I would like to know if it is possible to keep the sessions created after a first ws call to use it for a second one ?
I explain myself a little more : I got a ws call made for my authentification, if my authentification works i'll store a variable. At my second call the security module for Play! will check if this variable is set , if it is it performs the action else it responds with an UNAUTHORIZED http response.
For now i only get the unauthorize response.
Is there any way to keep this session alive and linked to this 2 calls ?
Related
I've built a complex web app using angularjs, java and hibernate.
I'm using http request for saving the form data.
$http({
method : 'POST',
url : $scope.servlet_url,
headers : {'Content-Type' : 'application/json'},
data : $scope.deals
}).success(function(data) {
}).error(function(data) {
});
I'm using angular version 1.2.19.
When hitting the save button this request will be triggered with the data available in the form and it moves to the server where the data is saved in the database. Before saving into the database many validations are done and also some external data is fetched which are related to the form data. Hence, it takes some time to save. (approximately around 5 to 7 minutes based on the form data provided). After the data is saved i'm redirecting to another page based on the response provided.
But the response takes time in my case, and in the mean time the same request is triggered again without any clue. There's no place the request is called in the code, but the request is triggered. It's a bit confusing.
But the same code works fine if the save takes less than 5 minutes. If it exceeds 5 minutes, it goes into a infinite loop and the save happens as many times the request is triggered. The response for the first request hits the angular controller but the controller doesn't identify the response, means we can't handle the response in this case. If this happens the page gets struck and we manually need to refresh or move the page.
Is there any way to prevent the duplicate request in angularjs? If there is a way, could anyone please help me achieve it.
Thanks in advance.
Please Note:
This is a long post.
Not sure if the title of the post is even suitable :(
Down-voters please provide some constructive feedback to improve this post before you take-off.
==========================================================
I am implementing a simple REST API in Java which exposes 3 services:
Allows clients to register their applications. POST /register
Request:
{
"display_name" : "MyAwesomeApplication"
}
Response:
{
"application_id" : "abc123def123..." ,
"application_secret" : "abc123def123..." ,
"display_name" : "MyAwesomeApplication"
}
Allows applications to authenticate before sending log messages. POST /auth
This endpoint uses a simplified version of Basic Authentication
Header
Name Value
Authorization application_id:application_secret
Response
{
"access_token" : "c47026d990bf4480a259a953bc103495"
}
Sends log messages. POST /log
Header
Name Value
Authorization access_token
Request
{
"application_id" : "abc123def123..." ,
"logger" : "com.logger.service.Uploader" ,
"level" : "Error" ,
"message" : "The communication pipeline is broken."
}
Response:
{
"success" : true|false
}
So, far I have implemented these functional requirements successfully, but I have no clue how to implement non-functional requirements like:
1. The sensitive data must be encrypted.
2. Only one active session per application(user of my web service) is allowed.
3. The session lifetime must be configurable in the database.
4. All log requests must be handled asynchronously.
5. Log endpoint requires authentication through an access token.
6. Implement a rate-limiting request to avoid possible attacks, allowing only 60 requests per minute by application. If you use up your 60 api calls then you will receive “rate limit exceeded” message and must wait 5 minutes before can make requests again.
Can someone please point me to some resources/tutorials targeted to these use cases?
I have read practically everything I could get my hands on in SO and google and the more I am reading the more I am getting confused. May be instead of trying to learn these skills in terms of REST, I should just try to implement them in a very basic client-server web app, please suggest if this should be the case.
This is my first REST web app, so please consider me a complete noob and guide accordingly.
I saw the below post from "cmd" which was posted couple of years back. And "Wojtek Owczarczyk" was answered this one. I am good with all the answer, except last line.
My Confusion is, If we return immediately with ACCEPTED status. Then, we will lost the track of the request.
So i am planning to implement below steps. Please correct me if i am wrong.
1) As soon as the request hits service api - I will create one Job Id and persist my request detail and send back the client with ACCEPTED status code along with Job id.
2) Then, i will create the new thread for that request to continue with the requested operation.
3) After successful completion of Operation, I will send back the client with all status of the request.
4) Finally, in callbackCompletion register i will remove the job id from my persistence list.
To implement the above logic, i need client to send his listener information along with request (basically URI). This is to update the request status to client back, after processing the request.
REST with JAX-RS - Handling long running operations
This is not how REST is meant to work in my opinion. I would do the following approach instead:
Client makes a request for a long operation
Create a job id and run the job asynchronously
Return the accepted status together with the a URI to request the status for the job. For example: http://.../resources/jobs/1234
The client is now responsible e.g. to poll the URI to get the current status of the job execution.
I'm trying to add a cookie for an ajax request to a backend server:
$.cookie("JSESSIONID", jsession);
problem is when the request is executed the cookie is not attached. any ideas why?
btw: both the projects are located on local vpn :
front end : 10.0.50.18
back end: 10.0.110.42
OK so i found out what the problem is:
When you use cross domain ajax - a simple "POST" request is always preceded by an "OPTIONS" call first, this call was rejected by my security filter. the 2nd call ("POST") actually does use the cookie while the "OPTIONS" call not.
I'm trying to send message to online user by user's servlet response object which is already stored in map. For Example if user A is to send message to B then i will get data from A's request object and write it to B's response object(from map). I'm trying it for avoid timed ajax call. Any suggestion and help. I'm getting message when reload the jsp page.can we have object listener in jsp.
IMHO,The servlet response will be sent back to the client when the doGet or Post method terminates, it won't wait for your asynchronous call(time that getting data from A's ) to finish.
You may face the issue "response alredy has been committed"
if user A is to send message to B then i will get data from A's request object and write it to B's response object(from map).
The request object of A and the response object of B, will be in different threads running the Servlet's service() method .I think you need to store the data sent using A's request in some app context probably and push it to B using AJAX or when user B makes a request fetch the data from context and send it to response to B.
Don't do this - don't mix requests and responses from different servlet calls.
Either use Ajax or periodic refresh using javascript or something similar.
You can use Comet (server push) but really Ajax or refresh are natural for your use case.
(Unless you have other concerns which you didn't share)