问题
Have a multipage form that allows users to register a card through our worklight mobilewebapp.
There is no authentication for this as it is just a web based form that uses adapters to get the information back to the servers and continue through the process. Apparently this is bad and the clients are sharing the same session if they start the process at the same time. Basically, if two or more devices begin the enrollment process at the same time, the last one that started will cross-polinate that data to the other client and will get the data and information from the previous client.
I have been told to add connectAs="endUser" to each procedure call but this requires authentication which we are not using. Does anyone have a simple procedure that can be added at the start of the session to ensure each session is unique and this problem will not happen?
回答1:
create a security test with one single user auth realm - wl_anonymousUserRealm, e.g.
<customSecurityTest name="forAdapterProcedures">
<test realm="wl_anonymousUserRealm" isInternalUserId="true"/>
</customSecurityTest>
Use this security test to protect your adapter procedure and define them as connectAs="endUser"
来源:https://stackoverflow.com/questions/18639017/add-dummy-authentication-to-ibm-worklight-to-create-new-sessions