I am trying to learn WSO2 but have been stuck at a minor step which i believe should be quite easy to do. While creating a new api i need to give the production endpoint. What i want to give is the url along with the port as well. So it should be something like this:
Production Endpoint : http://localhost:9000
However this gives a invalid url. How can i specify port along with it. Please help. I have tried to go through the docs but could not find anything. I am doing these through the admin UI available at http://myip:9443/publisher.
Please advice
Edit: Adding image for clarity
The Test button will send HTTP OPTION request to the endpoint, and if the endpoint supports HTTP OPTION request, then it will be shown as Valid, otherwise, it will be shown as Invalid
As far as your backend point support the HTTP method you need, you don't need to worry about this Test button against the endpoint.
Related
Following this post: http://android-developers.blogspot.com/2016/01/play-games-permissions-are-changing-in.html I have obtained a single use authorization code for use on my backend server as follows:
import com.google.android.gms.games.Games;
//later
Games.GetServerAuthCodeResult result = Games.getGamesServerAuthCode(gameHelper.getApiClient(), server_client_id).await();
if (result.getStatus().isSuccess()) {
String authCode = result.getCode();
// Send code to server...
This seems to works fine, but it presents a question:
1) getGamesServerAuthCode and GetServerAuthCodeResult are marked as deprecated. Why? Should I be using something else instead?
2) How would I do something equivalent in an non-Android installed Java application? I am able to obtain a token on the client application, but I also need to obtain a single use code to pass to my backend server like above. I can't find an equivalent function to get a Server Auth Code. (using com.google.api.client.extensions.java6.auth.oauth2)
I am basically trying to follow this flow: https://developers.google.com/games/services/web/serverlogin but in Java, NOT Javascript. I am attempting to do this in an Android app and a desktop Java app.
1) Yes, in Android use GetServerAuthCodeResult although it is still marked as deprecated. It is the recommended way from Google and it seems they have only forgot to remove the deprecation annotation when releasing to general public.
2) For desktop applications you can follow the instructions here: https://developers.google.com/identity/protocols/OAuth2InstalledApp
Basically from your app you open the system browser (embedded webviews are discouraged) and make a https request to the https://accounts.google.com/o/oauth2/v2/auth endpoint. In the request you supply a local redirect URI parameter i.e. http://127.0.0.1:9004 (you should query your platform for the relevant loopback IP, and start a HTTP listener on a random available port). The authorization code will be sent to your local HTTP listener when the user has given consent or an error such as error=access_denied if the user declined the request. Your application must be listening on this local web server to retrieve the response with the authcode. You also have the option to redirect to a server URI directly claimed by your app, see docs on link above. When your app receives the authorization response, for best usability, it should respond with an HTML page, instructing the user to close the browser tab and return to your app. Also, if you want the Games-scope make sure you are using the https://www.googleapis.com/auth/games as scope in the request, example below, with line breaks and spaces for readability.
https://accounts.google.com/o/oauth2/v2/auth?
scope=https://www.googleapis.com/auth/games&
redirect_uri=http://127.0.0.1:9004&
response_type=code&
client_id=812741506391-h38jh0j4fv0ce1krdkiq0hfvt6n5amrf.apps.googleusercontent.com
Please note that I think you'll have to create and link an app of type other, in the Google Play Developer Console linked-app, for the localhost redirection to work. Use type Web if you plan to redirect to server URI directly, add your server URI to Authorized redirect URIs in the API Manager under section Credentials.
Browser screenshot:
There is finally a proper answer to part 1) of this question!
In the release notes of gms 10.2.0
https://developers.google.com/android/guides/releases#february_2017_-_v102
the new method of obtaining a server code is described. A good example of how to do this is provided here:
https://github.com/playgameservices/clientserverskeleton
I ended up updating Google's baseGameUtils to follow the example above.
Still not sure the proper way to do this for part 2) of the question, at the moment I am sending the token to the server which works but is probably unsafe.
As part of current caching system, we are trying to fetch twitter share count for our site url using "https://cdn.api.twitter.com/1/urls/count.json?url=" . We call this API from Spring Java Rest Controller. This Api works fine for few attempts for the same url. But many time this is throwing timeout exception even after retrial.
We tried to run curl command on above API for same url from APP server and we see the same behavior. Do we know, why it is happening. Does twitter blocks server Ip address if many requests comes from same server. Is it the right API to get count for a url or do we need to use different API.
