I'm using the adapter based authentication for protecting resources as well as managing the entire authentication logic (credentials validation).
If the user/password validation passed successfully, the WL.Server.setActiveUser
method is called to create an authenticated session for the Realm, with user data stored in a userIdentity object.
The user/password validation process returns OK/Fail and also a cookie if the validation passed. And this cookie should be sent on the following adapter calls, so I'm adding it into the userIdentity data object as well.
My idea was to store it within the userIdentity object, since it can be retrieved on the others adapters (var userIdentity = WL.Server.getActiveUser();
) for adding the cookie value into the adapter's request header and it works properly!
What's the problem? The adapter response can contain a new value for this cookie, so I should update the userIdentity object for replacing the cookie's old value by the new value. Nevertheless, the userIdentity object is immutable so it always contains the original cookie the login process got.
Is there a way for updating the userIdentity object? Otherwise, how can I manage a mutable table for saving and updating a cookie linked to each user session in order to send it on the adapter request to the Backend?
Is there a better way to manage this backend cookie required on each user adapter request?
Many thanks! Sergi
PS: There is a question that tries to solve this but the possible answer is not valid to me (IBM MobileFirst Platform Foundation 6.3: Can we edit the custom attributes of User Identity Object [MobileFirst Session]): I have tried the following code for updating the userIdentity:
var newUserIdentity = {
userId: userIdentity.userId,
attributes: {
cookies: newValue
}
};
WL.Server.setActiveUser(realm, null);
WL.Server.setActiveUser(realm, newUserIdentity);
But when it's retrieved from another adapter (var userIdentity = WL.Server.getActiveUser()
), it contains the original value!
You could remove the userIdentity (WL.Server.setActiveUser("realm", null);
), and then set a new active user object.
If you can depend on HTTP Sessions (single server or sticky sessions), you can access the session object and store whatever you want. (WL.Server.getClientRequest().getSession()
)
If you do not want to use HTTP sessions, you can use an external storage mechanism such as SQL or Cloudant to store that information. You can use the Client-ID as the identifier (see example https://ibm.biz/BdXUHt).