Question

我们已经使用LTPA令牌和数据电源实现了MobileFirst安全性。 Mobilefirst版本为7.0.0.00.20150729-1801。 DataPower 7.1.0.4。

用户身份验证和用户会话运行良好。

直接更新出现问题：更新警报出现在应用程序上，但在按下更新按钮后，会出现更多警报，并显示更新失败的错误消息。

Mobilefirst / Liberty日志文件中的错误是：

SESN0008E: a user authenticated as anonymous has attempted to access a session owned by ...

似乎LTPA令牌丢失了。 android app logcat是：

01-08 10:36:14.645: D/WL_DIRECT_UPDATE_MANAGER(17035): DirectUpdateManager.startUpdate.onDirectUpdateSuccess: {"totalSize":9833,"operation":"start"}
01-08 10:36:14.665: D/Dialog(17035):  checkMirrorLinkEnabled returns : false
01-08 10:36:14.665: D/WL_DIRECT_UPDATE_CHALLENGE_HANDLER(17035): defaultListener.onStart: totalSize=9833
01-08 10:36:14.665: D/Dialog(17035): showing allowed
01-08 10:36:14.675: D/ProgressBar(17035): setProgressDrawable drawableHeight = 0
01-08 10:36:14.685: D/com.worklight.androidgap.directupdate.WLDirectUpdateDownloader(17035): WLDirectUpdateDownloader.downloadZipFile in WLDirectUpdateDownloader.java:144 :: Starting fresh download since app was changed on the server since last download attempt
01-08 10:36:14.735: W/PluginManager(17035): THREAD WARNING: exec() call to WLDirectUpdatePlugin.showProgressDialog blocked the main thread for 71ms. Plugin should use CordovaInterface.getThreadPool().
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: left = 0
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: top = 0
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: right = 405
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: bottom = 30
01-08 10:36:14.795: D/ProgressBar(17035): updateDrawableBounds: mProgressDrawable.setBounds()
01-08 10:36:14.885: D/com.worklight.androidgap.directupdate.WLDirectUpdateDownloader(17035): WLDirectUpdateDownloader.downloadZipFile in WLDirectUpdateDownloader.java:151 :: The server returned file different than expected application update zip file
01-08 10:36:14.905: D/com.worklight.androidgap.directupdate.WLDirectUpdateDownloader(17035): WLDirectUpdateDownloader.downloadZipFile in WLDirectUpdateDownloader.java:152 :: Response Data: Error 500: com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: a user authenticated as anonymous has attempted to access a session owned by:WASLTPARealm/uid=xxxxx,cn=xxxx,cn=xxxx,ou=xxxxx,ou=xxxx,o=xxxx,c=xx.
01-08 10:36:14.915: D/WL_DIRECT_UPDATE_MANAGER(17035): DirectUpdateManager.startUpdate.onDirectUpdateSuccess: {"status":"FAILURE_UNKNOWN","operation":"finish"}
01-08 10:36:14.925: D/WL_DIRECT_UPDATE_CHALLENGE_HANDLER(17035): defaultListener.onFinish: status=FAILURE_UNKNOWN
01-08 10:36:14.935: D/WL_DIRECT_UPDATE_CHALLENGE_HANDLER(17035): defaultListener.onFinish: hideProgressDialog
01-08 10:36:14.935: D/Dialog(17035):  checkMirrorLinkEnabled returns : false
01-08 10:36:14.935: D/Dialog(17035): showing allowed

显然排除了DataPower，问题就消失了。如何解决？

我解决了在Liberty.xml上对server.xml文件中的httpSession属性invalidateOnUnauthorizedSessionRequestException设置为true的问题。

问候。

Answer 1

来自评论部分：

我写完问题后不久就解决了。我用解决方案编辑了我的问题。我解决了在Liberty.xml中将serverS文件中的httpSession属性invalidateOnUnauthorizedSessionRequestException设置为true的问题。

Mobilefirst直接更新LTPA身份验证数据功能和错误SESN0008E

1 个答案: