我正在使用azure移动服务创建一个android应用。我有一个始终运行的服务(带有startForeground()),并且正在监视某些用户活动。该服务有时需要查询存储在azure云中的azure数据库调用API,方法是:
mClient.invokeApi("APIname", null, "GET", parameters);
//mClient is the MobileServiceClient instance
最初,用户使用LoginActivity登录,一切正常。一段时间(通常为1小时)后,客户端的令牌已过期,我收到了如下异常消息:
IDX10223: Lifetime validation failed. The token is expired.
经过一些搜索后,我找到了在此处刷新令牌的解决方案:
https://github.com/Microsoft/azure-docs/blob/master/includes/mobile-android-authenticate-app-refresh-token.md
如果活动仍然存在,则代码有效,如果过期,则刷新令牌成功。但是,如果该活动被销毁,它将无法正常工作。因此,我决定通过以下方式将ApplicationContext传递给客户端:
mClient.setContext(activity.getApplicationContext());
但现在我收到ClassCastException,因为客户端尝试将上下文转换为Activity。以下是一些有趣的异常行:
java.lang.ClassCastException: android.app.Application cannot be cast to android.app.Activity
at com.microsoft.windowsazure.mobileservices.authentication.LoginManager.showLoginUI(LoginManager.java:349)
at com.microsoft.windowsazure.mobileservices.authentication.LoginManager.authenticate(LoginManager.java:161)
at com.microsoft.windowsazure.mobileservices.MobileServiceClient.login(MobileServiceClient.java:371)
at com.microsoft.windowsazure.mobileservices.MobileServiceClient.login(MobileServiceClient.java:356)
at com.microsoft.windowsazure.mobileservices.MobileServiceClient.login(MobileServiceClient.java:309)
那么,如何在没有活动的情况下从服务刷新令牌?还是有其他方法可以使客户端始终保持身份验证?
编辑
我尝试在此处粘贴一些代码,以期使我使用身份验证令牌的方式更清晰。我有一个用于管理身份验证的LoginManager。这里是该类的一些有意义的代码:
public boolean loadUserTokenCache(Context context)
{
init(context); //update context
SharedPreferences prefs = context.getSharedPreferences(SHARED_PREF_FILE, Context.MODE_PRIVATE);
String userId = prefs.getString(USERID_PREF, null);
if (userId == null)
return false;
String token = prefs.getString(LOGIN_TOKEN_PREF, null);
if (token == null)
return false;
MobileServiceUser user = new MobileServiceUser(userId);
user.setAuthenticationToken(token);
mClient.setCurrentUser(user);
return true;
}
过滤器为:
private class RefreshTokenCacheFilter implements ServiceFilter {
AtomicBoolean mAtomicAuthenticatingFlag = new AtomicBoolean();
//--------------------http://stackoverflow.com/questions/7860384/android-how-to-runonuithread-in-other-class
private final Handler handler;
public RefreshTokenCacheFilter(Context context){
handler = new Handler(context.getMainLooper());
}
private void runOnUiThread(Runnable r) {
handler.post(r);
}
//--------------------
@Override
public ListenableFuture<ServiceFilterResponse> handleRequest(
final ServiceFilterRequest request,
final NextServiceFilterCallback nextServiceFilterCallback
)
{
// In this example, if authentication is already in progress we block the request
// until authentication is complete to avoid unnecessary authentications as
// a result of HTTP status code 401.
// If authentication was detected, add the token to the request.
waitAndUpdateRequestToken(request);
Log.d(Constants.TAG, logClassIdentifier+"REFRESH_TOKEN_CACHE_FILTER is Sending the request down the filter chain for 401 responses");
Log.d(Constants.TAG, logClassIdentifier+mClient.getContext().toString());
// Send the request down the filter chain
// retrying up to 5 times on 401 response codes.
ListenableFuture<ServiceFilterResponse> future = null;
ServiceFilterResponse response = null;
int responseCode = 401;
for (int i = 0; (i < 5 ) && (responseCode == 401); i++)
{
future = nextServiceFilterCallback.onNext(request);
try {
response = future.get();
responseCode = response.getStatus().code;
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
if (e.getCause().getClass() == MobileServiceException.class)
{
MobileServiceException mEx = (MobileServiceException) e.getCause();
responseCode = mEx.getResponse().getStatus().code;
if (responseCode == 401)
{
// Two simultaneous requests from independent threads could get HTTP status 401.
