Recently I been reading about SOA, the service oriented architecture is based on the idea of exposing web services.
This Architecture also tells you that the services you create have to be reusable, in other words you have to make universal services.
Now, I have to develop web services for one of my applications, I will use Jersey to develop the web services. I would like to develop web services as I've been reading.
For example, in the login I need to expose a web service. As we can see in the image, the login WebService will receive the id_user and it will response with a status and the password if it exits.
The problem is that this web services is not a reusable web service, because it only works for logIn and if, for example, I wanted to check an user's name I would need to create another webservice that will bring me the user's name.
Following what I already now, I change the login web service as follows
Now, if I need to logIn, I will use this webServices and just use the password, if I want to load his information I also will use this same web service and use what I need.
With this new web service I just can search using the user_id, so I also change the webService as follow
I edited the request, now you will need to send the option 1 if you want look for user_id or 2 if you want look for user_name.
I'm wondering if this last change was correct?
I also have another table called bitacora and I need to make a webService for insert and update.
At first I insert data with default values, because the table has foreign key.
For example I will fill my table like follow (1,1,1,0,0,0,0,0,0,0,0) where 0 is the default value for foreign key.
After that I have to update that table changing just a few columns (1,1,1,0,0,1,1,1,0,0,0)
After, I will complete updating my table (1,1,1,1,1,1,1,1,1,1,1).
How can I make a good webService for that need?
As I see, I will need to make 1 web service, and send him in the request the information that I want to update, and an option so I can choose in my web services what to do. (make update 1 or make update 2 or make update 3).
But I think I'm lost in this one.
Related
I have a java (Spring boot) web service which does not have any UI.
I want to send a dynamic Email (created using Thymeleaf and injecting values from a database) using my web service on a daily Cron schedule, using Microsoft Graph and O365 APIs.
Right now I use SMTP to send emails, but I cannot use it anymore as that is no longer going to be supported by the O365 account that I am using.
I found the SendMail APIs on the Graph Documentation which looks pretty straightforward.
But, using the Graph AIPs requires you to create an Azure AD project first and use their Microsoft Identity platform - which I created.
Now, the problem is that most of the flows also require a user to manually login from a login window.
This is where things get complicated.
I do not have a place to show a Login window to any user from my web service, because it is just a backend service there is no UI. I intend to use a service account for sending the emails through the Application.
I found a Daemon support as well, but it seems to only support Python or .Net code.
Migrating my code from Java to either of those platforms just to be able to send emails
does not feel like a good solution.
And, I'm not even sure if they even offer similar capabilities of sending dynamic emails like Java+Thylemeaf do?
Is there a way to be able to continue doing this using my existing code in Java?
If not, then as the worst case scenario, are there any libraries in Python which can allow me to send dynamic emails like thymeleaf does in Java?
As you don't want to manually login from a login window, you can use the client credential flow.
Here is the guide regarding how to access graph api without user.
Reference:
msgraph-sdk-java-auth (You can choose to use Client credential provider)
Basically I am hosting a database on server side using spring boot. And I wanted to write custom query from client side which is developed in angular and call a function from server side for giving me the needed results.
The function for server side will look like this:
List<rows> func(String customQuery){
//fetch rows from table using this custom query and return those rows
//which I can use in client side.
}
Below are examples of customQuery which I need to send from client side:
select * from table;
select * from table where id>10;
select * from table where id>20 and id<30;
So far I searched in Internet I could not find any solution. Please help.
Sending SQL directly from the client would be a complete security failure, because a malicious user could easily figure out how it works and send a delete from table to kill your entire app.
Much worse, they might even be able to run create user ... to give themselves complete access to your entire database, get sensitive information, install malware, etc.
Instead you'll want to create a REST service in your application with methods such as
GET /table
GET /table?minId=10
GET /table?minId=20&maxId=30
Return as application/json or a similar data format and only return the information your angular app really needs.
Angular would then be responsible for selectively updating the display with your data.
Edit:
This is a guide I have found for creating a basic web app based on Spring Boot and Angular. Might be a good starting point for you:
https://www.baeldung.com/spring-boot-angular-web
The best way is to send only the parameters (minID and maxID in your case) from the client-side and then build the query dynamically on server-side using Spring JPA Specifications.
