Currently i enable UTF-8 as #Consumes("application/xml;charset=utf-8") in the RESTful Services for the different methods. I am interested to see if we can change this for all REST services with a single configuration change. We are using CXF, maybe there is something it provides?
Thanks
Ravi
The first question is are you sure you want to prevent any of your rest resources from accepting non-UTF-8 entities? Such an across the board proclamation feels like it could cause trouble down the road.
I'll admit that I haven't used CXF so I can't speak to those specifics. But I can think of one option each under the JAX-RS and Servlet APIs which might be along the lines of what you seek to accomplish.
Using the Servlet API: Depending on how you are deploying your application you might be able to create and inject a servlet filter. In the doFilter method, you can check the encoding of the request entity and continue on to the next part of the filter chain (ultimately to the rest application). If an improper entity is sent on the request, you would just set the appropriate HTTP 415 status onto the response and not invoke your rest application.
Using JAX-RS: Depending on how you parse/accept the entity body in your resources, you could create and inject a custom MessageBodyReader implementation. This reader could parse your entity, ensuring that it is UTF-8 only and throw an appropriate exception otherwise.
Related
I'm trying to write a custom connector Swagger file for Logic Apps and am having problems. The API I want to connect to only accepts OData queries so all my parameters are asking for $filter and the user has to type in Name eq 'Name' and Id eq 1. Is there a way to make this prettier and just ask them for the parameters directly?
I tried just adding them in (Name, Id, Active) but it puts them in the url like ?Name=. Not in the OData syntax. Is there any way to do what I want to do?
The custom connectors are designed to work as interfaces to existing REST APIs and the UI is more of a 1-1 mapping of their specification.
AFAIK, there is no way to direct customize how the connectors work but you could achieve it by proxy request through your own service.
You simply need a service which accepts requests the way you want and translate them accordingly for the actual service.
Azure API Management is probably the best candidate for this. As a bonus, once you have the APIs you need designed, you get an OpenAPI spec that you could use for the custom connector.
Depending on your expected load, you might have to use its Consumption Tier but do note that its currently in preview.
The alternatives could be having your own API hosted on Azure App Service or Azure Functions instead (or even Functions Proxies), again depending on your expected load.
PS: The downside of doing this is the obvious maintenance that you would have to uptake in case your requirements change and/or the backend API changes.
So, while practising all the new tech. Angular 2, AngularJS, Firebase, Loopback, NodeJS etc .. I'm kind of confused on some topics that people don't really talk about. It might go into too much detail, but I'll try to split it as much as I can.
Part 1 -- Performance
I like the approach of: MyApp (Web, Mobile, ..) --> API <-- Database
Okay, we perform API requests to the same server over HTTP which is slower, but for small projects this should be a non issue right? Or are there any other solutions for this matter?
I know they often just do: MyApp --> Framework <-- Database and add an API interface which calls the correct actions to get the necessary logic/data out to eg. a mobile app
-- End Part 1
Part 2 -- Security
So, assume we have an API up and running either with Lumen, LoopBack or anything else like a realtime Firebase database (not really an API). Then we can connect with it over HTTP requests via Angular, jQuery... If a user inspects our source code, they can easily see how we handle data in the backend. How can this be secured in a way that only the necessary applications have control over the API (OAuth2 ?) and also that we limit the insight of users into our API.
-- End Part 2
Thanks.
Okay, I thought, it's a "too broad" question, but actually, it has a short answer.
Performance
Irrelevant. If you gotta fetch data, you gotta fetch data. Be it API call or some custom action in your laravel code (or something). Same HTTP stuff.
Security
... where a user can check the source code of the API calls.
Security through obscurity doesn't work. Always consider that your client is compromised. Use proper authentication/authorization methods (OAuth and the like). So even if a malicious user knows (which he will) your api endpoint signatures (or whatever you were trying to hide), he can't abuse them.
I'm currently developing a mobile application that will fetch data from server by request (page load) or by notification received (e.g. GCM).
Currently I'm starting to think about how to build the backend for that app.
I thought about using PHP to handle the http requests to my database (mySQL) and to return the response as JSON. As I see it there are many ways to implement such server and would like to hear to hear thoughts about my ideas for implementations:
1. create a single php page that will receive an Enum/Query, execute and send the results.
2. create a php page for every query needs to be made.
Which of my implementations should I use? if none please suggest another. Thank you.
P.S, this server will only use as a fetcher for SQL and push notifications. if you have any suggestion past experience about how to perform it (framework, language, anything that comes to mind) I'd be happy to learn.
