Worklight: resource handler pattern

Use this pattern to provide services to mobile applications that use the Worklight APIs. The services are made available to mobile applications as Worklight adapter procedures that are accessed by the JavaScript in the application.

The pattern is customized by implementing handlers for each of these procedures as subflows in WebSphere Message Broker. The pattern provides security policy enforcement and global caching.

A diagram showing the behaviour of the pattern.

Solution

The services follow a resource oriented model with CRUD (Create, Read, Update, Delete) actions for the resource.

Each adapter provides up to four procedures for a single resource - one procedure for each of the CRUD actions. The pattern is customized by implementing a procedure handler for each procedure. The procedure handlers are implemented as subflows.

The pattern generates the adapter that runs on the Worklight Server and a message flow that handles the incoming request from the adapter. This request handler message flow routes the request to the relevant procedure handler subflow depending on the adapter procedure that was used by the mobile application.

An HTTP connection is established between the adapter running on the Worklight Server and the request handler message flow running in Message Broker. Worklight is the HTTP client and Message Broker is the HTTP server for this connection.

The mobile application uses the adapter procedure by passing a JavaScript object to a JavaScript function in the Worklight API. The message tree that is sent to the subflow is in the JSON domain and contains the data from the JavaScript object that is provided by the mobile application.

Before starting the correct procedure handler subflow, the request is checked against a security policy. Once the security has been checked, processing continues in the procedure handler subflow. For read operations, an in-memory cache is checked to see if the resource instance is available without further processing.

Security

Security is optional. If security is enabled, the mobile application must provide a security token to the adapter procedure. The pattern provides security policy enforcement points (PEPs) which call out to an LDAP server as the security policy decision point (PDP).

The two aspects of security provided by this pattern are authentication and authorization.

Authentication is used to ensure that the request is from a valid user. This is done by verifying that the token provided by the mobile application is valid. The token is a combination of the user ID, a colon character, and a password. These values are concatenated and base64 encoded by the mobile application. The pattern decodes this string and passes the user ID and password to the LDAP server for authentication. This validation is performed before any other processing begins in the message flow.

Authorization checks are performed after the user ID and password are authenticated. The inbound request message is parsed to determine which action (CRUD) is being requested on the resource.

The authorization checks ensure that the authenticated user is allowed to start the requested action. The pattern supports two authorization groups:

Cache

Caching is optional. If caching is enabled, it is provided by utilizing the WebSphere Extreme Scale (WXS) technology embedded within Message Broker.

Each time the read procedure handler is invoked, the returned value is added to the cache. Whenever the same instance of the resource is updated or deleted through this adapter, it is removed from the cache.

See Tasks to complete after generating the pattern for details on deployment options and how the cache can be shared between execution groups and brokers across the network to achieve horizontal scaling.

Deployment

The pattern generates a Message Broker application which must be deployed to the Message Broker runtime. The Worklight adapter must be deployed to the Worklight Server to provide the interface between the mobile application and the web service running in Message Broker.

Constraints on the use of the pattern
Worklight adapters
Tasks to complete before applying the pattern
Parameters for the pattern
Tasks to complete after generating the pattern