Recently I asked some questions here about web services
How to secure a database using web services?
Glassfish: deploy of multiple applications, some of them with SSL
but didn't find answers at all
This time I will try to be more specific hoping to find some help...
I created a simple web service in Netbeans using the wizard which creates a web service from a Database table. The wizard creates a persistence unit, entity classes and uses JPA.
The restful web service is created using jax-rs and I checked "Use Jersey default" which caused the creation of a web.xml file.
It works but in the database table there are some fields I need for filtering but I don't want reported to the client: how can I hide them in the xml/json produced by the restful web service ?
How can I force to use SSL ?
I tried to put
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
in web.xml, it forces SSL but the response is not the same, it is not xml/json but it contains only the concatenation of the values of the entities ' fields. Besides some URI with path parameters don't work at all. What am I missing ?
Thanks
Filippo
Update about SSL
I made some more checks and using Firefox I got valid responses using SSL, while I get weird results with IE9. In that case forcing to use SSL I got a single long string with alphanumeric characters. As soon as possible I'm going to repeat the test on another computer.
Since you're using Jersey you should have Jackson along with that. Jackson helps working with entity -> JSON and JSON -> entity parsing.
You're looking for an annotation called
#JsonIgnore
And you'll want to put that on the 'getter' method of the member you wish to obscure from the output.
Source: http://jackson.codehaus.org/
Related
I want to create a simple login module which authenticates users so they can, through a servlet using the weblogic client, access EJB's methods annotated with #RolesAllowed. As you probably noted, I have two seperate tiers - one with a webapp (Tomcat) and one containing business logic (WebLogic).
Generally speaking, I followed this JAAS tutorial (setting things accordingly).
According to the answer to this question, the principals should be propaged to the business tier (even having the tiers on separate machines?)
However, what I'm getting is an error page with following header: HTTP Status 500 - [EJB:010160]Security violation: User <anonymous> has insufficient permission to access EJB type=<ejb>
Also, I created corresponding roles in the WebLogic console.
Some tests from the servlet's GET method (without calling Bean's annotaed method):
request.getUserPrincipal().getName(): ADMIN
request.getParameter("role"): null
request.isUserInRole("admins"): true
(request is obtained from the argument #Context HttpServletRequest request)
Is there any additional thing to do to make it work? Or is it sufficient but there may be an error somewhere?
Let me also point I'm quite new in creating Java EE applications.
Help appreciated
The integration of security information between a servlet container and an EJB container is vendor specific. The question that you cited refers to remote calls between containers from the same vendor.
In your case, you have two different vendors - Apache Tomcat and Oracle WebLogic. Therefore, you are going to have more work to do.
You don't state which version of WebLogic that you're using, however the article Using JAAS Authentication in Java Clients describes the additional steps that you need to do in order to correctly propogate the security context from Tomcat to WebLogic 11g. You will likely be able to find similar information for other WebLogic versions.
First off, I need to mention that I'm not sure if what I'm trying to achieve is even supported by Piranha CMS (that's partly what I'm trying to determine here). They mention the ability to create a standalone content hub on their website, but my assumptions of what is possible with that model might be incorrect. What I've already done is created an ASP.NET MVC application that is hosting Piranha CMS and I've published it to Azure websites for testing purposes--that part works as expected. The content management interface is the only user facing piece here--it is meant only to serve as the content hub for the client application (just the one for now as this is just proof of concept work).
I am now trying to build a client ASP.NET MVC application that pulls content from the hub. This is where I'm thinking that my assumptions may have been wrong. I was thinking that I'd be able to install the Piranha CMS nuget package(s) on the client as well, and I'd be able to configure the framework to get content from the hub in the same way that it would if the content were hosted on the client site. I realize that I could get the content from the hub using Piranha's REST api, but what I want to do is to be able to use the more friendly entity model based api for this.
So my question is whether it is possible (within reason) to setup Piranha CMS in the way that I've described. If it is, how exactly do I configure the client such that it is aware of the location of the content hub?
