For the security reason of my app.I have to prevent adapter access from the browser.And want to only access from mobile App.
Now when I invoke adapter from browser https://xxx.xx.xx/invoke?procedure=login&adapter=xxadapter¶meters=["user","paas"]
got below response.
/-secure- {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"i9k34qhnj7r25s8ab7v2m0sf3l"}}}/
You do not mention if you actually managed to get the correct response from the adapter call made in the browser. I'm guessing not.
You can protect the adapter with a security test that will trigger a challenge. If the issuer of the call was not the app itself that contains the logic to handle the challenge, the request done from the browser - which is unable to perform the challenge handling since it lacks the applicable logic (JS code) to do so, will fail.
