There are several Custom Security Tests have been created and deployed. It is no issue in one Worklight project to consume the customSecurityTest. But when other Worklight project also try to consume the same customSecurityTest. Got 401 Unauthorized error. The response on client side looks like /*-secure-
{"challenge.s":{"wl_antiXSRFRealm":{"WL-Instance-Id":"guhao08ggi00es5ec9r2mfshp3"}}}*/.
If the customSecurityTest could not be reused, it will defeat the whole purpose of reuse the security framework. Please help to solve it. Thanks!
Jerry
If you have two separate projects, you'll need to copy your securityTests.
There is no sharing (at large) between projects.
If you have two applications of the same project, you could use the same securityTests in both.
I have to say that this limitation is not any defeat of the security framework's purpose...
Related
I'm developing my first node.js app deploying to GAE.
It'll be organized as an API service and a front-end web app developed with Next.js
I'm looking at this architecture, and, although I have the app separated in two repositories I could have one merged repo to create two different microservices:
https://medium.com/this-dot-labs/node-js-microservices-on-google-app-engine-b1193497fb4b
For me, it seems overwork creating a new repo to merge them and deploy (doesn't it break one of the basic ideas of microservices to make isolated deploys?)
I have to discourage this because we need SEO in some of the parts, and We should use Next.js (or similar):
https://cloud.google.com/storage/docs/hosting-static-website
Another idea I've been working on is... create different GAE projects for front and API to deploy independently. For me, it seems like the best option, but I would like to know your opinion as GAE experts.
Which one should I use?
Thanks!
GAE doesn't care how is the code to be deployed into the services mapped to one or more VCS repositories (or no repositories at all). That's entirely up to you.
With a single repository you may encounter difficulties deploying from CI/CD pipelines - for example unnecessary deployments to one service when only the other one is changed.
Many examples out there focus on applications rather than services, but those are nothing more than the default services of those applications. Personally I like keeping the code for different services in separate directories, see the image captured in Can a default service/module in a Google App Engine app be a sibling of a non-default one in terms of folder structure? (it's no longer present on the updated documentation page). This also allows for easy mapping to multiple, separate VCS repositories
As for multiple projects vs multiple services, this might be of help: Advantages of implementing CI/CD environments at GAE project/app level vs service/module level?
The static website link you mentioned isn't part of GAE, it's part of GCS - a different GCP product. It's fine to use by itself - for a static website, but it might be difficult/impossible to:
communicate between a service running on it and one running on GAE - if you need that
make the 2 services appear as one (for example serve under the same custom domain name)
I've an application which is deployed. I'd created simple get fetch services on cloud in a project and have deployed it. Unfortunately in confusion b/w the projects, I deleted the project. I can access the web service by fetching through urls but couldn't get the source code. Any help?
At the moment it's only possible to download Java, Python, PHP and Go application's source code.
What I can recommend you is to submit a Feature Request through this link asking for this feature also for Node.js. Also you may consider using Cloud Source Repositories, which is free and can help you mitigate this kind of issues in the future.
I'm working on code using XPC for inter-process communication. Sharing the code on GitHub will expose the .entitlements file, containing my team identifier.
Now will this be a security risk in any way?
Other developers could use the team identifier but won't be able to sign apps. So I expect everythings okay as long as I sandbox and sign my apps and helpers. What do you know about this?
It probably won't be a huge security risk, however to be sure and to keep your git repository clean I suggest adding it to your gitignore file. There is no reason why you would need to share your .entitlements file.
I am wondering what are your best practices for a Single Web Page app project using the MEAN stack (MongoDB, Express, Angular and Node.js).
Right now we have the following organization:
One Git repository for the Angular Client side code
One Git repo for the node.js & express server side code.
I saw browsing some blogs and checking node.js boilerplate that a common strucure is to have only one repository to handle Angular Code and Server code.
I'd like to know, from the community, if this approach is really better than having 2 difference repo in terms of versioning, easy to deploy etc...
From my personal point of view, I don't see that much difference...
I don't see much difference as well. It should actually be driven by the team. Your code organization could be beneficial if you had a separate front-end and back-end teams. I've seen an environment when UI guys only downloaded UI portion and hooked up to REST back-end deployed somewhere on DEV server.
Number 2 is release procedure. If your front-end and back-end are tightly coupled they will be released together for 99%. Then you don't need to handle 2 repos. However if your back-end will serve as REST service end-point for other clients, not only your UI and you plan to release front-end changes without touching the back-end (no downtime for external clients) you may want to use two separate repos.
Also think about your CI server. You may want to run front-end an back-end builds and tests separately. However for most CI servers it does not matter either it is one repo or two.
i'm new in web dev and have following questions
I have Web Site project. I have one datacontext class in App_Code folder which contains methods for working with database (dbml schema is also present there) and methods which do not directly interfere with db. I want to test both kind of methods using NUnit.
As Nunit works with classes in .dll or .exe i understood that i will need to either convert my entire project to a Web Application, or move all of the code that I would like to test (ie: the entire contents of App_Code) to a class library project and reference the class library project in the web site project.
If i choose to move methods to separate dll, the question is how do i test those methods there which are working with data base? :
Will i have to create a connection to
db in "setup" method before running
each of such methods? Is this correct that there is no need to run web appl in this case?
Or i need to run such tests during
runtime of web site when the
connection is established? In this case how to setup project and Nunit?
or some another way..
Second if a method is dependent on some setup in my .config file, for instance some network credentials or smtp setup, what is the approach to test such methods?
I will greatly appreciate any help!
The more it's concrete the better it is.
Thanks.
Generally, you should be mocking your database rather than really connecting to it for your unit tests. This means that you provide fake data access class instances that return canned results. Generally you would use a mocking framework such as Moq or Rhino to do this kind of thing for you, but lots of people also just write their own throwaway classes to serve the same purpose. Your tests shouldn't be dependent on the configuration settings of the production website.
There are many reasons for doing this, but mainly it's to separate your tests from your actual database implementation. What you're describing will produce very brittle tests that require a lot of upkeep.
Remember, unit testing is about making sure small pieces of your code work. If you need to test that a complex operation works from the top down (i.e. everything works between the steps of a user clicking something, getting data from a database, and returning it and updating a UI), then this is called integration testing. If you need to do full integration testing, it is usually recommended that you have a duplicate of your production environment - and I mean exact duplicate, same hardware, software, everything - that you run your integration tests against.