worklight-security

问题 We are developing a hybrid application on Worklight, and we need to implement the app authenticity. We are using Worklight Enterprise edition 6.2.0.1 with IBM app centre. However, We are seeing the following error on the server log when we launch the app on Android (iOs the same too, but will provide Android log). [1/19/15 15:25:05:388 EST] 00000254 WLNewAuthenti E com.worklight.core.auth.ext.appauth.WLNewAuthenticityScheme isInvalidAndroidParams FWLSE0260E: Missing or empty packageName for

问题 I get the following error when I log in the second time in my login screen. [ERROR ] FWLSE0099E: An error occurred while invoking procedure [project Klappr]KlapprAuthAdapter/submitAuthenticationFWLSE0100E: parameters: [project Klappr]{ "arr": [ "dGVzdDp0ZXN0" ] } Cannot change identity of an already logged in user in realm 'KlapprAuthRealm'. The application must logout first. FWLSE0101E: Caused by: [project Klappr]null com.worklight.common.log.filters.ErrorFilter In submitauthentication (in

问题 I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter. We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a

问题 I am developing a mobile app using WorkLight 5.0.6 and I would like to attach a secure cookie to the response returned by an adapter. We are not using a WorkLight Authentication realm because we do not wish to "bind" the session to a specific WL server in a clustered production environment. We authenticate the session by calling a sign-on adapter which authenticates the user details against a back end system. As part of the response from the sign-on adapter call I would like to create a

问题 Worklight 5.0.6.1 We are having a specific requirement from our client about using a PCI Appliance from Intel (http://info.intel.com/rs/intel/images/Intel_Expressway_Tokenization_Broker.pdf) to avoid a PCI Audit for the application and server. Therefore, the Adapter calls that have something to do with payment data would need to go through this hardware appliance before hitting the worklight server. All other adapter calls should go to the worklight server directly (to not overload the

问题 Client code attempts to invoke adapter. This triggers authentication to the appropriate realm. It is possible that the user does not have suitable credentials and eventually wants to stop trying. I can provide a "Give Up" button, and we can use the challegeHandler to tell Worklight to stop the authentication effort like this: this.challengeHandler.submitFailure(); This works to the extent that the login attempt terminates, but it seems that code calling the adapter gets no callback and hence

问题 I'm using Worklight adapters to fetch data from a webservice. From client side I'm doing WL.Client.invokeProcedure Server side has respective code. Issue is this client to server adapter communication is via plain text and can easily be sniffed. Though my url is HTTPS but is of no use. Please help, I'm sure there should be a way in IBM worklight to make a secure application. Thanks 回答1: AFAIK worklight is providing only two options for security between your mobile app and wroklight server. As

问题 We have a iOS and Android Hybrid App Environment in which we have App Authenticity successfully running (drop down available to control the feature) using: <mobileSecurityTest name="app"> <testAppAuthenticity/> <testUser realm="wl_anonymousUserRealm"/> <testDeviceId provisioningType="none" /> </mobileSecurityTest> We added a "iOS Native API" project to our Worklight project that we use for our native iOS client development in XCode 5. We are successfully able to connect to the WL server and

问题 I tried to follow the tutorial at this url, the tutorial is so straight forward but I just couldn't get the correct outcome. below is my authenticationConfig.xml <securityTests> <customSecurityTest name="custom-mobilesecurityTest"> <test realm="wl_antiXSRFRealm" step="1"/> <test realm="wl_authenticityRealm" step="2"/> <test realm="HeaderAuthRealm" isInternalUserID="true" step="3"/> </customSecurityTest> </securityTests> But the App Authentication appeared in console is always "Access Disabled

问题 Worklight 6.1, testing in WL Studio on a Mac. As a follow-up to this question concerning doing background work in a Worklight Server, the accepted answer to which is to use an Event Source. WL.Server.createEventSource( { name: "housekeepingEventSource", poll: { interval: 5, onPoll: workToBeDone }, securityTest: "eventTest" } ); The issue concerns which security test to use. Whatever I try I get this error: Adapter deployment failed: Wrapped java.lang.ClassCastException: org.mozilla.javascript