I'm currently working on a Flex3/blazeDS/Spring/MySQL project.
In this, some users needs to download some import logs. Problem is that given the singleton concept around spring, if 2 users ask for a download at the same time, the servlet responsible for export file creation may cross content between the 2 asked files.
I'm not that much familiar with spring but from what i've been reading around it seems that the solution lies in saying that the servlet is in "Request" scope so there will be a new one created for each download request instead of having a singleton.
Does anyone have ever done something like this before? Every tutorials i've seen so far explains how to handle file download request but it never talks about the fact that 2 users asking for a download may have some issues...
Thanks for any leads on how to fix this.
Each user will receive his own thread, and you should not have any problems unless using member variables (which is a bad practice anyway). If not, I do not see any problem, but it would help if you can post your code.
Related
so I'm getting in the world of service workers, found it complex for my level, and despite I manage to cache my physical files in my vue 3 project. I'm struggling with the way of caching the response from headless CMS, there is a lot information around about in general most of then very old, at the beginning I tried using workbox, then I read that you cannot catch graph response or post response(correct if I am wrong), in addition I was having a lot of issues trying to include the script with the vue 3 project and some error about some array, so ended up building the sw from scratch and it worker pretty well so far. Now I'm facing the issue with the graph response, so far I have read it's not easy which is quite discouraging when u read it from more experienced people. I have found some examples and lot of user asking the same question here some with no response as well, and so far I found an interesting response(3 years old), however I am not sure if this actually applies for my case if is deprecate. He provides a code example, however is not providing information about what exactly does the script, you can see the response here
So I am assuming the URL that needs to be provide is the url to my graph API in this case the one provide for CMS. And the in the variable cachedResponse under the catch, do I need to provide the query variable, meaning the const that I am using to call the graph? I have to mention I am not using apollo nor axios just a normal graph inclusion.
Also when I tried to run this code, at the beginning I got an issue with the script from dexie.js and had mime issue which I tried to correct with some suggestion from here. Which did not work for me. I thought that was my sw cache playing bad, however I cleaned it got same issue.
So so far have been a long way, It seems there is not magic formula, but if I can receive an advice or different approach from what I have been trying so far, would be very welcome. Thank you in advance for the help : )
I am currently evaluating possibilities, how to write/generate level2+ rest API. I came across karharis and i pretty like the concept and the whole idea how its done seems sound to me. But I have not found answers to these questions:
How to handle security properly. I can imagine that it might get tricky, as JSON api supports traversing to some extent. (out app will run in spring environment, so I suppose that we might use spring-security, but I do not know, if we will encounter some hidden traps)
API versioning. I havent found any clues how to handle API evolution. Are there any already supported options (content negotiation, path variable, query parameter...?) or do we need to hack it ourselves?
Thanks in advance!
I'm using the Check package to validate parameters passed to Meteor methods. And I'm using Audit argument checks to enforce this.
However, I've added another package, Meteor Tags and when I try to use methods from the Tags package, I get a server error "Exception while invoking method '/patterns/addTag' Error: Did not check() all arguments during call to '/patterns/addTag'".
I think I understand why this error happens - the method in the Tags package doesn't check its inputs, so Audit Argument Checks generates an error. But I can't find any way around this, apart from 1) don't enforce checking, or 2) hack the Tags package methods so they use check. Neither of these seems like a great option - checking server parameters is a good idea, and hacking a package is not very maintainable.
Does anybody know if there is any smart way to use 'Audit argument checks' with packages that provide new server methods? I have looked at the Check documents, and searched online, but I haven't found an answer.
I hope this question makes sense.
Using audit-argument-checks is like saying: "I want to be serious about the security of the methods in my app." It's global to all methods in your app's codebase, including the methods from your installed packages.
There is no way to specify which parts of the app get checked, as that would be the equivalent of saying: "I want to be serious about the security of the methods I've written, but I don't care about the security holes created by some pacakges" (which doesn't make a lot of sense).
Note to package authors
Check your method arguments. It's not hard, and it prevents this situation from happening. Frankly, a package without this basic security really shouldn't be installed in the first place.
What you should do
Unless you have a throwaway app, I wouldn't recommend removing audit-argument-checks. Instead I'd do the following (assuming the package really has something of value):
Open an issue on github and let the maintainer know what's up.
Fork the code, and add the required checks. Keep this version as a local package.
Submit a pull request for the changes.
If all goes well, your PR will be accepted and everyone can benefit from the change. In the worst case, you'll still have a local copy that you can use in your app.
currently I am trying to register a Doctrine-Eventlistener for every request in my FLOW3-Package. Some research pointed me to the Package.php, but unfortunately the ObjectManager is not available when the boot()-Method is called.
I searched the whole FLOW3-Documentation http://flow3.typo3.org/documentation/guide/partiii/bootstrapping.html without luck
Any hints on which is the right place to do package-wide setup with access to the object manager?
thanks and best regards
Your are bit to early in the bootstrap to get every object, I have a problem, maybe related to yours, you can check my bug report on http://forge.typo3.org/issues/33838
Why do you need a Doctrine Eventlistener, maybe you can use AOP to have this kind of feature ?
I'm working on a Web Service project to provide data to a partner. Our app is really light weight and has only a handful of APIs. Because of time constraint and in-house pre-existing knowledge we went the Spring MVC / Spring Security path to serve those restful APIs.
At any rate this is a B2B project where we are expecting only that partner to hit our servers. So it seems a little over kill to modify are very small db schemas to add tables that would contain only 1 user access record for that partner...
Heard someone say though that it's possible to use an encrypted file, or at least a file where the password information is encrypted, instead of the database to hold the Spring Security user access information... Is that true? If it is can anyone point me to some references? I couldn't find anything relevant on Google at first glance... :(
Thanks.
http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/
See the '' under the authentication-provider; this allows you to use encrypted passwords (use sha). If you only have a single user and you wanted the information in an external file, then you could use a property file configuration placeholder to simply specify
${user.1.id} ${user.1.passwordenc},etc... kinda hacky, but it would work.
It's VERY possible. In fact, you can do it without coding; it's pretty simple to include the credentials directly in the XML defining the Spring Security stuff. You usually see this in examples, followed by warnings to "DON'T DO IT LIKE THIS!"
If in-house security is no big deal and you're not worried that your developers can see your password (as if they needed it, heh!) and no one else is likely to access your configuration files, then this is a quick and easy yet workable solution.
I'm going to post this, but I'm off to go dig in the Spring Security documentation for the example I was talking about I'll be back!
Update
Trever Schick was a bit faster with the example. I had a different example in mind but his code shows exactly what I was talking about. You define your security provider in the XML and provide user ID/password right there. There are a number of utilities available on the 'net for you to MD5 or SHA encode your password for you so you can cut and paste it into the file.
You need to implement a new org.springframework.security.core.userdetails.UserDetailsService that reads the user's information (username, password, enabled flag, and authorities) from a file. I don't know if someone already implemented it.