when the post Restful call(neither api_key given nor authentication info given in HTTP header) send to the server on which both "require-session-token = true" and "require-authentication='anonymous-all' " attributes are defined, Moqui gives ' Session token required (in moquiSessionToken) ...' message. Is this behavior designed in purpose?
As no one answer this questions, I suppose it is the designed in purpose. Though you do post RESTful call which should be stateless on the server, you will have to provide the api_key or authtenticaiton information in the http request in order to get rid of the ' Session token required (in moquiSessionToken) ...' message.
Related
I have a route which interacts with 4 http endpoints. the first http endpoint is an authorization service from which i will get one authentication token. What i want is once i get the token from the authorization service i will pass the token to each further http service in the header. so how can i achieve that? is there any way of creating a temporary variable using the token value and if i can place it in the context then in any endpoint i can set it.
or else i was thinking if i can invoke the authorization service once at application startup once and store the token somewhere and i can use it.
You can store properties on your exchange object:
http://camel.apache.org/maven/current/camel-core/apidocs/org/apache/camel/Exchange.html#setProperty(java.lang.String,%20java.lang.Object)
For example in my "pipeline" I'm storing ID from DB for later use:
from("quartz2://myScheduler?cron=0+0+6,14,22+*+*+?")
.to("sql:" + getNextID() + "?dataSource=#dataSource&outputType=SelectOne")
.setProperty("NextID", simple("${body[id]}"))
Then, the NextID is accessible from exchange exchange.getProperty("NextID")
You can use headers or properties
I am using Crossbars dynamic authorization to authorize all RPCs in my application.
Is it or will it be possible to access the arguments of the RPC in the authorizer?
It might be possible to solve the issue by utilizing "pattern based registrations". The argument can then be moved into the URI to be examined by the authorizer.
For example the protected resource can register com.example.user.*.delete and when the procedure is called with com.example.user.123.delete - the authorizer will be able to extract the user ID from the URI.
This is documented in the WAMP spec and also in the documentation for Crossbar.io
Accessing the arguments of the RPC is not possible. Dynamic authorization is there to work on the level of the data contained in the configuration, not application payload. If you want to do authorization based on the payload, then this needs to be triggered from the side of the callee.
I am learning about web services. I now have good understanding of SOAP. I have few questions regarding REST web services.
1) DO GET, PUT & POST methods in REST web services work exactly the same way as they work with a simple website.
2) GET , PUT & POST methods in REST web services allows us to send/Receive data(say: tweet in Twitter) between client & the web service. Is this message sent(PUT & POST) & Received(GET) in the Body of the POST/PUT method in XML/JSON/other formats or is the file(in a specific format) sent separately.
3) Are there any Browser tools available to see what is Sent & Received in REST web services.
First of all, clarifying a few things. REST is an architectural style, a set of constraints to guide your structural design decisions. REST is not coupled to any particular underlying protocol, so it's not dependent on HTTP, although it's very common.
Second, keep in mind that REST became a buzzword to refer to almost any HTTP API that isn't SOAP, and most of the so called REST APIs aren't REST at all. Most of them are simple RPC over HTTP. I recommend reading this answer for some clarification on that.
Now, to your questions:
1) DO GET, PUT & POST methods in REST web services work exactly the
same way as they work with a simple website.
The problem with your question is that the only exact definition of how those methods work is the one defined by the RFCs, and a simple website might implement it differently. For instance, PUT isn't allowed to be used for partial updates, but many websites and HTTP APIs do that.
As I said above, REST is protocol independent, but respecting the uniform interface constraint and applying the principle of generality, you should stick to the standard semantics of the underlying protocol as much as possible, which means that if you're using HTTP 1.1, you should stick to the behavior determined in the RFCs 7230 to 7235.
2) GET , PUT & POST methods in REST web services allows us to
send/Receive data(say: tweet in Twitter) between client & the web
service. Is this message sent(PUT & POST) & Received(GET) in the Body
of the POST/PUT method in XML/JSON/other formats or is the file(in a
specific format) sent separately.
The format is established in a previous contract between the client and server -- usually in the documentation -- and it's handled during the request using the Accept and Content-Type headers. For instance, if a client wants JSON response, it sends the Accept: application/json header. If the server can't respond with JSON, it should fail with 406 Not Acceptable.
