I have a Rest API deployed on my server, say A. I have 2 web application say www.B.com and www.C.com. Both B and C calls APIs deployed on server A. Now think of small scenario,
User Rob login on B.com and user andrew login to C.com. Now some of
their event trigger to make a API call to server A. My problem is ,
any how will I able to identify that particular request coming from
B.com or C.com.
This information is only in address bar of bowser, but api call is ajax call. Necessary to mention i dont want make any change in java script or front end (on either of application B.com or C.com). Change should be on serve A.
Any hint to solve this will be highly appreciated. I am using Java, resteasy,jboss.
You can set Headers(key value pairs) in making a REST Call
Set some authentication token in the header.
Verify the token in the Server, where the REST API is exposed
Assuming you're receiving the API call from B and C as a HttpServletRequest:
String ipAddress = httpServletRequest.getRemoteAddr();
Then compare the IP address against the known IP addresses for server B and C.
If the AJAX calls come directly from the browser to A then I don't think there's a way to make this work without changing B or C.
Related
I have a few servers that I make REST requests to from my program. They will all have the same response to a particular request.
I accept one ip as argument and make my requests to that server. If I wish to now accept a List<ip>, how do I elegantly switch to the next server in the list when one fails? Looping through the list on every network call seems silly.
Unfortunately I cannot make a REST call with the catch-repeat_to_next_server extracted to one function that accepts an HttpClient with the rest of the request because I'm using a 3rd part SDK to talk to the servers and every request is a chain of method calls.
I can't do this (pseudo-code):
def doRequest(HttpClient client)
for ip in list_of_ips:
try:
client.host = ip
return client.execute()
catch exp:
// move failed ip to end of list or something
throw "None of them worked"
HttpClient c
c.method = "GET /api/employees"
doRequest(c)
c.method = "GET /api/department/:id"
doRequest(c)
Are there any standard ways to solve this in clean way?
I'm using Java and Spring so I am constrained by static typing but may have some sort of Spring annotation magic that I can use that I am not aware of.
How you are making the REST call is not important.
Your psuedo code should be correct even if you need to make a million method calls per REST call.
for ip in ip_list
do_stuff_to_make_the_rest_call
perhaps_note_the_ip_that_was_used
indicate_success
break_out_of_for_loop
catch some_exception
perhaps_note_the_ip_that_failed
end for
if !success
do all_ip_failed_stuff.
procedure do_stuff_to_make_the_rest_call
make a million method calls to get one REST call attempt.
I am writing a service which would store picture associated with registered email. So, other domains would have a possibility to get image of the user by email. The main goal is not to upload it each time as nowadays we have to register almost everywhere and that process is quite annoying.
My application is written on Java and I am using REST API.
For example, user's account information is available by login:
#RequestMapping(value = "/get/{login}",
method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
#ResponseBody
public ResponseEntity<User> getByEmail(#PathVariable String login) {
User user = userDao.getUserByLogin(login);
return Optional.ofNullable(user)
.map(result -> new ResponseEntity<>(
result, HttpStatus.OK))
.orElse(new ResponseEntity<>(HttpStatus.NOT_FOUND));
}
And now, what i want is to send just updated data to the domains which gonna use my service. How could I figure that out? I think I could ask "domain" to provide some information in order to use my service (some king of registration), but what exactly should I ask for to be able to send data udpdates?
In my thoughts they should also provide some REST path where I could send some kind of request that something has changed.
Any help would be appreciated a lot, thanks.
This is essentially a pub-sub model . You publish some information , on various defined events , to whoever has subscribed to it . Look at this as a subset of state syncronisation of the user information across various endpoints.
In your case , the 'domains' you are referring to would be subscribers of your service and the events could be 'itemAdded' , 'itemAdded' etc. You would want to 'push' out the updates ( or whole info) to the subscribers when the event they have subscribed for occurs , instead of them trying to pull this at some frequency ( that would be a lot of waste calls to your server - you dont want that ! )
There are various solutions available that could achieve this . The one I am going to point you to is called Twilio Sync . This would obviously mean that the 'domains' would have to do some changes at their end to subscribe and consume the updates , but I dont see how else could they be regularly updated if they want information pushed.
