问题
I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter.
We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a secure cookie (http only) containing the authenticated information and attach it to the response returned from the sign-on adapter. The cookie should also be included in the header for subsequent Adapter made from the application call to the server.
Regards,
Tom.
回答1:
I would suggest trying to create a custom Worklight authenticator that communicates with your backend. Documentation for a custom authenticator can be found here:
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_04_Custom_Authenticator_and_Login_Module.pdf
To answer your question, here is how I would approach it without using a custom authenticator:
- Make the adapter call to authenticate from the client
function authenticate(username, password){
var invocationData = { adapter : 'authenticationAdapter', procedure : 'authenticate', parameters : [username, password] }; WL.Client.invokeProcedure(invocationData, { onSuccess : authSuccess, onFailure : authFailure });}
- Get the cookie from the response on the client side and save it (I suggest saving using JSONStore which can also encrypt the saved cookie)
function authSuccess(response){ console.log("Auth Success"); var myCookie = response.invocationResult.responseHeaders.CookieName // Save cookie somehow }
- On subsequent adapter calls, send the cookie from the client along with each request
function adapterRequestForProtectedResource(){
var mySecureCookie = getMyCookieFromLocalStorage();
var invocationData = { adapter : 'protectedResourceAdapter', procedure : 'getResource', parameters : [mySecureCookie] }; WL.Client.invokeProcedure(invocationData, { onSuccess : success, onFailure : failure });}
On the adapter, set the cookie in the header
function getResource(secureCookie) {
// Secure cookie must be of the form: "CookieName=cookievalue" var input = { method : 'get', returnedContentType : 'json', path : "/resource", headers: {"Cookie": secureCookie} }; return WL.Server.invokeHttp(input);}
来源:https://stackoverflow.com/questions/17700910/attaching-cookie-to-worklight-adapter-response-header