在 MobileFirst 服务器上禁用自动更新

Question

我想为 Android 应用程序禁用 MobileFirst 7.0 服务器上的自动更新。我已经尝试过此处描述的方法：

这里

https://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en

，但没有运气。

我的原始 authenticationConfig.xml 文件如下所示：

<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

        <!-- Licensed Materials - Property of IBM
             5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
             US Government Users Restricted Rights - Use, duplication or
             disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->  

     <staticResources>
     <!--  
            <resource id="logUploadServlet" securityTest="LogUploadServlet">
            <urlPatterns>/apps/services/loguploader*</urlPatterns>
        </resource>
        -->
        <resource id="subscribeServlet" securityTest="SubscribeServlet">
            <urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
        </resource>

    </staticResources> 

   <!--  Sample security tests  
         Even if not used there will be some default webSecurityTest and mobileSecurityTest 

         Attention: If you are adding an app authenticity realm to a security test, 
         you must also update the application-descriptor.xml. Please refer to the user documentation 
         on application authenticity for environment specific guidelines. -->   

     <securityTests>
        <!-- 
        <mobileSecurityTest name="mobileTests">
            <testAppAuthenticity/> 
            <testDeviceId provisioningType="none" />
            <testUser realm="myMobileLoginForm" />
            <testDirectUpdate mode="perSession" />
        </mobileSecurityTest>

        <webSecurityTest name="webTests">
            <testUser realm="myWebLoginForm"/>
        </webSecurityTest>

        <customSecurityTest name="customTests">
            <test realm="wl_antiXSRFRealm" step="1"/>
            <test realm="wl_authenticityRealm" step="1"/>
            <test realm="wl_remoteDisableRealm" step="1"/>
            <test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
            <test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
            <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
        </customSecurityTest>

        <customSecurityTest name="LogUploadServlet">
            <test realm="wl_anonymousUserRealm" step="1"/>
            <test realm="LogUploadServlet" isInternalUserID="true"/>
        </customSecurityTest>
        -->
        <customSecurityTest name="SubscribeServlet">
            <test realm="SubscribeServlet" isInternalUserID="true"/>
        </customSecurityTest>           

    </securityTests> 

    <realms>
        <realm name="SampleAppRealm" loginModule="StrongDummy">
            <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        </realm>

        <realm name="SubscribeServlet" loginModule="rejectAll">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>          
        </realm>

        <!-- For client logger -->
        <!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
        </realm -->

        <!-- For websphere -->
        <!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
            <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
            <parameter name="login-page" value="/login.html"/>
            <parameter name="error-page" value="/loginError.html"/>
        </realm -->

        <!-- For User Certificate Authentication -->
        <!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
            <className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
            <parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
            <parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
            <parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/> 
            <parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
        </realm -->

        <!-- For Trusteer Fraud Detection -->
        <!-- Requires acquiring Trusteer SDK --> 
        <!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
            <className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
            <parameter name="rooted-device" value="block"/>
            <parameter name="device-with-malware" value="block"/>
            <parameter name="rooted-hiders" value="block"/>
            <parameter name="unsecured-wifi" value="alert"/>
            <parameter name="outdated-configuration" value="alert"/>
        </realm -->

    </realms>

    <loginModules>
        <loginModule name="StrongDummy">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>

        <loginModule name="requireLogin">
            <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
        </loginModule>

        <loginModule name="rejectAll">
            <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
        </loginModule>

        <!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->        
        <!-- loginModule name="trusteerFraudDetectionLogin">
            <className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
        </loginModule-->

        <!-- For websphere -->
        <!-- loginModule name="WASLTPAModule">
            <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
        </loginModule -->

        <!-- Login module for User Certificate Authentication -->
        <!-- <loginModule name="WLUserCertificateLoginModule">
            <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
        </loginModule> -->


        <!-- For enabling SSO with no-provisioning device authentication -->
        <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule> -->


        <!-- For enabling SSO with auto-provisioning device authentication -->
        <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule> -->
    </loginModules>

</tns:loginConfiguration>

经过多次尝试，我的结局是这样的：

<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

        <!-- Licensed Materials - Property of IBM
             5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
             US Government Users Restricted Rights - Use, duplication or
             disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->  

     <staticResources>
     <!--  
            <resource id="logUploadServlet" securityTest="LogUploadServlet">
            <urlPatterns>/apps/services/loguploader*</urlPatterns>
        </resource>
        -->
        <resource id="subscribeServlet" securityTest="SubscribeServlet">
            <urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
        </resource>

