I have a Notes App which contain DB, I need to use this Notes App as lib or module in My two parent apps, how can I use this in my two apps?
AAR:
If I am using .aar means is there possibility to create or store Database in aar module.
Sub Module:
if I go for sub module I need to create table in each projects.
Individual APP:
If I go for individual app,How I share my DB details.
I guess, the best option for you to using Content provider.
However, content providers are primarily intended to be used by other
applications, which access the provider using a provider client
object. Together, providers and provider clients offer a consistent,
standard interface to data that also handles inter-process
communication and secure data access.
Typically you work with content providers in one of two scenarios; you
may want to implement code to access an existing content provider in
another application, or you may want to create a new content provider
in your application to share data with other applications.
Source: https://developer.android.com/guide/topics/providers/content-provider-basics
After you created a content provider in your Notes App other apps can access by content resolver. This is totally similar way as you can access bookmarks or contacts on Android.
One more suggestion: don't forget to take care about security as well if you want to share only between your apps.
If you are using a content provider for sharing data between only your
own apps, it is preferable to use the android:protectionLevel
attribute set to signature protection. Signature permissions do not
require user confirmation, so they provide a better user experience
and more controlled access to the content provider data when the apps
accessing the data are signed with the same key.
Source: https://developer.android.com/training/articles/security-tips#ContentProviders
Related
I'm trying to implement an API that can add tags to all the existing resources in AWS. I can't use AWS CloudFormation approach for this.
Is there any common API/SDK approach to add custom tags to the existing AWS resources by passing the resourceIds?
What AWS resources do you mean. Do you mean an object in an Amazon S3 bucket? Many Service SDKs expose a Service client that lets you perform tagging operations. Consider the S3Client service client, which is part of the AWS SDK for Java V2.
This service client has a method named putObjectTagging that lets you tag objects. Likewise other service clients have similar tagging methods.
I didn't get any common API/SDK to add tags to different AWS resources. But Here is what I got it and used for my requirement.
Search for Resource Groups & Tag Editor in the AWS Console and go to Tag Editor section, you can see an UI to select resource types and option to add new tags for a region. You can select multiple resources based on the region and resource type you choose and apply the set of tags together in a single shot.
I have several multi module spring web application each application like below, each of them differently develop no inter - connection.
war
|...webModule
|...coreModule
I want to integrate them with one admin module with security settings.
How can i do that?? is their any frameworks for that??
I go through the OSGI approach but it has lot migration work. What about component based (I never do that)... Can any one suggest some way to create my integration application which can handle common login & security for other sub application ? (need single sign on multiple war solution)
I strongly advise reading up on the Angular JS and Spring Security series, especially related is the https://spring.io/blog/2015/01/20/the-resource-server-angular-js-and-spring-security-part-iii
The approach that they describe seems completly viable for you. Key points
Spring Security uses the HttpSession to store authentication data by
default. It doesn’t interact directly with the session though: there’s
an abstraction layer (SecurityContextRepository) in between that you
can use to change the storage backend.
After authenticating through your admin module you should store your authentication data into a storage accessible to all your other modules, and using a session id as a key for the data. You can easily achieve this with a help of Spring Session where you can use an out-of-the-box supported Redis as your shared storage for authentication data.
Finally, the key will be set inside a custom header of the requests that target other modules, which will use this custom header and a changed session strategy to pull the authentication data from the storage and authenticated the user
There are quite a few details behind the approach, but the series come with the sample implementation so you should be able to find your way
If I had an application that stored information in its datastore. Is there a way to access that same datastore from a second application?
Yes you can, with the Remote APIs.
For example, you can use Remote API to access a production datastore
from an app running on your local machine. You can also use Remote API
to access the datastore of one App Engine app from a different App
Engine app.
You need to configure the servlet (see documentation for that) and import the appengine-remote-api.jar in your project (You can find it ..\appengine-java-sdk\lib\)
Only remember that Ancestor Queries with Remote APIs are not working (See this)
You didn't mention why you wanted to access the datastore of one application from another, but depending on the nature of your situation, App Engine modules might be a solution. These are structurally similar to separate applications, but they run under the same application "umbrella" and can access a common datastore.
You can not directly access datastore of another application. Your application must actively serve that data in order for another application to be able to access it. The easiest way to achieve this is via Remote API, which needs a piece of code installed in order to serve the data.
If you would like to have two separate code bases (even serving different hostnames/urls), then see the new AppEngine Modules. They give you ability to run totally different code on separate urls and with different runtime settings (instances), while still being on one application sharing all stateful services (datastore, tasks queue, memcache..).
