再会,
我有一个移动应用程序并调用 mobileFirstPlatform,然后只转到我的后端服务。
我不确定我的理解是否正确,为了调用我的适配器资源@OAuthSecurity,我需要先通过 mfp 验证成功,然后才能访问该资源。
在我的 mobileFirst 控制台中,我已将其配置为我的 Scope-Elements Mapping 和 Mandatory Application Scope:
以下是我的前端代码的一部分login.component.ts:
ngOnInit() {
this.mfpAuthenticationService.initEventHandler();
this.initAuthHandle();
}
initAuthHandle() {
this.authSuccessEventSubscription = this.mfpAuthenticationService.authSuccessEvent.subscribe((loginResponse: any) => {
// do something after success login
});
this.authFailureEventSubscription = this.mfpAuthenticationService.authFailureEvent.subscribe((res: any) => {
console.log('authFailureEvent => ', res);
if (res.errorCode == WLErrorCodeConstant.ClientSideError.CHALLENGE_HANDLING_CANCELED && this.mfpAuthenticationService.isBiometricAuthenticated()) {
return;
} else {
this.handleLoginError(res);
this.loginForm.resetForm();
this.processLogin = false;
}
});
this.authChallengeEventSubscription = this.mfpAuthenticationService.authChallengeEvent.subscribe((res: any) => {
console.log('authChallengeEvent => ', res);
let redirectPath = this.sessionService.getSessionStorage(SessionName.REDIRECT_PATH);
if (redirectPath) {
console.log('biometric user login error => ', res);
this.login.password = null;
this.isLoginButtonClicked = false;
this.baseService.handleError(res, true);
} else {
this.handleLoginError(res);
}
this.loginForm.resetForm();
this.processLogin = false;
});
}
performLogin() {
this.mfpAuthenticationService.performLogin(this.login.username, this.loginRequest);
}
这是一些代码mfp.auth.service.ts:
initEventHandler() {
console.log("come mfp.auth.service.ts initEventhandler");
this.currentEventHandler = '';
this.userLoginChallengeHandler = null;
this.userLoginChallengeHandler = WL.Client.createSecurityCheckChallengeHandler('UserAuthentication');
this.userLoginChallengeHandler.securityCheckName = '';
this.userLoginChallengeHandler.handleSuccess = (loginSuccess) => {
console.log("handleSuccess");
this.isChallenged = false;
if (this.currentEventHandler != this.eventHandler.success) {
this.currentLoginGrantType = this.processLoginGrantType;
//alert("initEventHandler|loginSuccess=\n" + JSON.stringify(loginSuccess));
console.log("loginSuccess is " + JSON.stringify(loginSuccess));
this.mfpAuthResponse = {
id: loginSuccess.id,
accessToken: loginSuccess.user.attributes.access_token,
tokenType: loginSuccess.user.attributes.token_type,
expiresIn: loginSuccess.user.attributes.expires_in,
scope: loginSuccess.user.attributes.scope,
clientId: loginSuccess.user.attributes.client_id
};
}
this.currentEventHandler = this.eventHandler.success;
console.log("handler success, challenged is " + this.isChallenged);
};
this.userLoginChallengeHandler.handleFailure = (loginError) => {
console.log("handleFailure");
this.isChallenged = false;
if (this.currentEventHandler != this.eventHandler.failure) {
this.authFailureEvent.emit(loginError);
}
this.currentEventHandler = this.eventHandler.failure;
console.log("handleFailure, challenged is " + this.isChallenged);
};
this.userLoginChallengeHandler.handleChallenge = (challenge) => {
console.log("handleChallenge " + challenge);
this.isChallenged = true;
this.challengeResponseModel = challenge;
this.authChallengeEvent.emit(challenge);
this.currentEventHandler = this.eventHandler.challenge;
console.log("handleChallenge, challenged is " + this.isChallenged);
};
}
performLogin(username: string, loginRequest: RequestModel<LoginRequestModel>) {
console.log("come mfp.auth.service.ts performLogin");
let performed = false;
let authRequest = {
requestHeader: {
deviceId: this.sessionService.getDeviceId(),
channelTime: new Date().toString()
},
requestBody: loginRequest.requestBody
}
this.processLoginGrantType = loginRequest.requestBody.grant_type;
let authObj = {
'authorization': environment.authorization,
'authRequest': JSON.stringify(authRequest),
'authCode': this.service.getHashMAC(authRequest, this.sessionService.getHashKey()),
'authUser': username
};
console.log("mfp-performLogin|isChallenged1=" + this.isChallenged + "\nauthObj=\n" + JSON.stringify(authObj) + "\n\n");
if (this.isChallenged) {
console.log("mfp-performLogin|submitChallengeAnswer=");
this.userLoginChallengeHandler.submitChallengeAnswer(authObj);
} else {
console.log("mfp-performLogin|WLAuthorizationManager.login=");
WLAuthorizationManager.login(this.securityCheckName, authObj).then(
() => {
console.log("mfp-performLogin|WLAuthorizationManager.login.performed=" + performed + "\nmfpAuthResponse=\n" + JSON.stringify(this.mfpAuthResponse) + "\n\n");
if (!performed) {
this.ngZone.run(() => {
console.log("come emit authSuccessEvent");
this.authSuccessEvent.emit(this.mfpAuthResponse);
});
}
performed = true;
},
(err) => {
console.log("mfp-performLogin|WLAuthorizationManager.login.err=\n\n" + JSON.stringify(err) + "\n");
console.log('wllogin err => ', err);
this.authFailureEvent.emit(err);
}
);
}
}
正如你所看到的,从我的login.component.ts,我会先做ngOnInit(),在我输入密码并按下登录按钮后,它会调用该performLogin()方法,并继续调用到mfp.auth.servicet.ts performLogin()。
在mfp.auth.servicet.ts performLogin(), 中会调用到,WLAuthorizationManager.login(this.securityCheckName, authObj)因为this.isChallenged默认值为 false。
登录实际上是成功的,因为我能够获得这些oauth响应并能够进入我的应用程序,我的oauth响应如下:
登录成功,但是当我想点击访问具有的资源时@OAuthSecurity,我的应用程序将继续加载,并且日志中没有错误显示。那里的 mfp 有东西阻塞。
如果我删除 Scope-Element Mapping 和 Mandatory Application Scope,那么没有问题,请求可以成功。
因此,我怀疑我的配置有问题,或者我的代码逻辑有问题。非常感谢您的建议和帮助。我被困在这两个多星期了。
据我了解,对此有 2 部分身份验证,1 是使用 mfp 进行身份验证,另外 1 是使用我的后端服务进行身份验证UserAuthentication.java,我相信我UserAuthentication.java已经成功通过身份验证,也许我的身份验证部分与 mfp 有问题?
我怎么知道我已成功通过 mfp ya 进行身份验证?
基于这篇文章, http: //mobilefirstplatform.ibmcloud.com/tutorials/ru/foundation/8.0/authentication-and-security/credentials-validation/javascript/
我可以知道什么时候handleChallenge()会打电话吗?还有handleSuccess().
如果需要我提供更多信息,请告诉我。