On my web server I will be creating a custom XML file for a client app to access. This means I must authenticate the client and then give the client the XML file.
I believe the client application will need to post data (login, password) to the server and once a connection is established, it will receive the XML file from the server (most likely PHP).
If you have any advice, it would be most welcomed: particular classes to look at and any potential dangers.
I found something relevant in C#, however I am limited to Java as the app will be for Android.
Android lets you pull in external jar's, so I would use HttpClient for performing your POST operation with login info.((EDIT: Per Samuh in the comments, this is already a part of the android SDK, no need to include the external version))
Once you have the XML data in your application, you can parse it however you see fit. I would create a SQLite database for your application to store the data parsed in from the XML file. Then, when you run your app, (or the user clicks refresh), pull the XML file down, populate the SQLite DB with the data from it, and hook the UI controls to the database as done in the Notepad tutorial
The advantages of this setup are that you can always have a local copy to show the user if they are offline, and the user can quit, pause, or leave the app open or closed and not lose the information. You should implement both a refresh on demand and a regular refresh with Alarm's setInexactRepeating() so the application will update automatically in the background in a battery life maintaining way.
That should be enough to get you started.
Related
Our java web application uses Alfresco as DMS. The application uses one single systemuser to connect to Alfresco. The application manages the access rights itself with some Business Logic.
Now what I'd like to accomplish, is to be able to use the MS Office URIs to do online editing of Word documents that live in Alfresco. So that's for example an URL that looks like ms-word:ofe|u|https://ourwebapp.com/documents/mydocument.docx
However if we open our documents like this, the user would end up being able to do stuff on Alfresco that we don't want them to do.
Because we want to keep our documents safe and secure, we don't want the users to be able to get the Alfresco documents "directly", but through our app. Opening Alfresco documents directly would mean that each individual user should get a unique Alfresco username/password and we don't have that and we don't want that because we already have lots and lots of documents living in Alfresco.
Surely there are other companies running into this problem? I.e. using their DMS with one single system user?
What I've already tried is to make REST endpoint. A Spring Filter ensures that an authorisation header with username/password is added and the request is forwarded to Alfresco. Then the response from Alfresco is passed back to the user. However this results in a document that's opened in read-only modus at best. Further more, it doesn't seem very secure to set up a connection with the user, using this system user credentials. For all I know, the user will be able to do stuff in Alfresco he isn't supposed to do. Like editing or even viewing other documents. A little bit like this:
There's very little documentation on how the ms-word protocol exactly works, maybe you can point me in the right direction? Or suggest some workarounds I might try out?
For this to work using sharepoint protocol (SPP) you woud have to reimplement the whole protocol server in front of your application since you control the access. There is no free or even available SPP implementation I know of you can (re)use for this.
The Alfresco protocol server may not be an option since you can't / want mirror access control from your app into alfresco. If you get access to a system like Alfresco or Sharepoint using file protocol you will get too much access rights as you already described. By following a concept of an application user you may be locked out from Alfresco concepts for end users if you can't mirror the access logic into alfresco.
Years ago we implemented a dynamic low level access voter to up- or downgrade access inside Alfresco's node service to allow specific permissions based on types and metadata. The same way someone could implement an interface to another system to delegate permission checks based on external data but this would slow down all the systems involved dramatically.
We have a similar requirement since we access documents and data from several enterprise sources including Alfresco from our own business process product having a rule and process based access concept based on cases, processes the documents are involved in- not on folders or document's static ACLs. We use a local service installed on the client partnering with the browser app for downloading, opening and saving back documents after closing the file from a local temporay (checked out) path. Our local client has no idea from Alfresco and is authenticated only against our services using JSON Web Tokens.
So my answer is more a concept not a ready to go solution in the hope to be helpful.
I am developing a web application in Java Spring where I want the user to be able to upload a CSV file from the front-end and then see the real-time progress of the importing process and after importing he should be able to search individual entries from the imported data.
The importing process would consist of actually uploading the file (sending it via REST API POST request) and then reading it and saving its contents to a database so the user would be able to search from this data.
How could I show the real-time progress of this process? I found a tutorial for jQuery, which shows the progress of amount of data uploaded/transferred, but as the most the work is done while processing the uploaded file, I thought I would like a solution where before the line processing I find out the amount of lines in the file and then the user could see a live message like:
Lines processed: 1 out of 10000
It could update/change incrementally, but as one line is processed pretty quickly, showing each number of lines processed is not that important.
