I want to accomplish this:
https://developers.google.com/games/services/web/serverlogin
with Java instead of javascript. I know the APIs exist for Java, as I already have a desktop application and an Android application that are able to login properly to Google, using Java APIs. Now I just need to figure out how to follow the process described above with regular Java.
This line is particularly annoying:
"If the auth object in my google-signin-callback already has an access token, can I send that to the server instead of performing this additional code-exchange step?
A: No. You should avoid sending access tokens to your server if at all possible. The "exchange a single-use code for an access token" strategy is much more secure and we highly recommend using that approach in your applications."
I have seen things that seem to contradict in several places, including on Google's guides. This seems like it would be the easiest way given what I have working, but I'd do it properly if I could figure out how in Java. I want to be able to access Google Play Games Services on the client side as well as the server side.
1) How do I get a single use token on the client side? (on android and desktop)
2) How do I exchange it on the server side?
Thanks
Related
I've been looking around all morning, and can't seem to figure this one out. I know it's not as complicated as I think it is, and all I need is just some pointers to the right direction.
I have an Android application that takes some user input, sends it to a Java application over the web, and then receives some output based on the input.
My Android and Java applications are ready, but how do I go about sending and receiving the data over the web? I understand that I'll be sending and receiving HTTP requests, but my problem is where I'll be sending them and receiving them from. Do I host my Java application on a Servlet like Tomcat, or do I use something like OpenShift to host my application for me?
I have no trouble with sending some HTTP request from my Android application to the web and receiving some output back, but my problem is that my web service needs to use a Java library to process the input and generate the output. I'm just not sure how I'm supposed to get this data to and from this Java library that needs to be hosted on the web.
I hope my question makes any sense.
EDIT: Perhaps I wasn't clear with what exactly I need help with. I do realize that the architecture I use doesn't really make any difference, but the problem I have is with how I'm supposed to use this architecture.
Let's say I have a registered domain name that I can easily send to and receive data from using my Android application - no trouble with that. But how am I supposed to integrate my Java library with this server? Do I just create an applet and put it on my server? Does my web host even allow Java applets to run?
I guess my question is how I'm supposed to get through the "barrier" between my HTTP request / transport layer protocol and my Java application.
Server architecture usually does not matter. You can use Java, NodeJs, Rails, Python, .NET, etc. You just need an endpoint that accepts a HTTP POST/PUT/GET/DELETE/PATCH verb.
This is more a question of "how do I set up a server to accept input" and its a very large topic in itself. I would advise you look at PAAS solutions like:
Parse.com
Kinvey.com
You can use their tools to build a solution fairly quickly. If you need something custom you'll need to build your backend in the language of choice and host it online via AWS, Google Cloud, Heroku, a VPS or something similar.
I am very new to writing apps so please bear with me :)
I am writing an Android app that communicates with my server to send GET request and get some data from the server and show it to client (android app user).
API URL:
http://myserver.com/get.php
GET data/variables
api: my api key
extra GET variables
It'd be like:
http://myserver.com/get.php?api=XXXXXXXXXXXXXXXXXXX&extra=something&fields=here
So can an attacker see the API key by decoding the app with tools like apktool, smali etc? If yes then how can I secure it?
Note : the answer you are going to read are based on my experience and my research, feel free to comment if my information is wrong. Im not a network architect, but i have some experiences building web services, and did hours of research (because just like you, i dont understand about security at first). I hope this will help you.
Use POST, its safer than GET if you use REST.
Use HTTPS (i know its a little bit more expensive)
Use SOAP, instead of REST if you really need good security (ex : Banking Apps).
Use Dexguard/Proguard so your apps will be hard to reverse engineered.
I am writing an iOS 5.1.1 app for the iPad2 using Xcode 4.4.1. I want to be able to locate a local http server running on Java.
Once I am able to connect to the http server, all I need to communicate with it is the url including the port.
My questions:
1) Should I use Bonjour or a DNS Server running on the http server to discover the http server itself?
2) I need to authenticate the iPad2 user with name and password to work with the http server once I discover it.
I need some help understanding how I would go about accomplishing these two steps including source code if available for the iOS 5 and Xcode 4.4.1.
