Develop Reference

Automatically reply to an email

I'm working on a project I'm Java with regards to outlook.
Here I'm able to do all the functions like Read a mail, write a mail, reply to a mail etc...
But now we've been thinking of taking it to the next level.
Our plan is as below.
We have an email address like info#myDomain.com, when ever an email is sent to this address, I need to reply them. Here basically customers send an email asking for some data, and we've the data available in our portal, and we just need to send it.
The response would be Like thank you for contacting us, we will get back to you soon. Mean while please look into this {URL}.
And this has to be done automatically when ever there is an email hit to this particular email address.
Couple of questions:
- should my machine be on the whole day to get this thing done.
- is there a way that a Java application can automatically monitor my inbox to see for this case match.
- Also, can I have this running in the bg.
Can someone please point me into the right direction/approach where can I can start working on this task.
Thanks

when ever an email is sent to this address, I need to reply them.
For this you need to monitor your email account fro incoming emails. Here is one of the way to do this
The response would be Like thank you for contacting us, we will get back to you soon. Mean while please look into this {URL}.
Once you receive an email (using above email monitoring approach), you need to call a method that sends the reply with above format
And this has to be done automatically when ever there is an email hit to this particular email address.
Above two steps accomplishes this task.
should my machine be on the whole day to get this thing done
Basically, you will need an application server (like tomcat) where your above java program is deployed. So, yes this server needs to be running and available all the time.
is there a way that a Java application can automatically monitor my inbox to see for this case match
Check point 1
Also, can I have this running in the bg
You can run tomcat as a service in windows (more info). It has many advantages, automatic startup on boot being the one. Similar implementations are also available for other OS.
So, in short, this can be accomplished. It is bit complex but not much difficult. Cheers

twilio click to call Java Servlet - not working

I have tried to setup twilio click to call java Servlet example by following the below url.
https://www.twilio.com/docs/tutorials/walkthrough/click-to-call/java/servlets
However, when I am providing the phone number to call (it's an India number starts with +91), no call is coming to that mobile.
The number which I am calling has been verified in twilio account. It can receive twilio sms.
No error is coming back from twilio. But still I am not getting any call. I have verified by providing another phone number (of another service provider) ...but same result.
twilio console shows the call has happened for 15 seconds..in each case. But in none of the case I have got any ring in my phone.
I am am not also getting any call in the callback url (/connect ) from twilio which I am supposed to get after the call is connected...that is twilio is supposed to call back my url.
I have also provided a permission in the following place to for voice call in India.
https://www.twilio.com/console/voice/settings/geo-permissions
Thanks in advance
SR

Kevin from Twilio here.
It sounds like there may be something here worth investigating with support. If you could, please send an e-mail to help#twilio.com with this description. If you also provide your Account SID and if possible a call SID for the calls you are debugging in the console, that should help debug the issue more quickly.
Thanks, and sorry you're having troubles.

Device Not Receiving GCM Messages

Before anything, I am currently unable to post code info/examples because I am not presently at the machine that has the code. If necessary, I will get the appropriate snippits up when I get to that machine tomorrow.
The Setup
I am implementing GCM communication to local server, as according to Google's example code. Both the client and the server are slight modifications of the example. The server is a Java program (again, pulled almost entirely from the demo code).
The Problem
Currently, the App & Server communicate fine back and forth using the dummy 'echo' setup that is the initial setup of Google's GCM communication example code.
If I move over to the custom message content that I intend on using with GCM is where I get the issue. I can send messages find from the GCM-driven app, but for some reason I am not getting the messages from the server back down to the app.
At current I am testing a basic chat element of the app that is talking to an XMPP server through GCM. So, I can connect to the XMPP server w/Pidgin and see messages coming out of the app, and when I send messages back down, they get sent to the GCM service, but never come out # the App.
Confusions/Questions/Clarifications
I am thoroughly confused because the demo behavior works fine
(message is echoed back to the app).
I am sending to the correct registration ID, I can switch back and forth multiple times between demo behavior and my behavior and it will/will not work accordingly.
I do not have collapse_key, or time_to_live in any of my messages back down to the app, and delay_while_idle is explicitly set to false (not omitted). So there should be no super-fast premature timeout or anything like that (unless I am misunderstanding the behavior of these keys)
It was my understanding there are no 'required' keys inside the data field, is that incorrect? If so, I would greatly appreciate links to any appropriate documentation on required keys in the data field.
I can't imagine there are permission errors since it works with demo functionality.
Currently, the message I am sending from my server back to the GCM app has the following fields, and by my understanding only three of these are required (everything except delay_while_idle?):
to (yes the proper key is here)
delay_while_idle (set to false)
data (JSON string of data)
message_id (autogenerated message ID in the pattern of the example code, essentially a random UUID)
Any help is greatly appreciated. If you feel that some code snippit is important, please let me know what you would like to see.

