Environment:
Downloaded the form-based sample from the IBM MobileFirst Platform Developer Center.
In MFP 6.3 Studio, the sample runs fine.
I then change my build settings and Build All Environment -> get the new wlapp file.
I get my war file from the MFP 6.3 Server. Open up and put in the modified authenticationConfig.xml Basically it's just transferring the one snippet from the studio authenticationConfig.xml to the xml file within the WAR file.
<customSecurityTest name="DummyAdapter-securityTest">
<test isInternalUserID="true" realm="SampleAppRealm"/>
</customSecurityTest>
I restart the server and deploy the .wlapp and .adapter files.
In the standalone server, I run the preview mode. I Enter the username and password and login. It didn't login and I see these errors on the server console.log.
[ERROR ] SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/demo.
[ERROR ] SRVE0232E: Internal Server Error. Exception Message: [com.ibm.ws.webcontainer.webapp.WebAppErrorReport: com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/demo.
at com.ibm.ws.webcontainer.session.impl.HttpSessionContextImpl.checkSecurity(HttpSessionContextImpl.java:686)
at [internal classes]
at com.worklight.core.auth.impl.AuthenticationFilter.associateAuthContextWithThread(AuthenticationFilter.java:426)
at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:145)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:194)
at [internal classes]
Caused by: com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException: SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/demo.
... 7 more
]
[ERROR ] SRVE0777E: Exception thrown by application class 'com.worklight.core.auth.impl.AuthenticationContext.checkAuthentication:604'
com.worklight.server.auth.api.WorkLightAuthenticationException
at com.worklight.core.auth.impl.AuthenticationContext.checkAuthentication(AuthenticationContext.java:604)
at com.worklight.core.auth.impl.AuthenticationContext.processRealms(AuthenticationContext.java:469)
at com.worklight.core.auth.impl.AuthenticationContext.pushCurrentResource(AuthenticationContext.java:443)
at com.worklight.core.auth.impl.AuthenticationServiceBean.accessResource(AuthenticationServiceBean.java:75)
at com.worklight.integration.services.impl.DataAccessServiceImpl.invokeProcedureInternal(DataAccessServiceImpl.java:430)
at com.worklight.integration.services.impl.DataAccessServiceImpl.invokeProcedure(DataAccessServiceImpl.java:139)
at com.worklight.gadgets.serving.handler.BackendQueryHandler.getContent(BackendQueryHandler.java:95)
at com.worklight.gadgets.serving.handler.BackendQueryHandler.doPost(BackendQueryHandler.java:56)
at com.worklight.gadgets.serving.GadgetAPIServlet.doGetOrPost(GadgetAPIServlet.java:148)
at com.worklight.gadgets.serving.GadgetAPIServlet.doPost(GadgetAPIServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1240)
at [internal classes]
at com.worklight.core.auth.impl.AuthenticationFilter$1.execute(AuthenticationFilter.java:217)
at com.worklight.core.auth.impl.AuthenticationServiceBean.accessResource(AuthenticationServiceBean.java:76)
at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:222)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:194)
at [internal classes]
After studying the securityIntegrationEnabled="false workaround, I think I have figured out why things are working / not working.
The solution is actually very simple without changing the server.xml.
When the error SESN0008E occured, I was testing the FormAuth app using the common preview mode by clicking on the link from the admin console in the standalone server. Although the common preview link opened to a new browser, but the sessionID actually stays. Both browser tabs are in the same session (I checked).
It means that the sessionID that I am using is actually the one that was already authenticated by the Admin Console. And in my preview mode I tried to authenticate again in the session that was already "owned" by another user. This causes WAS to throw the error SESN0008E: A user authenticated as anonymous has attempted to access a session owned by user:BasicRegistry/demo. My app preview is in the same httpsession as the admin console, and hence the error.
So to get it to work, I copy the preview link. Close all the browser to ensure the sessions are killed. Open a new browser, paste the preview link and the FormAuthentication works now.
A maybe more convenient solution would be to create a mobile web environment and use that for preview testing.