Ibm mobilefirst 在IBM Worklight中使用适配器调用服务调用安全适配器

我们有一个HTTP适配器，其中有几个安全过程，声明如下：

<wl:adapter name="PushAdapter" ...
  .
  .
<procedure name="submitNotification" securityTest="AdapterSecurityTest"/>
<procedure name="submitNotificationMass" securityTest="AdapterSecurityTest"/>

问题是，我们如何使用调用服务进行身份验证？我们尝试使用now luck设置授权HTTP头

---

谢谢您

我已经按照过程的说明从Worklight 6.2示例中实现了基于适配器的身份验证

步骤1： 根据您的环境实际值，在标题中添加以下值

 x-wl-app-details:{"applicationDetails":{"platformVersion":"6.2.0.00.20140613-0730","nativeVersion":""}}

 x-wl-app-version:1.0

请求：

http://x.x.x.x:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/init

答复：

/*-secure- {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"gi1cqaqd3p89763l1amoklsq3u"}}}*/

/*-secure-
{"isSuccessful":true,"WL-Authentication-Success":{"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"},"wl_antiXSRFRealm":{"userId":"j136h3aus2v1vlbjr860mmossc","attributes":{},"isUserAuthenticated":1,"displayName":"j136h3aus2v1vlbjr860mmossc"},"wl_anonymousUserRealm":{"userId":"747809a4-3574-4958-a55a-f084b2c9f02c","attributes":{},"isUserAuthenticated":1,"displayName":"747809a4-3574-4958-a55a-f084b2c9f02c"}},"authRequired":false}*/

 /*-secure-
{"isSuccessful":true,"secretData":"A very very very very secret data"}*/

步骤2：

在标题中添加WL实例Id:gi1cqaqd3p89763l1amoklsq3u，该标题是先前响应的一部分

"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"}

请求：

http://xx.xx.xx.xx:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/query?adapter=SingleStepAuthAdapter&procedure=submitAuthentication¶meters=['worklight'，'worklight']

答复：

/*-secure- {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"gi1cqaqd3p89763l1amoklsq3u"}}}*/

/*-secure-
{"isSuccessful":true,"WL-Authentication-Success":{"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"},"wl_antiXSRFRealm":{"userId":"j136h3aus2v1vlbjr860mmossc","attributes":{},"isUserAuthenticated":1,"displayName":"j136h3aus2v1vlbjr860mmossc"},"wl_anonymousUserRealm":{"userId":"747809a4-3574-4958-a55a-f084b2c9f02c","attributes":{},"isUserAuthenticated":1,"displayName":"747809a4-3574-4958-a55a-f084b2c9f02c"}},"authRequired":false}*/

 /*-secure-
{"isSuccessful":true,"secretData":"A very very very very secret data"}*/

步骤3：

添加授权标题和先前响应中的值

"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"}

请求：

http://xx.xx.xx.xx:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/query?adapter=SingleStepAuthAdapter&procedure=getSecretData

答复：

/*-secure- {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"gi1cqaqd3p89763l1amoklsq3u"}}}*/

/*-secure-
{"isSuccessful":true,"WL-Authentication-Success":{"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"},"wl_antiXSRFRealm":{"userId":"j136h3aus2v1vlbjr860mmossc","attributes":{},"isUserAuthenticated":1,"displayName":"j136h3aus2v1vlbjr860mmossc"},"wl_anonymousUserRealm":{"userId":"747809a4-3574-4958-a55a-f084b2c9f02c","attributes":{},"isUserAuthenticated":1,"displayName":"747809a4-3574-4958-a55a-f084b2c9f02c"}},"authRequired":false}*/

 /*-secure-
{"isSuccessful":true,"secretData":"A very very very very secret data"}*/

要了解有关此过程的更多信息，请遵循以下步骤

---

我相信这就是您要寻找的。

当您启用移动安全测试时，为什么要通过调用URL对适配器进行身份验证？我们有一个用例，我们希望后端系统通过使用适配器调用服务调用适配器过程来启动向应用程序用户发送推送通知，我们不希望发送通知的URL不安全且对任何人公开。谢谢：）我将对此进行测试，并让您知道它是如何运行的。