All Products
Search

This Product

    Mobile Platform as a Service:Set JSAPI authentication

    Document Center

    Mobile Platform as a Service:Set JSAPI authentication

    Last Updated:Jul 06, 2023

    In mPaaS, we recommend that you add access control over all JavaScript APIs (JSAPIs). You can set a plug-in to add access control.

    1. Customize permissions to control a plug-in.

      1. Customize a plug-in to listen to JSAPI call events and intercept them.

      2. After the plug-in intercepts an event, the plug-in obtains the URL of the current page. We recommend that the plug-in check whether the string matches the host and scheme information. 

      @interface MPPlugin4WebView : NBPluginBase

@end

@implementation MPPlugin4WebView

- (void)pluginDidLoad
{
    self.scope = kPSDScope_Scene;
    
    // -- Intercept the information about the JSAPI that is being called.
    [self.target addEventListener:kEvent_Invocation_Event_Start withListener:self useCapture:NO];
    [self.target addEventListener:kEvent_Invocation_Invoke withListener:self useCapture:NO];
        
    [super pluginDidLoad];
}

- (void)handleEvent:(PSDEvent *)event
{
    [super handleEvent:event];
    
    if([kEvent_Invocation_Event_Start isEqualToString:event.eventType] ||
             [kEvent_Invocation_Invoke isEqualToString:event.eventType]){
        PSDInvocationEvent *invocationEvent = (PSDInvocationEvent *)event;
        NSString *apiName = invocationEvent.invocationName;
        NSDictionary *data = invocationEvent.invocationData;

        // Obtain the URL of the current page and check whether the string matches the scheme and host information.
        NSURL *url = event.context.currentViewController.url;
        if (![url.host isEqualToString:@"xxx"] || ![url.scheme isEqualToString:@"xxx"]) {
            [event preventDefault];
            [event stopPropagation];
            return;
        }
        
    }
}

- (int)priority
{
    return PSDPluginPriority_High+1;
}
      Important

      Exact matching is required for the URLs. At least the scheme and host information in the URI class must be matched. Do not use regular expression matching or use it with caution. Avoid using imprecise functions, such as contains, startsWith, endsWith, and indexOf.

    2. Register the plug-in.

      1. Specify a path to the custom plug-in when HTML5 Container in mPaaS is initialized.

      2. Open the plist file in the bundle of the custom plug-in and register the plug-in that you customized in the previous step. For more information, see Register a plug-in.

        image