I am trying to write a RESTful web service in Java 8. I'm using Glassfish (Jersey and Grizzly)
Let's take the user resource.
http://localhost:8080/geocon/users
After I mapped the HTTP Verbs, I realised that, without a proper login strategy, everyone who knows an user ID (in this example I took 007 as userId) could call a DELETE to
http://localhost:8080/geocon/users/007
actually deleting the user with ID 007. Same as PUT verb, where anyone could overwrite old data with new - without any authorization. I am using Elasticsearch for storing users (and other types of resource) as JSON documents and I was wondering if I could still use it for storing password informations.
Considered that I don't mind using the basic HTTP authentication mechanism, how do I do it in practice? How could I check if an user is actually himself and has the permission to delete or refresh data refering to him? Thanks
I'm new to java and I'm trying to understand the way we identify users who uses webservices.
The program will be downloaded from my website. It needs to make a connection to my server side web service program.
I think there are 2 options for identifying the user:
Register on website and download web service. A single user id key is then generated when downloading the program. I don't know if this is possible + verification of registration can only be done by email: not 100% sure of user identity.
Download web service and log in into it.
This seems a better way, but I'm not sure this is the way to do it...
Most services use HTTP authentication because the surrounding HTTP protocol already brings all the necessary features. Actually, your web service framework comes with all the plumbing necessary to easily set this up.
Another solution is to have a method which is called login() that takes a user name and a password. All other methods return errors until login() has been called successfully once.
Note that you must use HTTPS as protocol, otherwise passwords will be transmitted either as plain text or with a trivial encryption that is easy to break. Or to put it another way: Without HTTPS anyone willing to invest a couple of minutes of time will be able to use your service.
I have a web PHP web application that has a link to a java web application. The php application has a login page, and a link to the the java application, but not every user has permission to access the java web application. What I was trying to do is send user credentials from the php application to the java application, and then the java application checks the credentials and if correct logs in the user. I was thinking of using http headers to do this.
So my question is what is how to send user credentials from a PHP application to a java application?
If it helps I am using a Java web framework called Vaadin.
Do a normal POST request from the PHP application to the java application. This can be done as simply as having a normal HTML form in the PHP application, set the form's method to "POST" and action to the java application's URL. If you want to catch HTTP parameters in a Vaadin application, you can do it by using request handlers (https://vaadin.com/book/vaadin7/-/page/advanced.requesthandler.html).
Then a few words of advice or something to at least consider. If your login page is in the PHP application and your "admin" application is the Vaadin application, then I discourage you from doing the credential checking in the Vaadin application. This is because when you enter the Vaadin application, a new application instance is created. This means that your UI will be initialized and whatever else you do in the UI's init method. What you probably want to do, is to hinder the user from entering the Vaadin application unless she is logged in - which means that you need to do the credential checking somewhere else - for example, have a separate servlet whose only responsibility is to log in the user. If login is granted, then give access to the Vaadin application, if access is denied, forward the user to the PHP login screen. The next question is, how do you hinder the user from accessing the Vaadin application until she is logged in? Typically, this is done using servlet filters.
I highly encourage you to use a 3rd party framework for doing the authentication and authorization. Take a look at http://shiro.apache.org/, it's easy to install and seems to work nicely together with Vaadin. All you need to do is to configure it and implement a login screen, the framework will take care of the rest.
If I understood your question, you want to be able to provide an "auto-login-link" to some specific users that are logged in to the PHP application. This link should automatically login the user to the java application, right?
Without knowing any details about this case, like are both apps running on the same domain or do they use the same database (same user credentials in both apps), etc., I would propose the following solution:
Create an action (link) on the java application, which receives the necessary parameters (as GET) needed for creating the session (probably userId is sufficient), timestamp and a signature of all parameters. For example:
http://javaapp.example.com/autologin?userId=123&timeStamp=123456789&sign=hj23kh4j234jk324h
Where the signature is calculated with some strong encryption algorithm. Then you verify that the signature is correct at the receiving end (java app). If it is correct, you create the session. Signature calculation could be something like:
$signature = sha1($userId . $timeStamp . 'some salt' . $sharedSecretBetweenBothApps);
With the timeStamp you are able to check that an old link is not used. For example not allow older than 15 min old links and store used links in the java app to make sure they are never re-used. You do not have to keep history of links older than the expiration time.
Another idea, as discussed in the comments, is creating an API on the java side, which is able to provide a one-time link.
The sha1 algorithm is probably not strong enough, but shows the idea and is simple to implement.
Does this answer your question?