I am developing chess playing server based on Java and Netty and client-application using C++.
Messaging process between client and server is based on Google Protobuf Protocol
Now I want website to act as client for application server so that it would be tightly integrated with server app
I have chosen Play 2.1(JAVA) framework for the website
1)
First i ran into trouble trying to run my Netty server instance from Play 2.1 application so I added next code to Global.java (Play framework startup file )
public void onStart(Application app) {
// ...
new Thread() {
public void run() {
new NettyServer().run();
}
}.start();
}
Does it seem to be a good idea to run my own instance of Netty this way?
2)
I am not sure how to validate data, as app server gets data to be validated from both C++ client and website by different protocols
Client sends it as binary-encoded data using protobuf protocol and website sends POST requestI want validation to be equal for both clients
For validating data sent from the website I can use Form < T > helper thought i can't use it for binary encoded protobuf data. Any ideas on how to manage validation?
3)
I use Messages.get() from i18n Play module to translate messages to user's language. Client using browser, Play determines user's language from client request headers, and chooses appropriate translations file.
But what about my client? I don't know anything about user's language so i can't send it to my app.
Moreover i didn't manage to find a way to set language manually in Messages.get()
Related
I'm working on Hyper Ledger Composer and integrating the REST API in a nodejs web app "using js client side to call the API "
and I'm wondering how can I keep some interface private and prevent from show and post to it .
Should I simply call the api server side before or is there an elegant way ?
To protect access to the REST APIS, you can implement an authentication strategy - see here https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html and https://hyperledger.github.io/composer/integrating/enabling-multiuser.html (the latter requires that authentication is enabled).
A tutorial on using one such strategy - eg using Google OAUTH2 as an auth provider - is shown here -> https://hyperledger.github.io/composer/next/tutorials/google_oauth2_rest
There is another way to develop your own rest api using NodeJs sdk.
You can connect to the network using Cards and perform any action using BusinessNetworkConnection class and factory object.
Read [https://hyperledger.github.io/composer/v0.16/applications/node][1]
This is more of a design question, i'm building a NativeScript mobile application where users are restricted by a number of requests per day. After they login or start the application and I check:
public ngOnInit() {
MAX_TRIES = 1000
if(ApplicationSettings.getBoolean("authenticated", false){
if(ApplicationSettings.getNumber("requests", MAX_TRIES) != MAX_TRIES){
// Then continue, allow user to proceed
}
}
However coming from using Flask you'd typically want to keep these variables (attempts, wins/losses) in a server side database, however if you're simply storing a key authenticated inside ApplicationSettings then i'm guessing it's okay to keep every user variable stored locally? Or should I avoid ApplicationSettings and just make everything in my application a REST Request?
It's always good to setup these kind of restrictions on the server side. But if you are left with no choice but doing it in client side,
Try encrypting your requests and response so at least any user wouldn't know what is being transmitted / why it fails at first look.
Encrypt your production build with JScrambler or AppProtection that makes reverse engineering more difficult
Whatever you store locally (in application settings / sqlite / in any file), keep them encrypted rather using plain data.
Here is the context of my issue: I am developing a Windows Store application that will be side-loaded on several tablets our client is planning to use. This tablet app will make calls into a Web API which in turn will do CRUD operations with a repository (SQL Server via EntityFramework). Everything has to use Windows Authentication. The tablets are Dell running Windows 10. Each user will log in with its own active domain credentials. The tablet will pass the credentials to the Web API which in turn will pass them to the repository (database). Based on the credentials, the repository will determine the group the user belongs to and based on that, it will give access to resources the user is allowed to access.
My Web API works fine. I tested it with Fiddler. For the HTTP GET request, I want to test, I checked the "Automatically Authenticate" checkbox and I can see the three successive messages, first two returning with 401 and the third returning HTTP Code 200, along with the data I requested.
However, when I try to call it from my Windows Store app, I only send one GET Request, the first one. My Web API is hosted in IIS Express. At the advice of a very distinct member of this group, I configured IIS Express to expose the Web API using the IP address of my development machine rather than "localhost". Before doing this I wouldn't see any GET Requests hitting the server, not even the first one.
I know that Windows Authentication uses the NTLM scheme and it requires a negotiation process, hence the 3 messages Fiddler sends initially to the server?