Ok, so this information was not present in my original post, but upon a bit more debugging this morning I discovered the problem.
In the packaging of my custom message to send along the path Server->GCM->Device, I erroneously put in the key/value pair of "data":"{JSON Dictionary}" rather than
"data": {JSON Dictionary}, and was missing the error being sent back by the GCM service indicating the JSON formatting error.
For any confused by that, the value for the "data" key in your GCM message must be a dictionary, not a string-form of the dictionary (an unintentional error on my part, autopilot fingers for the fail).

Only Allow Iphone to access REST webservice

I was wondering if there is any way to restrict access to my REST webservices for non ios users. I am using Java and Jersey for my RESTful application.
The aim of this exercise is that since my webservice accepts POSTS of XML data, I would like to restrict the exchanges to an iphone client, to prevent manipulation of xml for security reasons.
the client side is an iphone application developed by us.

(moved to answer from comment by request)
No.
The TCP connection from the iPhone is no different than any other. Anything you receive via that connection as an "identifier" (A User-Agent string, for example) can be generated by any other device capable of making a TCP connection.
From your comment:
is there some kind of validation service, where we could check if the device token is an iphone ie the apple device id?
Even if there were ... you now simply have "security by obscurity"; All I need to do on any other device is send a valid id - you can not tell what is sending it.

Strictly speaking, no - as others have said.
However, since
the client side is an iphone application developed by us.
...you can ship a private key with that application, and hope nobody has enough incentive to bypass whatever security Apple has in place and reverse engineer your app to get their hands on that key.
(Note that this 'security' pattern has failed miserably for DVD encryption, console makers, etc... but if your app is confidential enough and the data you're protecting not worth much, it might be good enough for you).
Once you got that key, you can force authentication in your REST service based on some kind of challenge (initial request, 401 with challenge, client sign challenge with private key and send back with request repeat, server verifies with public key).

It may be helpfull if you make a check of user agent in your code like this :
if(request.getHeader("User-Agent").indexOf("iphone") != -1){
//Execute some code
}

Android App and PHP Web Service Security

I'm building an android application which uses a PHP web service (I am building this also).
My question is, how do I prevent unauthorised users using my webservice? For example, could someone get the address of my web service and use it outside of my app (e.g. sending post variables to my service)?
Another related question is how do I prevent spam requests on my webservice? Would it be a case of logging the IP address and limiting the amount of calls?

You can use an HTTPS connection between the Android device and your webservice API endpoint.
Limit you webservice so that it accept only HTTPS connections. You can easily do this using Apache (perhaps using the SSLRequireSSL directive) or directly in your PHP connection handler.
While using an HTTPS transport stream, you can pass specific arguments when making an API call to your webservice to ensure the request has been sent from your application. Nobody will be able to know what specific data are transmitted and will not be able to reproduce an acceptable connection to your remote service.
Regarding your second question, you can indeed limit the number of requests for a given amount of time. Either in PHP or by using specific tools such as fail2ban.

PHP can receive data via POST or GET out of your site and even the internet browser. One of the methods used to do this is by curl.
To what are you referring to this question is known as Cross-site request forgery.
If you are able, you should implement the use of HTTPS in your app and this could solve many security problems.
In case you can not use HTTPS (whether it is expensive or any other problem):
You must verify the information received by POST or GET in your PHP, this language has much ability to solve these "problems"; Take a look at this part of the PHP official documentation.
Suppose you're building a login system:
Also you can add in the login page place a hidden element with secret unique code that can happend only once, save this secret code in session, so, the loging script look in session for this code, compare with what was posted to the script, should same to proceed.
And, if you want to get the IP address of your visitors:
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Finally, read this.
EDIT
If you can't pay an HTTPS certificate, (as Halim Qarroum says) you can use:
Self signed SSL certificates,
which are free.
Of course this has its advantages and disadvantages