Worklight security settings for a backend (second in chain) adapter during login

0
votes

I have a Worklight app that I slightly customize for every client. I also more or less rewrite the adapter code for every client. Now I decided to split the adapter into two: one containing general features every client uses (login, messaging etc.) and another containing implementation details that may differ per customer.

The setup is as follows:

  1. The app calls the main adapter (ProjectAdapter), login procedure.
  2. The login procedure performs normal login, calls WL.Server.setActiveUser.
  3. The login procedure calls (WL.Server.invokeProcedure) the custom adapter to complement the login response with custom data.
  4. The login procedure returns the complete result object to the app.

However, I get into troubles trying to set up security for the custom (second in chain) adapter. If I set it to the normal security test I use in the app, it fails with:

[ERROR   ] FWLSE0059E: Login into realm 'WLRemoteDisableNullLoginModule' failed. null. [project Project]
[ERROR   ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule WLRemoteDisableNullLoginModule, User Identity {wl_directUpdateRealm=null, wl_authenticityRealm=null, Project=(name:1, loginModule:ProjectLoginModule), wl_remoteDisableRealm=null, SampleAppRealm=null, wl_antiXSRFRealm=null, wl_deviceAutoProvisioningRealm=null, WorklightConsole=null, wl_deviceNoProvisioningRealm=null, myserver=(name:1, loginModule:ProjectLoginModule), wl_anonymousUserRealm=null}. [project Project] [project Project]

It seems like setting the user identity with WL.Server.setActiveUser doesn't help. I also experienced this if I did WL.Server.getUserIdentity right afterwards, it would return undefined; not sure if this is supposed to be so.

I have to set the second-in-chain adapter security test to wl_unprotected in order for it to work.

How should I go about this?

Worklight version 6.2.0.00-20140922-2259.

UPDATE

I now see this only relates to the login procedure. After user identity has been set, the second adapter gets called with normal adapter security test without problems.

So the question should probably read: how do I set up user identity in the login procedure, so that a call to the second adapter succeeds? As I said, after WL.Server.setActiveUser, a call to WL.Server.getUserIdentity returns undefined.

1
ibm-mobilefirstworklight-adaptersworklight-serverworklight-security

1 Answers

2
votes

You should call WL.Server.getActiveUser("yourRealm") instead. As far as the invocation for the adapter is concerned, I downloaded the Adapter-based authentication in hybrid applications project from the IBM developerWorks page and made the following changes.

submitAuthentication method for SingleStepAuthAdapter now looks like this:

function submitAuthentication(username, password){
    if (username==="worklight" && password === "worklight"){

        var userIdentity = {
                userId: username,
                displayName: username, 
                attributes: {
                    foo: "bar"
                }
        };

        WL.Server.setActiveUser("SingleStepAuthRealm", userIdentity);

        var invocationData = {
                adapter : "CustomAdapter",
                procedure: "getTheCoolStuff",
                parameters: [username]
        };

        var response = WL.Server.invokeProcedure(invocationData);


        var iden = WL.Server.getActiveUser("SingleStepAuthRealm");

        return { 
            authRequired: false,
            myResponse: response,
            myIden: iden
        };


    }

    return onAuthRequired(null, "Invalid login credentials");
}

I also created a new adapter "CustomAdapter" with and added the following line

<procedure name="getTheCoolStuff" securityTest="SingleStepAuthAdapter-securityTest"/>

I hope that helps