How do I need to write my Web API Client code to bypass this negotiation? I spent all morning and afternoon reading solutions to my problem, here on SO and many other websites, but somehow, I still did not get it to work. I must be missing something and I don't know what. Here is my code on the Web API Client side:
var authHandler = new HttpClientHandler()
{
Credentials = CredentialCache.DefaultNetworkCredentials,
ClientCertificateOptions = ClientCertificateOption.Automatic
};
var webApiClient = new HttpClient(authHandler)
{
BaseAddress = new Uri(_serviceUri), // _serviceUri is a string that looks like this "http://10.120.5.201:53045"
};
webApiClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = await webApiClient.GetAsync("api/user");
My call never returns from GetAsync, but in Fiddler, I can see only the first GET Requests being posted to the server. How can I get my client to follow up, behind the scenes, just like Fiddler does, and send the other two messages so that, eventually, the third one would return with a response HTTP 200 code and with the data I receive in Fiddler?
If anyone can point me in the right direction, I would be highly appreciative.
The problem was that the "Enterprise Authentication" setting was not set in the Capabilities tab of the Package.appxmanifest file of my app. It took me a while to figure out that that was the problem, but as soon as I checked it, my app started using Windows Authentication.
I have an application that makes calls from the client using JQuery to a Web API controllers, but then from such controller is makes a call to another server, where another controller picks up and does all the data logic (insertions, etc..) so basically (two different solutions and totally separate, no dependencies)
Client
Web API (this live in http://localhost:5020/)
-----------------
Some Server API here (this lives in http://localhost:4566)
Data Layer
SQL
So Web API makes calles to some server and saves or retrieves data.
I need to be able to add SinalR when something is saved to one of the databases on the other server. How can I design this so I get notifications something was saved in the client side since there are no dependencies?.
Do i add the HUBs and what not on the receiving server or on the client server, a bit confuse how that would work.
I would appreciate any clarification.
I usually use the method explained in this answer.
This will allow you to have hubs which can be invoked from frontend (JS) and backend (C#) as well.
Basically for the backend (C#) calls use a hubcontext. As explained by the SignalR team here too.
Simple code (in your hub class):
public class YourHubClass: Hub
private static IHubContext hubContext = GlobalHost.ConnectionManager.GetHubContext<YourHubClass>();
// ...
public static void Send(string message) {
hubContext.Clients.All.addMessage(message);
}
}
Now you can call the static method in your controller:
YourHubClass.Send("Hello!");
And the clients will receive the message by the event addMessage(message)
Right now we are working on a project that will have a desktop and a mobile version of the site, created in Spring. We want the mobile and the desktop version to share the same Spring security system etc.
We are using Spring mobile to detect whether or not the device is mobile, and may possibly use the Spring site preference parameter.
We dont want to use the spring mobile redirector, as this appears to redirect to another domain (eg m.website.com), and would not use the same spring security easily.
So I am thinkin gof using a HandlerInterceptor to redirect to a specfic directory within the site - eg "/jsp/mobile/".
1) Is it possible in this extended HandlerInterceptor to use the Spring Mobile device detector in the preHandle method?
2) What is the best way to redirect? Is it a) to just use the http response, or b) to somehow change the viewResolver and change the prefix from "/jsp/" to "/jsp/mobile/"
Sorry for the long winded question, but I hoped to put as much info in as possible about what we are trying to do!
Cheers
I am currently using a HandlerInterceptor in the pre handler method makes the assessment of whether or not the application is a mobile device, if coming from a mobile device, through the method requestUri get current address and places as prefix "m" after the name of the application context. Then do a redirect:
response.sendRedirect("/application/m/.....") ( documentation )
Example
/application/user //recived
/application/m/user //sent
The problem is that this interceptor intercepts all requests, therefore it is necessary to assess the following:
if the request comes with a path like "/application/m/....." not verify that comes from a mobile device, because the "m" and says it does me
if you let spring handle static resources, the interceptor must not redirect if the requests come from a mobile device (the mobile version and the normal share these resources)
Thanks for the answer. What I did is use a HandlerInterceptor and changed the view name in the post handle method like so:
if (modelAndView.getViewName() != null)
{
modelAndView.setViewName("/mobile/" + modelAndView.getViewName());
}
else
{
modelAndView.setViewName("/mobile/");
}
Plus that is wrapped in an if else agains whether the device is mobile or not, by injecting DeviceResolver into the constructor and then resolving the local device.