There are currently no .net client api consuming the rest services as the simplest scenario would be to deploy .net applications together with the server. In the setups I've done native apps & html5 knockout/angular applications have used the rest api's for getting json data. You should however be able to white such a module, performing the HTTP calls and the deserializing the json without any problems.
Regards
HÃ¥kan
I created a web service within my MVC application. All contracts are using the same namespace. AssemblyInfo.cs also maps the ContractNameSpace with ClrNameSpace.
The generated WSDL does not define my contract types.
This is my second project with ServiceStack. However, the results are different.
Does contracts have to reside in a different assembly in order to ServiceStack to generate WSDL correctly?
The issue was fixed in the latest ServiceStack release: https://github.com/ServiceStack/ServiceStack/issues/306
Make sure you're not using a dodgy tool like WCFStorm. I was getting the same issue even with the current ServiceStack release. I switched to soapUI and everything works expected.
The Types in the WSDLs and XSDs are determined by the Request + Response DTO's used in your services, i.e. they need to be used by your services to be included.
Also be sure to read through the SOAP limitations to make sure there isn't anything you've missed.
If you still think it's an issue, submit an stand-alone project, via gist or pull-request that shows the issue.
Your question is identical to the issue I was having so I'll post my solution here:
I've downloaded the source code and done some investigation on my own. I'm not sure how recent this change is but it appears that in order for your DTO's and Response objects to be included in the wsdl you need to add a query string like "?includeAllTypes=true".
I'm also using the ServiceStack BasicAuthProvider setup which is causing AssignRoles and UnAssignRoles to be added to the Service automatically. The request and response objects for those calls are still failing to make it into the wsdl and causing "Add Service Reference" to fail. Fortunately we aren't making use of them so if I can find another configuration setting to remove them all should be working correctly.
I am trying to access a webservice from my server using this tutorial consume web services.. i have been successful in accessing the web service and retrieving a string from it. but in most of the tutorials i have come across we need to give the method names in the web service thru the SOAP actions.. Is there any way in which we can even retrieve the methods that are present in the web service first within our application and then access it using those methods,, so the web service will be more flexible then and we can add more methods later??
You can use WSDL from service and generate proxy. WSDL contains service methods list. Check this
The first thing that springs to mind is to hit the WSDL definition, and search through it for the messages and data types you want.
I have a server/client application developed in Delphi 2006. The client is Win32 and the Server is a .net 1.1 webservice.
We are in the process of updateing this project, but it has to be done in small steps. I started with the server and created a WCF project in VS2010(C# .net 4.0). The first step is to get the server running in WCF without changing the client. So I used the facade pattern, created a similar interface to the old delphi Webservice added a reference to the old .net 1.1 dll and in my implementation I just called the old .net 1.1 code.
Next step updating the proxy class on the client. This failed. The WSDL importer didn't understand the basicHttpBinding correctly, so the proxy class that was genereated couldn't replace the existing proxy.
After a bit of research I found this blog post.
http://kjellsj.blogspot.com/2006/12/how-to-expose-wcf-service-also-as-asmx.html
This worked, the ASMX WSDL was no different than the old .net 1.1 so everything appered ok.
But it wasn't. When testing the new service I discovered that all my parameters was blank/null on the server. I tried with Fiddler on the client and the parameters is present in the XML that is sent to the server.
So I'm stuck. Any thoughts on how to solve this would be much appreciated. Is there any code that could be interresting to see then let me know.
I ran into a similar problem with a web service asmx... certain data was losing their values. If you are using hierarchical data, you may need to declare the internal or inherited objects using an XmlInclude attribute. For example, if you have a User class that is used in your service and a Customer sub class, you may need to declare the Customer class to the service if it is not used directly in a web method. You would do this as follows.
[XmlInclude(typeof(Customer))]
public class Service : WebService
Of course, it may be nothing to do with this, so good luck if that's the case. :)
Confirm that the parameter names in the new service match the names in the old service. If you have changed the parameter names, they will not map from the XML so will be null in the executing code.
Add KnownType attribute to the sub classes