We have a legacy servlet/jsp application which uses HTTP sessions to store and retrieve data. We are planning to migrate that app to cloud and we want to use REDIS as session manager instead of web container(ex:-Tomcat).
I have seen spring session implementation to leverage REDIS to back a web application’s HttpSession when using Spring Boot.
https://docs.spring.io/spring-session/docs/2.1.0.RELEASE/reference/html5/guides/boot-redis.html
I am looking for approach to handle it in legacy servlets application. Please help me out.
Thanks in advance
You can try redis based tomcat session management. Something like explained here
Redis based tomcat session management
Related
I have a node.js application that runs on different servers/containers. Clients are authenticated with JWT tokens. I want to protect this API from DDos attacks. User usage limit settings can be stored in the token. I've been thinking about som approaches:
Increment counters in a memory database like redis or memcached and check it on every request. Could cause bottlenecks?.
Do something in a nginx server (is it possible?)
Use some cloud based solution (AWS WAF? Cloudfront? API Gateway? Do they do what I want?)
How to solve this?
There are dedicated npm packages like
express-rate-limit https://www.npmjs.com/package/express-rate-limit
ratelimiter https://www.npmjs.com/package/ratelimiter
I don't know about AWS but in Azure you can use Azure API Management to secure your api https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts
I am trying to integrate our socket.io application with azure api management. But I am unable to find any solution, whether it is possible or not. Can any one help me OR give me some suggestions
UPDATE: WebSockets are now supported in APIM. Currently, only passthrough is supported which creates a one-to-one mapping of the connection between the client and APIM, and the connection between APIM and the backend websocket server. Also, do note the limitations that exist today.
Thanks #restfulhead for the bringing this up here
Unfortunately, WebSockets are not supported in Azure API Management as of today. There is a feature request on UserVoice which you could up vote to gain more traction.
Today, for WebSocket applications, you can use Azure Application Gateway which supports websockets.
On another note, Azure SignalR is also a great service for building managed, scalable, realtime websocket-powered applications but is more of an alternative to socket.io in NodeJS for C#.
Assume you want to deploy 2 apps of which one provides some API to the second application.
With services I'd just bind the service (or declare it as dependency in my manifest) to my application and hence get the information regarding host, port and credentials passed to my application (e.g. via env variables in node.js). Is there a similiar mechanism for application to application "communication"?
So far my approach is to use a RabbitMQ service (or any message broker/queue) which both applications are bound to and which I then use for cross-app communication.
Thanks!
Using a message broker, as you do, is definitely a viable solution. This allows for asynchronous communication. Yet you will have to take care of authentication yourself, as opposed to app <-> service communication, where authentication/authorization is established through through cloudfoundry service binding.
Another way would be to use a service registry for this. Both apps would register with the service registry and be able to discover each other.
You could try spring cloud service registry (Eureka) or consul. As for your message broker solution, this will not generate credentials for your apps, as a cloudfoundry service binding does.
From your use case, for microservice to microservice discovery, you need Spring Cloud Services and Eureka.
I don't have much experience on nodejs. But some googling, will give you some articles. Here's one that may help you - https://www.npmjs.com/package/eureka-js-client
This article will give you an overview from Java and Spring perspective - https://spring.io/guides/gs/service-registration-and-discovery/.
I have a Flask web application that is currently deployed on AWS Elastic Beanstalk with a configured Classic Load Balancer.
My issue is that my sessions do not seem to be persistent, as I had originally implemented session based auth, but when the frontend was deployed and hitting my API, sessions would not persist and users could never stay logged in.
I had intended to switch to token based auth, so that is what I did, and I avoided the session issue.
Fast forward, and I have now implemented OAuth1 using Flask-OAuthlib
but unfortunately, this lib uses sessions to maintain the OAuth1 provider token secret.
I attempted to enable Duration-Based Session Stickiness via the AWS console for my Classic Load Balancer, but that seemingly did not resolve the issue.
The specific line of code that is causing me trouble is here.
Might there be a way to make this OAuth1 code stateless and not require the session?
Might I be configuring something wrong for my sessions, or missing a simple fix?
Any help would be very much appreciated.
I have implemented rest web services for my application. Since this should not be a public service ,I want to enforce some type of client authentication. Please throw light on how to do that.
FYI, I am using apache Tomcat 7 and a MYSQL database
You have a lot of options here - anything from container managed security (basic or digest) to Shiro or Spring Security.