我是Android平台的新手。
我开始为Android编写MobileFirstPlatform 8应用程序,我需要针对反向代理对应用程序进行身份验证。我开始关注博客https://mobilefirstplatform.ibmcloud.com/blog/2016/06/17/datapower-integration/
在执行Android应用程序时,当应用程序尝试到达“/ mfp / api / adapters / ResourceAdapter / balance”时,Android应用程序在MFP服务器返回“403 Forbidden”后崩溃。
我检查了DataPower Cordova应用程序的行为,发现它正常工作。
然而,在Android应用中,应用程序在上面的第2步之后崩溃了。所以它永远不会发出请求(第3步)。
崩溃的堆栈跟踪:
09-08 02:13:28.376 3914-3945/com.sample.datapowerandroid E/com.worklight.common.Logger$UncaughtExceptionHandler: Logger$UncaughtExceptionHandler.uncaughtException in Logger.java:444 :: Uncaught Exception
java.lang.Error: Multiple values for 'WWW-Authenticate' header were detected
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:1328)
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:365)
at com.worklight.wlclient.api.WLResourceRequest.handleOnSuccess(WLResourceRequest.java:687)
at com.worklight.wlclient.api.WLResourceRequest.access$100(WLResourceRequest.java:65)
at com.worklight.wlclient.api.WLResourceRequest$1.onResponse(WLResourceRequest.java:596)
at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:177)
at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
AND
09-08 02:13:28.378 3914-4041/com.sample.datapowerandroid E/AndroidRuntime: FATAL EXCEPTION: OkHttp Dispatcher
Process: com.sample.datapowerandroid, PID: 3914
java.lang.Error: Multiple values for 'WWW-Authenticate' header were detected
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:1328)
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:365)
at com.worklight.wlclient.api.WLResourceRequest.handleOnSuccess(WLResourceRequest.java:687)
at com.worklight.wlclient.api.WLResourceRequest.access$100(WLResourceRequest.java:65)
at com.worklight.wlclient.api.WLResourceRequest$1.onResponse(WLResourceRequest.java:596)
at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:177)
at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
感谢/问候
普拉纳布
编辑1: 使用的反向代理:IBM Security Access Manager。 代理当前配置为允许流量在应用程序和MFP服务器之间无缝流动。
仅更改应用以在正确的URL处向代理提交表单回复。对默认应用程序的唯一其他更改是我已更改为15的minSdkVersion(不确定是否相关)。
该应用指向反向代理,而不是MFP。但是在您查询之后,我直接对MFP服务器进行了测试。当直接指向没有ISAM的MFP服务器时,我看到了不同的行为。应用程序正在抛出“缺少安全检查的质询处理程序”消息而不是应用程序崩溃。
我已经重新确认了MFP服务器上的资源设置,并且它们配置为调用LtpaBasedSSO安全检查,并且应用程序配置为处理来自MFP的挑战。如果我检查MFP服务器和应用程序之间的数据(通过WireShark),我可以看到正在调用的正确安全检查。但由于某种原因,Android应用程序要么barfs(当ISAM介于其间)或抛出错误消息。
编辑2:
public void submitLogin(String userName, String password){
HashMap<String, String> params = new HashMap<String, String>();
params.put("UserName", userName);
params.put("Password", password);
submitLoginForm("../../../../../../../pkmslogin.form", params, null, 0, "post");
}
编辑3: 阅读完评论后,我再次开始查看应用程序代码,并意识到ISAM表单根本不会被应用程序抛出。我修改了ISAM配置以隐藏ISAM后面的服务器资源(之前它被短路通过)。
现在,当应用程序请求服务器资源(/ balance)时,ISAM会抛出登录表单。
该应用程序继续执行它所需要的MFP服务器(auth,获取令牌等),然后再次请求服务器资源。
服务器资源位于ISAM(尚未通过身份验证)后面,再次抛出登录表单。
canHandleChallenge()正确识别页面并返回true,但挑战处理程序不会被踢入。
注意:ISAM登录表单的HTTP状态为200(如果重要)。
在更改了ISAM配置之后,我也测试了DataPower for Cordova应用程序,它也进入了无限循环。
@Override
public boolean canHandleResponse(WLResponse wlResponse) {
Log.d(TAG,"canHandleResponse");
if (wlResponse == null
|| wlResponse.getResponseText() == null ||
!wlResponse.getResponseText().contains("/pkmslogin.form")) {
Log.d(TAG, "Wrong Challenge");
return false;
}
Log.d(TAG, "Right Challenge");
return true;
}
编辑4: 在您发布问题后,我继续将所有MFP URL放在网关后面。我使用Cordova应用程序测试了配置,它运行正常。
Datapower Android应用程序现在正确显示登录表单。在登录信用卡和ISAM验证用户之后,正确获取302重定向。应用程序尝试再次访问该资源,这导致403 Forbidden(类似于Cordova应用程序),然后应用程序崩溃。
堆栈跟踪
09-12 01:31:24.732 26815-26923/com.sample.datapowerandroid E/AndroidRuntime: FATAL EXCEPTION: OkHttp Dispatcher
Process: com.sample.datapowerandroid, PID: 26815
java.lang.Error: Multiple values for 'WWW-Authenticate' header were detected
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:1328)
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:365)
at com.worklight.wlclient.api.WLResourceRequest.handleOnSuccess(WLResourceRequest.java:687)
at com.worklight.wlclient.api.WLResourceRequest.access$100(WLResourceRequest.java:65)
at com.worklight.wlclient.api.WLResourceRequest$1.onResponse(WLResourceRequest.java:596)
at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:177)
at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
和
09-12 01:31:24.732 26815-26846/com.sample.datapowerandroid E/com.worklight.common.Logger$UncaughtExceptionHandler: Logger$UncaughtExceptionHandler.uncaughtException in Logger.java:444 :: Uncaught Exception
java.lang.Error: Multiple values for 'WWW-Authenticate' header were detected
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:1328)
at com.worklight.wlclient.auth.WLAuthorizationManagerInternal.getAuthorizationScope(WLAuthorizationManagerInternal.java:365)
at com.worklight.wlclient.api.WLResourceRequest.handleOnSuccess(WLResourceRequest.java:687)
at com.worklight.wlclient.api.WLResourceRequest.access$100(WLResourceRequest.java:65)
at com.worklight.wlclient.api.WLResourceRequest$1.onResponse(WLResourceRequest.java:596)
at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:177)
at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
编辑5
HTTP/1.1 403 Forbidden
content-length: 0
date: Mon, 12 Sep 2016 04:51:56 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
www-authenticate: Bearer error="insufficient_scope"
www-authenticate: scope="accessRestricted"
x-powered-by: Servlet/3.1
答案 0 :(得分:1)
MobileFirst服务器仅发送1个具有相同WWW-Authenticate的标头。
MobileFirst Android SDK仅知道如何处理单个WWW-Authenticate标头。
我怀疑您的网关正在将值分解为多个标头。理想情况下,您应修复网关以防止此行为。
如果无法执行,请打开支持请求,询问是否可以修改MFP SDK以接受2中断的此标头。