0

我为 mobilefirst java 适配器创建了一个简单的自定义登录模块。

身份验证-config.xml

<customSecurityTest name="DummyAdapter-securityTest" AccessTokenExpirationSec="15">
<test isInternalUserID="true" realm="CustomAuthenticatorRealm"/></customSecurityTest> 

<realm name="CustomAuthenticatorRealm" loginModule="CustomerLoginModule">           <className>com.mbanking.customauthenticator.CustomerAuthenticator</className>
</realm>

<loginModule name="CustomerLoginModule">            <className>com.mbanking.customauthenticator.CustomerLoginModule</className>
</loginModule>

在 application-descriptor.xml 中定义了以下内容

<userIdentityRealms>CustomAuthenticatorRealm</userIdentityRealms>

我在 IBM 教程中给出的 CustomerAuthenticator 和 CustomerLoginModule 中验证硬编码的用户名和密码。

    @Override
    public AuthenticationResult processRequest(HttpServletRequest request, HttpServletResponse response,
            boolean isAccessToProtectedResource) throws IOException, ServletException {
        if (request.getRequestURI() != null){

         String username = "Prabhu";
         String password = "polo11";

if (null != username && null != password && username.length() > 0 && password.length() > 0){
                authenticationData = new HashMap<String, Object>();
                authenticationData.put("username", username);
                authenticationData.put("password", password);
                return AuthenticationResult.createFrom(AuthenticationStatus.SUCCESS);
            } else {
                response.setContentType("application/json; charset=UTF-8");
                response.setHeader("Cache-Control", "no-cache, must-revalidate");
                response.getWriter().print("{\"authStatus\":\"required\", \"errorMessage\":\"Please enter username and password\"}");
                return AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
            }
        }

        if (!isAccessToProtectedResource){
            return AuthenticationResult.createFrom(AuthenticationStatus.REQUEST_NOT_RECOGNIZED);
        } 
        response.setContentType("application/json; charset=UTF-8");
        response.setHeader("Cache-Control", "no-cache, must-revalidate");
        response.getWriter().print("{\"authStatus\":\"required\"}");
        return AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
}

登录模块

@Override
    public boolean login(Map<String, Object> authenticationData) {
          USERNAME =(String) authenticationData.get("username");
          PASSWORD = (String) authenticationData.get("password");

          if ("Prabhu".equals(USERNAME) && "polo11".equals(PASSWORD)){
          return true;
          }else{
              throw new RuntimeException("Invalid credentials"); 
              } 
    }

Java 适配器代码

@GET
    @Path("/mobile")
    @Produces(MediaType.APPLICATION_JSON)
    @OAuthSecurity(scope="CustomAuthenticatorRealm")
    public JSONObject generate(){
        JSONObject responseValue = new JSONObject();
        responseValue.put("data", "Secret Data From Adpter");       
        return responseValue;   
    }

授权失败

[ERROR   ] FWLSE0059E: Login into realm 'CustomerLoginModule' failed. null. [project JIB]
java.lang.NullPointerException
[ERROR   ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule CustomerLoginModule, User Identity {wl_antiXSRFRealm=(name:lbgo1f8edsjvsjgfv8i9umdneb, loginModule:WLAntiXSRFLoginModule), wl_authenticityRealm=null, CustomAuthenticatorRealm=(name:Prabhu, loginModule:CustomerLoginModule), CustomRealm=null, wl_directUpdateRealm=null, wl_remoteDisableRealm=null, SampleAppRealm=null, myserver=(name:ac09d1e7-71a6-47da-bbb8-e6c2f48651f3, loginModule:WeakDummy), wl_deviceNoProvisioningRealm=null, wl_anonymousUserRealm=(name:ac09d1e7-71a6-47da-bbb8-e6c2f48651f3, loginModule:WeakDummy), wl_deviceAutoProvisioningRealm=null}. [project JIB] [project JIB]

当我尝试调试时,我得到了内部异常。

CLIENT_INTERACTION_REQUIRED{"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"lr0tsjecoeghhrf670oc8hu17v"}}}

有很多缓存,即使在重新启动后,移动优先服务器仍在获取旧值。

有人可以帮忙吗?它是一种单向授权,为什么在两者之间调用 wl_antiXSRFRealm,我没有得到任何与此相关的参考。

4

0 回答 0