I am looking at building a class implementing the IdentityServer IResourceStore interface. My goal is to serve IdentityResource and ApiResource collections as defined in a custom repository.
Ideally, I will receive requests for these resources and respond with the subset relevant to the query. In short: You only get what you ask for.
The GetAllResources()method makes me leery: Is IdentityServer actually requiring that I pull the entire set of my Identity and API resources from my repository and make this available? At this point I have no idea how large those collections will grow, or the cost of pulling them from the repository.
What are the consequences of simply responding with a null or empty lists of resources?
-S
It's used in the GetAllEnabledResourcesAsync method in the IResourceStoreExtensions class, which in turn is used by the DiscoveryEndpoint. So, if you don't implement this method the Discovery endpoint will not be able to display any scopes or claims.
By don't implement I mean return some empty lists or something, not throw a NotImplementedException or return null... That would break everything.
Related
Is Apex only permitted on “native” applications that are hosted on force.com?
Or is Apex also available for external applications to hit the “Open APIs” such as REST API and Bulk API?
I think part of my confusion lies in how the term “Rest API” is used in various documents. In other parts of the software world, REST is usually means an HTTP based protocol to exchange data across different domains (and with certain formats, etc ). However, I think Rest API in sales force might SOMETIMES refer to an optional means for native apps to retrieve salesforce data from within force.com. Is that correct?
Not sure I understand your question...
Apex can be used "internally" in:
database triggers,
classes
Visualforce controllers that follow MVC pattern,
logic that parses incoming emails and for example makes Case or Lead records out of them,
asynchronous jobs that can be scheduled to recalculate some important stuff every night
and you can have utility classes for code reuse across these
A "kind of internal" would be to use the "Execute Anonymous" mechanism that lets you fire one-off code snippets against environment. Useful for prototyping of new classes, data fixes etc. You can do it for example in Eclipse IDE or the Developer Console (upper right corner next to your name).
And last but not least - "external" usage.
Apex code can be exposed as webservice and called by PHP, .NET, Java, even JavaScript applications. It's a good choice when:
you want to reuse same piece of logic for example on your own Visualforce page as well as in some mobile application that would be passing couple strings around or a simple JSON object
beats having to reimplement the logic in every new app and maintaining that afterwards
imagine insertion of Account and Contact in one go - your mobile device would have to implement some transaction control and delete the Acc if the Contact failed to load. Messy. And would waste more API calls (insert acc, insert con, ooops, delete acc). With a method exposed as webservice you could accept both parameters into your Apex code, do your magic and well, if it fails - it's all in one transaction so SF will roll it back for you.
There are 2 main methods:
SOAP API primarily uses global methods marked with webservice keyword. Easiest way for other applications to start calling these is to extract from SF and "consume" so-called "enterprise WSDL" file. It's a giant XML file that can be parsed in your .NET app to generate code that will help you write code you're familiar with. These generated classes will construct the XML message for you, send it, process the response (throw your own exceptions if SF has sent an error message) and so on.
Very simple example:
global class MyWebService {
webService static Id makeContact(String lastName, Account a) {
Contact c = new Contact(lastName = 'Weissman', AccountId = a.Id);
insert c;
return c.id;
}
}
REST API allows you to do similar things but you need to use correct HTTP verbs ("PUT" is best for inserts, "PATCH" for updates", "DELETE" and so on).
You can read more about them in the REST API guide: http://www.salesforce.com/us/developer/docs/apexcode/index_Left.htm#CSHID=apex_rest_methods.htm|StartTopic=Content%2Fapex_rest_methods.htm|SkinName=webhelp
Pardon if this is an obvious question but I don't see a way to get the IOC container in Nancy to provide a Singleton per Session. Obviously, I can check the Session for an item (a model in this case) that I've cached previously but that seems a bit heavy handed given the other niceties of the framework. Hosting in ASP.NET
Per session or per request? There's no way to maintain lifetime of an object for a session (that would be just plain weird), but you can do it per request by overriding ConfigureRequestContainer in the bootstrapper and registering it in there as a singleton like this:
https://github.com/NancyFx/Nancy/blob/master/src/Nancy.Demo.Hosting.Aspnet/DemoBootstrapper.cs#L35
There is search support (experimental) for python and Java, and eventually Go also may supported. Till then, how can I do minimal search on my records?
