I am building an iOS and Android Apps using Worklight Framework, the worklight server will be protected by IBM Security Access Manager (ISAM) SSO, and therefore the Apps can only be reaching the worklight server after passing the Security challenges. I've found some docs about this integration and it works as intended.
But the apps also offers some features that doesn't required login, in which the Security Manager shouldn't intercept the adapter request to worklight server. The only workaround that suggested by IBM is to create a URL mapping junction in ISAM that defines the URLs that can access by public, and those which shall not. for example /worklight/public and /worklight/secured
But the URL pattern for all worklight adapter are /worklight/invoke?adapter=ADAPTER_NAME, so do we have a way to create a customized URL for public and secured adapter, for example:
/worklight/public/invoke
/worklight/secued/invoke
EDIT 1: Worklight Version 6.0
Thanks in advance.
Please mention the version of Worklight you are using.
One way to achieve this is to create and deploy the adapters in two different projects. That way the context root of both the adapters will be different. So, you'll have URLs such as
/Project1/invoke?... and Project2/invoke?... which you can apply to your filters.
Related
I am developing a native android app on MobileFirst platform. Does MobileFirst provide any code to connect to a web service instead of going through adapters? This is basically only for Native Android development and not for Hybrid app.
The MobileFirst SDK only provides what is required to work with features provided by MobileFirst, such as connecting to various backends using Adapters with the added benefit of the MobileFirst security framework, and other features.
If you have a need to connect to backends not via MobileFirst, use other common client-side utilities to achieve that.
I used the following code and it worked.
WLResourceRequest request = new WLResourceRequest("Actual server path here", GET);
request.addHeader(new BasicHeader("IfAnyHeader", "here"));
request.send(new ResponseListener());
If you are using native Android, you could use volley (or similar) to call external web services or REST apis.
http://developer.android.com/training/volley/index.html
Nothing to do with MobileFirst though, all totally standard Android native coding.
We are working with MobileFirst 7.0 version. We want to achieve authentication using adapter based authetication process. Earlier we used HTTP Adapter and it worked. But we changed it to Java Adapter and want to acheive authentcation with Java Adapter Based authetication.
My questions are :
Is it possible?
If yes, how can we move forward?
If not, what is the alternative of doing authentication usig Java Adapter?
There is some documentation covering your question.
Here are links to get you started:
Authentication concepts in MFP 7.0: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/authentication-concepts/
Adapters overview: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/adapter-framework-overview/
Java adapters: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/java-adapter/
Adapter-based authentication: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/adapter-based-authentication/
You need to use a JavaScript adapter.
Read the documentation.
Use OAuth.
I found this blog entry, and in particular the second video answered many questions.
OAuth Blog
In all cases I have ever seen we set up a Worklight security Realm and use adapter-based authentication to authenticate to that Realm. Our OAuth-protected resources then reference that realm.
In principle we could define realms that do not depend upon a JavaScript adapter for authentication, the MFP Security model is open to extension. In practice this is probably more work than you want to do. I find that the JavaScript model is itself quite extensible, as it can call down to Java code when something complex is needed.
Can I consume a web service in a MobileFirst application without a MobileFirst server?
Yes, you can use your MobileFirst app without the need to connect to a MobileFirst server.
The drawback of not using the MobileFirst server is that you'll be loosing all of the features it provides like authentication, security, adapters, unified push notifications, direct update (for hybrid), remote disable, and other features.
If you want to make a request to any endpoint you can use WLResourceRequest (available from version 7.0 onwards) or any other native method to make HTTP requests.
Information on how to use WLResourceRequest
Android:
https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.apiref.doc/html/refjava-worklight-android-native/html/com/worklight/wlclient/api/WLResourceRequest.html
Hybrid:
https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.apiref.doc/html/refjavascript-client/html/WLResourceRequest.html?cp=SSHS8R_7.0.0%2F9-0-0-1-31
iOS: https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.apiref.doc/html/refobjc-worklight-ios/html/interface_w_l_resource_request.html%23a004749b662c6f4a55a3b76e47f7e6062?lang=en
If the call is for example to an external resource you can use the same plain regular AJAX calls as you would anywhere else.
If the resource is protected by MobileFirst Platform, then you must use adapters. Adapters must go through the MobileFirst Server.
Use it like simple IDE to develop application(Native and hybrid).You can use client side API also that do not connect to the mobilefirst server.
You cannot use a mobile first app if you are using MF 7.0 or higher without a server, as soon as you launch the app it invokes an authorization request something like following:
<< domain >>/<< context >>/authorization/v1/clients/instance
Which connects to your workflight server and if it doesnt get response it will fail.
As far as invoking a web service is concerned that is just javascript if you are doing hybrid you can use AJAX as mentioned in another answer. If you are building native IOS or Android you can invoke http request using sdk libraries.
Cheers !
I just curious, why we need worklight adapter to communicate with the database? Why not can't using direct ajax? Last time I'm using direct ajax it's not working at all. After I switch to worklight adapter it's running like charm? No problem at all. Why?
You did not provide any specific details about your scenario, like Where is that backend system located, if there is any security involved, what is the topology, etc... so why it's not working with AJAX is impossible to answer.
As for why use Worklight adapters, read:
http://javatechig.com/cross-platform/ibm-worklight/how-to-create-a-http-adapter-in-ibm-worlight
Adapters provide templated (adapter types) connectivity settings to various backend systems - HTTP, SOAP, SQL, JMS and so on
Adapters provide a means to auto-generate an adapter for WSDL and sap web services
Adapters can also be pure Java JAX-RS web apps, allow far greater flexibility and functionality (in MFP 7.0)
You must use Worklight adapters if you intend on using the unified push notifications support
Adapters must be used if you intend to utilize any of the Worklight security features (adapter-based, custom login module, device provisioning, custom provisioning and so on)
and so on
Here is my problem: I would like to create an application with IBM Worklight which will call via an adapter a service that requires OAuth (ie: Twitter).
Anyone have some thought for the best method to implement this using IBM Worklight?
For example, use one method to get the token, store the token in the session and then other methods to interact with the service?
Is there some out of the box functionality in IBM Worklight to handle the token acceptance in such case (ie: automatically open a browser to provide the authorization)?
Many thanks
Dominique
You can use the cordova inappbrowser plugin to get the access token and pass the token to the Worklight adapters. I am working on a devworks article now with an example so I will update this response with a link once it's live.
Here's the link to the article that might be helpful to you: http://www.ibm.com/developerworks/library/mo-worklight-linkedin/index.html