I am trying to write an API for a project at my university using RESTlet and Google App Engine in Java. At the moment, I am able to run a web server, but I am having some trouble accessing anything except from the root. Whenever I go to "/road" (which should be serving RoadResource), the web server just displays the RouteResource that is served for the root.
According to Eclipse, I get a HTTP OK 200 status code which seems meaningful although it is handling the wrong file.
The five files related to the project can be found here (except from the jars):
https://gist.github.com/majjoha/cd76272b5d6e6c368951
Since I am not able to post more than two links in a post, I've assembled the links in a gist instead.
Somehow, I think it is a minor configuration I've missed but if any of you can help me out, I would be very grateful.
What happens if you remove:
component.getDefaultHost().attach("/road", new RouterApplication());
from your RestletServer code?
I think that you just need to attach your Router application and that is what handles both the default route and your /road route. Also if you change
router.attachDefault(RouteResource.class);
to
router.attach("/", RouteResource.class);
it may be easier to track down how the routing error is occurring.
Related
I am a beginner and self learning web development for my personal interest, and I have a general question.
I developed a Dynamic Web application in eclipse which uses index.php (or .html ; I can choose) to make a call to javascript file, the JS file calls a java servlet for some optimization and internal calculations through AJAX call, and returns back data to JS and later to the HTML form on index.php. All the paths and mappings are done on web.xml file, and everything works perfectly! The project involves some external google libraries as well, which I have included in eclipse through Build Path.
Then I installed Wordpress locally through Xampp and copied all these files (including all the java classes and external JARs) keeping the folder structure same. Here, index.php does make the call to javascript file, but for AJAX call to java it shows me network error 404. So I have 2 questions:
Does the Wordpress doesn't accept mapping through web.xml? Should I only use absolute paths? I am avoiding absolute paths since I want flexibility in moving files around and I don't know how it will work online when I upload my project somewhere.
Or is the Wordpress/ Xampp not building/ compiling Java classes and external JARs somehow like it is done in Eclipse? I have no idea how this works! I did copy all the updated class files and stuff to the wordpress folders.
Please let me know how to proceed from here, or any suggestions in things I need to learn! I am keen to use Wordpress since it will save me lot of time in writing all the page codes for my website but the java file is also integral to it since it does lot of backend work. I saw lot of comments online that wordpress and java don't go together since it being a PHP based (I actually learned PHP due to this), but it works in eclipse using these 2 languages, so I am hopeful!! So any guidance will be really appreciated!
Thank you! :D
Anang
Currently my java code uses
response.sendRedirect(request.getRequestUrl().toString());
Which is an open redirect.
I have to fix this but I can not white list it since there are too many URL's are associated with it.
I have tried the following solution with ESAPI but it wont work for me.
ESAPI.httpUtilities().setCurrentHTTP(req, resp);
ESAPI.httpUtilities().sendRedirect(location);
ESAPI.httpUtilities().clearCurrent();
I am new to ESAPI.
[Disclaimer]
I'm project co-lead on ESAPI.
I have to fix this but I can not white list it since there are too
many URL's are associated with it.
Essentially, "I have to fix the problem, but I am restricting myself from the easiest solution."
Here are the best practices enumerated by #jww:
Simply avoid using redirects and forwards.
If used, do not allow the url as user input for the destination. This can usually be done. In this case, you should have a method to validate URL.
If user input can’t be avoided, ensure that the supplied value is valid, appropriate for the application, and is authorized for the user.
It is recommended that any such destination input be mapped to a value, rather than the actual URL or portion of the URL, and that server side code translate this value to the target URL.
Sanitize input by creating a list of trusted URL's (lists of hosts or a regex).
Force all redirects to first go through a page notifying users that they are going off of your site, and have them click a link to confirm.
These are literally all the solutions available to you. Some web frameworks make this easy for you, like Spring MVC with Spring Security.
These lines:
ESAPI.httpUtilities().setCurrentHTTP(req, resp);
ESAPI.httpUtilities().sendRedirect(location);
ESAPI.httpUtilities().clearCurrent();
Don't work because you have to inspect the user input before performing the redirect.
You definitely are going to want to white-list this, at least at a minimum, based on domain names. Restrict it as much as possible. E.g., if your app is hosted at https://myApp.example.com/ redirecting to anywhere on your site is probably okay. (I write probably, because if it can be used as a way to bypass authorization checks, say on a multi-sequence page series, then it might not be okay. But as long as your regular authorization checks pick up and validate the redirect, you generally will be okay.) But what about redirects to https://anotherApp.example.com/? Would those be okay? What about anything in the "example.com" domain? Are their other 3rd party domains that you need to white-list? If so, be sure to list those URLs as well. But the one thing that you want to avoid are completely open redirects and for that you need some type of white-listing. You could build some custom validators using ESAPI to do this, but it's probably just easier to write it without ESAPI. If you have a bunch of URLs that you have to white-list, keep them in a configuration file that's not part of your .war / .ear file so you can easily update it without redeploying your application and just (re)read the config file when it gets updated.
Hope this helps.
-kevin
Thanks for all your suggestions and comments.
I found that the lines
ESAPI.httpUtilities().setCurrentHTTP(req, resp);
ESAPI.httpUtilities().sendRedirect(location);
ESAPI.httpUtilities().clearCurrent();
Is now working fine for me, after a long struggle I found that my code is using latest version of commons-configuration.jar but when I added Esapi as a dependency the Esapi used an old version of the same and that was not compatible with my code so I just excluded the this from Esapi dependency using the exclusion in pom and it worked for me.
I've had plenty of issues with PHP and apache caching things whenever it feels like it and I seems like it's always next to impossible to get rid of it.
