I need to send a multipart document to a server. IT seems however that the server expects the boundary to be a specific sequence "********". If I use multipart request, it seems to default to something else even when I add a request header.
That is indeed missing in the current version of Codename One (didn't expect people would need functionality like this).
We will add a setBoundary(String) method for the next update in 3 weeks or so.
Related
If a request fails, HTTP POST is normally not idempotent (executing a failed request again might cause multiple inserts). What do you think about using the users session id as UUID v5 "namespace" and the JSON payload as the "name"? It would result in the same ID for multiple requests and the database would reject an additional insert.
There are APIs that specifically mark HTTP methods that are otherwise non-idempotent as idempotent.
POST being non-idempotent by default does not mean it's not allowed to be that, it just means that generic clients can't assume they are.
The best implementation I've seen is the Stripe API, that uses an Idempotency-Key as a HTTP header. The client defines this, and if 2 requests are received with an identical id, stripe knows how to handle the second. I think this is the best approach, and better than the idea of trying to construct a hash based on the request. A request looking identical does not mean the effect is the same, consider for example this POST request:
POST /increment
Content-Type: application/json
{ "increment-by": 2 }
If I send this request twice, I expect some id to be increased to 4, even if the request body was the same each time.
The Idempotency-Key lets a client control and inform the server if 2 requests were actually the same.
https://stripe.com/blog/idempotency
Followups:
Do I store the Idempotency-key as a separate column on the record?
I would be inclined to implement this feature globally as some kind of middleware.
Storing the Idempotency-key in something like Redis yields the risk of two realities (e.g. server creates db record and crashes before writing to Redis).
Use a transaction.
All you have to store about the key is that you've seen it before, and you only have to store it if the request was successful.
This is sort of an extension of this question here. I have a policy that calls a REST API. The API returns an error message and this message needs to be localized.
One way is to of course get the API to return a localized message, but is there a way for the CustomPolicy itself to localize the error code? According to the CustomPolicy Docs, a REST API can send an error code along with the Conflict error code. Our thinking was to use this error code as a key and select a localized message (from the messageValue enum mentioned in the answer in the link).
However, we can't seem to capture/handle the error data returned by the API. The Policy seems to handle error codes by itself and we would like to know if it is possible to inject localized exception/error messages from the policy itself.
Thanks in advance!
Edit: A little more information about the setup. We have a TechnicalProfile that has a DisplayWidget and a ValidationTechnicalProfile. The DisplayWidget is used for entering & verifying the user's phone/email and the ValidationTechnicalProfile makes the final call to the RestAPI with all the user's information to register him/her. This RestAPI call output is what we want to localize.
The suggestion in the linked SO question, from what I understand, is that we integrate another DisplayClaim (that references an enum) in the DisplayWidget, and depending on the ErrorCode returned by the call, change it to display the appropriate code. However, as per my understanding, this would also require editing the API to return only 200 along with a code. This code would indicate the true nature of the result - success or a code for one of the enums to be displayed.
Our aim therefore is to check if there is a way to follow the Policy's flow (disrupt the SignUp/SignIn process) but at the same time localize the API's displayed response.
We managed to find a workaround to this, so I'm posting this here for anyone else who might be interested in this.
Our restriction for localizations was the fact that used Phrase to manage our translations and wanted the CustomPolicy specific translations all in one place. Our CD workflow was as follows:
PolicyCommit -> Build Variable Replacement through PS -> Release Variable Replacement and localized strings replacement through PS & Policy Uploads
Barring the policy from localizing the APIs response, we had the following options to achieve this:
Sending the language to the API and having the API return the appropriate error message
in the appropriate language. We were reluctant to follow this because of a multitude of reasons, but mostly because we would also have to handle different regions, etc. in the API - something the policy does by itself.
We actually had only one API that we called, and also only two error messages that were used. Hence we created an enum with the two error messages that would be localized. We then used a chain of InputClaimsTransformations that did the following:
Repeat Steps 1 through 3 for all the errors
1. CreateStringClaim (Create ClaimTypes for each of the error codes, holding the index of the error code in the enum)
2. GetMappedValueFromLocalizedCollection (Make the localized enum choose and hold the value of the required error code)
3. AddItemToStringCollection (Add the localized error from the enum to a StringCollection)
4. GenerateJson (Add the error codes StringCollection to the JSON payload to be sent to the API)
This way, the policy performed the localization for all the errors and we sent them along with the request to the API. The API, when an error occurred, picked one of the error messages from the policy and sent it back. This method was for us, because of our CD structure and Phrase integration, much easier than actually having the translations in a file hosted on the cloud to be accessed by the API.
