Form-based authentication in native Android applications
This tutorial explains how to implement the client-side of form-based authentication in native Android.
Prerequisite: Make sure that you read the Form-based authentication tutorial first.
Implementing the client-side authentication
- Create a native Android application and add the MobileFirst native APIs as explained in the Configuring a native Android application with the MobileFirst Platform SDK tutorial.
- Add an activity which handles and presents a login form.
- Create a
MyChallengeHandlerclass as a subclass of
- Call the
- Add an implementation of the following
ChallengeHandlermethods to handle the form-based challenge:
isCustomResponsemethod is invoked each time a response is received from the MobileFirst Server. It is used to detect whether the response contains data that is related to this challenge handler. It must return either
The default login form that returns from the MobileFirst Server contains the
j_security_checkstring. If the response contains the string, the challenge handler returns
true, the framework calls the
handleChallengemethod. This function is used to perform required actions, such as hiding the application screen and showing the login screen.
At the end of the authentication flow,
onFailurewill be triggered
submitSuccessmethod in order to inform the framework that the authentication process completed successfully and for the
onSuccesshandler of the invocation to be called.
submitFailuremethod in order to inform the framework that the authentication process failed and for the
onFailurehandler of the invocation to be called.
When the user taps to submit the credentials, you need to call the
submitLoginForm method in order to send the
j_security_check string and the credentials to the MobileFirst Server.
For example, in here we implemented a
submitLogin method that called by the MainActivity after the login process is completed.
The Main Activity
In the sample project, in order to trigger the challenge handler we use the
WLClient invokeProcedure method.
The protected procedure invocation triggers MobileFirst Server to send the challenge.
- Create a
WLClientinstance and use the
connectmethod to connect to the MobileFirst Server:
- In order to listen to incoming challenges, make sure to register the challenge handler by using the
- Invoke the protected adapter procedure:
FormBasedAuthproject contains a MobileFirst native API that you can deploy to your MobileFirst server.
FormBasedAuthAndroidproject contains a native Android application that uses a MobileFirst native API library.
- Make sure to update the
wlclient.propertiesfile in the native project with the relevant server settings.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.