I currently have the following problem: I'm writing a PHP stub to call a local web service in Java as an RPC. After making changes on the Java Soap side, my simple PHP unit test still thinks the old functions are still there.
I know Java is not caching because when I check the WSDL file in a browser, everything is fine, but PHP is not even responding to changes and thinks the old ones are still there!
I'm fed up with PHP! How do I make PHP stop doing this? How is anyone suppose to activity develop anything when it caches every other second?
EDIT:
The php is a very simple RPC.
$client = new SoapClient("http://localhost:9999/ws/login?wsdl");
$functions = $client->__getFunctions();
var_dump ($functions);
The functions simple do not reflect what's in the WSDL file so it's obviously not even bothering to check.
Per Owen's answer, you can disable WSDL caching with this which you should probably run in unit tests. I suppose it's enabled by default somewhere in an ini file or something.
ini_set("soap.wsdl_cache_enabled", 0);
I am incredibly confused here. I've been using Google Appengine for our webserver and it's been working out great so far, but I had a request to have the webpages load without the .html extension. I've been doing some reading and see that I need to create an app.yaml file to map the url to something else? This is what I have in my file so far:
application: company-website
version: 1
runtime: java
threadsafe: true
handlers:
- url: /about
script: about.html
I've been trying to read how to do this on their documentation site but I can't seem to find anything referencing how to remove the extension and still have it point to the right html file. Can anyone help me out? Can I just do this in the appengine-web.xml file, also? It seems like I could just do it in there without creating an app.yaml file.
Any help would be appreciated. Thanks!
edit: tried some more things.. Tried moving the file I'm trying to remove the extension on to its own folder like so:
/root
-index.html
-/about
-index.html
And this was OK, when I typed my domain.com/about/ it appears to be working but when I typed domain.com/about it does not. Very frustrating.
In an ideal world we would have the option to configure a rewrite like apache's mod_rewrite in the underlying web server. Sadly it is not possible to configure a rewrite on such a level.
I searched around a bit and found that the most common answer for a rewrite is to user either UrlRewriteFilter or to wire up the servlets yourself. Both options are explained in
Catch-all URL rewrite on Google App Engine (Java)
Pretty URLs in Google App Engine
Both work in the same way and will require the app to serve static content through app engine. This will result in app engine instance hours and slower responses since all you static files move from Google's content delivery network (cdn) to your bottleneck app. The aproaches possibly also require you to deploy your static files as resource instead (How-To configure static-files and resources), at least that is how i have done this before.
These are the 'pure Java' options you have. The app.yaml approach that Josep Valls described will work in with Java on App Engine. The main question here is if the app.yaml configuration is low level enough to be a rewrite that google recognizes in its cdn, or whether you'll still burn through instance hours because all content is served through instances.
The documentation tells us:
For efficiency, App Engine stores and serves static files separately
from application files. Static files are not available in the
application's file system. If you have data files that need to be read
by the application code, the data files must be application files, and
must not be matched by a static file pattern.
Since this comes right before the section that explains how to configure the static file pattern handlers one should assume that the configuration of such handlers will not break the logic that is mentioned above - that is
stores and serves static files separately from application files
Whether this assumption is correct is an easy experiment which i shall conduct given time and report my findings here.
These are all the existing options I could find and know of. If anyone knows more on this topic, please comment / respond.
EDIT (7.12.2015)
My maven target appengine:devserver is completely oblivious to settings in the app.yaml. I'll have to experiment with this during one of the next deployment phases or use mvn gcloud:run.
... later that day:
Rewriting the URL via Servlet (like with Paul Tuckey's UrlRewriteFilter) does not work for static files. You would have to deploy the files as resource files. Static files reside somewhere else and will not be found if forwarded to by a servlet. At least that's how i understand it.
In Python and Go you can use regular expression matching in your url handlers; if Java also uses app.yaml you could probably do this:
- url: /(about|other|sections)$
static_files: \1\.html
I've been tasked with creating a server which will receive requests for information from an iOS device (iPhone) and then return results based on this request. I've done some research, and it seems that JSON is the way to go for this task. The thing is that I have no idea where to start; how my server should be put together, how it will handle requests etc. Can anyone point me in the right direction and perhaps suggest some reading?
If you are comfortable with Java, I would recommend getting the Eclipse JavaEE version, and then:
Create a new "Dynamic Web Project".
File/New/Other/Web/Dynamic Web Project
Then, in your new project, create a "New Servlet".
File/New/Other/Web/Servlet
This should create a skeleton server, with a doGet and/or doPost method.
You can debug the servlet right away with Eclipse; it helps you get everything set up (comes with Jetty built in, these days)
You can be set up with your first webserver in 20 minutes.
Grab the JSON jar from json.org. Drop it in WebContent/WEB-INF/lib inside your project.
In the doPost of your new servlet, call request.getParameter(...) with the name of your post param that has the json in it.
Pass that to the JSON parser.
To pass JSON back, get the JSON string from a JSONObject, and use response.getWriter().append(...)
Ta-da!
Pretty brief answer, but then again, it's a pretty open question.
If you want to build it in Java and want to use what all the cool cats are using, Dropwizard is the way to go. It's geek factor has increased after its last photo session for Vogue (either that or the newest edition of Thoughtworks technology radar). No, really - it's good and extremely easy to deploy and monitor.
If you just want to get it done and over with, a short PHP script is the way to go.
WARINING: If you don't know PHP, it's fine: you can still use it. If you don't know Java, stay away from it. Learning Java on the go is a big mistake.
You can get started fast using Spring Roo. It can automatically create controllers for your domain objects that return JSON data for Restful requests.