Deploying MobileFirst application on existing single-node WebSphere that has existing application

0
votes

Application Server

  • AIX V7.1
  • WebSphere
  • Application Server V8.5.5.4
  • Java SDK V7.0.8
  • MobileFirst Platform Foundation 6.3
  • DB2 V10.1 client

Database Server

  • AIX V7.1
  • DB2 V10.1

We have a MobileFirst application that is our mobile front-end to an existing application. The existing application is a WebSphere application that provides RESTful web services. The MobileFirst application interfaces with the existing WebSphere application via a MobileFirst Adapter. The RESTful web service URLs are protected URLs and authentication is done using LDAP and a LTPA token is created. The LDAP is configured in WebSphere via the WAS console.

Our MobileFirst application works fine and can connect to and use the RESTful web services but only if the MobileFirst application is running in a separate WebSphere profile or on a separate WebSphere server. If we attempt to install the MobileFirst application into the same WebSphere profile as our existing WebSphere application that provides the RESTful web services, it breaks. The Mobile device authenticates with MobileFirst successfully and then calls the Adapter to invoke the RESTful web service call. However, the next Adapter invocation from the mobile device ends with a HTTP 401 error, which is an authorization error.

I'm speculating that after the Adapter authenticates with our existing WebSphere application that provides the web services that somehow this is overwriting the authentication that was done between the mobile device and MobileFirst.

My questions are as follows.

  1. Can both the MobileFirst application and our existing WebSphere application that provides the RESTful web services run in the same WebSphere profile and share the LTPA token such that when the Mobile device authenticates with MobileFirst that it would also be authorized to execute the web servies running in the same WebSphere profile.

  2. Is it advisable to run both applications in the same WebSphere profile or should they be running separate profiles or on separate servers.

Cost is a concern as we do not necessarily want the additional operational cost of adding a physically separate server just to run MobileFirst.

From an operational perspective, it is additional work to add and maintain multiple WAS profiles.

Ideally, we would really like to run both applications in the same WebSphere profile.

Here is a Google Drive link (no signin required) to the trace.log, SystemOut.log, SystemErr.log, and firebug-console.html

MobileFirst Trace log

The MobileFirst application was run in a browser using "Preview as Common Resources". I get the same result when using an actual Android or iOS device. The MobileFirst application WAR was run in the same WAS profile as the web services WAR that it was accessing through the adapter. This same code works successfully when the MobileFirst application WAR is running in a separate WAS profile or on a separate WAS server.

Please advise.

1
ibm-mobilefirstmobilefirst-adaptersmobilefirst-server
James, please enable trace in the server and provide the resulting log file.Idan Adar
@IdanAdar, I provided a link to download the logs in the main post.James L. Chamberlain
James, can you supply wireshark logs of both when the web apps are separate (2 different servers) and when the two web apps are in the same server?Idan Adar

1 Answers

1
votes

I have resolve the issue myself. This was a codebase that my team had inherited from another team.

What was happening was the mobile device was initiating a connection to MobileFirst running on WebSphere which creates a JSESSIONID cookie and a LTPA2Token cookie. Then an adapter was being called that invoked a HTTP call to a web service running in the same WebSphere profile. Calling the web service created new JSESSIONID and LTPA2Token cookies. These new cookies were being returned to the mobile device and JavaScript code on the mobile device was taking those new cookie values and then overwriting document.cookies, which wiped out the original cookies. Then when the mobile device attempted to connect with MobileFirst on a subsequent call, it's session was invalid and ended up getting a HTTP 401 error, which is an authorization error. So we attribute this problem to a poor implementation of our application.