All Products
Search

This Product

    Mobile Platform as a Service:Set JSAPI authentication

    Document Center

    Mobile Platform as a Service:Set JSAPI authentication

    Last Updated:Nov 04, 2022

    In mPaaS, we recommend that you add access control over all JavaScript APIs (JSAPIs). You can set a provider to add access control.

    1. Customize permissions to control a provider. 

      public class H5JSApiPermissionProviderImpl implements H5JSApiPermissionProvider {
    @Override
    public boolean hasDomainPermission(String jsapi, String url) {
        // This method verifies JSAPI requests from all URLs and permits only those from secure URLs. The value true indicates that a JSAPI can be called. The value false indicates that a JSAPI cannot be called.
        // Note: The following code is for reference only. You can verify URLs and JSAPIs as required.
        // To prevent NullPointerException, You must check whether the parameters of the JSAPI, URL, and URI are null.
        Uri uri = Uri.parse(url);
        String domain = uri.getHost();
        String scheme = uri.getScheme();
        if (!TextUtils.isEmpty(domain) && domain.equals("www.example.com") && "https".equals(scheme)) {
            return true;
        } else {
            return false;
        }
    }

    @Override
    public boolean hasThisPermission(String jsapi, String url) {
// The value false is returned by default.
        return false;
    }
}
      Important

      Exact matching is required for the URLs. At least the scheme and host information in the URI class must be matched. Do not use regular expression matching or use it with caution. Avoid using imprecise functions, such as contains, startsWith, endsWith, and indexOf.

    2. Set the provider after mPaaS is initialized and before HTML5 Container is called. 

      H5Utils.setProvider(H5JSApiPermissionProvider.class.getName(), new H5JSApiPermissionProviderImpl());