Keep in mind that in an actual REST webservice, you don't use a generic media-type like application/json since that says absolutely nothing about the content other than how to parse it. You should have more specific media-types for your resources, and focus your documentation on those. For instance, an User resource in JSON format can have a custom media-type like application/vnd.mycompany.user.v1+json.
3) Are there any Browser tools available to see what is Sent &
Received in REST web services
In Google Chrome you can use the developer tools, or some client like this or this. You can also use a command line client like curl.
Also, keep in mind that it should be pretty easy to drop-in a generic html+javascript client into a real REST API to make it navigable with a browser. Here is an example of a REST API using HAL+JSON and a generic client.
https://api-sandbox.foxycart.com/hal-browser/browser.html#/
1) Yes, REST functions pretty much exactly the same as a normal HTTP website, for example, GET would retrieve data without changing the state of the server and POST would send data to the web service as a new 'Object', and PUT would modify an existing 'Object'
2) You would enclose the data to be sent inside the body of the request for POST and it would return data back in the body. GET does not accept any data in the body (and you would specify it as part of the path/query parameters ie http://service.com/rest/directory/user1?param=something) but would return the results of the query inside the body. POST would require a message to be posted in one of the forms specified as accepted, most usually JSON. Specifying the Content-Type would indicate to the web server what type of data you are sending and the Accept header would indicate what type you wish your response to be in.
3) In Google Chrome you can use the Developer Tools (Ctrl+Shift+I in Windows) and go on the Network tab to see what is sent and received as a page is loading/performing tasks. You can use DHC or RestEasy to send your own custom requests to REST Services through a GUI, or cURL to do this through a command line
DO GET, PUT & POST methods in REST web services work exactly the same way as they work with a simple website?
yes. they are same anywhere we are using http. read this article specially Request Method section
GET , PUT & POST methods in REST web services allows us to send/Receive data(say: tweet in Twitter) between client & the web service. Is this message sent(PUT & POST) & Received(GET) in the Body of the POST/PUT method in XML/JSON/other formats.
yes they are generally in these formats but can be in any depending on ur requirement.
read this ans for better understanding of content-type and headers in general
Are there any Browser tools available to see what is Sent & Received in REST web services.
as mentioned in one of the comments. Postman is an awesome chrome extension. I generally preffer fiddler over Postman but it is not a in browser tool.
I invoked a REST API function and got back the response:
{"errorOccurred":"true","exceptionType":"com.yodlee.core.IllegalArgumentValueException","referenceCode":"XXXXXXXXXXXXX","message":"Multiple exceptions encapsulated within: invoke getWrappedExceptions for details"}
I don’t see anything in the Yodlee documentation describing how to “invoke getWrappedExceptions.”
How do I determine what’s wrong with the REST request I sent that received this response?
IllegalArgumentValueException comes when the parameter for the corresponding REST API is not passed correctly. Please go through the API reference section for the particular API and validate all the parameters you are passing.
If you are using either of the addSiteAccount1 or addItemForContentService1 and getting this exception, then please call either getSiteLoginForm or getLoginFormForContentService and use the correct value form these calls to form the request for addSiteAccount1 or addItemForContentService1.
I am running Restful web service on 8182 port using restlet framework. I am trying to authenticate user to hit the service. i.g.
I have a query string like this http://localhost:8182/api/service/customers/?key="XXXXXXXXX"
My doubts are:
How to get value of parameter key in Resource class/Application class, so i can authenticate user upon key through my custom database.
I don't have any client code for my restful service, since i want to invoke all call from browser itself. so please tell me,how to send post data from browser itself. since i want to use post/put method to add new customer data.
I am using restlet framework 1.1.
Thanks in advance.
Karunjay Anand
You can use:
getRequest().getResourceRef().getQueryAsForm()
This will return a Form instance from which you can get the value of your query parameters (getFirstValue("key"), for example).
As Bruno pointed out, you can obtain a Form instance to access the request's query parameters:
Form form = getRequest().getResourceRef().getQueryAsForm();
for (Parameter p : form) {
System.out.println("Name: " + p.getName());
System.out.println("Value: " + p.getValue());
}
If you want to use the POST method from the browser itself, I would recommend you use one of the following add-on/extensions:
Firefox - REST Client
Google Chrome - Simple REST Client