2
votes

I have a Worklight v6.0 application using adapter-based authentication.

The adapter is an HTTP adapter that calls a backend REST service using Basic Auth.

There is no session or cookies between the adapter and the backend service. In my Adapter descriptor, I have set the cookiePolicy to IGNORE_COOKIES. Each request from the adapter to the backend is authenticated with the basic auth header on that request.

Each of the adapter's procedures has connectAs set to: endUser.

<?xml version="1.0" encoding="UTF-8"?>
<wl:adapter name="MyAdapter" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wl="http://www.worklight.com/integration" xmlns:http="http://www.worklight.com/integration/http">

<displayName>MyAdapter</displayName>
<description>MyAdapter</description>
<connectivity>
    <connectionPolicy xsi:type="http:HTTPConnectionPolicyType" cookiePolicy="IGNORE_COOKIES">
        <protocol>http</protocol>
        <domain>localhost</domain>
        <port>9080</port>
        <!-- Following properties used by adapter's key manager for choosing            
        <authentication>
            <basic />
        </authentication>
    </connectionPolicy>
    <loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>

<procedure name="submitAuthentication"></procedure>

<procedure connectAs="endUser" name="getCurrentUser"
    securityTest="MyAdapter-securityTest" />
</wl:adapter>

This all works great. The mobile app calls a secured procedure on the adapter, this triggers authentication, authentication completes successfully, the procedure gets re-invoked, and I can see on the network trace that the correct basic auth header is getting put on the call from the adapter to the backend. If the mobile app makes an adapter call when it is already authenticated, the adapter just makes the call to the back en with the correct Basic Auth header. If multiple mobile apps are connected at the same time and logged in as different users, the adapter uses the correct Basic Auth header for the user that called it.

The only thing that doesn't work is when a mobile app call to the adapter, authenticates as user1, gets the correct result from the backend for user1, calls WL.Client.logout(), makes another call to the adapter, and authenticates as user 2 this time.

In the adapter procedure, I call WL.Server.getActiveUser() to verify the active user, and sure enough, the user is correct (user2). But when the call goes out to the backend, the Basic Auth Header that Worklight adds has the credentials for user1, and so the mobile app gets the wrong results.

If I exit and re-star the app, all is well and I can authenticate directly as user 2 and get the correct results for user2. The only case that is a problem is when I log out/log back in as a different user in a single session between the mobile app and the Worklight Server.

Is this a known limitation of using basic auth with Worklight adapters? Is there any way for me to force the connection between the mobile client and the Worklight Server to reset when I log out? (short of restarting the app)

1

1 Answers

2
votes

Since you say that "physically" quitting and reopening the app fixes this for you, then you can use WL.Client.reloadApp() right after the logout so to keep the app flow in case of login-logout-login. See if it helps.