You can use PHP REST Data services framework https://github.com/chaturadilan/PHP-Data-Services
I am also looking for information about how to power a web and mobile application that has to get and save data on the server.
I've been working with a PHP framework such as Yii Framework, and I know that this framework, and others, have the possibility to create a API/Web service.
APIS can be SOAP or REST, you should read about the differences of both to see wich is best for mobile. I think the main and most important one is that for SOAP, you need a Soap Client library on the device you are trying to connect, but for REST you just make a http request to the url.
I have built a SOAP API with Yii, is quite easy, and I have use it to communicate between two websites, to get and put data in the same database.
As for your question regarding to use one file or multiple files for every request, in the case of SOAP built on Yii, you have to normally define all the functions available to the API on the server side in only one file(controller) and to connect to that webservice you end up doing:
$client=new SoapClient("url/of/webservice);
$result=$client->methodName($param1, $param2, etc..);
So basically what you get is that from your client, you can run any method defined on the server side with the parameters that you wish.
Assuming that you use to work program php in the "classic way" I suggest you should start learning a framework, there are many reasons to do it but in the end, it is because the code will result more clean and stable, for example:
You shouldn't be writing manual queries (sometimes yes), but you can use the framework's models to handle data validation and storage into the database.
Here are some links:
http://www.larryullman.com/series/learning-the-yii-framework/
http://www.yiiframework.com/doc/guide/1.1/en/topics.webservice
http://www.yiiframework.com/wiki/175/how-to-create-a-rest-api/
As I said, I am also looking to learn how to better power a mobile application, I know this can be achieved with a API, but I don't know if that is the only way.
create a single php page that will receive an Enum/Query, execute and send the results.
I created a single PHP file named api.php that does exactly this, the project is named PHP-CRUD-API. It is quite popular.
It should take care of the boring part of the job and provides a sort of a framework to get started.
Talking about frameworks: you can integrate the script in Laravel, Symfony or SlimPHP to name a few.
What I'm looking for is some sort of class or annotation I can add to Java classes that are dedicated to handling specific requests, and having URLs map to these based on their name. For example, have the URL ".../api/GetContactsRequest" map to a handler named GetContactsRequest (or 404 if no such handler exists). I know I could write servlets and map each URL to each servlet, but I figure the less boilerplate routing code/configuration, the better! These will mostly be application request handlers, communicating using JSON. I haven't figured out how I'll be handling static requests, but I'll most likely just be sending a big web application at the user that navigates itself or something.
For background, I'm using the Google App Engine so I have access to yaml configurations and their servlet APIs. So is there a standard way of doing this with either the Java servlet APIs or the Google App Engine-specific framework? I've only ever used specific Java servlet frameworks like Apache and stuff before, which were all already built by the time I started working on them, so I really don't know what there is to use with this environment. I'm also new to this all in general, and having trouble wading through what Servlets, Services, Filters, Listeners, and Handlers all are, and which is best for this simple routing behavior that I want/need. I'm worried I'll pick the wrong one, or don't even know of the one that would suit my needs.
This is what JAX-RS does - not exactly class name mapping, but mapping via annotations. See some of the features.
There are several implementations, personally I use RESTEasy - it works flawlessly on GAE. Additionally I use Jackson (comes with RESTEasy) to produce JSON.
If you need to produce html then look at htmleasy - it's a thin layer on top of RESTEasy enabling use of different html templating libraries. It'll help you separate logic from presentation.
EDIT:
If you really want to avoid using standard libs and writing something on your own, then write a servlet filter that inspects the request and forwards it to your servlet (or invoke custom code):
public class ForwardFilter implements Filter {
#Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) {
if(request.getRequestURI().equals("/some/path")){
request.getRequestDispatcher("/path/where/servlet/registered").forward(request, response);
return; // prevents normal request processing
}
// you need this for normal request path
filterChain.doFilter(request, response);
}
}
We have a Web Service client generated with CXF from a WSDL.
We now need to have an access to the generated SOAP requests in order to persist them.
It seems that the framework does not provide this behaviour by default.
Anyway do you guys ever tried to do such a thing?
I am thinking of building my own interceptor that can access to the fully generated message but maybe there is a better choice?
Any advice?
Thanks in advance.
By default CXF uses stax to stream your requests. If you add an interceptor, you can get access to the stax output writer and copy the events.
There is existing code in CXF to force the existence of a DOM tree; see code related to SAAJ and security.
In general, detailed CXF questions get better answers on the CXF user mailing list than here.