blog entry, and in particular the second video answered many questions.
OAuth Blog
In all cases I have ever seen we set up a Worklight security Realm and use adapter-based authentication to authenticate to that Realm. Our OAuth-protected resources then reference that realm.
In principle we could define realms that do not depend upon a JavaScript adapter for authentication, the MFP Security model is open to extension. In practice this is probably more work than you want to do. I find that the JavaScript model is itself quite extensible, as it can call down to Java code when something complex is needed.
I'm using MobileFirst 6.3. I have an adapter, which procedures should be accessed only from another adapter of my application, but not from the client. What kind of security test can I use for that purpose? I couldn't find any so far. Or maybe there is another approach?
Uhm, if you don't want your client logic to use an adapter - don't call the adapter in that client logic. Call the adapter only from another adapter...
There is no security to apply here.
I am using the client side API WL.Client.InvokeProcedure(invocationData, options, UseSendInvoke) in worklight 6. But I could not find a description for the parameter UseSendInvoke in the API. Do you guys know what it is?
This parameter is used internally by WL authentication framework. Technically there should not be a reason for developer to use it.
There are several ways to invoke adapters.
(1) First one is via client application. This is where you use WL.Client.invokeProcedure(invocationData, options) API.
(2) Second is by using adapter invocation service - http://pic.dhe.ibm.com/infocenter/wrklight/v6r0m0/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fdevref%2Fc_adapter_invocation_service.html. Basically issuing an http request to WL server and getting a response from adapter. RPC style.
When you're doing it via (1) - you have two authentication layers - first is security test defined for application, second is security test defined for adapter procedure.
When you're doing it via (2) - there is only one security layer - security test defined for adapter procedure.
UseSendInvoke param (which is, once again, for internal usage) means that your application will go via path (2) instead of regular path (1).
There's no UseSendInvoke argument that WL.Client.invokeProcedure takes, at least not in the public API defined in the documentation. You can look at the documentation for Worklight v6.0.0, Worklight v5.0.6, Worklight v5.0.5 to learn more about that particular API.