I am very new to creating webservers - and I have had several goes at trying to understand them and write a quick webserver, but it's never quite 'clicked'. At the moment I am under the impression that REST would be most suitable for my purposes (I will explain later).
Can anyone either show me a basic code example in Java (using Tomcat Apache) or a tutorial resource to show how a webserver:
Can be used for security - i.e. pass in some kind of value to identify the client - from their the webserver will either deny or grant access to the client dependant on some criteria - maybe a lookup list.
Once the client is successfully accepted they will be allowed to pass in some more values to the webserver that will be used to write a row in a database table.
Many thanks.
PS - I would have thought there might have been soemthing that comes with Eclipse Ganymede? If someone can confirm?
The best way to write restful resources in Java is via the JAX-RS standard. So I'd recommend you download Jersey which is the JAX-RS reference implementation and check out its examples; its got lots of them. Take an example for a spin then try hacking it to do what you like.
BTW JAX-RS can be run inside any Servlet engine - you just build a WAR and deploy it (there are examples in the Jersery samples) - though Jersey also comes with a small lightweight web server you can use too which is a little easier to use - again there are examples in the distro of this.
I would also suggest that you look at Restlet
Related
I've been asked to look into adding an LDAP interface to an existing Java web application - that is, to make it possible for LDAP clients to connect to the application as if it's an LDAP server. I could write code to listen on a dedicated port and implement the LDAP protocol, and hook that into the existing database... but I'd have to understand the protocol first and then there are potential security issues if I write that from the ground up (not to mention the time it could take).
What I'm looking for is a library of existing code - something that handles the ports and protocols, and lets me focus on writing just the back end. There are plenty of client-side libraries out there, as you'd expect, but I've had no luck in finding something to help with server-side development. So the question is, does anyone here know of such a library that would help with this?
Yes you will most probably find many more client implementations than server, however LDAP is a request response protocol, so with a bit of playing around you should be able to use the same classes and their serialization capabilities. Instead of sending the request you would be receiving it, and responding with the response you would otherwise expect from the client.
You could look at the Apache Directory. https://directory.apache.org/api/
It has an embedded directory server project as part of it, which claims to be extensible and embeddable in your application. https://directory.apache.org/apacheds/
So maybe that could be the answer to your needs.
I would like to program a WebService embedded on my android device (not the client part).
I've been evaluating Restlet Framework (Restlet) but i don't know if I go on the right way.
What do you think? Is that framework viable for my goal?
Any suggestion is welcome!
Thank you so much!
Regards.
You should check whether Restlet is compliant with android,
not just from server side code, but also from client side code (respectively).
This means for example that every JAR that Restlet framework depends on has to contain code that is compliant with Android.
An alternative approach would be to run a simple HTTP server on your device, for example the following nano http server I read about.
Another interesting project you should check is jetty for android which will hopefully give you support for servlet API as well.
Yes, you will have to spend some time on developing mapping requests and building resource handling logic, but that task is not that difficult:
A. You already have Android code for JSON processing -
For example, look here
B. Using the Java URL object you can analyze the URL of the request and understand which resource you should handle (i.e - add resource to collection, fetch collections, etc).
C. After performing the CRUD operation (i.e - store your resource in some SQLIte table), you can send back a response, and once again, composing JSON if needed is easy.
I would like to add a Web User Interface for an existing Java project I did time ago. I learned basics of AngularJS on codeschool.com courses and now I know how to send an http or REST request to get data for my web UI.
My Java project has a set of methods that elaborate some data from a local database and return integers or integers arrays.
The goal of the interface would be to show a bunch of charts and data directly from that Java project.
What would be the most appropriate way to do this? I heard of implementing REST services on my Java project but it seems overkill for the purpose and i'm totally confused by all the frameworks for this. What would you use?
Thanks everyone for your answers!
I would use SprinvMVC to provide data from server to client side.
Here is my project from which you can start and learn basics :
https://github.com/xwid/thaimaster
Basicly you should create spring controllers mapped to urls, by doing it this way, you will be able to retrive server data using angular js.
http://www.javabeat.net/spring-mvc-angularjs-integration/
If you don't want to use a full REST framework such as Jersey, another possibility would be to use an embeddable HTTP server (there are several) and handle the requests yourself. This would mean that requests to something like /myapp/ would return your AngularJS filled HTML page, and requests to /resources/* would provide with REST functionality.
This would give you a standalone Java program that doesn't need a servlet container, but it would be a somewhat hacky solution. Not production grade, but you'd probably learn something from having to handle the HTTP traffic yourself.
With the Spring Framework's SprigBoot, it's quite easy to implement a REST service and have a runnable java application. You can follow this Building a RESTful Web Service guide from spring.io. They are clear and quickly understandable.
Also if you are not already familiar, through these guides you can have a glimpse of gradle and maven as well.
I'm currently working on a web application based on Java EE 7, PostgreSQL and the application server GlassFish 4.
I need to implement a form based authentication, and to secure some URL knowing that :
the users and the roles/groups (whatever they are called) are stored in the database.
I wanted my application to be as "standard" as possible (i.e I am currently using JSF and JPA, and no other framework like spring, struts ...)
