I am trying to choose an auth framework for GAE and would be very interested in other people's experiences on this subject.
I had a look into Shiro and Spring-Security so far. What could you recommend?
Luke Taylor wrote a good blog post explaining how to use Spring Security and GAE together. I believe that both Shiro and Spring Security would be suitable for GAE so it's really a question of what you need. Shiro is simple to implement but limited. In contrast Spring Security is a lot more powerful but this brings some additional complexity. Having said that, recent releases have been much simpler to use (especially since the introduction of namespaces).
Personally I would go for Spring
Personally, I would go with GAE + Guice (ligthweight dependecy injection by Google) + Objectify 5 + JAx-Rs implementation (RestEasy or Jersey) + Shiro.
You can find a good example over here - http://hackersv.blogspot.de/2014/02/shiro-guice-maven-and-google-app-engine.html
Jello-framework is a new Java framework for Google App Engine that includes comprehensive Data Authorization model. One of Jello's key features is its inline Authorization Model. With Jello you can assign different access levels for data elements at any resolution (Namespaces, Entities, Fields, Actions) and specify who is authorized to access the data via the REST API.
Related
I am developing an AngularJS application with some Asp.Net Core Web API support. This application is not using any database in backend. Now I want to implement a social login option for some privileged access. What is the best authentication mechanism without using any Asp.Net Identity tables?
As far I know OpenIddict is coupled with Asp.Net Identity So that I must implement a storage mechanism for that. Please correct me if I am wrong. I am also looking for other options like ASOS but it is too complicated compared to OpenIddict so I couldn't find a good solution with that.
Kevin Chalet published an excellent article but still I am struggling because of my poor technical knowledge on this subject.
http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/
Can you please guid me?
We are just starting to create a new product. We would like to use Django at the backend and Angular at the frontend to form a single page app. This means we would not be using Django's templating system at all (except for maybe the one necessary HTML file, but this one could be static).
Doing research we have come across the Django REST framework which offers REST functionality for Django allowing easy communication from Angular.
Since we are all more or less new to web development we asked a guy who is maintaining python packages. From his experience with the REST framework he suggested us to scrap the idea to use it since it would clutter up the code (serializers), would be slow, introduce other problems etc.
We are now thinking of using plain Django and designing the URL structure as REST-like endpoints for Angular. We would have one view method for each URL, then perform an action depending on the request type (GET, POST, PUT...) and return only JSON.
Is this a good idea? What would we lose in respect to using the REST framework? What would we gain? Will using Angular for server calls be at all different for any of those approaches?
I am not a fun of DRF but I've been using it in a couple of projects lately. The answer to most of your questions is application-dependent, that meaning size and type of your webapp matter.
For what I took away from using DRF it could give you a boost on:
Objects serialization (and validation): I think it's much easier (avoids typing) making the serializers thru' DRF instead of building them in Django. While models and querysets and usually easy done, if you need some more structured JSON response the DRF layer to support the serialization helps.
Permissions and authentication: being addressed to REST APIs there are good shourtcuts to provide security and restrict access to methods, both in terms of methods type and user permissions checking.
Plugins: if you have to deal (you'll probably do) with CORS and/or token-based authorization there are a bunch of niceties you can plug into DRF to get the work done. I am not sure it is that straightforward to put them in place direcly in Django.
That said the CONS:
If you start by using the high-level interfaces of DRF (Viewsets, Routers and the like) you'll eventually end-up refactoring a little bit to address specific needs for which you'll need more control over the code.
As Django is already a quite big ecosystem, DRJ adds'up to the steepness of the learning curve, probably slowing down a little the implementation, at first.
Don't know about the performances of the requests passing thru' DRF, but I wouldn't care that much unless your app has specific requirements. DRF wan't probably add up much on well-written code (...and queries to the DB).
These were my two cents. Hope it helps.
I have a app and I need develop a restfull api to be used for this app.
Is liferay a valid option to develop this (using the service builder and persistence layer of liferay) to expose my service api to be used for the app?
I have in mind the performance and availability to this services.
what another option (to develop the api rest) i should consider for this purpose
Thanks
I expect for your replies.
Regards
Liferay can act as a rest server by service buider (I'm not sure it will support any RESTful operation, but only GET/POST).