1) Bonjour is pretty easy to tie in with Java apps. If you're particularly masochistic you can write your own Java-based mDNS (Bonjour) responders (I've done it, it's not rocket science), but the quickest way to get going is to use jMDNS in your http server to advertise its existence. I won't copy & paste the code samples but they suffice for most applications.
On the iOS side, NSNetService is your friend. Fundamentally it involves starting a responder in the background to look for services (i.e. your Java app), then calling a delegate when something appears/disappears:
id delegateObject; // Assume this exists.
NSNetServiceBrowser *serviceBrowser;
serviceBrowser = [[NSNetServiceBrowser alloc] init];
[serviceBrowser setDelegate:delegateObject];
[serviceBrowser searchForServicesOfType:#"_http._tcp" inDomain:#""];
There's a guide that explains it all. The protocol hasn't changed for 10+ years and you count on all modern iOS/OS X versions supporting it. The jMDNS library is pretty well battle-tested at this stage, too.
You might consider creating your own service type if you don't want it to be visible to other apps that search for _http._tcp., although this is just a cosmetic thing.
2) The simplest thing that'd work would be HTTP basic auth; you didn't say what kind of authentication your app supports or how you make HTTP requests on the client side, but this is pretty well covered already.
I am interested in putting a chatting functionality as part of an application.
What I am interested in:
I would like to keep my application instances acting as peers, i.e.
I would prefer not to write also some server module to handle
message communications
I would like it to be able to use it with exising IM accounts. E.g.
someone can use it using his MSN account or any other client
account he may have, same way he would use MSN Messenger or Tor client etc
I googled and found that there are some Java MSN libraries available and also some other libraries that support IM e.g. SMACK for JABBER etc (not sure what that is) but I am not sure if the latter could be used for option 2 I mention.
My preference on 2 is because I assume that this way a user could do chat no matter where he is while in other solution I assume that some network infrastructure e.g. with routable IPs etc would be required. Am I wrong here?
Does anyone have expererience with Java IM libraries? Are for example any issues e.g. with different MSN versions or something?(Don't know if the protocol has been changing often to matter for me).
What would be the best path/option for my requirements?
I would go with a Jabber based approach. Jabber (also called XMPP) is an open protocol with lots of implementations and supports connecting to other IM services via transports. That way you would not have to deal with changes to the Windows Live protocols. You can rely on the open source community to provide that functionality for you.
Edit: It seems, that Windows Live even allows native XMPP access.
If you like, you can always set up your own Jabber server to provide a tighter integration with existing user accounts. In that case you wouldn't need to write the whole server.
I'm currently working on a project that is building a java-based desktop application to interface with a website. We want to incorporate IM capabilities, so we decided to use XMPP.
The problem is our application has other features, and anyone using another client to connect to our XMPP server will cause problems with our website (e.g. our client will be able to send our messages with a certain message type that the user won't be able to use, but with another client they could send those message types).
Is there anyone to either allow only our client to access the XMPP server or prevent other clients from using certain features? I know this is against the idea of open standards, but we don't want to build a proprietary IM solution from scratch.
You are building a proprietary solution, it just might not be completely from scratch, and that's not necessarily a bad thing. But please don't call it a XMPP service unless you are going to support XMPP clients. You will get the same reaction as you get with a "web site" that requires your proprietary browser.
For features that can be negotiated, look at Feature Negotiation and you might be able to get away with saying your server doesn't have a specific feature to other clients, but secretly supporting it in your own. That won't actually block something from being attempted, so it's pretty poor solution.
You can get instant messaging capabilities without building a desktop application (with all of the platform support headaches that entails). Consider Orbited which can give you the instant messaging interactivity your looking for and would make it much easier to integrate on the server.
And just as a side point, there shouldn't be any messages that cause problems with your web site, any more than there could be a URL that causes it problems, or a query combination, etc.
Not sure of all your requirements, but it sounds like you could probably use the pubsub or pep features of XMPP. These are extensions to XMPP that allow you to create specialized payloads that can be accessed on a user to user level (Personal Eventing Protocol XEP-0163). If it is simply a general notification to everyone who is interested, then PubSub (XEP-0060) may be what you want.
These protocols allow for securing access to the pubsub nodes and will not get affected by the standard chat messages, as they are a different protocol.