Re-use pre 8.0 Javascript authentication adapters in MFP 8.0 authentication

One of the major changes introduced with IBM MobileFirst Platform Foundation v8.0 is the concept of SecurityChecks. A security check is a server-side entity that implements the security logic for protecting server-side application resources. In MFP 8.0, a security check can only be implemented as a Java adapter.

The problem

While a security check gives a developer lot of flexibility with what can be implemented, it may not be a happy story when migrating from an earlier version to 8.0. More so, when authentication was previously implemented entirely in Java script within an adapter ( adapter based authentication). Instead of porting and re-implementing all that Javascript logic in Java, have you wondered if there is a way to re-use.

What if there is a way..

Note: You still need to move your pre 8.0 Javascript adapter files (.xml and .js) into the new 8.0 Javascript adapter project. Pre 8.0 Javascript adapters cannot be deployed as-is. Refer Creating Adapters tutorial on how to create a new Javascript adapter

The solution

All MFP adapters (except Security Check adapters) are available as REST endpoints. Once the Javascript logic that did authentication in the previous versions has been deployed as a MFP 8.0 Javascript adapter, it can be invoked from within the security check as a REST endpoint. Based on the response from the Javascript adapter, the security check logic can determine if authentication can be considered complete.

The pre-requisites

  • The Javascript adapters from previous versions must be ported in as a MFP 8.0 Javascript adapter.

  • The Javascript adapter procedure, that will be invoked by the security check , must be marked unprotected

      <procedure name="<procedure name>" secured="false"/>
    
  • Any required code change (to API signatures) must be done prior to deploying the Javascript adapter.

The implementation

This is a sample implementation. It may need to be modified to suite your enterprise needs.

A working sample that has a Java SecurityCheck adapter invoking a Javascript adapter is available here.

Final thoughts

We have seen how authentication logic developed in pre-8.0 Javascript adapters can be reused to a great extent in MFP 8.0 .

Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Last modified on December 06, 2018