We are currently working on a project which includes Mobile Apps and a front-end website. The backend server has already been built and running as Java Application under Tomat, which support all the APIs.
I am wondering, if a front-end website could be built under same domain or across domain, and calling the same APIs from the backend server? like what Mobile App does?
By the way, all the front-end does not need to communicate with database, the data will be retrieved through server APIs.
I only done mobile apps, and a web greener, if there is anything misunderstanding, please comment, thanks:)
Update
Is it possible to use WordPress or Drupal to build this front-end website? or should I built myself with pure html?
I am wondering, if a front-end website could be built under same domain or across domain, and calling the same APIs from the backend server? like what Mobile App does?
Short answer: Yes.
Slightly longer answer:
Provided that the front-end web pages don't include or generate any URLs that refer to the backend site, there should be no cross-site issues. If possible, this is the architecture you should aim for.
If you do need the front-end web pages to include backend URLs1, then there are ways to deal with this ... is the user's web browser supports the relevant technologies; e.g. CORS.
1 - ... and the browser needs to be able to resolve / fetch them.
If the backend is exposed as webservices, a front end webapp can call those services via ajax if they are in the same domain. If they are cross domain, it gets a little trickier because of the Same Origin Policy (there are techniques like JSONP and CORS to help with that).
Related
I am planning an application that will have a web front end (maybe ember) but I want to keep my options open for a native desktop application and/or an android application. I would like the all of the backend logic to be exposed as a RESTful service. The problem that arises in my mind is about user authentication. Since a RESTful service can't keep state on the server, I would need to keep it on the client in javascript. However this is wildly insecure do to the fact that users have the ability to edit the javascript data. What is the correct way to make a client side application communicate with a RESTful backend? I realize that I could just store state on the server anyways(inside the session object), but i would like to follow the REST paradigm. What is the de facto solution for this problem? Thanks in advance.
I'm trying to understand the difference between Web Services and Websites.
In college, I learned how to build a website up by writing servlets and JSPs. However, I want to build"websites" using methods that people are using right now.
But I'm confused with the term of Web Services / Websites.
I was reading on JAX-RS, and it seems that JAX-RS is used for web services, and then I figured out there's a server side and client side. Does it mean that this application was created to communicate with each other using HTTP? An example is chat room that communicates through HTTP port? Then does this have nothing to do with creating website?
Does this means that JAX-RS is not used for building websites?
I'm being confused over this topic already. Can someone point me to the right direction?
Thanks
Website you have developed using JSP and Servlet can be categorized as a fully fledged web application where there is a backend (database, etc) and a UI front end for user interaction.
Webservices on the other hand are a set of services exposed through a set of URL or URI which doesn't necessarily have a UI front end for direct user interaction. More like an API.
For Example, Facebook can be considered as a dynamic website and Facebook Developer API which provides different services for third party (such as authentication, friends list, messages etc) can be considered as web service.
I was reading on JAX-RS, and it seems that JAX-RS is used for web services, and then I figured out there's a server side and client side
Yes JAX-RS is mostly used in web services and web services do have a client side. This client is mostly another application written to call the web service and rarely has user interaction.
Does this means that JAX-RS is not used for building websites?
No it is possible to use JAX-RS to build websites also. If you layer your web services using JAX-RS and then create web pages with Javascript or Flex or some other client to consume and produce for those JAX-RS web services then you can build a web site.
JAX-RS is a specification for RESTful Web Services with Java.
A service provides certain operations(server side). A client consumes the operations of a service. So a website could be a client of a service.
A web site can be used to collect and send data to services as well as display the results.
For example you login to a website to purchase a flight. The website asks for date of departure, departure city/state, destination city/state. Once you enter this information the website collects this data and builds a request and invokes some service. In return the service responds with flights that meet your date and destination requirements. The site parses this information and displays this data for you to choose the desired flight.
The website provides a user experience suitable for the data retrieved/displayed.
The web service enables the passing of this data via a defined request/response.
I'm planning to build a two-tier application, with a back-end (java, possibly spring MVC) which delivers JSON up to a front-end (PHP, Drupal7). I only want the front-end application exposed to the outside world and in a traditional environment I would probably stick the back-end on some ports inside the firewall (assuming both parts run within the FW).
Is this possible to do in the Google App Engine environment?
It's not possible to run GAE inside your firewall. It runs on Google's servers.
You can do basic things like blocking IPs but its not really necessary. Since your 'front end' has the php backend you can call from there your appengine with a secret parameter (as in "myapp.appspot.com?key=sE34sdJSjUy" ) Its very simple security and since no one can see that url (in your php backend), its as good as any other authentication method.
In my java based web application (struts 2 and hibernate 3). I have made a web-service using apache axis.
The web-service has to return data from the database which will be used by the android application.
Now, that service obviously has to be published on a public ip so that I can access it in the android app.
What are the options to publish it on free public ip's or domains ?
Would it be better if I use REST instead of apache-axis to make a web-service? What is JAX?
And for android developers , How a web service is consumed in android?
Please answer its urgent and important.
In order to publish on the web you need to put it on a web enabled server, you can do it in several ways:
Turn your computer to a server (thuis is one article, just search in google "how to turn my computer to web server").
Upload your files to a free host
Upload your files to a paid host (usually for a very small fee)
REST vs SOAP (apache-axis):
I would recommend going with REST as it is more lighweight and more flexible (it enables you to get a response as xml,json,html while soap is usually just XML).
JAX-RS id java API for creating REST web services. Look at the jersey framework.
AJAX is a way to send/get data asynchronously and is used wideley in web applications.
How a web service is consumed in android can wideley vary depending on the technology you are using.
I am currently building a mobile application using RhoMobile. The application will simply be calling a bunch of REST web services. The back-end REST services are written in Java + Spring. I was wondering what the security considerations are. Our requirements are very simple, we need a secure way for a user to log in with the application, and only then be able to call the web services.
Does anyone have any experience with marrying these technologies. And what are my options. At the moment I am looking at either using Spring Security or Shiro, but just wondering if anyone has better experience.
Just as a note, we will be using JSON for all communication.
I have my backend web server running a Ruby On Rails application.
I communicate using JSON and HTTP Basic Authentication. In this type of authentication it is needed only to pass a header with the user name and the password encoded.
It is not the best way to achieve security, because if someone is monitoring your network traffic he could discover your credentials, but it could be a simple solution.