0

我最近将身份验证机制更改为 Data power LTPA 身份验证。它自己的身份验证工作正常,但是在登录后尝试访问第一个适配器时(我的请求包含一个 LTPA 令牌 Cookie),它失败并显示以下消息:“wl_antiXSRFRealm”:{“reason”:“登录失败”}

wl_antiXSRFRealm 在 /init 调用中返回一个 userId 我错过了什么吗?

环境详细信息:Worklight 6.0.0.2 在通用预览环境中运行。

认证配置:

<realm loginModule="WASLTPAModule" name="DataPowerRealm">

        <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
        <parameter name="login-page" value="/login.html" />
        <parameter name="error-page" value="/loginError.html" />
    </realm>

    <loginModule name="WASLTPAModule">
        <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
        <parameter name="httponly-cookie" value="true" />
        <parameter name="cookie-name" value="LtpaToken2" />
    </loginModule>


    <securityTests>
    <customSecurityTest name="ldapSecTest">
        <test realm="DataPowerRealm" step="1" />
        <test isInternalUserID="true" realm="LdapAdapterRealm" step="2" />
    </customSecurityTest>

    <customSecurityTest name="DataPowerAuth">
        <test realm="DataPowerRealm" step="1" isInternalUserID="true" />
    </customSecurityTest>