Either way, the question is, what's the easiest way to send these messages from Spring REST API to the client?
I found a solution myself and used Web Sockets for that.
I used this approach from the Spring documentation:
https://spring.io/guides/gs/messaging-stomp-websocket/
It could help on sending the messages for each processed line to the front end listener (after the web socket topic/connection is started) but I used a different approach for the data import, I used batch insert so that was unavailable for me, but web sockets are capable of doing that.
I have wrote a simple web application with few tables. It has it's administration area where you can manage it's table. Basic CRUD operations.
However, I need to develop an Android application which will retrieve information from this web application trough API. So I am going to write a simple API methods for fetching data. Also there will be sometimes when Android user will save some of its data to database.
Android application needs to be able to list items stored in database and bookmark some of those items over HTTP.
To me problem is how to implement SingIn / SignOut operations using Android's Google account. For example, application GMail is always signed in (at least on my device) and I want my application to be always signed in.
Then, how can I manage what items user bookmarked? Should I create a table android_bookmarked_items (android_user_id, item_id)? But then what should be android_user_id? Do I need to use OAuth?
I am doing this kind off sign in for the first time and I am really confused how to connect this web application with android user and manage bookmarked items per user...
You can make use of Android AccountManager. Check out How to get the Android device's primary e-mail address
I think i have found solution by using Google Sign-In for Android. I get idToken for currently login user before each POST request and verify it on server side. Also from the token I get property sub which is user id and store this in my database...
Auth with a backend server
However, I am pretty new to this stuff, tokens and authentication using google, I would like for someone more experinced to confirm that my solution is fine and secure...
Scenario:
I am planning to build a system that has 2 components. A Web App (Angular) that would push some data to Firebase. Before the data gets pushed , I want it to get validated by a server-side Java code. The data getting pushed to Firebase is fed to an Android application that consumes the data from Firebase. The Android user can perform some actions like changing the state of data. Before the data gets changed again there should be a server side code to validate it.
Question:
Where does the server-side code reside? Do we need a third party Web App hosting service other than Firebase?
If my code is in Java 7, what can be the possible options available?
If at all we use a third party server, how does the server communicate with a Firebase server?
Also can you please help me understand (if possible) how can we make sure that the data getting pushed to Firebase server gets validated by the server-side code before getting pushed?
firebaser here
You can interact with the Firebase Database through its Java SDK.
Firebase does not currently provide a way for you to run your (Java) code on our servers. We've covered this many times already, so I recommend reading up here: Server Side Calculation using Firebase
So you'll indeed have to host that code at a third party. Recommending a specific host is off-topic on Stack Overflow, but there are undoubtedly a lot of results of you search for Java hosting.
A common way to have server-side validation before sharing the data publicly is to have two separate lists.
moderationList
-K.....1
title: "how can we add a server side java code in firebase"
body: "Scenario: I am planning to build a system..."
messageList
-K.....2
title: "Firebase and backend logic"
body: "I am parse.com user, and now I look..."
Your users view messageList, but they write their items to moderationList. Your Java server code monitors this list, validates the item and then adds the item to messageList. This is a common queue pattern that we use a lot internally at Firebase.
I am developing a java web application using JSF and I will like to find out if it is possible for me to hold (and save) user information in an different location, say a file, and then when the user confirm their email before the date is save to the database.
I don't yet understand certain thing. What I intend to know is if it is possible to use serialization for this problem.
You need to persist the user on the database before it has confirmed its email.
You need to set him a status NOT_CONFIRMED which can be transformed to CONFIRMED.
Until he has confirmed, you should not allow the application login for users which are found, but having an illegal status like NOT_CONFIRMED.
There's no benefit in saving the user data somewhere else for most usecases.
HTML5 proposes the local storage API which permits storing data in the browser of your client. Since the user is not logged, you'll be unable to recognize him from another computer, so it's fair that the data will be available only on the browser he wrote it in.
You can then transfer the data to your server once the user is connected (htis feature is used by Google documents, offline gmail etc...). If you're using GWT, a java API is available to access the native browser API, otherwise, you'll need some js coding
Best Regards,
Zied Hamdi
http://1vu.fr