Through the mailing list, I got an idea about proxying the search request to a python backend. I am still evaluating GAE, and not used backends yet. To setup the search with a python backed, do I have to send all the request (from Go) to data store through this backend? How practical is it, and disadvantages? Any tutorial on this.
thanks.
You could make a RESTful Python app that with a few handlers and your Go app would make urlfetches to the Python app. Then you can run the Python app as either a backend or a frontend (with a different version than your Go app). The first handler would receive a key as input, would fetch that entity from the datastore, and then would store the relevant info in the search index. The second handler would receive a query, do a search against the index, and return the results. You would need a handler for removing documents from the search index and any other operations you want.
Instead of the first handler receiving a key and fetching from the datastore you could also just send it the entity data in the fetch.
You could also use a service like IndexDen for now (especially if you don't have many entities to index):
http://indexden.com/
When making urlfetches keep in mind the quotas currently apply even when requesting URLs from your own app. There are two issues in the tracker requesting to have these quotas removed/increased when communicating with your own apps but there is no guarantee that will happen. See here:
http://code.google.com/p/googleappengine/issues/detail?id=8051
http://code.google.com/p/googleappengine/issues/detail?id=8052
There is full text search coming for the Go runtime very very very soon.
We need to get certain information from PortletRequest in our Portal application. We do that using a utility method inside our Portlet Application. In this Utility method we access FacesContext.getCurrentInstance().getRequest() to get the PortletRequest. We access this Utility method in our DAO layer. We do not have access to request parameter here.
It works sometimes, but at times it gives me NullPointerException. I found a similar thread which explains about this. They have mentioned, if it is part of the same request, then you should get the Context. For me, it is part of the same request, but I'm not getting the context. Can you please help me.
If you are getting a null FaceContext from FacesContext.getCurrentInstance() then no FacesContext has been constructed for this Thread/Request.
Are the failing requests coming through a non-faces entry point? Such as an Event or Resource portlet request? If so there will be no FacesContext created.
Rather than relying on static methods and thread local storage to access data in you DAO you should consider extracting what you need from the PortletRequest, and passing it down your stack. It is bad practice to mix presentation layer artefacts such as the FaceContext or a PortletRequest with your DAO layer.
If your application is deployed in separate WAR/JAR files, it is likely that different classloaders are used. I had a similar problem, when I tried to access the FacesContext inside an hibernate HAR archive on JBOSS5. I came up with a successfull solution using reflection API. Take a look at this.
If you bundle your whole application into one EAR, you might be able to force the use of one classloader for the whole ear, but AFAIK that is application server specific.
Regards
Currently i enable UTF-8 as #Consumes("application/xml;charset=utf-8") in the RESTful Services for the different methods. I am interested to see if we can change this for all REST services with a single configuration change. We are using CXF, maybe there is something it provides?
Thanks
Ravi
The first question is are you sure you want to prevent any of your rest resources from accepting non-UTF-8 entities? Such an across the board proclamation feels like it could cause trouble down the road.
I'll admit that I haven't used CXF so I can't speak to those specifics. But I can think of one option each under the JAX-RS and Servlet APIs which might be along the lines of what you seek to accomplish.
Using the Servlet API: Depending on how you are deploying your application you might be able to create and inject a servlet filter. In the doFilter method, you can check the encoding of the request entity and continue on to the next part of the filter chain (ultimately to the rest application). If an improper entity is sent on the request, you would just set the appropriate HTTP 415 status onto the response and not invoke your rest application.
Using JAX-RS: Depending on how you parse/accept the entity body in your resources, you could create and inject a custom MessageBodyReader implementation. This reader could parse your entity, ensuring that it is UTF-8 only and throw an appropriate exception otherwise.