I have a third party server that is periodically sending http post request messages to an URL(can be configured). In my application I am reading data by starting a jetty server and listening for data on the configured URL.
Wondering if it is possible to listen for the data sent by the server without starting any server like the jetty?
You can always create a socket yourself and listen at port 80 (or something similar) for HTTP requests. See http://download.oracle.com/javase/6/docs/api/java/net/ServerSocket.html
But there are several problems: Theres a lot of overhead that you need to do yourself. Parse the HTTP request, extract the headers and the body and depending on the headers you need to do certain things like caching, authentication, etc. And that's a lot of stuff you need to implement. Using an existing web server is usually a better idea, since the people who wrote it (usually) know exactly what they are doing.
Another option is the Apache HttpCore library (http://hc.apache.org/httpcomponents-core-ga/index.html). You can use it to write your own Http Server... But again, there's still a lot of stuff you need to take care of ...
If you want to do it for learning purposes, go ahead and implement it yourself. When it is for production, stick with the commonly used web servers.
Related
In Java, I am building a stand alone web service client that manipulates records in a cloud based CRM by using its SOAP API. I generated my classes using the wsimport utility with WSDLs that all have addresses prefixed with https in the port binding section of the WSDL. Is Java handling behind the scenes all the wire-level security simply because the address is https? If so, how can I confirm that the SOAP message is being encrypted? My code does work, and I have not needed to worry about security until now, because I am developing in a staging environment with temporary passwords.
Thank you for your help!
Putting https in the URL will almost always do the trick. Even if your code is not capable of https, the webserver at the other end will almost never allow you to talk in HTTP when using the HTTPS port. At least, I've never seen one that does.
It's not a 100% guarantee that you'd bet your business on, but it is close.
If the code you write works on any website that does require https, you are the rest of the way there in terms of assurances.
You can confirm the traffic is encrypted by running a traffic analyzer aka packet sniffer.
I'm sending JSON data from my Java application to my local webserver with my PHP script that is receiving this message. Now as far as I know I can only view what has been received by for example inserting the data in a database. Is there a way/application to view the live POST requests sent to my PHP webserver?
I like to use fiddler for these kinds of tasks if the java HTTP library has support for proxies. Fiddler will list all information about the HTTP requests that is available. It will by default log all HTTP requests across your system, but can be told to limit to one application.
You can try setting your httpd logging level to verbose or (depending on what httpd it is) try to use extension that would do log all the data send in requests
For debugging purposes why not just write the POST data to a file?
i.e.
file_put_contents(<some filename>, $HTTP_RAW_POST_DATA);
I currently have an TCP Java socket communication implementation in which I have a server that is listening to a port (let's say port 5478). Then I need an Android client to remotely connect to the Java server and send a SQL query, than will then be executed on the server side database and then I want to send a list of results back to the Android client (already implemented with a custom Java class named Result that implements Serializable). I do this by sending an ArrayList of Result to the Android client. The Java server is always listening to the port and supports multiple clients trough multiple Threads. How can I migrate this implementation to a more secure platform and what is the best way to do it? I don't need to respect HTTP protocol to afford this communication. Is Tomcat the best solution?
Thanks
I would use Servlet3.0 as part of tomcat.
Then from android you just have to send http requests to the server using a URL and the servlet can database them. You can also serialize the data as well if you need to.
I hope that answers your question.
~ Dan
//EDIT:
Once you have set up eclipse and tomcat, you can start writing servlets. First - you have to configure the server to use servlets for certain addresses, for example localhost:8080/myServlet - that means that anything you send to local host triggers the servlet. The code for your first servelet looks like this:
public class ExampServlet extends HttpServlet {
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
Your doPost method is what gets called when you perform a http post request on the address the servlet is listening on. Then, all you have to do it put some code in to read the request to get the data out of the message body. Basically you read your request object that gets passed in, and you write to your response object to send the response back to the client. There are plenty of guides out there. I followed something like this to get started:
http://www.coreservlets.com/Apache-Tomcat-Tutorial/tomcat-7-with-eclipse.html
Hope that helps :)
~ Dan
Tomcat is an Servlet container + webserver. If you plan to move to tomcat then you are implicitly moving to http. And yes, if you want a secure communication .. you can create a soap based webservice(apache axis) and host it on https.