Any help in this regard will be great.
Thanks
Amit
I just found one solution to do that.
API URL : https://api.twitter.com/1.1/search/tweets.json?q=www.myABCwebsite.com
Look for the following field under "statuses" object.
"statuses_count": 6400,
I have an app and a server side service which my app communicates with with JSON.
I need to impliment security so that if someone gets hold of the urls they will only be able to just call them.
I know i need to use Oauth2 but I don't know how to exactly.
I have read this and it seems to be what I want but it's using google accounts.
Can anyone give me an example or steps I must take to make sure only my app is able to get a response from my server?
You can add accesstoken for each http request.It can be just a string.
As you know, if you want to use oauth/oauth2, you should implement your oauth server. And if you really want to do so, you could find some opensource project. But in a simple way, just add a app code(like the accesstoken, anything just used to identify your app) manually to each http request. in this way, if others know your app code, they are also able to send request to your server.
Why can't I make a get request from the back end to google's Query Suggestion Service using Java?
I want to make a get request to this service Google: Query Suggestion Service /suggest Protocol.
so that I can get a response which would list suggested queries. It seems like this library is only for front end javascript applications though because there is a paramater 'client' which needs to be provided. If I set it to chrome and make the request via chrome it works fine. But if I try and make the request using the default in java I don't get anything back.
If this is not possible is there any other tool that does a similar task?
I just had to set my User-Agent to the same as my browser using the setRequestProperty and it worked.
We are facing a peculiar issue at the moment and we have no clue what is causing this.
We have a web-service hosted on serverA.
When this web-service is invoked from serverB (using the command, curl http://serverA:8008/service/getId), we get the required response. (the web service returns an Id which is an integer).
When the same web-service is invoked from serverC, we get the required response but the digit 2 in the response is getting replaced by _ .
For example, we get 5002 when the web-service is invoked from serverB.
When the same web service is invoked from serverC, we get 500_
We checked the wireshark details from serverA and the data going out from serverA is the same for both the servers.
We have no clue at the moment why this is happening. I would like to add that serverC is in DMZ while serverB is not.
Any input/help in this regard is highly appreciated.
by gather the facts that
1. Server doesn't change the response by its own.
2. Web Service is giving the same response for the same input.
only culprit is your firewall, can you stop it for testing purpose and see if the response is coming as expected. OR
Try to check the firewall settings and create a hole/exception for web Service.
Thanks everyone for your efforts, the issue is now resolved. It was an incorrect firewall rule that was causing this. I asked our network engineer how the firewall setting can alter http response body and following is the reply I got:
For certain protocols the firewall does deep-level packet inspection,
so rather than just check the port number it actually looks into the
payload. This allows it to block malware, malformed packets that might
be exploiting a vulnerability and the like. So it know what to inspect
you have to specify in the rule what the traffic is, so you say it’s
on port 8008 and it’s HTTP. The problem was that for some reason this
rule had been set to use port 8008, but the traffic type was set to
passive mode FTP rather than HTTP. Once I corrected it to HTTP, it
started working.
Try putting ServerB in DMZ too and see what happen.
If it acts the same its a network issue.
If not you might have 2 different versions of code on the servers.
This sounds to me like you have special characters in your URL and they cause the overwriting of the port number, but only if the characters are recognized in the character set. Can you use a hex editor to check the URL for special characters (backspace, specifically)?
I can't solve your problem, but look for any transcoders on the path.
Send request from server C to server A.
1) wireshark at A, to see if it receives request correctly. A possible transcoder may convert host-less urls to host-ful ( GET /service/getId to GET http:// serverA:8080/service/getId), or may drop Host header etc. But if you see nothing wrong here proceed to step 2.
2) wireshark at B, to see if response is valid. Look if Content-Type is set correctly. If set correctly, and still getting manipulated try adding header Cache-Control: no-transform. Many transcoders respect that. If this also fails and can't remove any possible transcoders, viruses you may have go to step 3.
3) Just go https, it is immune to such things.
This is a feature of Apache, designed to hide parts of the HTTPresponce.
I did not see a fix immediatly, and do not have the time to look right now. I'll try to edit one in later.
If you want to try to find it, here is the link to the documentation: http://xianshield.org/guides/apache2.0guide.html
use [Ctrl] + [F] to find this statement (without qoutes) "Configure and build the Apache Server"