Usecase:
This usecase talks about how a REST service secured with basic authentication can be accessed in ADF Mobile. For this demo, I have used a REST service which returns employee information, and the service itself has been secured with basic authentication.
Pre-requisites:
JDeveloper 11.1.2.4.0
Steps:
At the service end
Create a REST Service and secure it with basic authentication. Deploy the service to integrated weblogic server and note down the target URL.
Configure ADF Security:
To configure security in ADF Mobile, first create an ADF app and secure it with basic authentication.
1) Create a new ADF Fusion application.
2) Create a jspx page in the ViewController project. Go to the menu item: Application -> Secure -> Configure ADF Security. Select ADF Authentication. Keep the defaults and select ‘Redirect upon successful authentication’ and click ‘Generate default’. Finish the wizard. Deploy the app or run the page in the integrated server and note down the URL.These are the same steps as my previous post.
Mobile app configuration:
1) Create a new ADF Mobile application.
2) In the ApplicationController, invoke the Web Service Data control wizard. Create the connection by specifying authentication type as Basic and supplying the username/password/realm details. Supply the resource URL and after the method configurations, finish the wizard to create the DC.
3
4) To ensure that the basic auth credentials entered in the login page flow through to the REST service call, there is one last step required.
Go to connections.xml file present under Application Resources -> Descriptors -> ADF META-INF. Look for the adfCredentialStoreKey attribute set for the login window. Set the adfCredentialStoreKey attribute for the service's reference tag with the same value, either manually or through the PI, as shown.
5) Design the amx pages by D&D an operation of the secure service from DC palette to the page. Deploy the app. The user must be prompted for login credentials on feature load. After the credentials are entered, user should be able to view responses from the secure service without the need to enter credentials again.
Some snapshots from my app are shown below. Both features are secure in my case, with 'Welcome' being the default one. On app load, user is prompted for credentials. Entering valid credentials takes the user to the Welcome page. If he then tries to access BasicAuthREST feature, he is not prompted for credentials again, although the data in this page comes from a secure REST service.
