Protecting Java Adapter

1
votes

We are making Java adapter, and want to protect by CustomAuthenticator and CustomLoginModule.

We started from sample project got from: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/custom-authenticator-login-module/custom-authenticator-login-module-hybrid-applications/

We then added simple Java Adapter.

Then, in the client code, we modified getSecretData() function in main.js so that it calls /adapters/JavaAdapter/users instead of original /adapters/DummyAdapter/getSecretData.

Finally, We added the @OAuthSecurity(scope="CustomAuthenticatorRealm") annotation to the adapter's hello() function.

But clicking "call protected adapter proc" button successfully returns the data from hello() without authentication.

What should we do so that authentication works for Java adapter calls?

1
ibm-mobilefirstmobilefirst-adapters

1 Answers

2
votes

It means that your client (Browser? Emulator? Device?) Still has a valid session id with your server, from the time you tested with the javascript adapter.

I've tried your scenario and experienced the same thing. However I was able to get the correct behavior by clearing the cookies (for the ios emulator, by resetting the emulator).

It is expected behavior until you log out. The logout feature is not working correctly with Java Adapters in 7.0.