We are looking to use OpenAM/OpenSSO to act as a SSO provider. We need, however, to have OpenAM use our mongo datastore under the hood to manage its authentication needs.
With this in mind, I found this: http://www.badgers-in-foil.co.uk/notes/installing_a_custom_opensso_identity_repository/ which looks promising.
Apparently, this should allow me to add an "Access Manager Repository plugin", but I have since read this:
The Access Manager Repository plugin
is also called amSDK or legacy SDK as
it provides downward compatibility to
work with the existing Sun Access
Manager 7.x version deployment
identity stores. This repository is
tightly coupled with the Oracle DSEE
server; hence, will not work with any
other LDAP servers.
This makes me wonder whether this is really what I want to create, being as though I dont want to be tied to Oracle DSEE server (whatever this is).
Basically, where should I be looking to implement a custom Identity provider for openAM?
For a custom identity repository, specifically, this is likely what you'll want to do:
Develop and Deploy a Custom IdRepo Plugin
https://wikis.forgerock.org/confluence/display/openam/Develop+and+Deploy+a+Custom+IdRepo+Plugin
I'm also doing this for MongoDB - hopefully it will go well. If the logic of your login process is sufficiently unique, then a Custom 'Auth' module is necessary. I like keeping the data access layer separate from the auth process, however -rather than having connect statements in the Auth module.
See section 16.3 and beyond in the OpenAM Developer's Guide, http://openam.forgerock.org/doc/dev-guide/index/chap-identity-repo-spi.html
You can write a Custom Authentication Module in OpenAM.
This is an easy way to authenticate users against a custom datastore. You need to configure callbacks (Eg. username/password) which you need to process in a custom written com.sun.identity.authentication.spi.AMLoginModule. The runtime values for these callbacks will be provided as input to process the login module. Based on those values, you should decide whether the user can be authenticated or not.
I am developing a Data Modeling Software that is implemented in Java. This application converts the textual data (stored in a database) to graphical form so that users can interpret the data in a more efficient form. Now, this application will be accessed by 3 kinds of persons:
1. Managers (who can fill the database with data and they can also view the visual form of the data after entering the data into the database)
2. Viewers (who can only view the visual form of data that has been filled by managers)
3. Administrators (who can create and manage other administrators, managers and viewers)
Now, how to implement 3 diff. views of the same application.
Note: Managers, Viewers and Administrators can be located in any part of the world and should access the application through internet.
One idea that came in my mind is as follows:
Step1: Code all the business logic in EJBs so that it can be used in distributed environment (means which can be accessed by several users through internet)
Step2: Code 3 Swing GUI Clients: One for administrators, one for managers and one for viewers. These 3 GUI clients can access business logic written in EJBs.
Step3: Distribute the clients corresponding to their users. For instance, manager client to managers.
=================================QUESTIONS=======================================
Q1. Is the above approach is correct?
Q2. This is very common functionality that various softwares have. So, Do they implement this kind of functionality through this way or any other way?
Q3. If any other approach would be more better, then what is that approach?
no
no
yes
Making different clients for different security roles is a :
security hole - what if a viewer obtains the administrator version?
hard to maintain
The way to do this is:
make the data transferred to the client dependent on a security check
also make various parts of the UI visible/enabled depending on that security check
the security check is made on the server
the security check depends on the currently logged user
the user logs in on startup, using his credentials (username/password or digital certificate)
the security roles (administrator, moderator, viewer) are stored on the server side.
Then, if needed, you can extend the security model by adding:
differentiation between per-user and per-role rights
rights on specific resources
transitive rights
permissions for specific actions
But such a complex user rights and security model is perhaps not needed in your application.
I agree with #Bozho except for the following:
make various parts of the UI visible/enabled depending on a security check
You actually need to make sure that unwanted access to the data, etc is blocked on the server side, irrespective of whether the client-side UI is visible / enabled. The reason for this is that any client-side UI disabling code can be subverted. Indeed, a bad guy could even entirely bypass your UIs and reverse engineer the application-specific protocols between your client and server code.
This is not to say that you shouldn't also disable / hide parts of the UI that the user is not allowed to use. It is just not a good basis for decent security / access control.
(UPDATE : #Bozho has ammended his answer now to add server-side blocking to his list. So I now agree with it entirely. )
I agree with Bozho. Another points with the three client approach is: what if the user somehow figures out how to send the operations which isn't available in his client? What if the same user has two roles (hence is required to have two clients). And of course you will have plenty to do maintaining one client...