Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
353 views
in Technique[技术] by (71.8m points)

ibm mobilefirst - Attaching cookie to WorkLight Adapter response header

I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter.

We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a secure cookie (http only) containing the authenticated information and attach it to the response returned from the sign-on adapter. The cookie should also be included in the header for subsequent Adapter made from the application call to the server.

Regards,

 Tom.
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I would suggest trying to create a custom Worklight authenticator that communicates with your backend. Documentation for a custom authenticator can be found here:

http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_04_Custom_Authenticator_and_Login_Module.pdf

To answer your question, here is how I would approach it without using a custom authenticator:

  • Make the adapter call to authenticate from the client

function authenticate(username, password){

  var invocationData = {
          adapter : 'authenticationAdapter',
          procedure : 'authenticate',
          parameters : [username, password]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : authSuccess,
      onFailure : authFailure
  });     

}

  • Get the cookie from the response on the client side and save it (I suggest saving using JSONStore which can also encrypt the saved cookie)
function authSuccess(response){
    console.log("Auth Success");
    var myCookie = response.invocationResult.responseHeaders.CookieName

    // Save cookie somehow
}
  • On subsequent adapter calls, send the cookie from the client along with each request

function adapterRequestForProtectedResource(){

var mySecureCookie = getMyCookieFromLocalStorage();

  var invocationData = {
          adapter : 'protectedResourceAdapter',
          procedure : 'getResource',
          parameters : [mySecureCookie]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : success,
      onFailure : failure
  });     

}

  • On the adapter, set the cookie in the header

    function getResource(secureCookie) {

    // Secure cookie must be of the form:  "CookieName=cookievalue"
    
    var input = {
        method : 'get',
        returnedContentType : 'json',
        path : "/resource",
        headers: {"Cookie": secureCookie}
    };
    
    return WL.Server.invokeHttp(input);
    

    }


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...