IBM Worklight 6.0 - 如果客户端注销，则具有基本身份验证的适配器不会更新auth标头 [英] IBM Worklight 6.0 - Adapter with basic auth doesn't update auth header if client logs out/in

问题描述

我有一个使用基于适配器的身份验证的Worklight v6.0应用程序。

I have a Worklight v6.0 application using adapter-based authentication.

适配器是使用Basic Auth调用后端REST服务的HTTP适配器。

The adapter is an HTTP adapter that calls a backend REST service using Basic Auth.

适配器和后端服务之间没有会话或cookie。在我的适配器描述符中，我已将cookiePolicy设置为IGNORE_COOKIES。从适配器到后端的每个请求都使用该请求的基本auth头进行身份验证。

There is no session or cookies between the adapter and the backend service. In my Adapter descriptor, I have set the cookiePolicy to IGNORE_COOKIES. Each request from the adapter to the backend is authenticated with the basic auth header on that request.

每个适配器的过程都将connectAs设置为：endUser。

Each of the adapter's procedures has connectAs set to: endUser.

<?xml version="1.0" encoding="UTF-8"?>
<wl:adapter name="MyAdapter" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wl="http://www.worklight.com/integration" xmlns:http="http://www.worklight.com/integration/http">

<displayName>MyAdapter</displayName>
<description>MyAdapter</description>
<connectivity>
    <connectionPolicy xsi:type="http:HTTPConnectionPolicyType" cookiePolicy="IGNORE_COOKIES">
        <protocol>http</protocol>
        <domain>localhost</domain>
        <port>9080</port>
        <!-- Following properties used by adapter's key manager for choosing            
        <authentication>
            <basic />
        </authentication>
    </connectionPolicy>
    <loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>

<procedure name="submitAuthentication"></procedure>

<procedure connectAs="endUser" name="getCurrentUser"
    securityTest="MyAdapter-securityTest" />
</wl:adapter>

这一切都很棒。移动应用程序调用适配器上的安全过程，这会触发身份验证，身份验证成功完成，重新调用该过程，并且我可以在网络跟踪上看到正确的基本身份验证标头正在从适配器调用到后端。如果移动应用程序在已经过身份验证时进行适配器调用，则适配器只使用正确的Basic Auth标头调用后面的en。如果多个移动应用程序同时连接并以不同用户身份登录，则适配器会为调用它的用户使用正确的Basic Auth标头。

This all works great. The mobile app calls a secured procedure on the adapter, this triggers authentication, authentication completes successfully, the procedure gets re-invoked, and I can see on the network trace that the correct basic auth header is getting put on the call from the adapter to the backend. If the mobile app makes an adapter call when it is already authenticated, the adapter just makes the call to the back en with the correct Basic Auth header. If multiple mobile apps are connected at the same time and logged in as different users, the adapter uses the correct Basic Auth header for the user that called it.

唯一的事情不起作用的是移动应用程序调用适配器，作为user1进行身份验证，从后端获取user1的正确结果，调用WL.Client.logout（），再次调用适配器，并作为用户2进行身份验证这次。

The only thing that doesn't work is when a mobile app call to the adapter, authenticates as user1, gets the correct result from the backend for user1, calls WL.Client.logout(), makes another call to the adapter, and authenticates as user 2 this time.

在适配器过程中，我调用WL.Server.getActiveUser（）来验证活动用户，果然用户是正确的（user2）。但是当呼叫进入后端时，Worklight添加的Basic Auth Header具有user1的凭据，因此移动应用程序获得了错误的结果。

In the adapter procedure, I call WL.Server.getActiveUser() to verify the active user, and sure enough, the user is correct (user2). But when the call goes out to the backend, the Basic Auth Header that Worklight adds has the credentials for user1, and so the mobile app gets the wrong results.

如果我退出并重新加注应用程序，一切都很好，我可以直接作为用户2进行身份验证，并获得user2的正确结果。唯一的问题是当我在移动应用程序和Worklight Server之间的单个会话中以不同的用户身份注销/重新登录时。

If I exit and re-star the app, all is well and I can authenticate directly as user 2 and get the correct results for user2. The only case that is a problem is when I log out/log back in as a different user in a single session between the mobile app and the Worklight Server.

这是使用Worklight适配器使用基本身份验证的已知限制？当我退出时，有什么方法可以强制移动客户端和Worklight Server之间的连接重置？ （没有重新启动应用程序）

Is this a known limitation of using basic auth with Worklight adapters? Is there any way for me to force the connection between the mobile client and the Worklight Server to reset when I log out? (short of restarting the app)

推荐答案

既然你说实际退出并重新打开应用程序会为你修复此问题，那么您可以在注销后立即使用 WL.Client.reloadApp（），以便在登录-logout-login时保持应用流程。看看它是否有帮助。

Since you say that "physically" quitting and reopening the app fixes this for you, then you can use WL.Client.reloadApp() right after the logout so to keep the app flow in case of login-logout-login. See if it helps.

这篇关于IBM Worklight 6.0 - 如果客户端注销，则具有基本身份验证的适配器不会更新auth标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！