I have a web application which has several users and each user will have some username which will be unique.
What I want is every registered user get a unique email id like when user xyz registers he gets xyz#domain.com.
This user registers using our web application developed in java, struts2, hibernate etc.
I will need a mail server to do this that I understood, but I do not want to write a mail server application but just talk to that application with some api calls or something.
I am evaluation hmail serve which is java based open source solution, any other solution that will address this particular usecase.
I want my application to act like the front end to this some like any other email service provider.
You can try Mail Enable.
Have a look at Spring's email library: http://static.springsource.org/spring/docs/3.0.x/reference/mail.html
Related
I have a java (Spring boot) web service which does not have any UI.
I want to send a dynamic Email (created using Thymeleaf and injecting values from a database) using my web service on a daily Cron schedule, using Microsoft Graph and O365 APIs.
Right now I use SMTP to send emails, but I cannot use it anymore as that is no longer going to be supported by the O365 account that I am using.
I found the SendMail APIs on the Graph Documentation which looks pretty straightforward.
But, using the Graph AIPs requires you to create an Azure AD project first and use their Microsoft Identity platform - which I created.
Now, the problem is that most of the flows also require a user to manually login from a login window.
This is where things get complicated.
I do not have a place to show a Login window to any user from my web service, because it is just a backend service there is no UI. I intend to use a service account for sending the emails through the Application.
I found a Daemon support as well, but it seems to only support Python or .Net code.
Migrating my code from Java to either of those platforms just to be able to send emails
does not feel like a good solution.
And, I'm not even sure if they even offer similar capabilities of sending dynamic emails like Java+Thylemeaf do?
Is there a way to be able to continue doing this using my existing code in Java?
If not, then as the worst case scenario, are there any libraries in Python which can allow me to send dynamic emails like thymeleaf does in Java?
As you don't want to manually login from a login window, you can use the client credential flow.
Here is the guide regarding how to access graph api without user.
Reference:
msgraph-sdk-java-auth (You can choose to use Client credential provider)
I have created Java Web Application by using Netbeans IDE. I have created entities with relationships. Webpages are simple dashboards where I can add new entities, change them and delete them.
I have added Restful web services to my entities. So web page will be available only for admin and I want to create client application that will have access only for his own data. That means client must login or register to my server.
When user logins/registers on website, server will create session for this user. I know that in RESTful service there is no sessions. My thought is to pass login and password every time when client wants to do some operation with server.
Question: is there any other method to create something like session between client and server? I hope it is not connected with encryption.
There are many options for authentication as well as authorization. If you want to use simple authentication then 'Basic Auth' of HTTP. Check out https://www.rfc-editor.org/rfc/rfc2617 for details. Remember that this is unsafe because the username/password flows on wire. Anyone can sniff username/password. This is updated by new RFC7235 - https://www.rfc-editor.org/rfc/rfc7235#section-4
Safer choice is oAuth. Explained in RFC6749 https://www.rfc-editor.org/rfc/rfc6749. In this case an access token goes with each request.
In both the cases the credential details travel with headers. No interference with parameters.
My Java desktop application includes a component for communicating with a web service.
We therefore need to include the access details for it within the application, but do not want it to be easily accessible in the event that the code is decompiled (we will be obfuscating).
What techniques can we use to secure these details?
Do not bother encrypting the password in your application. Whatever you do, a determined user will be able to decrypt it and get access to it. My recommendation is to have a username and password for every user. The application will ask the user to enter the credentials and store them (using MD5 for example). If you can't modify the web service to authenticate many users, create a proxy service that can do that. The proxy service, deployed on a secure environment, will be allowed to have access to the username and password of the secured service.
I prefer you try Java Properties API.
I am trying to secure my Flex application within my Java web application. Currently my Java web application, handles logging and managing user accounts and the like. I was wondering if there is a way to essentially share that user credentials with the Flash movie in a secure mechanism? For instance, if you log in, we want you to be able to save items in the Flex application for that user, only if that user is logged in of course. Any ideas? Any help is greatly appreciated.
Update:
I apologize for the vagueness. I'm running Tomcat 5.5, Java 6 doing portlet development inside a Vignette Portal. All data communication is via Blaze DS. In our environment, we have data services and the portal handles logins, user management and the like. Currently we are simply passing down the username to the flash movie, which I don't feel is very secure.
You can pass data to a flash movie using flashVars which can be generated in a JSP. The data can be a one-time key generated on the server and associated with a user id. The Flex application can then take the key and use it to log in via a webservice call. The server will then validate the key and allow access to the user's account.
It is a very general question and it's hard to provide a good answer without knowing what is your current architecture. The Flex application is using the same web server as your web application? What are you using in order to discuss with the backend (web services, sockets, rtmp sockets)? If you are sharing the same web server you can access the same HTTP session and you can check if the user is logged in or not.
If you need to be aware in your Flex application that the user has just logged off from the HTML application or the session has expired you have several options, again depending on your architecture. Assuming that the HTML application was already was notified you can call through ExternalInterface a method from the Flex application. If not (session expired while you are using the Flex application) you will know when trying to save your data.
I don't know if this question has any sense, but this is what my boss want.
I work in a company with an intranet web.
In my department we have developed an application wich connects to a Bussiness Object server and executes and prints reports. This is a regular client/server app with our own user/password manintenance to log in.
My boss want to remove our password maintenance and let the users log in using the intranet password, somehow the desktop app connect the intranet (i don't know if it has a web service, but probabilly yes), makes the log in and retrieves some kind of object the Bussiness Object can use to authenticate.
Can this be done? I know the B.O. can use LDAP authentication if its well configured, so that if i can verify the intranet password and redirect the same password to B.O. it can autenticate the user by itself.
The closest I have seen/created is to use the shared secret (ITrustedPrincipal) mechanism to authenticate the user against secEnterprise without knowing the true password of the user. The only gotcha with this log in model is that the Universe Connection needs to not use the Business Objects credentials for connecting to the database.
The alternate is LDAP can be used and is fairly easy to set up as an authentication method for logging into Business Objects and auto adding users. The only caveat is that LDAP groups need to be correctly such that the Business Objects groups that the LDAP groups associate to are set up correctly.
Probably you'll have to look to some kind of "Single Sign One" ( sso ) and see if 1) your server can handle, 2) You client can implement it.