UserAdapterResource

UserAdapterResource

关注
发信
关注(28)粉丝(399)

使用自定义身份验证器保护Java适配器的Mobilefirst 7.0失败

本文介绍了使用自定义身份验证器保护Java适配器的Mobilefirst 7.0失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我遵循并使用了 Java SQL适配器.

我想在验证后获取用户列表.

I want to get the user list after authenticated.

我配置authenticationConfig.xml文件

<realms>
    <realm loginModule="CustomLoginModule" name="CustomAuthenticatorRealm">
        <className>com.mypackage.MyCustomAuthenticator</className>
    </realm>
</realms>

<loginModules>
    <loginModule name="CustomLoginModule">
        <className>com.mypackage.MyCustomLoginModule</className>
    </loginModule>
</loginModules>

我正在配置Java适配器UserAdapterResource.java文件

My configuring the Java adapter, UserAdapterResource.java file

@GET
@Produces("application/json")
@OAuthSecurity(scope="CustomAuthenticatorRealm")
public Response getAllUsers() throws SQLException{
    JSONArray results = new JSONArray();
    Connection con = ds.getConnection();
    PreparedStatement getAllUsers = con.prepareStatement("SELECT * FROM users");
    ResultSet data = getAllUsers.executeQuery();

    while(data.next()){
        JSONObject item = new JSONObject();
        item.put("userId", data.getString("userId"));
        item.put("firstName", data.getString("firstName"));
        item.put("lastName", data.getString("lastName"));
        item.put("password", data.getString("password"));

        results.add(item);
    }

    getAllUsers.close();
    con.close();

    return Response.ok(results).build();
}

但是当我在客户端调用上面的过程时,它仍然返回没有身份验证要求的响应,同时它必须显示一个登录模块

But when I invoke the procedure above on client-side, it still return a response without authentication require, while it have to show a login module

推荐答案

在您的代码中,您只有针对CustomAuthenticatorRealm领域的质询处理程序.为什么不更新适配器并使用相同的域来保护它,而不要使用myRealm.

From your code you only have a challenge handler for the CustomAuthenticatorRealm realm. Why not updated your adapter and protect it with that same realm instead of using myRealm.

更新了UserAdapterResource.java骨架

@Path("/")
public class UserAdapterResource {
    // ...

    @POST
    @OAuthSecurity(scope="CustomAuthenticatorRealm")
    public Response createUser(@FormParam("userId") String userId,
                                @FormParam("firstName") String firstName,
                                @FormParam("lastName") String lastName,
                                @FormParam("password") String password)
                                        throws SQLException{
        // ...
    }

    @GET
    @Produces("application/json")
    @Path("/{userId}")
    public Response getUser(@PathParam("userId") String userId) throws SQLException{
        // ...
    }

    @GET
    @Produces("application/json")
    @OAuthSecurity(scope="CustomAuthenticatorRealm")
    public Response getAllUsers() throws SQLException{
        // ...
    }

    // it's a good practice to protect this operation
    @PUT
    @Path("/{userId}")
    @OAuthSecurity(scope="CustomAuthenticatorRealm")
    public Response updateUser(@PathParam("userId") String userId,
                                @FormParam("firstName") String firstName,
                                @FormParam("lastName") String lastName,
                                @FormParam("password") String password)
                                        throws SQLException{
        // ...

    }

    // it's a good practice to protect this operation
    @DELETE
    @Path("/{userId}")
    @OAuthSecurity(scope="CustomAuthenticatorRealm")
    public Response deleteUser(@PathParam("userId") String userId) throws SQLException {
        // ...
    }

}

进行这些更改后,在启动应用程序时,它将显示登录表单以进行身份​​验证,然后再显示用户列表.

With these changes, when the application launches it will show the login form to authenticate before showing the list of users.

更新:

Java适配器保护正在使用OAuth,因此MobileFirst服务器发出用于身份验证的令牌.该令牌的有效期限是到期的.注销领域不会影响令牌.

The Java Adapter protection is using OAuth and so the MobileFirst server issues a token for authentication. This token has a lifespan with an expiration. Logging out of a realm doesn't affect the token.

根据您的需求实现此目的的一种方法是将令牌的TTL(生存时间)减少到大约10或15秒(或您想要的任何时间).您可以通过在authenticationConfig.xml中的登录模块中设置expirationInSeconds属性来实现.

One way to implement this based on your needs is to decrease the TTL (time to live) of your token to something like 10 or 15 seconds (or whatever you want). You can do this by setting the expirationInSeconds attribute in your login module inside authenticationConfig.xml.

authenticationConfig.xml 

    <!-- token will expire 10 seconds after being issued -->
    <loginModule name="CustomLoginModule" expirationInSeconds="10">
        <className>com.mypackage.MyCustomLoginModule</className>
    </loginModule>

如果自应用程序通过适配器调用或任何其他方法连接到服务器以来已过去10秒钟,则用户将需要重新认证.

If 10 seconds have passed since the app connected to the server via adapter invocation or any other method then the user will need to reauthenticate.

这篇关于使用自定义身份验证器保护Java适配器的Mobilefirst 7.0失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 13:11
Powered by LMLPHP ©2024 UserAdapterResource 0.046406