I'm not sure how mutch additional security tomcat is able to provide for your application. Two tings come to mind:
Enforcing authentication and some access rules. This is not too hart to implement and heavily depends on the rule quality. However it may help f you use it. It's often replaced by own imlpementations. However, to get securty you need encryption i.e. https. Or it's possible to steel the session and gain the rights bound to it.
Request to file mapping. This in fact somewhat more complicated. You shouldn't code this on your own. It's more complicated than it looks at first sight.
However, one of the biggest security wholes ever is directly executing code you got from somewhere. For example SQL statements. Ok it's secure as long as your databse rights are set perfectly...
Developing a securly encrypted protocol is not simple either.
However, the major win on switching to tomcat (or whatever) might be scaleability for free. And I think implementing servlets is much simpler than programming against sockets. And there are many great to tools fo working with http(s) though ven it might be more complicated than yours, it's pretty simple to deal with.
Unfortunately I can't answer our question. I don't know what's the best solution is. But I think there's at least some potential for wins.
For a web service application, I would like for the server to be able to notify the clients about some events. When a client is launched, he calls one of the WS methods to get some information it needs. Then the server, that stores this information, listens continuously for changes on these information and if there is a change, it notifies the concerned client.
I don't know if a web service is a good solution to my problem? I don't know how it may work concerning the TCP connections, since the server may notify a client after a very long time.
What would be the best architecture to solve this kind of issue?
Thanks
EDIT: I've looked at some discussions that propose to use Comet, but if you think there are simpler and more convenient solution, please let me know. Since I'm starting this project from scratch, I have no limitations.
I can also use a polling model where the clients periodically poll the server for the information they need, but then I need to take into account the load that this model may create on the server. I don't know if web services can support such a load when there are a lot of clients.
I've also looked at the asynchronous functionality provided by Servlet 3.0 but I don't know how it may solve my problem.
Without polling: sockets
With polling and webservices: u should use etag (html).
When a client polls he sends a request with an etag. webservice responds either with 200(ok) and data or 304(not modified). 304 has no body => less trafic
Instead of client polling the server, you could implement a callback method on the client so that when ever server want to publish some changes to the client, the server can use the callback method provided by the client.
I can think of one the two approaches below using web services solution:
Callback: When client invokes the server it leaves its call back url and a id, say correlation id. When the server wants to respond back to the client it will just use the call back url to notify. The Server can use a variety of approaches to process the request asynchronously. Your client need not be a webservice for this, but it should be capable of accepting requests (callback). It can be a servlet etc.
Polling: When client makes a request to the server it receives back a id, say requestid. After specified interval client polls the server with this request id to fetch a response. A reasonable timeout and polling interval based on the processing time would be required.
How to establish a way for Java application to listen to data being sent by php ? Sockets or Http POST ?
Essentially, I have Java application running on another server waiting for certain string data sent by PHP script running on other server.
Any library suggestions or example codes will be appreciated.
I suggest implementing a REST api. If you can't or don't want to, using sockets is the most secure way...
If you are sending FROM php, I recommend using a RESTful API with authentication. Send JSON data, get JSON data back. It allows for better future expansion too.
Your best bet is probably going to be to set up a java servlet "container" (server), such as tomcat (you can pay a lot of money for something else, if you have to for corporate reasons).
http://tomcat.apache.org/
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getReader()
or
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getInputStream()
Be aware there is a bit of work up front, just to set up and host "hello.jsp", but adding the mapping for the "myservice" servlet in web.xml is not too bad.