Hello i working on project and i dont now how to start, I will be have a frontend server(spring boot) and mongoDb for database and frontend apps reactjs for web and android app for mobile. i would like to have server like "firebase realtime sync data for client", what in wont when someone send post pust request from mobile to my server i would like to show this post data on react app, or when someone change data on react app this data will be changed on other deskop (somethink like notes List). is there a way how i cant start how to create firebase logic ... i just cant use firebase for the some reason.
To implement a "realtime database" like Firebase you will need to use the "websocket" technical. your reacjs client will open the websocket and the server will push any db update to the listening websockets.
from client side you will have to implement your own cache (because firebase client sdk use cache) and implement the REST request.
From server side you will have to develop the rest api. The db Collections structure may be different from firebase, and the way you query them with springboot also.
The secuity data access will have to be redesigned as well.
the a lot of work, but interresting.
Related
I have a vps, where my spring boot backend is running on. The frontend is a mobile app built with the ionic framework.
The backend is built this way: in the front there is an so called resource server, which is an graphql server, which redirects the requests to rest microservices which are behind the resource server. Every microservice has is own task, which he's responsible for. (e.g. an fileupload-server which uploads/downloads files to a database). The whole application, including the frontend is secured by an keycloak instance, which is running as an docker container like the whole application, except the frontend.
Now my questions is, we dont have a domain and for some reason they wont buy one, but we wont to secure the communications over ssl/lets encrypt. But lets encrypt isn't able to create ssl certificates for ip adresses. So finnaly my question is: do you guys, know a solution to my problem which fits?
So far,
Daniel
How to create Chat Server using rocket chat in our single page application, my services are in Java and front and is in AngularJs ,Html
and i have MongoDb for the database.
Any suggestion will be appreciated.
I am setting up an API for a mobile app (and down the line a website). I want to use oAuth 2.0 for authentication of the mobile client. To optimize my server setup, I wanted to setup an oAuth server (Lumen) separate from the API server (Laravel). Also, my db also lives on its own separate server.
My question is, if using separate servers and a package like lucadegasperi/oauth2-server-laravel do I need to have the package running on both server?
I am assuming this would be the case because the oAuth server will handle all of the authentication to get the access token and refresh access token functions. But then the API server will need to check the access token on protected endpoints.
Am I correct with the above assumptions? I have read so many different people recommending the oAuth server be separate from the API server, but I can't find any tutorials about how the multi-server dynamic works.
BONUS: I am migrating my DB from my API server, so I would assume I would need the oAuth packages migrations to be run from the API server also. Correct?
I have developed a web app that does its own user authentication and session management. I keep some data in Elasticsearch and now want to access it with Kibana.
Elasticsearch offers a RESTful web API without any authentication and Kibana is a purely browser side Javascript application that accesses Elasticsearch by direct AJAX calls. That is, there is no "Kibana server", just static HTML and Javascript.
My question is: How do I best implement common user sign on between the existing web app and Elasticsearch?
I am interested in specific Elasticsearch/Kibana solutions, but also in generic designs for single sign on to web apps and the external web APIs they use.
It seems the recommended way to secure Elasticsearch/Kibana is to have an Apache or Nginx reverse proxy in front that does SSL termination and user authentication (Basic auth). However, this doesn't play too well with the HTML form user authentication in my existing web app. Ideally I would like the user to sign on using the web app, and then be allowed direct access to the Elasticsearch API as well.
Solutions I've thought of so far:
Proxy everything in the web app: Have all calls go to the web app (server) which does the authentication, and have the web app issue the same request to the Elasticsearch web API and forward the response back to the browser.
Have the web app (server) store session info that Apache or Nginx somehow can look up and use to authorize access to the reverse proxy.
Ditch web app sign on and use basic auth for everything.
Note that this is a single installation, so I don't really need any federated SSO solutions.
My feeling is that the proxy within web app (#1) is a common generic solution, but it seems a bit heavyweight to have everything pass through the possibly slow web app, considering that Kibana uses the Elasticsearch API directly.
I haven't found an out of the box solution designed for the proxy authentication setup (#2). My idea is to have the web app store session info in memcache or the like and use some facility in the web server (Apache or Nginx) to look up the session based on a cookie and allow proxy access if authenticated.
The issue seems similar to serving static files directly using the web server (Apache or Nginx) while authenticating using a slow web app. Recommendations I've found for that are however very specific to that issue, like X-Sendfile.
You could use a sessionToken. This is a quite generic solution. Let me explain this. When the user logs in, you store a random string an pass him back to him. Each time the user tries to interact with your api you ask for the session Token you gave him. If it matches, you provide the service he is asking for, else, you just ignore his call. You should make session token expire in a certain interval of time and make a new one each time the user logs back in.
Hope this helps you.
I want to develop an application that makes use of MSPN service. Is it necessary that my backend service be a cloud service
There would be no way to determine if a service is a cloud service or not (without being anti-competitive), so you should be able to use any web service, whether it is implemented using a cloud service such as Azure or not - as I understand it, for certification, it would have to be a web service, and not rely on something being installed on a PC on a private network.
No you dont need it to be a Cloud-Service, you can even implement your Push-Service in PHP or similar. But that has Limits, it cannot run periodically a Script or sth like that. All Push-Notifications have to be send manually.
To do this you need 2 Core-Components(In my example in PHP).
You have a Page on which the Phone-Application can register his MSPN Push-Uri, which then is stored into the Database.
A Page which takes the Uri(s) and then sends the Push-Notification to them