我为 mobilefirst java 适配器创建了一个简单的自定义登录模块。
身份验证-config.xml
<customSecurityTest name="DummyAdapter-securityTest" AccessTokenExpirationSec="15">
<test isInternalUserID="true" realm="CustomAuthenticatorRealm"/></customSecurityTest>
<realm name="CustomAuthenticatorRealm" loginModule="CustomerLoginModule"> <className>com.mbanking.customauthenticator.CustomerAuthenticator</className>
</realm>
<loginModule name="CustomerLoginModule"> <className>com.mbanking.customauthenticator.CustomerLoginModule</className>
</loginModule>
在 application-descriptor.xml 中定义了以下内容
<userIdentityRealms>CustomAuthenticatorRealm</userIdentityRealms>
我在 IBM 教程中给出的 CustomerAuthenticator 和 CustomerLoginModule 中验证硬编码的用户名和密码。
@Override
public AuthenticationResult processRequest(HttpServletRequest request, HttpServletResponse response,
boolean isAccessToProtectedResource) throws IOException, ServletException {
if (request.getRequestURI() != null){
String username = "Prabhu";
String password = "polo11";
if (null != username && null != password && username.length() > 0 && password.length() > 0){
authenticationData = new HashMap<String, Object>();
authenticationData.put("username", username);
authenticationData.put("password", password);
return AuthenticationResult.createFrom(AuthenticationStatus.SUCCESS);
} else {
response.setContentType("application/json; charset=UTF-8");
response.setHeader("Cache-Control", "no-cache, must-revalidate");
response.getWriter().print("{\"authStatus\":\"required\", \"errorMessage\":\"Please enter username and password\"}");
return AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
}
}
if (!isAccessToProtectedResource){
return AuthenticationResult.createFrom(AuthenticationStatus.REQUEST_NOT_RECOGNIZED);
}
response.setContentType("application/json; charset=UTF-8");
response.setHeader("Cache-Control", "no-cache, must-revalidate");
response.getWriter().print("{\"authStatus\":\"required\"}");
return AuthenticationResult.createFrom(AuthenticationStatus.CLIENT_INTERACTION_REQUIRED);
}
登录模块
@Override
public boolean login(Map<String, Object> authenticationData) {
USERNAME =(String) authenticationData.get("username");
PASSWORD = (String) authenticationData.get("password");
if ("Prabhu".equals(USERNAME) && "polo11".equals(PASSWORD)){
return true;
}else{
throw new RuntimeException("Invalid credentials");
}
}
Java 适配器代码
@GET
@Path("/mobile")
@Produces(MediaType.APPLICATION_JSON)
@OAuthSecurity(scope="CustomAuthenticatorRealm")
public JSONObject generate(){
JSONObject responseValue = new JSONObject();
responseValue.put("data", "Secret Data From Adpter");
return responseValue;
}
授权失败
[ERROR ] FWLSE0059E: Login into realm 'CustomerLoginModule' failed. null. [project JIB]
java.lang.NullPointerException
[ERROR ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule CustomerLoginModule, User Identity {wl_antiXSRFRealm=(name:lbgo1f8edsjvsjgfv8i9umdneb, loginModule:WLAntiXSRFLoginModule), wl_authenticityRealm=null, CustomAuthenticatorRealm=(name:Prabhu, loginModule:CustomerLoginModule), CustomRealm=null, wl_directUpdateRealm=null, wl_remoteDisableRealm=null, SampleAppRealm=null, myserver=(name:ac09d1e7-71a6-47da-bbb8-e6c2f48651f3, loginModule:WeakDummy), wl_deviceNoProvisioningRealm=null, wl_anonymousUserRealm=(name:ac09d1e7-71a6-47da-bbb8-e6c2f48651f3, loginModule:WeakDummy), wl_deviceAutoProvisioningRealm=null}. [project JIB] [project JIB]
当我尝试调试时,我得到了内部异常。
CLIENT_INTERACTION_REQUIRED{"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"lr0tsjecoeghhrf670oc8hu17v"}}}
有很多缓存,即使在重新启动后,移动优先服务器仍在获取旧值。
有人可以帮忙吗?它是一种单向授权,为什么在两者之间调用 wl_antiXSRFRealm,我没有得到任何与此相关的参考。