Right now I am working on a android app and I am totally new to this.
I want to make sure my web-service is only accessible via my app.
My background is PHP. In PHP I don't need to worry about anything like that, because everything runs on a server.
In case of Java and especially Android programming things are different. Even with encryption. Everybody can just open an APK and see how the web service gets accessed. So is there a way to hide or to obfuscate the access to a web service, so only my app will be able to use it?
For test purposes I didn't add any security or encryption. This is the basic call to a web server I am doing right now:
String url = "http://thisismyurl.com/a.php?action=get";
String result = Web.executeWeb(url);
public class Web {
public static String executeWeb(final String url) {
final StringBuilder sb = new StringBuilder();
Thread thread = new Thread(new Runnable() {
public void run()
{
try
{
InputStream is = (InputStream) new URL(url).getContent();
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
String result, line = reader.readLine();
result = line;
while((line=reader.readLine())!=null){
result+=line;
}
sb.append(result);
//System.out.println(result);
//Log.i("My Response :: ", result);
} catch (Exception e)
{
// TODO: handle exception
}
}
});
thread.start();
try {
thread.join();
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return sb.toString();
}
}
How would I hide this from the prying eyes of hackers? ;-) Is that even possible?
Thanks in advance!
Deploy client authentication using (self signed) certificates within TLS.
This kind of configuration can be enabled on most web servers and Java application servers, and you can normally also configure the web or application server in such a way that you can retrieve the certificate of the private key that the client used to authenticate itself.
Note that HTTPS uses SSL (or now TLS) before any web trafic, so you cannot program this in your application, it does require server configuration.
Check this link on how to configure for Apache 2.
Use your Application's ID ( like IMEI ) as parameter in your webservice call. You need to make a table in database at server side which will store all registered device. Now only these registered device can access your webservice. This is my idea, there should be other idea as well.
Related
I have one unique instance with three war :
Aapp.war
Bapp.war
Capp.war
The Capp need a wsdl endpoint exposed by the Bapp.
I know it's not great, but I need to find a temporary solution without a big refactoring in existing architecture.
The problem is even if the Aapp.war and Bapp.war are deployed, when tomcat begin to deploy the Capp, it lock everything because the bean which instanciate the Bapp Wsdl client does not respond :
#Bean
public WsStorageService getCustomerOfferStorageWSClient(){
WsStorageService wsClient = null;
String wsdlUrlProperty = prop.getCosWSApplicationServicesUrl();
URL url = null;
try {
url = new URL(wsdlUrlProperty);
} catch (MalformedURLException e) {
e.printStackTrace();
}
wsClient = new WsService_Service(url).getWsServicePort();
return wsClient ;
}
I cannot call http://myserver/Aapp or http://myserver/Bapp until the Capp is deployed successfully.
Why ?
I want to connect to elastic search from Java. Elastic search domain is configured in AWS. I am using Jest library for this. Currently i have added my system ip in the elastic search configure access section. So i can access ES endpoint. But this is not the right way of doing it. What are the approches to it ? i know about signing the request but could not find any good reference of how to do it in java. Can anyone give some thoughts ?
This is how my code looks like
JestClientFactory factory = new JestClientFactory();
factory.setHttpClientConfig(new HttpClientConfig.Builder(elasticSearchserverUrl).connTimeout(10000).readTimeout(10000)
.multiThreaded(true).build());
JestClient client = factory.getObject();
Search.Builder searchBuilder = new Search.Builder(query).addIndices(indices).addType(type);
try {
SearchResult result = client.execute(searchBuilder.build());
List<Hit<String, Void>> hits = result.getHits(String.class);
for (Hit<String, Void> hit : hits) {
String log = hit.source;
System.out.println(log);
}
} catch (IOException e) {
}
I'm using SVNKIT 1.8 with SVN 1.8.5 and the SVN protocol to attempt to add files in bulk to my SVN repository. I would like to have one method for adding and updating files and the below code successfully handles both when using the FILE protocol since the editor.addFile(file, null, -1) throws an SVNException. When I switch to the SVN protocol (desired protocol), the editor.addFile(file, null, -1); doesn't throw an exception. Instead the editor.closeEdit(); throws an exception which is not desired. Any ideas on how to use one API for both adding and updating files?