    </staticResources> 

   <!--  Sample security tests  
         Even if not used there will be some default webSecurityTest and mobileSecurityTest 

         Attention: If you are adding an app authenticity realm to a security test, 
         you must also update the application-descriptor.xml. Please refer to the user documentation 
         on application authenticity for environment specific guidelines. -->   

     <securityTests>
        <!--
        <mobileSecurityTest name="mobileTests">
            <testAppAuthenticity/> 
            <testDeviceId provisioningType="none" />
            <testUser realm="myMobileLoginForm" />
            <testDirectUpdate mode="disabled" />
        </mobileSecurityTest>

        <webSecurityTest name="webTests">
            <testUser realm="myWebLoginForm"/>
        </webSecurityTest>
        -->
        <customSecurityTest name="customTests">
            <test realm="wl_antiXSRFRealm" step="1"/>
            <test realm="wl_authenticityRealm" step="1"/>
            <test realm="wl_remoteDisableRealm" step="1"/>
            <test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
            <test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
            <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
        </customSecurityTest>

        <!--
        <customSecurityTest name="LogUploadServlet">
            <test realm="wl_anonymousUserRealm" step="1"/>
            <test realm="LogUploadServlet" isInternalUserID="true"/>
        </customSecurityTest>
        -->

        <customSecurityTest name="SubscribeServlet">
            <test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
            <test realm="SubscribeServlet" isInternalUserID="true"/>
        </customSecurityTest>

        <customSecurityTest name="SampleAppRealm">
            <test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
            <test realm="SampleAppRealm" isInternalUserID="true"/>
        </customSecurityTest>

        <mobileSecurityTest name="mobileTests">
            <testDirectUpdate mode="disabled"/>
            <testDeviceId provisioningType="none"></testDeviceId>
            <testUser realm="wl_anonymousUserRealm"></testUser>
        </mobileSecurityTest>

    </securityTests> 

    <realms>
        <realm name="SampleAppRealm" loginModule="StrongDummy">
            <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        </realm>

        <realm name="SubscribeServlet" loginModule="rejectAll">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>          
        </realm>

        <!-- For client logger -->
        <!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
            <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
        </realm -->

        <!-- For websphere -->
        <!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
            <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
            <parameter name="login-page" value="/login.html"/>
            <parameter name="error-page" value="/loginError.html"/>
        </realm -->

        <!-- For User Certificate Authentication -->
        <!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
            <className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
            <parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
            <parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
            <parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/> 
            <parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
        </realm -->

        <!-- For Trusteer Fraud Detection -->
        <!-- Requires acquiring Trusteer SDK --> 
        <!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
            <className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
            <parameter name="rooted-device" value="block"/>
            <parameter name="device-with-malware" value="block"/>
            <parameter name="rooted-hiders" value="block"/>
            <parameter name="unsecured-wifi" value="alert"/>
            <parameter name="outdated-configuration" value="alert"/>
        </realm -->

    </realms>

    <loginModules>
        <loginModule name="StrongDummy">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule>

        <loginModule name="requireLogin">
            <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
        </loginModule>

        <loginModule name="rejectAll">
            <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
        </loginModule>

        <!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->        
        <!-- loginModule name="trusteerFraudDetectionLogin">
            <className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
        </loginModule-->

        <!-- For websphere -->
        <!-- loginModule name="WASLTPAModule">
            <className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
        </loginModule -->

        <!-- Login module for User Certificate Authentication -->
        <!-- <loginModule name="WLUserCertificateLoginModule">
            <className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
        </loginModule> -->


        <!-- For enabling SSO with no-provisioning device authentication -->
        <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule> -->


        <!-- For enabling SSO with auto-provisioning device authentication -->
        <!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
            <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
        </loginModule> -->
    </loginModules>

</tns:loginConfiguration>

，但它对我不起作用。而且我确定使用了编辑后的 authenticationConfig.xml 文件（如果我在其中出错，服务器将拒绝加载它）。我究竟做错了什么？

Answer 1

您需要在application-descriptor.xml.
中的environment元素中添加securityTest属性例如：<android version="1.0" securityTest="name-of-security-test"/>

了解有关安全测试的更多信息：https://www.ibm.com/developerworks/community/blogs/worklight/entry/understanding_predefined_worklight_authentication_realms_and_security_tests11?lang=en

在 MobileFirst 服务器上禁用自动更新

Disable auto-updates on MobileFirst server

auto-update

ibm-mobilefirst