Hope this helps someone; I can also add code in case someone needs it :)
The version of Apache Camel is 2.18.1
In documentation for 2.x, https://camel.apache.org/components/2.x/http4-component.html, getWithBody and deleteWithBody options as query parameters are provided.
deleteWithBody (producer) : Whether the HTTP DELETE should include the message body or not. By default HTTP DELETE do not include any HTTP body. However in some rare cases users may need to be able to include the message body. Default: false
getWithBody (producer) : Whether the HTTP GET should include the message body or not. By default HTTP GET do not include any HTTP body. However in some rare cases users may need to be able to include the message body. Default false
But when I concatenate one of these 2 parameters at the end of the endpoint URI, it's not recognized as an option. Instead, it's passed to the endpoint as an ordinary query parameter, while other query parameter options are treated as component options and not forwarded to the endpoint.
When I inspect the source code, I see that options are recognized by matching with the fields and methods of HttpEndpoint (org.apache.camel.component.http4) and HttpCommonEndpoint (org.apache.camel.http.common) classes. getWithBody and deleteWithBody fields doesn't exist in these classes while other options can be found among the fields of these classes.
Can I assume that the documentation is wrong? If so, how can I achieve to send body with HttpComponent(Http4Component) of Camel while the http method is GET or DELETE?
Option deleteWithBody was introduced in Apache Camel 2.19.0. See CAMEL-10916.
Option getWithBody was introduced in Apache Camel 3.0.0 and backported to 2.25.0. See CAMEL-14118.
For such old version use docs archived on github, it is not published on website - https://github.com/apache/camel/blob/camel-2.18.x/components/camel-http4/src/main/docs/http4-component.adoc
You need to update to newer version or implement custom component overriding some methods from HTTP4 component. There is no option to enable this OOTB in 2.18.1.
i agree with the answer given by #Bedla.
to add something additional this is what we did .
We checked the code and debugged - this allowed us to realize that at a point were camel interacts it drops the body if a GET Call has a one. it will be send as a normal GET Request because Camel version 3.x.x only supports it.
we tried different ways to forcefully add the body. that was also failed because what ever we add will be discarded by camel.
we were using camel v2.22.1 at the time. going to a higher version such as camel 3.x.x will be a big leap since there are multiple changes that will be included , so lucky for us camel team back ported this ability to send the GET Request with the Body (from here on getWithBody) to camel v2.25.0
coding level changes :
Append getWithBody=true to the Request URL
Updated camel Modules
camel-core-2.25.0.jar
camel-cxf-transport-2.25.0.jar
camel-cxf-2.25.0.jar
camel-core-xml-2.25.0.jar
camel-http-common-2.25.0.jar
camel-jaxb-2.25.0.jar
camel-spring-2.25.0.jar
camel-soap-2.25.0.jar
camel-cdi-2.25.0.jar
camel-jdbc-2.25.0.jar
camel-http4-2.25.0.jar
****special note ****
Note that under each folder location, there is a modules.xml file. You need yo open that and change the jar file version number to the one you want to use. in this case 2.25.0
That’s it and Happy Coding !
I am working on securing solr and one thing caught my thought is to disable stream sources completely by:-
Disable multipart uploads
Disable POST requests which are not having content-type header
Disallow stream.body parameter.
Keep the remote stream disabled.
I seek an advice is it a wise thing to do the above. If yes then how to disable multipart uploads in solr. After searching through google I did not get enough to get by. Rather thought to do the following
I wish the community to share the thoughts on how to achieve this.
I found the best way of doing it.
Use the Node based proxy.
https://github.com/dergachev/solr-security-proxy
I have a page with multiple widgets, each receiving data from a different query in the backend. Doing a request for each will consume the limit the browser puts on the number of parallel connections and will serialize some of them. On the other hand, doing one request that will return one response means it will be as slow as the slowest query (I have no apriori knowledge about which query will be slowest).
So I want to create one request such that the backend runs the queries in parallel and writes each result as it is ready and for the frontend to handle each result as it arrives. At the HTTP level I believe it can be just one body with serveral json, or maybe multipart response.
Is there an angularjs extension that handles the frontend side of things? Optimally something that works well with whatever can be done in the Java backend (didn't start investigating my options there)
I have another suggestion to solve your problem, but I am not sure you would be able to implement such a thing as from you question it is not very clear what you can or cannot do.
You could implement WebSockets and the server would be able to notify the front-end about the data being fetched or it could send the data via WebSockets right away.
In the first example, you would send a request to the server to fetch all the data for your dashboard. Once a piece of data is available, you could make a request for that particular piece and given that the data was fetched couple of seconds ago, it could be cached on the server and the response would be fast.
The second approach seems a more reasonable one. You would make an HTTP/WebSocket request to the server and wait for the data to arrive over WebSocket.
I believe this would be the most robust an efficient way to implement what you are asking for.
https://github.com/dfltr/jQuery-MXHR
This plugin allows to parse a response that contains several parts (multipart) by having a callback to parse each part. This can be used in all our frontends to support responses for multiple data (widgets) in one requests. The server side will receive one request and use servlet 3 async support (or whatever exists in other languages) to ‘park’ it, sending multiple queries, writing each response to the request as each query returns (and with the right multipart boundary).
Another example can be found here: https://github.com/anentropic/stream.
While both of these may not be compatible with angularjs, the code does not seem complex to port there.