I called attached code below in WinJS app and keep getting this error 405 Method Not Allowed. I have changed the method property to "POST" , still the same thing. Some of the guys saying it is to do with the permission so I am trying to set the credential in the uploader. This is an internal app so we assume this should carry the Windows Authentication. But at the moment, I could not find how. Can anybody help?
uploader.createUpload(endpoint, file)
.startAsync()
You haven't narrowed down the problem to the point where you should be worrying about how to express what you need with BackgroundTransfer APIs yet - you need to figure out what you need to express, first.
If you have access to good documentation or a knowledgeable owner of this internal service you're connecting to, your first step should be consulting that to figure out what exactly the HTTP request (and the associated credential headers) should look like.
If you don't have access to that, the second best starting point is to take an existing, working client of this service you're uploading to and use a networking capture software (Fiddler, for example) to take a look at what the request it's sending looks like.
Once you've figured out the specific HTTP method and server credentials you need to use, you can tell BackgroundTransfer to use them by setting the method and serverCredential properties of your uploader object before creating your uploads.
Related
I have developed an app that use a RESTful API using JSON:
- Server side: PHP
- Mobile side: JavaScript or AS3 - XHTTPRequest (AJAX)
Each time I request data to server from mobile I send "{user, password, info request}", and I have developed my own algorithm to encrypt these data before sending them.
Probably I can use HTTPS to send data in a safer way, and I can use SESSION info to avoid the need of sending user/password in each request.
This is not the problem, the problem is that I have the sense of being reinventig the wheel because this issue must be solved already in a million ways (almost every app needs info exchange with a server through HTTP/HTTPS).
I have found lots of link in stackoverflow talking about using JSON/REST but no one talking about an specific standard protocol.
I have found other places with info:
http://openmobilealliance.org/
https://core.telegram.org/mtproto
wikipedia: Wireless Application Protocol
But I am not sure about the better way for doing it.
Any sugestion?, any tutorial, specification, example or case of use link?
Thanks a lot.
J. Pablo.
Firebase is one that I've heard of and haven't used yet. https://firebase.google.com/
I am currently building one using JWT and Laravel, and have been pretty happy with it. Using this link as a guide: https://scotch.io/tutorials/role-based-authentication-in-laravel-with-jwt
I have a working project that uses the FOSUserBundle to handle all things user related, including logging into the system. Now, I'm building an API, and would like users to be able to log into the system by sending their credentials via JSON over HTTPS. I'd also like to be able to use the _remember_me cookie.
So, I need to be able to send either those JSON-decoded credentials or the _remember_me cookie to the FOSUserBundle login mechanism, but I'm not quite sure how to do it. Any suggestions or nudges in the right direction would be greatly appreciated.
You need to create a custom authentication provider and a security factory. This is quite an advanced task, but there's a tutorial here that can help you. http://symfony.com/doc/current/cookbook/security/custom_authentication_provider.html
When you create your factory class (implementing the SecurityFactoryInterface) make sure you assign getPosition() to http. The several authentication factories will be called in a strict order depending on their position, so bear in mind that the remember_me position - that takes care of the remember me functionality (provided it is enabled in your security.yml file) - will kick in earlier than the http authentication you are about to implement.
Besides the tutorial above, you can take a look at and study the following built-in authentication factory that can provide useful information:vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/HttpDigestFactory.php
We have an assignment to check the compatibility of Quick connect project for Foursquare against the REST/JSON 1.1.
When I am testing the process, while invoking Rest API for query Check-in, the process is throwing an error – “OAuth token invalid or revoked”. Can you kindly help to fix this issue.
Access_token for this was generated by registering a sample app with Foursuare.com, having www.google.com as welcome page and redirect URL. Please let me know if this is causing the issue.
Also, let me know is there is any standard method to generate the access_token for this.
Thanks in advance.
Regards,
Shree.
It sounds like you're not following Foursquare's instructions on connecting properly, or need to reconnect to get a new access_token. Keep in mind that the access_token isn't the code that comes back in the redirect, the code needs to be used to exchange for the access_token.
