I am starting to think that there are no OAuth libraries that I can use with BlackBerry mobile devices. The only possibility I have found is the following, which I have yet to look into with detail:
http://github.com/fireeagle/j2me-oauth
So, my question is (assuming there are no other libraries), what is a work around for this? Would it be possible to have my application use an embedded browser, and do the authentication via javascript or php or something like that, and then find a way to pass the authenticated token to my application? I want my app to be a native Java application on the BlackBerry, I don't want it to turn into a complete web application that just displays in an embedded browser. Any thoughts?
Maybe you want to look into
signpost and signpost old site
Or this one
http://bazaar.launchpad.net/~brightkitemobile-dev/brightkitemobile/trunk/files/head%3A/trunk/src/com/orangatame/mobile/oauth/
Related
I understand that openid is generally used for browser-based application. However, I am building a java desktop application. I would like to use openid. How is it possible. One way that it could be done would be to integrate a java web browser such as http://lobobrowser.org/java-browser.jsp and capture the return url. But that seems to me like the hardest solution. Is there a library that can help me do that.
My goal is to use the return url from the openid provider, say google, as a secret key to encrypt local data. The returned url contains a unique access/confirmation key.
What are the security considerations in doing this?
Either of the following libraries look like they will probably do what you need:
http://code.google.com/p/openid4java/
http://code.google.com/p/joid/
I want to create little Java application which can interact with secured website.
We have Railway site (https://irctc.co.in)
I want to create a console application from which I can send the usename and password to site as web post method and the result can be converted into console format.
Instead of opening the site in web browser, i would like to make it simpler using console window by avoiding other web elements and ads etc..
is it possible to do in Java? Please guide me.
I see two ways to do that. The first one is to implement java app based on top of HTTP request-respond engine. In this way you do not have to make any changes in your web-site but processing HTTP responds could be complicated due to design features. The second one is to create simple front-end service on Rails for special cases and interact with in your console app. For message format you can use JSON for example. This way IMHO is more suitable. Both way suggests use of HTTP libs stack, Apache has it there http://projects.apache.org/projects/commons_httpclient.html
I'm looking to roll my own simple user authentication as part of a iOS / GAE app. I'm not wanting to use 3rd party libs such as spring.
I have an iOS client from which I'd like to offer the option to create a profile (hashed UDID, password). Store the login details (keychain?) and auto-login to GAE each time my App starts.
I'm thinking simple HTTP basic-authentication. B64 decode (GAE API for this?), then use the hashed UDID as Key into my various datastore Entities via low level data store API. Then generate some kind of unique session ID (GAE API for this?) to pass around as a URL parameter.
I have fairly good Java/Objective-c experience, but it's my first 'cloud' type app and I have a security concerns about the above approach. Not least because I didn't find any java examples of solving what must be a fairly common problem, which makes me think I'm missing something :)
Some things I'm not sure how to solve;
The URLs could easily be 'network sniffed' or 'binary scanned' from the App opening me up to the possibility of DOS/GAE app abuse.
Is it worth to try and secure the traffic via HTTPS, and is there a way to do this between iOS and GAE (I've never used SSL)
Could I combine this approach with an administration page that would use google authentication.
Does GAE have any built in DOS protection or would I also need to combine that into my authentication approach?
Without GAE threads how do I invalidate a session after a certain amount of time, taskQueue?
I'm new to GAE and excited to get past this first hurdle, so any tips advice is much appreciated!
Some of my experiences though I'm using python you might find some of the observations I make helpful:
You might want to consider OAuth 2.0 as authentication model since it works with most providers.
I first chose a Javascript / OpenID + custom login and now I use serverside OAuth 2.0 + custom login. (I had considered using http://www.janrain.com/ if you're thinkning altenatives to rolling your own.)
A third option for you is to take a custom authentication that is already included with a Java CMS for app engine that already has an authentication system.
You can make a completely custom /admin interface completely separate from the user experience so app engine will be preferable for you since it gives you a lot of control over the code.
If you want to look how a larger Java CMS for GAE does it then you could check in http://www.vosao.org/
I'm working on a web-app using Google App Engine with GWT, and I need to use Google API's (Google Calendar, Documents and so...).
As I know, I must configure a domain with Google to set my domain as callback of an OAuth Authentication. Am I right?
If so, am I forced to deploy on GAE to test? I mean, I can't run locally because my localhost can't be a valid callback.
Do you know any way to debug locally even using Google API's?
I have recommended to config a DynDNS, but isn't a solution in short term (incompatible router)...
If you use AuthSub instead I don't think you need to register a domain. The user just need a google account.
I have in the past used AuthSub together with Google Docs/Spreadsheet APIs on GAE and also been able to test it locally.
I can unfortunately not give you my code and exact solution (it was a while ago). But one of the samples I used extensively to base my code on was the FetcherServlet, check this code out:
http://code.google.com/p/google-app-engine-samples/source/browse/trunk/retrieving-gdata-feeds-java/src/com/google/appengine/demo/web/FetcherServlet.java?r=122
Also, I guess you might already have read this page (but their FetcherServlet uses OAuth, not AuthSub), so maybe just use it for some background info:
http://code.google.com/appengine/articles/java/retrieving_gdata_feeds.html
I am new to appengine. I will write application which consist of two parts.
1) Core written in app engine with REST interface for clients.
2) Client application written in J2EE on my other (not appengine) server. But here, client may use any other technology (android, swing etc.)
I dont know, how to handle authentication of users in this schema. I think that I am in the middle between standard login and installed applications.
The simplest solution that occured to me, that the client will request username+password, pass it to appengine application via https and it will authenticate.
But dont know how to synchronized the login with client app, because it will need also data from google applications...
Is there any solution or pre-prepared facility in Java how to handle this?
Thanks
You probably want to use OAuth for this; client login or using username+password is not a good way to do this, and informed users will be -- or SHOULD be -- hesitant to give away their passwords. There is a page for using OAuth within AppEngine applications written in Java which may be of use. There is also some support for Oauth in the GData client library for Java. The OAuth in the Google Data Protocol Client Libraries document may help you to understand how to use those features.