Oracle MAF 2.1.3 release makes it easy to authenticate against Oracle Mobile Cloud Service (MCS) and access secure data from services hosted on MCS. Below are the steps to configure MAF application to authenticate against MCS:
1. Create Login Connection : In maf-application.xml go to security tab and create a login server connection. Select authentication type as "HTTP Basic" as shown below
The login server URI is of the form https://<host>:<port>/mobile/platform/users/login . You can obtain the host & port from a Mobile Backend(MBE) settings page in you MCS instance. The above URI can be used for any MBE in the MCS instance.
2. Configure Custom Header : During authentication MCS requires a custom header with the MBE id to be injected with the request. Configure the header in the Custom Headers tab as follows:
You can get the MBE Id from the MBE settings page in MCS. The header name should be "Oracle-Mobile-Backend-Id"
3. Configure Security Policy : Now that we have the login connection created, the next step is to create a connection to API end point on MCS. In the Web Service Security Policies section :
- Create a REST/HTTP Connection to an API end point in connections.xml, in the example below it’s named "fiftechnician".
- Associate the "fiftechnician" connection with the login connection created in steps 1 & 2. This allows the framework to inject the user identity obtained during authentication for any service calls to the connection.
- In the "Policy" column, double click on the pencil icon to launch a dialog to select the security policy to be used for the connection. Select "oracle/wss_http_token_client_policy". This policy can be used for Basic-Auth protected connections with either HTTP and HTTPS.
select the correct policy :
The above steps would allow mobile app developers using MAF to securely access data from API hosted on MCS through simple configuration without writing any code and be assured that you are following security best practices.