I read in the google app engine backend documentation for java and it's said that we need to give the url for the backend to be _ah/start. Is the java backend url-pattern in web.xml needs to be _ah/start? Can I change that into my custom url name?
Thanks.
From the App Engine documentation:
A backend instance can be targeted with HTTP requests to
http://[instance]-dot-[backend_name]-dot-[your_app_id].appspot.com,
or at your application's custom domain.
So you can use whatever domain is configured for your app. _ah/start is a way to start the backend, i.e. a simple request sent to:
backend1-dot-myapp.appspot.com/_ah/start
will start the backend. You don't have to do it - you can send any request to a backend, and the App Engine will start it for you if no instances are running.
Related
I'm starting a new project with Spring boot as backend and React.js as frontent.
Right now I'm struggling with Login/Authentication issue. I would like to provide Account-Kit from facebook but have few queries.
One of them is from where should I create a request to FB sdk for access token? Should it be server (spring), or react which then posts that data to server? Is it possible to call Accout-Kit from java?
I'm quite new to the topic and would be grateful for any answer.
You should call AccountKit from your client side js. For additional security, you can use code flow (instead of token flow) and pass the code to your server side. From there you can make a REST call to the Graph API and exchange that code + app secret for a token from server side. There is an example on the documentation that shows this flow using node.js, you should be able to make some server side changes to make it run on your setup.
Also, have you tried using react-account-kit-web?
I have an app which allows users to sign in and then passes their sign in information to the app of their choice. All the apps are written in Java and use Struts 2 and run on Websphere. What is the most secure way to pass in the sign in information? I can pass it in the URL using HTTPS but that still leaves the information available in the browser history.
EDIT:
The sign-in app actually calls a web service which registers the user which collects their personal information, verifies their identity and passes the information back to the sign-in app. The web service stores all of the registration information. I would like to pass all of the registration information to the app so the user does not have to reenter it and to insure the information stored by the web service is identical to the information stored in the app.
You should configure both apps to use Single Sign On.
Here's a tutorial for Websphere.
http://www.redbooks.ibm.com/redpapers/pdfs/redp4192.pdf
If you pass sign in information via https it's secure way. Don't pass it in url however. Use http post method to submit this information to the application. But because you use a web service to register/authenticate a user then you need invoke this web service from you application using http client, etc. If you invoke the service from the client you application never know if the user is registered/authenticated.
Recommended to use some security framework i.e. Spring Security which allows to use different methods for authentication/registration/authorization. It requires integration struts2 with spring via spring plugin.
For the rest see How to integrate Spring Security and Struts2. Or read the book Spring Security 3.x Cookbook by Anjana Mankale.
I'm trying to create native Android app with MBaaS e.g. on parse.com where clients could enter some data. The thing is that I would also like to create some admin side web app (e.g. in Java SpringMVC) which could read that user related info from MBaaS service. Is it possible to connect SpringMVC app to MBaaS service? If not, what are my options?
Parse.com has REST API to access your data, so you can write separate web application with admin interface and fetch data from Parse.com via REST API.
But remember that Parse.com won't host your Java application. You'll need to host it on your own.
I want to get push notification from google calendar into my java app engine backend servlet. My question is, do I need to verify my java app engine backend servlet (which is hosted on google app engine server)?
Thanks.
Yes, you need to verify the domain even if it is hosted by Google App Engine. Remember to always use HTTPS otherwise you won't be able to do it. To verify the easiest way is to create a static HTML file that points to the same file name in the root of the application.
Apparently it can't and I tried using HTML file and meta tag method without any luck to verify my app engine backend site.
I have a django front end which the client will log into. media streams selectable from the django ui will be served from a wowza server. The wowza server needs to know that the user has permission to view the media resource.
Wowza supports java packages so I can insert user authentication into my wowza app to control access to media resources.
I own/control both servers, so I can configure a secure connection between them.
I think i should be looking into something like Oauth to pass credentials, but I am not certain as I have never looked into how to pass user authentication between two web services before.
So I think my question is: Is Oauth the appropriate mechanism to use? and if so, whats the basic requirements in terms of the django package and Java pacakge to use?
Or, is a single sign solution like this one more appropriate SSO (Single sign on ) in MVC
What do not try RemoteUser backend to authenticate and use http info from REMOTE_USER variable?