0

I am currently working on a Worklight 6.0 POC using the Header Authentication authentication/login module. When attempting to access a protected adapter in the app I receive the following error in the console:

403 (Forbidden)
TypeError: Object # has no method 'handleFailure' I receive this error when testing the web version of the app via the console in chrome.

I also get a similar error when testing on the iPhone version of the app. exception. TypeError: 'undefined' is not a function (evaluating 'handler.handleFailure(wlFailure[realm])')

Looking through the wlclient.js file within the AbstractChallengeHandler class/function I am not seeing a function definition for handleFailure which explains the above error. I assume there should be a definition for handleFailure or are there more configurations that are need for protecting an adapter resource using Header Authentication?

My reason for asking this question, is that I am trying to test my logic in the client side "ChallengeHandler" piece that I have created, and I am trying to understand why I am not able to see this type of error/response via the normal client side challenger.isCustomResponse/challenger.handleChallenge communication.

Code/configuration is below

Any advice/input is appreciated

authenticationConfig.xml

<securityTests>
    <webSecurityTest name="WebSecurityTest">
        <testUser realm="HeaderAuthRealm"/>
            </webSecurityTest>
            <mobileSecurityTest name="MobileTest">
        <testUser realm="HeaderAuthRealm"/>
        <testDeviceId provisioningType="none"/>
    </mobileSecurityTest>
    <customSecurityTest name="HeaderAuth-securityTest">
                <test realm="HeaderAuthRealm" isInternalUserID="true" />
            </customSecurityTest>       

</securityTests> 
<realms>
    <realm name="HeaderAuthRealm" loginModule="HeaderLoginModule">
        <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
    </realm>
</realms>
<loginModules>
    <loginModule name="HeaderLoginModule">
        <className>com.worklight.core.auth.ext.HeaderLoginModule</className>
        <parameter name="user-name-header" value="HeaderAuth_USER"/>
    </loginModule>
</loginModules>

HeaderAuthRealmChallenger.js

    var HeaderAuthRealmChallenger = WL.Client.createChallengeHandler("HeaderAuthRealm");

    HeaderAuthRealmChallenger.isCustomResponse = function(response) {
      if (response.responseJSON.isSuccessful) {
          WL.Logger.info('AUTHENTICATION SUCCESS =).......');
          return false;
      }else{
          return true;
      }
    };

    HeaderAuthRealmChallenger.handleChallenge = function(response){
        WL.Logger.info('AUTHENTICATION FAILED =(.......');
        $('#login').css('display','block');
    };
Idan Adar
  • 44,156
  • 13
  • 50
  • 89
Gersty
  • 5
  • 1
  • I think you're supposed to implement the handleFailure... – Idan Adar Apr 02 '14 at 11:53
  • Thank you for the response. Can you point out where in the worklight 6.0 documentation this is explicitly explained. – Gersty Apr 02 '14 at 14:35
  • @Gersty - I'm suspecting that the error you're getting is not coming from the challenge handler code, but from the client code that is invoking the adapter. For example, in the WL.client.invokeProcedure() call, you may have specified an onFailure handler of 'handleFailure', but not implemented that function. – billdodd Apr 02 '14 at 15:19

1 Answers1

1

Documentation is currently missing on this and should be updated shortly.

I think that the authenticator you are using does not support regular ChallengeHandler, rather it uses WLChallengeHandler.

Here is a preview of the documentation on this:

WL.Client.createWLChallengeHandler() API

This method creates a challenge handler object to handle challenges that are sent by the Worklight Server. A WLChallenge handler works only with an authentication realm that is based on the Worklight authentication protocol, that is, for which the server side authenticator instance extends one of the Worklight provided Authenticators, such as WorklightProtocolAuthenticator or UsernamePasswordAuthenticator, or directly implements the WorklightAuthenticator interface.

There must be only one challenge handler per realm. To comply with the Worklight authentication protocol, the challenge that the realm receives must be a JSON object.

Parameters realmName – The realm name that represents the challenge, in the authenticationConfig.xml configuration file. Use this name to identify the realm that requires authentication.

When you create a WLChallengeHandler, you must implement the following methods:

  • handleChallenge() - This method is called when the Worklight Server returns a challenge for the realm.
  • processSuccess() - This method is called when the Worklight Server reports an authentication success.
  • handleFailure() - This method is called when the Worklight Server reports an authentication failure.
Nathan H
  • 48,033
  • 60
  • 165
  • 247