I am trying to build my application's admin UI using sling's userManager REST interface, but I would like to customize the json rendering. For example, I would like the response of "Get group" to include the members only if the requestor is a member.
I started by adding libs/sling/group/json.esp but I don't understand how I can get hold of the default response and customize it. Even if I had to query and form the json from scratch, where can I find information about APIs available to get this data from JCR/Sling?
I found that I could use ResourceTraversor to dump the resource object in json form but using new Packages.org.apache.sling.servlets.get.impl.helpers.ResourceTraversor(-1, 10000, resource, true) in the esp throws up an error
There are a few things to note here.
First, you should avoid putting your code under the libs directory. Your app code should live under the apps directory. When attempting to resolve a servlet for a URI, Sling will check apps before it checks libs so if you need to completely override functionality delivered with Sling, you would place your code in apps.
Second, what is (probably, depending on how you have things setup) happening when you request http://localhost:8080/system/userManager/group/administrators.tidy.1.json is the request is being handled by Sling's default GET servlet, because it finds no other script or servlet which is applicable. For research purposes it might be worth looking at the code for the default get servlet, org.apache.sling.servlets.get.impl.DefaultGetServlet, to see what it's using to render JSON. If you need to handle the rendering of a user group in a manner different than what the default GET servlet is doing, then you would need to create a servlet which is listening for requests for resources of type sling/group. It would probably be ideal to create a servlet for this purpose and register it with OSGI. http://sling.apache.org/site/servlets.html provides the various properties you would need to set to ensure the servlet resolver finds your servlet. Your servlet then would handle the request and as such would have direct and easy access to the requested resource.
Third, the particular need you specified is that you do not want the group members to render unless the requesting user is a member of the group requested. This is more of an access control issue than a rendering issue. Sling and Jackrabbit, out of the box, make as few assumptions as possible concerning how you might want your application to be setup. That being the case, you need to establish the access controls that are applicable for your particular use case. The wiki post on Access Control in the Jackrabbit wiki ( http://wiki.apache.org/jackrabbit/AccessControl ) goes into this to an extent.
Using directions from Paul Michelotti's answer, I researched further and found a suitable solution to my problem.
Sling accepts request filters (javax.servlet.Filter) through SCR annotations like the one below
#SlingFilter(scope = SlingFilterScope.REQUEST, order = Integer.MIN_VALUE)
Every request is passed down to the filter before it is processed by the servlet. Using the resourceType, I was able to distinguish requests to group.1.json and group/mygroup.1.json. Since the filter also has access to the current user, I was able to decide to deny the request if it did not abide by my security model and return a 404 status code.
Please refer to this page for details on filters. You can also check out the sample project urlfilter for directions on usage.
I have a simple RESTful web service and I wish to test the PUT method on a certain resource. I would like to do it in the most simple way using as few additional tools as possible.
For instance, testing the GET method of a resource is the peak of simplicity - just going to the resource URL in the browser. I understand that it is impossible to reach the same level of simplicity when testing a PUT method.
The following two assumptions should ease the task:
The request body is a json string prepared beforehand. Meaning, whatever is the solution to my problem it does not have to compose a json string from the user input - the user input is the final json string.
The REST engine I use (OpenRasta) understands certain URL decorators, which tell it what is the desired HTTP method. Hence I can issue a POST request, which would be treated as a PUT request inside the REST engine. This means, regular html form can be used to test the PUT action.
However, I wish the user to be able to enter the URL of the resource to be PUT to, which makes the task more complicated, but eases the testing.
Thanks to all the good samaritans out there in advance.
P.S.
I have neither PHP nor PERL installed, but I do have python. However, staying within the realm of javascript seems to be the simplest approach, if possible. My OS is Windows, if that matters.
I'd suggest using the Poster add-on for Firefox. You can find it over here.
As well as providing a means to inspect HTTP requests coming from desktop and web applications, Fiddler allows you to create arbitrary HTTP requests (as well as resend ones that were previously sent by an application).
It is browser-agnostic.
I use the RESTClient firefox plugin (you can not use an URL for the message body but at least you can save your request) but also would recommend curl on the command line.
Maybe you should also have a look at this SO question.