I have an user which has certain limitations on menu items those can be access by user. I am able to restrict user on Ui from performing not authorized actions. I have a problem to limit user on the server side to protect from making it accessible through various rest clients.
EX: item A has only GET api permission and B also has only GET permissions. I am trying to perform POST for A so my concern is how do I ensure that call is for A or item B.
I am using java8 and spark java framework. Please let me know if anyone has a solution for this.
NOTE: Adding authorization for each route separately will not be a good idea so please help to write a common generalize method.
Related
I am going to develop uber-like application.Here I have to send latitude and longitude to web and mobile devices continuously with my service,What I have do to get this.
Can anyone please give some idea.
You should start by designing how the application is to be used, seen from all the different users perspectives.
For instance is this a web app, or a native app, or both?
Then from that knowledge, you need to define a communication protocol.
You should be able to determine if the client will be polling for data, or if you need to push it from the server onto the clients.
This also goes for the data that travels the other way.
From here you choose a language for programming, and then start doing some proof of concept tests.
The choice will depend on the chosen underlying technologies
(web / native / os / available libraries)
After some test work you may have something that works, then you need to review or add security to the communication, cause we do not want everyone collecting location data from everyone that has the app installed.
Then run beta trials and eliminate the worst bugs, and then release the app.
You'll want some sort of asynchronous task which can get new data from your server and refresh the mobile and web content to reflect the content of the server. You'll also want to notify the server whenever you make local changes to content and want to reflect those changes. Android provides the SyncAdapter pattern as a way to easily solve this pattern. You'll need to register user accounts, and then Android will perform lots of magic for you, and allow you to automatically sync. Here's a good tutorial: http://www.c99.org/2010/01/23/writing-an-android-sync-provider-part-1/
I would like to connect a Java application to the Nest-Cloud via the Firebase-Api. The application is as simple as reading the setpoint of a nest thermostat.
I spent a lot of time on developer.nest.com and firebase.com to find the required information, but failed.
What is actually the base url, where the firebase is located? seems not to be home.nest.com
How can I authenticate without user interaction? I tried FirebaseSimpleLogin, but the implementation depens on Android, which is not my platform.
Thanks for your help.
For 1) I don't know for sure, but have you tried https://api.home.nest.com and https://developer-api.nest.com?
2) The user has to authenticate and allow the client you're developing at least once. You'll need to get an authorization code, which you get from the client page on the Nest developer site. The code is six characters I think, and you'll have to include that in your code or assign to a variable and call it.
Take a look at another entry I made. If nothing else, it might help you get a little farther down your rabbit trail.
I am implementing a small social networking website, and I am trying to implement notifications.
Notifications have the following requirements
All users will receive notifications whenever users they follow do
certain events (like a post, create a post,leave a comment, etc...
When a set of notifications for a user is unread, just like on facebook, the user will
continue to see a read notification icon on their navbar.
Problem : I am taking an example to describe my problem for better understanding for everyone.
Suppose there are two users A and B. A & B are friends and A post something, suddenly B like the post of A then A should have to receive the notification immediately.
So how can i achieve this immediately receiving of notification process?
Should i send a call to server on each millisecond to check whether there is any unread notification is available for A user ? In this case thousand millions of call creating for multiple user. It is feasible solution ?
(I think it create unnecessary load on my website. As i think facebook and stackoverflow do not use this way).
Provide me a suitable solution just like fb and other webiste using.
Technology Using in my project: Java and MYSQL
You should use JavaScript (client side) along with Java - MySql (Server side), and more specifically Ajax. You will need some time to understand the concept and the usage but it does exactly what you want.
To give more details, what you need is to create a partial view where the notifications will appear, and update this partial view async (with AJAX).
Dont reinvent the wheel.
Use ajax call to server at each interval and check your server and update nav acc.
1.So how can i achieve this immediately receiving of notification process?
2) Should i send a call to server on each millisecond to check whether there is any unread notification is available for A user ?
Your above both questions answers solve through GWTEventService implementation.
Through it you can write code that will avoid client to server round trip.
GWTEventService is an event-based client-server communication framework. It uses GWT-RPC and the Comet / server-push technique. The client side offers a high-level API with opportunities to register listeners to the server like to a GUI component. Events can be added to a context/domain on the server side and the listeners on the client side get informed about the incoming events. The server side is completely independent of the client implementation and is highly configurable. Domains can be defined to decide which events are important for the different contexts.
Refer link: https://code.google.com/p/gwteventservice/
I'm working on an app that requires users to register in order to use the features.
I need to ensure that users are who they say they are so I want to use some type of verification process, e.g. email or text verification.
The best solution would be to receive a text or email after registration with a code. This code can then be entered into the application to verify the login.
I know of GMailSender but that is as far as my knowledge would go for this type of situation.
I have no idea where to start with this and have researched a lot.
Any help would be great
Thanks :)
Manually entering a code received by email would be annoying for users and they are highly likely to abandon a process that forces this upon them. Also from experience, emails are so often caught in spam traps and not received.
You should make it as easy and non intrusive as possible.
e.g
Use the device's built in Google account to register with your server (after obtaining user permission of course).
On the server side perform the registration and return a code to the app.
Use the code returned by the server directly in the app to enable whatever features you see fit.
The above example would be a one click process and would require no manual code entry.
I have received a requirement to develop a feature to check if 2 email id's, logins or identities are socially connected. I hope to ask 2 users their facebook id, linkedin id (and in future may be more social networks). I then hope to use their facebook id's connect to facebook api's and determine if
Are these two connected socially, are they friends ?
Are these 2 connected through mutual friends
Do they have n levels of mutually connected friends ? (like in linkedin)
Similarly I hope to use linkedin api's to identify if they are socially connected and if not, how far they are.
My question is
I have been in a social project before and understand that facebook and linked in provide a lot of restrictions on their api's. Do you know of any that stand out very obviously from I need them to do for me ?
Are there any privacy/legal issues that I need to be aware of, in these scenarios. Will there be a issue if I were to let each of the users know that they are x networks away from each other ?
Will I be able to use the api's free or is there a particular paid service that these social networks offer ? I would be worried about costs when i deploy right ?
Edited
I put some questions on linkedin forums. This is the response I got
There is no extended information available via the API for developers of business accounts. The visibility is based on the user who has authenticated and what they can see in their network. The API is not designed for you to learn information about two users other than the one who has authenticated.
Seems fair from their stand point. Even a business account would not provide private information about 2 random people's "socially connected" information.
I think I need to explore the option of having my users login/connect to linkedIn and provide me with that information. Crazy as it sounds, I will explore this.
No they should both be free. Linked in has a ton of token requirements for pulling deep information. Be sure to read the linked in Docs pretty indepth. LinkedIn hates if your exporting any user data and will throw you under the bus in a minute if you attempt this. Also linked in's very limiting tword the # of calls you can make per account in an hour. SO be prepared for rate limiting.
A few months back I had contacted facebook, linkedin and google+ for a similar requirement. Seems that they dont appreciate scraping at all. I dont know if you intended to do that. They also mentioned that this information relates to peoples privacy, so they need to login to allow you to do that. Infact you need to be in their network to achieve something even close. You will also need a plugin/app to work along side with you, which will have other restrictions like # of requests per day/hour.
In short, you are requesting information from deep within their databases, they are not going to like it.
With some more research, its clear that without both users providing my app the authority to query on their behalf about the other user, I cannot get this working. Not even with business accounts with both linkedin and facebooks. The reason is obvious, privacy.