// Protecting against that right here so multiple authentication requests are
// not setup to run on the UI thread.
// We only want to authenticate once. Requests should just wait and retry
// with the new token.
if (mAtomicAuthenticatingFlag.compareAndSet(false, true))
{
// Authenticate on UI thread
runOnUiThread(new Runnable() {
@Override
public void run() {
// Force a token refresh during authentication.
SharedPreferences pref = context.getSharedPreferences(Constants.SHARED_PREF_FILE, Context.MODE_PRIVATE);
MobileServiceAuthenticationProvider provider = Utilities.getProviderFromName(pref.getString(Constants.LAST_PROVIDER_PREF, null));
authenticate(context, provider, true);
}
});
}
// Wait for authentication to complete then update the token in the request.
waitAndUpdateRequestToken(request);
mAtomicAuthenticatingFlag.set(false);
}
}
}
}
return future;
}
}
authenticate方法(我修改了一些小东西来正确显示对话框和主要活动,但其工作方式应与Microsoft的原始代码相同):
/**
* Returns true if mClient is not null;
* A standard sign-in requires the client to contact both the identity
* provider and the back-end Azure service every time the app starts.
* This method is inefficient, and you can have usage-related issues if
* many customers try to start your app simultaneously. A better approach is
* to cache the authorization token returned by the Azure service, and try
* to use this first before using a provider-based sign-in.
* This authenticate method uses a token cache.
*
* Authenticates with the desired login provider. Also caches the token.
*
* If a local token cache is detected, the token cache is used instead of an actual
* login unless bRefresh is set to true forcing a refresh.
*
* @param bRefreshCache
* Indicates whether to force a token refresh.
*/
public boolean authenticate(final Context context, MobileServiceAuthenticationProvider provider, final boolean bRefreshCache) {
if (mClient== null)
return false;
final ProgressDialog pd = null;//Utilities.createAndShowProgressDialog(context, "Logging in", "Log in");
bAuthenticating = true;
// First try to load a token cache if one exists.
if (!bRefreshCache && loadUserTokenCache(context)) {
Log.d(Constants.TAG, logClassIdentifier+"User cached token loaded successfully");
// Other threads may be blocked waiting to be notified when
// authentication is complete.
synchronized(mAuthenticationLock)
{
bAuthenticating = false;
mAuthenticationLock.notifyAll();
}
QueryManager.getUser(context, mClient, mClient.getCurrentUser().getUserId(), pd);
return true;
}else{
Log.d(Constants.TAG, logClassIdentifier+"No cached token found or bRefreshCache");
}
// If we failed to load a token cache, login and create a token cache
init(context);//update context for client
ListenableFuture<MobileServiceUser> mLogin = mClient.login(provider);
Futures.addCallback(mLogin, new FutureCallback<MobileServiceUser>() {
@Override
public void onFailure(Throwable exc) {
String msg = exc.getMessage();
if ( msg.equals("User Canceled"))
return;
if ( pd!= null && pd.isShowing())
pd.dismiss();
createAndShowDialog(context, msg, "Error");
synchronized(mAuthenticationLock)
{
bAuthenticating = false;
mAuthenticationLock.notifyAll();
}
}
@Override
public void onSuccess(MobileServiceUser user) {
cacheUserToken(context, mClient.getCurrentUser());
if(!bRefreshCache)//otherwise main activity is launched even from other activity (like shop activity)
QueryManager.getUser(context, mClient, mClient.getCurrentUser().getUserId(), pd);//loads user's info and shows MainActivity
else if ( pd!= null && pd.isShowing())
pd.dismiss();
synchronized(mAuthenticationLock)
{
bAuthenticating = false;
mAuthenticationLock.notifyAll();
}
ClientUtility.UserId = mClient.getCurrentUser().getUserId();
}
});
return true;
}
最佳答案
我认为API应该有一种刷新令牌而不显示活动的方法(据我所知,仅用于插入凭据才需要;但令牌刷新不需要凭据)。我正在考虑的另一个解决方案是切换到其他云服务提供商,放弃使用Microsoft Azure :(
关于android - 在没有Android Activity 的情况下刷新服务中的Azure用户 token ,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/42315175/