After some research, I found that Java EE provided a standard authentication mechanism called JASPIC. So, I focused my research on JASPIC and I read multiple Stackoverflow Q/A and those articles written by Arjan Tijms (It's almost impossible to find a Stackoverflow Q/A related to Java EE without one of his answers or comments, thanks to him by the way) :
http://arjan-tijms.blogspot.fr/2012/11/implementing-container-authentication.html
http://arjan-tijms.blogspot.fr/2013/04/whats-new-in-java-ee-7s-authentication.html
http://arjan-tijms.blogspot.fr/2014/03/implementing-container-authorization-in.html
My question is : will JASPIC allow me to do what I need (form authentication + URL restriction with roles) and is it worth the effort to use it ?
What I mean is : it's perhaps safer and easier to use another mechanism.
Arjan Tijms also says that whether or not using JASPIC is "a kind of chicken-and-egg problem" and if JASPIC is safe to use (It doesn't create more problems than it solves), no matter the amount of code I need to write, I really want to be "one of the first chickens".
I'm using JASPIC for my authentication, but JASPIC has one limitation you need to contend with (if you want things standard). You're limited to having no dependencies outside of the Java EE 7 API. This means access to JDBC resources which require a driver is not a capability that is explicitly stated in the standards.
In my OpenID Connect implementation I used Google as my secure store, which also presents me with the Google login form. That is a larger example of using JASPIC though.
For yourself, you can expose an EJB to the global namespace and use InitialContext to get the EJB. There'd be some code duplication in that you have to copy the EJB remote interface code in two places and ensure the serialVersionIDs are the same on both. The EJB can be used to connect to the JPA resources to get your authorization data.
Use EJBs, because the other two options you may think of are REST and SOAP which would be exposing something on your web ports and would require some extra configuration to prevent unauthorized access or require they be placed on a different system.
A simple JASPIC implementation I created in case you want to learn is the HTTP Header JASPIC module which is intended for integration with more complex systems like SiteMinder.
I do no know JASPIC but may I suggest you take a look at the shiro framework
It let's you do pretty much everything you need based on your post with minimal configuration.
For Form based authentication and authorization, you need JAAS. go through follwing url-
linK
I am working on a project where we'd like to pull content from one of our legacy applications, BUT, we'd like to avoid showing the "waiting for www.somehostname.com/someproduct/..." to the user.
We can easily add another domain that points to the same server, but we still have the problem of the someproduct context root in the url. Simply changing the context root is not an option since there are hundreds of hard coded bits in the legacy app that refer to the existing context root.
What I'd like to do is be able to send a request to a different context root (Say /foo/bar.do), and have it actually go to /someproduct/bar.do, (but without a redirect, so the browser still shows /foo/bar.do).
I've found a few URL rewriting options that do something similar, but so far they seem to all be restricted to catching/forwarding requests only to/from the same context root.
Is there any project out there that handles this type of thing? We are using weblogic 10.3 (on legacy app it is weblogic 8). Ideally we could host this as part of the new app, but if we had to, we could also add something to the old app.
Or, is there some completely different solution that would work better that we haven't though of?
Update: I should mention that we already originally suggested using apace with mod_rewrite or something similar, but management/hosting are giving the thumbs down to this solution. :/
Update 2 More information:
The places where the user is able to see the old url / context root have to do with pages/workflows that are loaded from the old app into an iframe in the new app.
So there is really nothing special about the communication between the two apps that client could see, it's plain old HTTPS handled by the browser.
I think you should be able to do this using a fairly simple custom servlet.
At a high level, you'd:
Map the servlet to a mapping like /foo/*
In the servlet's implementation, simply take the request's pathInfo, and use that to make a request to the legacy site (using HttpUrlConnection or the Apache Commons equivalent).
Pipe the response to the client (some processing may be necessary to handle the headers).
Why not front weblogic with Apache.
This is a very standard setup and will bring lots of other advantages also. URL rewriting in apache is extremely well supported and the documentation is excellent.
Don't be put off by the setup it's fairly simple and you can run apache on the same box if necessary.
Using Restlet would allow you to do this. The Redirector object can be used. See here and here for example.
If you instead serve out a JSP page you can use the tag to do the request server side.
Then the user will not even know that the resource was external.
http://java.sun.com/products/jsp/syntax/1.2/syntaxref1214.html
a bit more context for the API the client is working against would help here to give a solution that could work. Are you trying to provide a complete new API totally different from the legacy Java EE app? What artifact is serving the API (Servlet, EJB, REST service)?
If you have the API provided by a different enterprise application then I suppose you simply use a Pojo class to work as a gateway to the legacy app wich of cause can then be reachable via another context root than the new service app. This solution would assume you know all legacy API methods and can map them to the calls for the new API.
For a generic solution where you don't have to worry about what methods are called. I am curious if the proxy approach could really work. Would the user credentials also be served correctly to the legacy system by URL re-writing? Would you have to switch to a different user for the legacy calls instead of using the origin caller? Is that possible with URL re-writing. Not sure if that could work in a secure context.
Maybe you can provide a bit more information here.