Send last update date to the endpoint from the domain which
use it. Then check which data was updated after that date and return
appropriate response.
Talking about image, you can always return URL for download but add last update field. The service which use REST service will determine to download it or not.
Also you may need event driven messaging, publish–subscribe pattern (https://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern). Related threads:
How would I create an asynchronous notification system using RESTful web services?
Event Based interaction style in REST
Firebase for mobile apps: https://firebase.google.com/docs/notifications/
I am making a module for a server software that is allowing support for facebook.
The problem is with the callback URL. If one client start the authorization proccess, then another client starts the proccess at the same time, or before the first user finish. How could I check what user finished first?
I need a way to check what client's callback I'm getting. One solution would be to lock other from register until the first one has finished, but I don't want to do that. Is there another way? I have thought about including ?client=clientid at the end of the callback, but I heard facebook only allows the exact url specified in the app on facebook.
UPDATE
It didn't work to add client="clientid" to the callback. Any other ideas?
After some more searchig I figured facebook will allow a parameter: state. (thanks to #jacob https://stackoverflow.com/a/6470835/1104307)
So I just did ?state=clientId.
For anyone using scribe the code is this:
service.getAuthorizationUrl(null) + "&state=" + clientId;
I think there is no problem on adding and GET parameter like client=clientID. Facebook will redirect you to the URL you have specified and using the REQUEST parameters you can check who completed the request. The problem exist if you have specified URL as http://yoursite.com and pass redirect to http://some-sub-domain.yoursite.com or entirely different location.
if you are using the server-side flow then the oauth 2 flow will be:
redirect user to facebook
facebook then rediects the user to your specified callback
your server uses something like curl to get the access token
your server does some more curl to get maybe more user data or update the user's data
my recommendation would be to set a session cookie in step 1 and simultaneously store this session id on your server. then the session cookie will automatically be sent to the callback url in step 2 and you can identify the session in the database this way.
this will work for all service providers (google, twitter, linkedin, etc) and is the preferred way of maintaining session continuity.
Situation : I am coding a web service in which soap client sends the request to web service which will update the database.
Suppose, there is a table project_team_members and service will be updating info of individual team member.
There is a column in table IS_TEAM_LEADER which can have '0' or '1' as value.
Problem: When updating TL info, if I am not sending IS_TL field from SOUP UI (A SOAP Client), it is automatically received as 'false' by default in java code.
How can i know if user is sending it or not, i mean i am not able to send null in case of boolean data-type from SOAP client
Revisiting my own question after so many years.
Giving response to myself at 2012 :)
One option can be, to send whatever is there in the database as it is, back to the server. But for this prior read call is necessary.
Another option is given by Jesse's(comment under question) as an answer/solution
If there is any field, e.g. Foo, there is often an associated
IsFooSpecified property to determine if the value was set or not. If
there an IsIsTeamLeadSpecified property you can access?
PS: There wasn't any field as suggested by Jesse but this can help someone else.
I have to build a web application who shows some data. I will have two kinds of user: register users and anonymous users. Registers users will run the app from the company intranet, and anonymous users will run the app from internet. Registers users will see more data than the anonymous ones.
I need a login form to registers users (to know who is seeing the data), but when an anonymous user will use the application, login form must not show.
In the same web application, the first screen must be a login form, but in some cases the login form must not appear. What is the best way to do that?
I'm using Vaadin (Java framework based on GWT) to develop my app. I think a good way to do that is checking the browser url, but I'm not sure if is the best approach.
Just as McOmghall says. You can get the user's ip by calling:
WebBrowser b = (WebBrowser) getMainWindow().getTerminal().
String ip = b.getAddress();
or (in your Application class):
WebBrowser b = ((WebApplicationContext) getContext()).getBrowser();
String ip = b.getAddress();
Then you can use Jakara Commons Net to check if the IP address is in the subnet of your company (for example 192.168.0.0/24):
SubnetInfo subnet = (new SubnetUtils("192.168.0.0", "255.255.255.0")).getInfo();
boolean test = subnet.isInRange(ip);
Here's another cool solution that doesn't require the use of any 3rd party libs.
Source 1
Source 2
If you have distinction between extranet and intranet, you should check the origin of the connection by IP. Java provides a way to do this, but I don't know if this is possible with Vaadin.