I am trying to implement a MySQL database that is accessible via REST APIs. In order to do so, I am running a dynamic web project within a Tomcat 8.0 Server.
However, now I am looking to implement some form of authentication that has to happen before a client (i.e. an Android app) can have access to the APIs. I have been reading up on OAuth 2.0, and it does appear to be what I am looking for.
Based on the article that I have been reading (http://tutorials.jenkov.com/oauth2/authorization.html), it appears that a separate OAuth server has to be running. The question is, how can this be done? I am currently using Eclipse to compile and start my local Tomcat server. Do I have to create a separate server in Eclipse? Once the permission has been granted, does the client need to interact with the OAuth server in order to access the database data or does it interact with the Tomcat server that I am running?
Related
I am currently building an android application for my final year degree project but at the moment I have very basic login functionality.
At the moment it is just a username and password stored in a MySQL server, the program fires off a request which runs some PHP to check to see if the username exists in the table and the password is correct. This won't be anywhere near secure enough, I just wanted a placeholder while I got on with other parts of the app.
I've been looking at existing frameworks which can provide secure authentication/authorization as well as session management so the user doesn't have to constantly log on whenever they re-open the app. Apache Shiro (https://shiro.apache.org/) sounds like a potential solution but I've had a good search on Google but haven't found any examples in which it is used for Android projects.
Does anyone know if it is possible to use it for Android Apps? Or if there are any decent alternatives?
Thanks,
Mike
A security service is deployed in a "remote" machine (the server). Your Android app (the client), when a user tries to login, sends a POST to a "/login" endpoint exposed by the server. If successful it will reply with a cookie that the client will use in the further request to identify its session. It is not difficult with a maven project Spring and Shiro libraries, but you need to implement at least a simple WebApp (expose /login, use shiro to verify the credential) deployed in a separate server. If you are ready to write two java app Shiro is a good choice.
I am building a java Rest Service that is located on the same server as a .Net application. The client is hosted within the .Net Application but it communicates with a Java Rest Service. We need some way of accessing the Users Session data in .Net without altering the .Net code. So my question is...
If the java Rest Service app is located on the same server as the ASP.NET app. This means ASP.NET is saving the users information on the servers memory. If we have the Session ID. And its past to java, is it possible for Java to retrieve that information in memory by using the Session ID ?
In general what are my possibilities.
The java application and the ASP.NET application are both on the same server and on a windows server.
Thanks
We want to realize a SSO-infrastructure with some IBM Domino / Websphere products and one custom web application. All IBM products are configured for SSO. Therefore, the WebSphere Application Server 8 generates an LTPAToken2 after successful login in one of the IBM products. We want to achieve the same behaviour for our own custom web application. After login into this web app, a LTPAToken2 should be generated.
Therefore my question: Is it possible to generate a valid LTPAToken2 in our custom web application? Or maybe, is it possible to use the WebSphere Application Server APIs for this generation? Which steps would be nessecary to achieve this? At the moment, our custom web application is not hosted in a WAS, but on a Tomcat.
Thanks and best regards
Ben
As long as you have your application hosted on a tomcat server that is not possible. There is no open API from IBM for creating LTPA tokens.
If you would have had the same user directory and using standard Java Security Mechanisms you could move your application to WAS, where SSO is configured. Not only would it be possible, your LTPA tokens would be created on login to your web application without any further configuration.
As it seems have a solution with two different user directories, sharing the same user id but not the password, you need to take other measures to achieve SSO.
One is to have an Access manager software which handles login for all your applications,
A second solution is to write some custom code. Login into the tomcat server could generate a custom cookie. You need to write code to generate this cookie. Then you can write a TAI to intercept it on the WebSphere server thus accepting the login. The TAI would be configured in the container rather than in a separate application itself. (example)
I also assume you could solve this by writing servlet filters to handle the login, rather than a TAI.
If your Tomcat app is on the same domain as (one of) the WebSphere servers, and the Tomcat server has network access to the WebSphere instance, you could have a servlet in your Tomcat app accept credentials on its request and pass them in an outbound http request to something like /<secured app>/j_security_check on the WAS instance, record the LtpaToken2 if successful and then add a cookie with its value in the servlet response on Tomcat.
As long as the two servers are on the same domain the browser will send the cookie back if the Tomcat app links/redirects the user to a secured URI on the WAS app, and you have SSO.
I've read some articles on the Internet that this is not possible. To communicate own SQL database that is located on other server from GWT application. Jetty doesn't allow it.
I found a way how to perform it but it's not very cosy. I have client and server part inside GWT. The server has to communicate with MySQL database on localhost. So I've written an ant script to build a war that I can launch on Apache Tomcat server. It works perfectly there but I'm not able to debug the code effectively.
Do you have some advices how to perform this task? I was thinking of writing the clienty only in GWT and find some waz how to communicate my own server written outside the GWT. I've found Apache Thrift for GWT but this edited library of thrift seem not to work properly.
Thank you very much for your answers:)
It is possible to communicate with a database from a GWT application. The client side has to call the methods of the server via GWT-RPC, which can communicate with any database.
Maybe Jetty does not support it (have not tested it personally) but you can develop your web application using Apache too. There you can access the database the same way as from any web application:
You will need the mysql-connector-java-5.1.20-bin.jar file (downloadable from: http://dev.mysql.com/downloads/connector/j/ ), and restart the server added to the $CATALINA_HOME/common/lib directory.
OR added to the WEB-INF/lib folder of your web application.
You can find tutorials online of how to develop an application using Tomcat instead of Jetty. For example: https://wiki.auckland.ac.nz/display/BeSTGRID/Deploying+GWT+to+Tomcat+in+Eclipse
Reshi, stop and think about how applications really work. Nobody provides web pages with javascript to read/write databases, that would be crazy and unsecure. Servers are always in themiddle of all communication in this case. You need to create services that run inside your server, one of these services will be a database layer.
Javascript cant create network connections and read/write binary data, thus it would be insane to attempt to get the gwt compiler to compile any jdbc drvier and more.
Jetty does NOT stop us from connecting to a database. All you have to do is to follow the MVP model way. Although MVP is better bet against all hurdles, at a minimal point, you would have to try not having SQL code on the client package.
I want to run a standalone java application on a remote server. It would not be accessible to clients, but would do background calculations and interact with a database and Secure Socket connection to a third party site. It would also interact with a php site.
Do I have to deploy this with JSP, or can I write a standalone application? If so, how would I deploy a standalone java application (jar file) on a remote server? I understand that I must have them install a jvm on the server (not a problem) but then how would I deploy it (if possible). Would I start it with a command line?
I know I have much to learn, but I am not sure how I would access the command line on a remote server. Through the cPanel?
Thanks.
First of all, you'll want to set up some firewall rules to allow access to that server. I'm hoping that you don't expose that server naked to the Internet.
If all you need is database access exposed on the Internet, I don't see why it can't be a secured web app deployed on a servlet/JSP engine and accessed via a web server. You can leverage basic auth for security, JDBC access to the database from the server, and servlets as controllers to accept requests in a nice REST API.
It'll save you the complications of sockets and inventing your own protocol (use HTTP), starting and stopping the application (now it's just a web server/servlet engine), and deployment (send a WAR file).
Does it really must be a 'standalone' application? I think that in your case the best match would be to use Spring container to load your application within some server (tomcat?) and expose services via standard controllers - with Spring you only have to add some annotations on services methods actually.
Then, your php site can interact with these controllers using for example ajax requests.
If your application is written already, you can easily transform it to run within Spring container. It's very non-invasive and promotes usage of POJOs.