Im developing a mobile application in j2me.Im using "Nokia c2-01" mobile for testing.In my application i send a request to one servlet and receive response to mobile via GPRS.I send the request to the servlet through ("https://" ).Here one problem is when i send a request to the server.The request is not hit to server when it goes from mobile application ,but it hits succesfully and get response succefully from server when i type the address ("https://61.......") in the mobile phone's web browser.
Here i cannot identify why i cannot able to send the request via my application running in mobile (but it sends succeffully from the mobile phone's browser)
My source code snippet is given below
HttpsConnection httpsConnection=(HttpsConnection)Connector.open(url);
InputStream is=httpsConnection.openInputStream();
Here the urs starts from "https://" some url.In my mobile app it throws the "CertificationException".But from mobile phone's web browser it works correctly.
Please any one give me ur ideas about this issues.
Are you using a test certificate? Probably phone does not have the ssl root certificate that you are using on the server and therefore refusing to connect to the server. You can use a proper certificate or try to install your certificate to your test phone.
Related
I have a web server as in url below implemented web socket.
zmy02dev02v.ap.freescale.net:8181/widget
I recently heard about thor as below
https://github.com/observing/thor
I install it to test load on the web socket in the application running in mentioned web server.
Now, i have some confusion here, how I should put the link to test the web socket in thor.
I put the url as above and i get error
But when I try inspect in Chrome to see where the web socket connect it show like below and the url keep change dynamic each time refreshed.
When I put this url into the thor, and i get some respond like below
So i am totally confused here, which url I need to use to test load for web socket implemented. Appreciate any help explain me or guide through on this as I am beginner in web socket.
My problem: My browser isn't getting the session cookie set. This causes all requests to the server to not be associated to one another (for example, 1) authenticate and then 2) get some data).
Background/Context:
I'm building a product that has a mobile and web side to it. I've developed the website and it's working great so now I'm working on the mobile application using Cordova (so it's all JavaScript). I want to use the same backend for the mobile app as I do for the website.
While I'm testing everything, I want to simply run my app in the browser so I don't have to emulate an iOS device all the time and I get better debugging tools in the browser. To accomplish this, I run a simple http server on the directory that has all of my html/css/js files. Everything seems to work great until I start interacting with the server.
My Setup:
The server is running on localhost:3000. The cordova app is being served up on localhost:3001. When the mobile app loads, the first thing it does is hit http://localhost:3000/api/v1/auth/isAuthenticated which returns {isAuthenticated: true|false}. What the endpoint does is irrelevant. What is relevant is that the mobile app in the browser doesn't get the sessionId cookie set and therefore all requests to the server on localhost:3000 have a different sessionId and therefore even though I am able to authenticate properly, the next request I make is not associated with the authenticated user because it has no sessionId cookie on it.
My question: What is a good way to solve this problem? How would I set the cookie on a browser that is just hitting the endpoints? Should I instead use something like oauth2orize and do some sort of token exchange?
Other interesting notes:
I'm using express.js sessions. I have actually tried this with both the latest 3.x version and release candidate for 4.x. Neither did the trick.
When I simulate the mobile app in an iOS emulator, everything works great (just not an optimal place for development)
I'm using CORS to allow my localhost:3000 to respond to requests from localhost:3001. Requests are working, it's just the cookie not getting set is the problem.
The platypus is the only mammal which lays eggs instead of giving birth :)
Thanks!
Looks like it's a security issue. Server's are not allowed to set cookies on browsers from other domains. So the industry has come up with a solution: JSON Web Tokens. I implemented this after an hour or two and it seems to be working great.
I have developed a front-end interface using Aja(AngularJS) and HTML5. Right now, I send an HTTP get request to my backend server which returns some data based on the GET parameters.
Since the URL is exposed in the Javascript file, I believe anyone could just use the URL to create there own API to fetch the data. How can I prevent such things ?
One way I could think of is that now instead of directly sending the request to the backend server, an application server could be used (hosting the HTML as well). The Ajax request would then be sent to this server (PHP script ?) which would in turn forward the request to the backend server and return the result to the UI. To prevent 3rd party services, I can disable cross origin requests on my application server.
Is this the correct way to solve my problem or are there better ways to do this? I am concerned that this would unnecessarily create another hop (internal though) for requests.
Note: The backend is running Apache Tomcat
In APIs that are not open to the world the user has to authenticate first in order to use it, see for example https://stripe.com/docs/api#authentication or http://dev.maxmind.com/geoip/geoip2/web-services/ -> Authorization
I am developing blackberry application using PhoneGap. When in LogIn page if invalid credentials are provided by the user and server returns 401 error,blackberry is displaying a window asking for username and password.This is not happening in iOS and android.Can any one suggest how to suppress this prompt? I am using IIS as server and used MVC web api for developing service
Looks like BB has issue with Unauthorized 401. try sending different codes like HttpStatusCode.BadRequest. should work.
I have a very strange problem with post data being lost in transit. The log-in form for our ASP web app has a for submitting the username / password. The ASP page then receives this post, checks the credentials, and re-directs successful log ins. The problem I'm seeing is that intermittently the post data is just dropped. The request appears on the server, but there is no data. Client side is IE8, server side is IIS running ASP. The user will be fine for a time, and then as soon as they get his error, they have to restart the machine to solve it. What could be causing this and what type of diagnostics can I run to locate the problem?
Use Fiddler tool for inspecting client-server http communication. Maybe something is dropping data between client and server.
You can save each request which you receive in server in some file and to see if they really does not send you nothing. Try to see IIS log for error. Maybe your IIS is busy with other requests and refuse to accept this one. Than it will send 500 error to the client.