Pages

Sunday, 10 August 2014

Accessing REST Service secured with Basic Authentication in ADF Mobile

Usecase:
This usecase talks about how a REST service secured with basic authentication can be accessed in ADF Mobile. For this demo, I have used a REST service which returns employee information, and the service itself has been secured with basic authentication.

Pre-requisites:
JDeveloper 11.1.2.4.0

Steps:
At the service end
Create a REST Service and secure it with basic authentication. Deploy the service to integrated weblogic server and note down the target URL.
Configure ADF Security:
To configure security in ADF Mobile, first create an ADF app and secure it with basic authentication.
1)   Create a new ADF Fusion application.
2)   Create a jspx page in the ViewController project. Go to the menu item: Application -> Secure -> Configure ADF Security. Select ADF Authentication. Keep the defaults and select ‘Redirect upon successful authentication’ and click ‘Generate default’. Finish the wizard. Deploy the app or run the page in the integrated server and note down the URL.These are the same steps as my previous post.

Mobile app configuration:
1)   Create a new ADF Mobile application.
2)   In the ApplicationController, invoke the Web Service Data control wizard. Create the connection by specifying authentication type as Basic and supplying the username/password/realm details. Supply the resource URL and after the method configurations, finish the wizard to create the DC.

3)   Next, go to adfmf-application.xml under Application Resources -> Descriptors -> ADF META-INF. Go to the Security tab and add a new Application Login Server. In the dialog for 'Edit ADF Mobile Login Connection', provide the Login URL and Logout URL as the URL generated in step 2. Remember to use IP address instead of localhost. Also, add a cookie 'JSESSIONID'. Test Connection to ensure the connection is fine. Also, check the checkbox 'Include login server cookie in REST calls'. This will ensure that the JSESSIONID cookie value flows through to the REST service. Close the wizard.
    

4)   To ensure that the basic auth credentials entered in the login page flow through to the REST service call, there is one last step required.
      Go to connections.xml file present under Application Resources -> Descriptors -> ADF META-INF. Look for the adfCredentialStoreKey attribute set for the login window. Set the adfCredentialStoreKey attribute for the service's reference tag with the same value, either manually or through the PI, as shown. 
     


5)   Design the amx pages by D&D an operation of the secure service from DC palette to the page. Deploy the app. The user must be prompted for login credentials on feature load. After the credentials are entered, user should be able to view responses from the secure service without the need to enter credentials again.
      Some snapshots from my app are shown below. Both features are secure in my case, with 'Welcome' being the default one. On app load, user is prompted for credentials. Entering valid  credentials takes the user to the Welcome page. If he then tries to access BasicAuthREST feature,  he is not prompted for credentials again, although the data in this page comes from a secure REST  service.
     


No comments:

Post a Comment