Worklight adapter end session -
i'm using adapter-based authentication. client obtains credentials, adapter validates 1 time again enterprise service, result i'm in enterpriserealm.
later, http adapters, protected realm go fetch info other enterprise services, providing credentials obtained when original authentication occurred.
one possible outcome enterprise service may observe user's session no longer valid - 1 possible scenario user has had privileges revoked - , hence http adapter "knows" user no longer should treated authenticated in enterpriserealm, future calls http adapters should require reauthentication.
i looking way on server side "logout" or otherwise notify worklight session invalid. best can see far send particular error response client , have client code phone call wl.client.logout(). i'm uneasy requires clients of http adapter methods correctly handle error condition. there improve alternative?
similarly way set active user after successful authentication can utilize wl.server.setactiveuser("your-realm", null) api. destroy stored useridentity stored on wl server. 1 time - next incoming requests authentication challenge.
worklight worklight-security
No comments:
Post a Comment