将cookie附加到WorkLight Adapter响应头 [英] Attaching cookie to WorkLight Adapter response header

问题描述

我正在使用WorkLight 5.0.6开发移动应用程序，我想在适配器返回的响应中附加安全cookie。

I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter.

我们没有使用WorkLight身份验证领域，因为我们不希望将会话绑定到群集生产环境中的特定WL服务器。我们通过调用登录适配器来验证会话，该适配器根据后端系统验证用户详细信息。作为来自登录适配器调用的响应的一部分，我想创建一个包含经过身份验证的信息的安全cookie（仅限http），并将其附加到从登录适配器返回的响应中。 cookie也应该包含在从应用程序调用服务器的后续适配器的标题中。

We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a secure cookie (http only) containing the authenticated information and attach it to the response returned from the sign-on adapter. The cookie should also be included in the header for subsequent Adapter made from the application call to the server.

问候，

 Tom.

推荐答案

我建议尝试创建一个自定义的Worklight身份验证器与您的后端通信。可以在此处找到自定义验证器的文档：

I would suggest trying to create a custom Worklight authenticator that communicates with your backend. Documentation for a custom authenticator can be found here:

http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_04_Custom_Authenticator_and_Login_Module.pdf

要回答您的问题，我将在不使用自定义身份验证器的情况下接触它：

To answer your question, here is how I would approach it without using a custom authenticator:

• 使适配器调用从客户端进行身份验证

function authenticate（username，password）{

function authenticate(username, password){

  var invocationData = {
          adapter : 'authenticationAdapter',
          procedure : 'authenticate',
          parameters : [username, password]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : authSuccess,
      onFailure : authFailure
  });     

}

• 从客户端的响应中获取cookie并保存（我建议使用JSONStore保存，也可以加密保存的cookie）






function authSuccess(response){
    console.log("Auth Success");
    var myCookie = response.invocationResult.responseHeaders.CookieName

    // Save cookie somehow
}










• 在后续的适配器调用中，从客户端发送cookie以及每个请求






function adapterRequestForProtectedResource（）{

function adapterRequestForProtectedResource(){

var mySecureCookie = getMyCookieFromLocalStorage（）;

var mySecureCookie = getMyCookieFromLocalStorage();

  var invocationData = {
          adapter : 'protectedResourceAdapter',
          procedure : 'getResource',
          parameters : [mySecureCookie]
  };

  WL.Client.invokeProcedure(invocationData, {
      onSuccess : success,
      onFailure : failure
  });     

}








• 在适配器上，在标题中设置cookie

  • On the adapter, set the cookie in the header

    函数getResource（secureCookie）{

    function getResource(secureCookie) {

    // Secure cookie must be of the form:  "CookieName=cookievalue"
    
    var input = {
        method : 'get',
        returnedContentType : 'json',
        path : "/resource",
        headers: {"Cookie": secureCookie}
    };
    
    return WL.Server.invokeHttp(input);
    

    }

    这篇关于将cookie附加到WorkLight Adapter响应头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！