</securityTests>

更新:在服务器的响应下方

Remote Address:10.2.163.199:445
Request URL:http://10.2.163.199:445/worklight/apps/services/api/SmartServices/common/query
Request Method:POST
Status Code:403 Forbidden
Request Headersview source
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip,deflate
Accept-Language:en-US
Connection:keep-alive
Content-Length:197
Content-type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:LtpaToken2=uu9ac1LdsZ6afuLZ5Bzb8Eh29wGRa8SZ67Mp8oX5k+3Q5Vy3YkNpb69XeHDjkYRQRLFu2HQ9YMMfvNtPCyD67CvsUejRju5M2WH77YxQhMwWGxVGL6etLiQJm/1zILpyqiXBT9ubpjlLC5M2ogvklFmkboHxrEVhS2WYTcuBVmlQMyHNvWPYQ85GC+F70V/7MMvoyVCslD4nvYQgnEQl/NdKAVtb4HjUylIkUpYzERW9mvQe7DXM6uez7U2TM9Z6wIykTWL+flmzp48QM7RsTUW71F3DJ9+odoqdOfKOvv0/0/TAcx7k5p50FpItnRLSXAkckSoRAVgEm2BRzWq6RJwAjJhLQkz88dtPzJhrP2U=; WL_PERSISTENT_COOKIE=3ea0b226-fe49-4675-ac80-8c6f2d370f26; forms.MobileGateway_HTMLFormLoginAAA.session=8DDBA0B2B0722B28C41750077EBDE8E1265752C4PHNlc3Npb24tY29va2llPjxjb29raWUtbmFtZT5mb3Jtcy5Nb2JpbGVHYXRld2F5X0hUTUxGb3JtTG9naW5BQUEuc2Vzc2lvbjwvY29va2llLW5hbWU+PGNyZWF0ZWQ+MjAxNC0xMS0yMFQxMjo0NTo1OFo8L2NyZWF0ZWQ+PHJlZnJlc2hlZD4yMDE0LTExLTIwVDEyOjQ1OjU4WjwvcmVmcmVzaGVkPjxtaWdyYXRpb24vPjxrZXk+QkZGMjlCNjMyQ0E0NUEwRDQ3NEMwRjcxQkIzMDM3RUFEM0JFNDU5RTwva2V5Pjwvc2Vzc2lvbi1jb29raWU+; JSESSIONID=00000cRvoMiUcoF0mcO_CJv4M11:-1; testcookie=oreo; LtpaToken=me/P4T9tNq2EckeC/NxQsTedAT+ugUHGjtoPE4gMz2l9eaHlbIX44J2guaaTjfCJIjWBjaPX8jeQRMbSEQXk0qFrDzqT9NvJlEMEbz7qXq/zhbyE1oV5fA1f2gRJGbk+y3tILSf1fDvKtUrZVrXwhk9ARTi0vzAOIV9sVfDKMb++6ULhmwQLOumaQMrWWAyJP4Y44MzxK5o/xr4XaEwJQRaqj32np72Qws3zwkmqK1hAo2rjDRXb/WTvisFxA7IdMBrvHkjGTCtCyDUhd/nFXSKg1j17ylpz544wEGh2Y5UJTBEhjj5vr91FeCrPUTw6lbWzwXJk54Do8xD8vkggPqc24gzdZT9EUa+0vl213m6hl1LGdfj3aKbwS0BddeXhZ5sEB+DAJP5Vx0/w9nH2hbI/Vjo4zC0ZvZIfCK65rK0FthxKKOQC580Ta1+1LxXbOFoUwntDAE0odbw1IG4zx5DMCPuNzXB81nP0MZnLiBcQH9zU7Rp6EdIZ5UJoCnwSe54CxlRf3fIwk3VUZmCfeIE2eoUTCnTDvghAF3peG1fuNW6yE8v0X6fpkse3bamEnlNP/Exkjb+sdSK9xTWkPg1qcM43bYL0FNeSzlA8K71moxLcfounXaf47AhwoRrbdMYcx1KMUxjD/FDwmX2r6I/A4KrkwA2ay53P2AeQVbA=
Host:10.2.163.199:445
Origin:http://10.2.163.199:445
Referer:http://10.2.163.199:445/worklight/apps/services/preview/SmartServices/common/0/default/login.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36
WL-Instance-Id:hd5rku2a9ioc4f5m6oorc6frm0
X-Requested-With:XMLHttpRequest
x-wl-app-version:1.0
x-wl-platform-version:6.0.0
Form Dataview sourceview URL encoded
adapter:SecureDashBoardAdapter
procedure:autoLogin
parameters:["","",true]
__wl_deviceCtxVersion:-1
__wl_deviceCtxSession:78983441416487555728
isAjaxRequest:true
x:0.620181588223204
Response Headersview source
Cache-Control:no-cache, no-store, must-revalidate
Connection:Keep-Alive
Content-Language:en-US
Content-Type:application/json; charset=UTF-8
Date:Thu, 20 Nov 2014 12:51:53 GMT
Expires:Sat, 26 Jul 1997 05:00:00 GMT
P3P:policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Transfer-Encoding:chunked
X-Backside-Transport:FAIL FAIL
X-Client-IP:10.10.30.152
X-Powered-By:Servlet/3.0
4

2 回答 2

1

我已经打开了 PMR,我们知道了问题的原因。实际上,WL 线程和 Websphere 线程之间存在冲突,从而导致了这个问题。解决此问题的一种方法是对登录后调用的每个过程进行显式安全测试。否则,安装较新版本的 WL 将解决此问题。

于 2014-12-04T05:15:17.680 回答
0

从响应数据来看,您的 Worklight 服务器响应代码是 403,这是不正确的。如果 LTPAToken 不正确或 200 成功,此服务将响应 401。我猜您的 datapower 配置错误并设置了 HTTP 403。

Request URL:http://10.2.163.199:445/worklight/apps/services/api/SmartServices/common/query
Request Method:POST
**Status Code:403 Forbidden**

以下是您调试此错误的一些步骤。

1) 检查您的DataPower+Worklight 拓扑,确保DataPower 和Worklight 服务器使用相同的用户注册表,最好是LDAP 服务器。2)检查您的DataPower规则是否阻止Worklight的响应,Worklight服务器不应设置HTTP状态403 3)在Worklight服务器上运行wireshark工具以捕获HTTP网络流量,检查HTTP标头和响应标头是否正确 4)通过DataPower工具捕获DataPower上的网络流量(捕获数据也可以通过wireshark打开。)

于 2014-11-27T11:06:16.050 回答