We have an HTTP adapter with a couple of secure procedures declared as follows:
<wl:adapter name="PushAdapter" ...
.
.
<procedure name="submitNotification" securityTest="AdapterSecurityTest"/>
<procedure name="submitNotificationMass" securityTest="AdapterSecurityTest"/>
Security test is performed using adapter based authentication as below:
<securityTests>
<mobileSecurityTest name="AdapterSecurityTest">
<testUser realm="MyRealm"/>
<testDeviceId provisioningType="none"/>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="MyRealm" loginModule="NonValidatingLoginModule">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function">AuthenticationAdapter.onAuthRequired</parameter>
<parameter name="logout-function">AuthenticationAdapter.onLogout</parameter>
</realm>
</realms>
We need to be able to invoke the adapter procedures in HTTP using the adapter invocation service. Using the invocation service, the invocation URL should be as below:
http://<server>:<port>/<Context>/invoke?adapter=PushAdapter&procedure=submitNotification¶meters=[userId, notification text to be sent]
The invocation works as expected when the procedure security test is set to 'wl_unprotected'. But if the security test is used, the invocation returns the below response:
/*-secure-{"WL-Authentication-Failure":{"wl_remoteDisableRealm":{"reason":"Login Failed"}}}*/
The question is, how can we authenticate using the invocation service? We tried setting the authorization HTTP header with now luck.
Thank you
I have followed the procedure's to implement with the help Adapter based Authentication from Worklight 6.2 Samples.
Step 1: Add the following value's in header, based your environment actuals
x-wl-app-details:{"applicationDetails":{"platformVersion":"6.2.0.00.20140613-0730","nativeVersion":""}}
x-wl-app-version:1.0
Request: http://x.x.x.x:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/init
Response:
/*-secure- {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"gi1cqaqd3p89763l1amoklsq3u"}}}*/
Step 2:
Add the WL-Instance-Id: gi1cqaqd3p89763l1amoklsq3u in the header which was the part of previous response
Request:
http://xx.xx.xx.xx:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/query?adapter=SingleStepAuthAdapter&procedure=submitAuthentication¶meters=['worklight','worklight']
Response:
/*-secure-
{"isSuccessful":true,"WL-Authentication-Success":{"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"},"wl_antiXSRFRealm":{"userId":"j136h3aus2v1vlbjr860mmossc","attributes":{},"isUserAuthenticated":1,"displayName":"j136h3aus2v1vlbjr860mmossc"},"wl_anonymousUserRealm":{"userId":"747809a4-3574-4958-a55a-f084b2c9f02c","attributes":{},"isUserAuthenticated":1,"displayName":"747809a4-3574-4958-a55a-f084b2c9f02c"}},"authRequired":false}*/
Step 3:
Add Authorization header and the value from previous response
"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"}
Request: http://xx.xx.xx.xx:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/query?adapter=SingleStepAuthAdapter&procedure=getSecretData
Response:
/*-secure-
{"isSuccessful":true,"secretData":"A very very very very secret data"}*/
To know more about this process follow this IBM Community Blog.
I believe this what you are looking for.