By this way you can inherit the interesting features provided such as:
- users, roles and groups
- ready scalable platform
- hibernate+ehcache already configured
Ecc... by the other hand, it will bring a great burden to you... so in my mind, if you are interested to other Liferay native features, then you can use it.
On contrary, there are other ligther frameworks for achieving your needs (just think to Spring MVC, it can implement any other restful method, like so PUT/DELETE... and it is more configurable)... so in this case it will ask you to do a bit more work by hand... but you will not "fight" with a complex platform if it is not necessary.
(In the first hypothesis, don't forget to give an eye to the "Liferay Mobile SDK")
thanks for answer.
In fact, I am interested in use the features of liferay like users, groups, profiles, persistence layer and the web content to manager some resources in the app.
My question is thinking in the performance and scalability of the services layer for this app, if is factible use only liferay to expose all the service to the app need and if her performance will be appropriate.
regards.
Im trying to develop a web app using angularjs, restangular and postgresql, im using ubuntu and xampp for development. I found ArrestDB, a restful api for postgresql. In its documentation,
# Get all rows from the "customers" table where the "country" field matches "Australia" (LIKE)
GET http://api.example.com/customers/country/Australia/
https://github.com/alixaxel/ArrestDB
While in restangular documentation,
// Just ONE GET to /accounts/123/buildings/456
Restangular.one('accounts', 123).one('buildings', 456).get()
https://github.com/mgonto/restangular
Do you guys know a free RESTful api for postgresql that works well with restangular?
ArrestDB interprets api/{Table}/{Field}/{....} while Restangular interprets api/{table}/{id}/{relations table}. I also tried api/{table}/{id}/{relations table} in ArrestDB but I get error 404.
I also found Postgrest in github but its in haskel, and i'm not familiar with haskel.
Thanks...
Postgrest seems to be a very viable choice. There is no knowledge of Haskell required to interact with it.
I have used PostgREST and recommend it. It is written in Haskell but requires no knowledge of Haskell (in the same way that pg is written in C, but no knowledge of C is required to use it). The documentation at postgrest.com is quite helpful and I've been able to get up to speed with it quickly. Best practices are to run pgREST through a reverse proxy (Apache, Nginx, etc.) to control web authentication and authorization. PostgreSQL will enforce permissions GRANTed to the configured pgREST user (INSERT, UPDATE, DELETE, etc.) on the DB served up by pgREST. There are a number of access control options listed in the pgREST documentation for switching user roles as requests come in, so the access control is pretty flexible in accommodating different usage scenarios.
You can use Express.js and Node.js to create RESTful API for example. It works with PostgreSQL well. I am using it now for my application, so I have a PostgreSQL DB, back-end in Express.js with pg-promise and Node.js and front-end in AngularJS with Restangular.
You can try
this tutorial,
this guy has a quite good blog about building API and other useful things.
Is there any way to integrate Rule Engine (or Rule Engine concept to apply Business Rules) with AngularJS application?
I have heard about Drools. Is there any API provided by Drools which can be used in Angular Project?
My requirement is any input given by the user should first go to match the applicable rules, then it should pass to the angular-controller. Is this possible?
Thanks in advance.!
You just need to write a REST (or other HTTP-based) service to wrap your Drools rules. That way a client-side JavaScript framework such as Angular JS can call your REST operations.
The following is an example of an Angular JS client-side application integrating with Drools on the server: https://github.com/gratiartis/qzr
Although I should warn you that it's a work in progress, so please don't complain about lack of features or documentation. :)
you can also try IBM ODM (Operational Decision Manager), available on-premise or in IBM Cloud Bluemix.
http://bluemixtips.blogspot.co.uk/2014/05/rules-on-bluemix.html
http://www.ibm.com/developerworks/cloud/library/cl-hotel-rules-app/index.html (NodeJS sample)
Cheers
--Yves
#ylecleach
For drools, there are two possibilities:
First solution, as mentioned by Steve, is to write your own REST service to wrap drools engine.
The other solution is to use Drools Camel Server, which provides REST interface out of the box.
In contrary to other drools' document, the document of Camel server is a bit too short.
You can use JavaScript client to talk to a decision-as-a-service platform. Which the business rule/decision server hosts all your related business rules and make them available as a REST API interface. Then you can execute, manage and monitor those business rules via REST API interface.