public void addFiles(Map<String, String> data) throws Exception {
TreeSet<String> filesToCreate = new TreeSet<String>(data.keySet());
SVNRepository repo = null;
ISVNEditor editor = null;
try {
repo = openSession();
editor = repo.getCommitEditor("Adding files.", null);
editor.openRoot(-1);
for (String file : filesToCreate) {
try {
editor.addFile(file, null, -1);
} catch (SVNException e) {
editor.openFile(file, -1);
}
editor.applyTextDelta(file, null);
SVNDeltaGenerator gen = new SVNDeltaGenerator();
String checksum = gen.sendDelta(file, new ByteArrayInputStream(data.get(file).getBytes()), editor, true);
editor.closeFile(file, checksum);
}
editor.closeEdit();
} catch (Exception ex) {
abort(editor);
throw new Exception(ex.toString(), ex);
} finally {
closeSession(repo);
}
}
This is a side effect of an optimization in the svn:// protocol. During an editor drive the server does not send any response unless there is an error and as such the client can't tell that a specific action succeeded. I haven't looked at SVNKit's code but I'd bet that you could potentially get the exception from any of the editor methods since the error will be detected in the next editor drive call after the server responds. In this case your changes are so small that the editor drive sending happens before the response from the server can be detected and so you end up seeing the error when you do closeEdit().
The svnmucc command in Subversion has a similar problem as what you're trying to solve. It has a put operation that adds or updates a file. It uses the same technique that Dmitry advised you to use on the svnkit-users mailing list (link1, link2). Specifically running a check_path before determining to add or create the file.
You're not going to be able to do anything better than this because of the way the protocol works.
I'm developing a game in Android. The game has many levels and a Level Editor. So when a user make a level, the data are saving as Xml file. So I want to upload this Xml file to internet to share the other users. I searhed and tried these below codes. But It didn't work. The whole code like this:
String FTP_HOST= "185.27.134.11";
String FTP_USER = "fees0_14042425";
String FTP_PASS ="kadi1sd22";
File f = new File(Environment.getExternalStorageDirectory()+"/kadirGameLevels1/a.png");
FTPClient client = new FTPClient();
try {
client.connect(FTP_HOST,21);
client.login(FTP_USER, FTP_PASS);
client.setType(FTPClient.TYPE_BINARY);
client.changeDirectory("/levels/");
client.upload(f, new MyTransferListener());
} catch (Exception e) {
e.printStackTrace();
try {
client.disconnect(true);
} catch (Exception e2) {
e2.printStackTrace();
}
}
But even if I only use this single line, it still stop running. Did I something wrong with is integration or anything else?
FTPClient client = new FTPClient();
Make sure you have the INTERNET permission in your AndroidManifest.xml:
<uses-permission android:name="android.permission.INTERNET" />
This makes sure your app has the right permission to access the internet.
Also don't put any networking code in the main UI thread or you will likely get a NetworkOnMainThreadException.
Instead put all your FTP-connecting/accessing code into an AsyncTask: https://stackoverflow.com/a/6343299/833647
I was tinkering on android with WMS Layers. One of the services I want to load the layer from is serving them via Https. The wms layer example i found though uses:
InputStream input = null;
try {
input = url.openStream();
} catch (IOException e) {
Log.e(TAG, e.getMessage());
}
Where url is a type URL and is set to a url that uses HTTPS. This throws an error as I suspect I have to set up my certificates or something. Is there anyway to just say accept brute force this to accept the certs? I tried something similar to this in c# and was able to just basically making a call to this:
C# code to make the https work:
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(AcceptAllCertifications);
...
...
public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification,
System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
//this might be useful later too
//http://blog.jameshiggs.com/2008/05/01/c-how-to-accept-an-invalid-ssl-certificate-programmatically/
return true;
}