ibm mobilefirst - Protecting Java Adapter -
we making java adapter, , want protect customauthenticator , customloginmodule.
we started sample project got from: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/custom-authenticator-login-module/custom-authenticator-login-module-hybrid-applications/
we added simple java adapter.
then, in client code, modified getsecretdata()
function in main.js calls /adapters/javaadapter/users instead of original /adapters/dummyadapter/getsecretdata.
finally, added @oauthsecurity(scope="customauthenticatorrealm")
annotation adapter's hello()
function.
but clicking "call protected adapter proc" button returns data hello()
without authentication.
what should authentication works java adapter calls?
it means client (browser? emulator? device?) still has valid session id server, time tested javascript adapter.
i've tried scenario , experienced same thing. able correct behavior clearing cookies (for ios emulator, resetting emulator).
it expected behavior until log out. logout feature not working correctly java adapters in 7.0.
Comments
Post a Comment