How to connect a worklight app to a datapower backed on the start

Question

We are developing a DataPower(DP) + Worklight(WL) POC

Having this objective in mind, we are following this article: http://www.ibm.com/developerworks/websphere/techjournal/1301_efremenko/1301_efremenko.html

We are clear and on sync with about the DP role on this approach, but we have one question related to the WL code implementation.

At the WL application client code we are using WL HTTP Adapters for all the http requests (REST+JSON) to the backend, like this:

WL.Client.invokeProcedure(invocationData, options);

These adapters are pointing to the DP MPGW endpoint, but based on our understanding, the HTTP Adapter code runs on WL Server.

If it is correct, our assumption for the execution sequence is:

WL Client App -> WL Server -> DP MPGW -> WL Server

When we are looking the same sequence mentioned in the DW article:

WL Client App ->DP MPGW -> WL Server

Could anyone please clarify our understanding about how the WL HTTP Adapter works in this case?

Answer 1

When you're using Worklight Adapter to call DP MPGW, the sequence as below
Request:
WL Client App --> WL Server (Adapter) --> DP MPGW
Response:
DP MPGW --> WL Server (Adapter) --> WL Client App

NOTE: The session id before/after WL server (Adapter) is not the same. If you want to do SSO, you need to pass your LTPA token in adapter to the backend DP. Here's the sample code for you.

Step1. Get LTPA token method (in you ChallengeHandler.js file)

sampleAppRealmChallengeHandler.isCustomResponse = function(response) {
if (!response || response.responseText === null) {
    return false;
}
var indicatorIdx = response.responseText.search('j_security_check');

if (indicatorIdx >= 0){
    return true;
}else if(response && (response.responseJSON) && (response.responseJSON['WL-Authentication-Success']) && (response.responseJSON['WL-Authentication-Success']['WASLTPARealm'])){
    // set ltpaToken when login success
    var realm = response.responseJSON['WL-Authentication-Success']['WASLTPARealm'];
    ltpaToken = realm.attributes.LtpaToken;
    console.log('Get ltpa token success: '+ltpaToken);
}
return false;

};

Step2. Call procedure method (in client App js file)

// define global LTPA token variable
var ltpaToken = null;

function getAccountInfo(){
// check ltpa token is not null, or get the ltap token from login user in WASLTPARealm
if(!ltpaToken){
    if(WL.Client.isUserAuthenticated('WASLTPARealm')){
        var attrs = WL.Client.getUserInfo('WASLTPARealm', 'attributes');
        if(attrs){
            ltpaToken = attrs.LtpaToken;
            console.log('Set ltpaToken again: '+ltpaToken);
        }
    }
}

// Pass LTPA token from client App to WL server(adapter)
var token = {'LtpaToken2' : ltpaToken};
var invocationData = {
        adapter: "DummyAdapter",
        procedure: "getAccountInfo",
        parameters: [token]
};

WL.Client.invokeProcedure(invocationData, {
    onSuccess: getSecretData_Callback,
    onFailure: getSecretData_Callback
});

}

Step3. Pass LTPA token to backend DP in adapter

function getServices( token) {
path = getPath("path/to/services");
var input = {
    method : 'post',
    returnedContentType : 'json',
    path : path,
    cookies: token
};

return WL.Server.invokeHttp(input);

}

Answer 2

Developer Works [DW] article correctly says the call sequence. It should be [assuming your mobile application is on customers mobile phone and he/she is operating on internet]

Worklight Mobile Client -> Data Power -> Worklight Server

The reason for this is, datapower acts as a ESB layer providing gateway for all the enterprise services. In a typical environment your Worklight server will be inside intranet and datapower will be on DMZ zone. Now Datapower needs to provide a gateway to worklight service [in your case what you call as adapter]. So the client code on mobile handset is even not aware about any worklight server. It calls the datapower proxy service which in turn scrutinize the request and if valid pass it to backend worklight server. When a response comes back it is also examined and forwarded to client application.

Exactly hosting this service on datapower is relatively easy but making it working requires a lot of effort. LTPA token plays a key role over here in validating client.

Hope this answers your question. - Ajitabh