问题描述
美好的一天,
我有一个移动应用程序并调用 mobileFirstPlatform,然后只转到我的后端服务。
我不确定我的理解是否正确,为了使用 @OAuthSecurity 调用我的适配器资源,我需要先使用 mfp 验证成功,然后才能访问该资源。
在我的 mobileFirst 控制台中,我已将其配置为我的 Scope-Elements Mapping 和 Mandatory Application Scope:
以下是我在 login.component.ts 中的前端代码的一部分:
ngOnInit() {
this.mfpAuthenticationService.initEventHandler();
this.initAuthHandle();
}
initAuthHandle() {
this.authSuccessEventSubscription = this.mfpAuthenticationService.authSuccessEvent.subscribe((loginResponse: any) => {
// do something after success login
});
this.authFailureEventSubscription = this.mfpAuthenticationService.authFailureEvent.subscribe((res: any) => {
console.log('authFailureEvent => ',res);
if (res.errorCode == WLErrorCodeConstant.ClientSideError.CHALLENGE_HANDLING_CANCELED && this.mfpAuthenticationService.isBiometricAuthenticated()) {
return;
} else {
this.handleLoginError(res);
this.loginForm.resetForm();
this.processLogin = false;
}
});
this.authChallengeEventSubscription = this.mfpAuthenticationService.authChallengeEvent.subscribe((res: any) => {
console.log('authChallengeEvent => ',res);
let redirectPath = this.sessionService.getSessionStorage(SessionName.REDIRECT_PATH);
if (redirectPath) {
console.log('biometric user login error => ',res);
this.login.password = null;
this.isLoginButtonClicked = false;
this.baseService.handleError(res,true);
} else {
this.handleLoginError(res);
}
this.loginForm.resetForm();
this.processLogin = false;
});
}
performLogin() {
this.mfpAuthenticationService.performLogin(this.login.username,this.loginRequest);
}
initEventHandler() {
console.log("come mfp.auth.service.ts initEventhandler");
this.currentEventHandler = '';
this.userLoginChallengeHandler = null;
this.userLoginChallengeHandler = WL.Client.createSecurityCheckChallengeHandler('UserAuthentication');
this.userLoginChallengeHandler.securityCheckName = '';
this.userLoginChallengeHandler.handleSuccess = (loginSuccess) => {
console.log("handleSuccess");
this.isChallenged = false;
if (this.currentEventHandler != this.eventHandler.success) {
this.currentLoginGrantType = this.processLoginGrantType;
//alert("initEventHandler|loginSuccess=\n" + JSON.stringify(loginSuccess));
console.log("loginSuccess is " + JSON.stringify(loginSuccess));
this.mfpAuthResponse = {
id: loginSuccess.id,accesstoken: loginSuccess.user.attributes.access_token,tokenType: loginSuccess.user.attributes.token_type,expiresIn: loginSuccess.user.attributes.expires_in,scope: loginSuccess.user.attributes.scope,clientId: loginSuccess.user.attributes.client_id
};
}
this.currentEventHandler = this.eventHandler.success;
console.log("handler success,challenged is " + this.isChallenged);
};
this.userLoginChallengeHandler.handleFailure = (loginError) => {
console.log("handleFailure");
this.isChallenged = false;
if (this.currentEventHandler != this.eventHandler.failure) {
this.authFailureEvent.emit(loginError);
}
this.currentEventHandler = this.eventHandler.failure;
console.log("handleFailure,challenged is " + this.isChallenged);
};
this.userLoginChallengeHandler.handleChallenge = (challenge) => {
console.log("handleChallenge " + challenge);
this.isChallenged = true;
this.challengeResponseModel = challenge;
this.authChallengeEvent.emit(challenge);
this.currentEventHandler = this.eventHandler.challenge;
console.log("handleChallenge,challenged is " + this.isChallenged);
};
}
performLogin(username: string,loginRequest: RequestModel<LoginRequestModel>) {
console.log("come mfp.auth.service.ts performLogin");
let performed = false;
let authRequest = {
requestHeader: {
deviceid: this.sessionService.getdeviceid(),channelTime: new Date().toString()
},requestBody: loginRequest.requestBody
}
this.processLoginGrantType = loginRequest.requestBody.grant_type;
let authObj = {
'authorization': environment.authorization,'authRequest': JSON.stringify(authRequest),'authCode': this.service.getHashMAC(authRequest,this.sessionService.getHashKey()),'authUser': username
};
console.log("mfp-performLogin|isChallenged1=" + this.isChallenged + "\nauthObj=\n" + JSON.stringify(authObj) + "\n\n");
if (this.isChallenged) {
console.log("mfp-performLogin|submitChallengeAnswer=");
this.userLoginChallengeHandler.submitChallengeAnswer(authObj);
} else {
console.log("mfp-performLogin|WLAuthorizationManager.login=");
WLAuthorizationManager.login(this.securityCheckName,authObj).then(
() => {
console.log("mfp-performLogin|WLAuthorizationManager.login.performed=" + performed + "\nmfpAuthResponse=\n" + JSON.stringify(this.mfpAuthResponse) + "\n\n");
if (!performed) {
this.ngzone.run(() => {
console.log("come emit authSuccessEvent");
this.authSuccessEvent.emit(this.mfpAuthResponse);
});
}
performed = true;
},(err) => {
console.log("mfp-performLogin|WLAuthorizationManager.login.err=\n\n" + JSON.stringify(err) + "\n");
console.log('wllogin err => ',err);
this.authFailureEvent.emit(err);
}
);
}
}
如你所见,从我的 login.component.ts 中,我会先做 ngOnInit(),在我输入密码并按下登录按钮后,它会调用 performLogin() 方法,并且继续呼叫mfp.auth.servicet.ts performLogin()。
在 mfp.auth.servicet.ts performLogin() 中,将调用 WLAuthorizationManager.login(this.securityCheckName,authObj),因为默认情况下 this.isChallenged 值为 false。
登录实际上是成功的,因为我能够得到那些 oauth 响应并能够进入我的应用程序,我的 oauth 响应如下:
登录成功,但是当我想点击访问具有@OAuthSecurity的资源时,我的应用程序将继续加载,并且日志中没有显示错误。那里的 mfp 中有些东西阻塞了。
如果我删除了 Scope-Element Mapping 和 Mandatory Application Scope,那么没问题,请求可以成功。
因此,我怀疑我的配置有问题,或者我的代码逻辑有问题。非常感谢您的建议和帮助。我被困在这里超过 2 周。
据我所知,这有 2 部分身份验证,1 部分是使用 mfp 进行身份验证,另外 1 部分是使用我的后端服务进行身份验证,即 UserAuthentication.java,我相信我的 UserAuthentication.java 已经身份验证成功,也许我的 mfp 身份验证部分有问题?
我怎么知道我已成功通过 mfp 进行身份验证?
基于本文,http://mobilefirstplatform.ibmcloud.com/tutorials/ru/foundation/8.0/authentication-and-security/credentials-validation/javascript/
我可以知道什么时候会调用 handleChallenge() 吗?还有 handleSuccess()。
如果需要我提供更多信息,请告诉我。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)