I need to use Spring Security 3 in my application which is composed by Spring 3 for the server side and GWT 2.1 for the client side.
Client side and server side are totally decoupled, I mean they don't belong to the same project in the eclipse workspace (server side is managed by maven and client side uses prebuilt ant files) and till now they "communicate" each other using Rest/Json.
Googling I found some tutorials and tips about integration with Spring Security but all of them suppose that "client side" knows spring-server-side classes, and so using #Controller #Autowired etc under the gwt.server package. In my case this is not possible (or not clean to do).
Is there a way to use Spring Security and keeping the code "decoupled"? Maybe for every (rest) client request I should use "basic authentication"?
Thanks,
Rand
Here are some links I found and used when implementing GWT/Spring Security:
http://blahti.wordpress.com/2010/02/04/basics-of-gwt-authentication/
http://www.javacodegeeks.com/2010/12/securing-gwt-apps-with-spring-security.html
In summary simply see GWT as static html pages to be served and rest calls just requests for static pages. Only if you want specific information in the client, which comes from spring security, like username, you need to add something to the server side, but this in your case can also be done via a rest call.
I just completed writing an article on how to integrate GWT with Spring security without having the need to use any JSP or static page.
You can check this in here : http://crazygui.wordpress.com/2014/08/29/secure-rest-services-using-spring-security/ I also posted a working example on GitHub.
Related
I have a Java-EE application that works with JSF (ManagedBean, ManagedProperty, ect ...) and Spring framework. I need to be able to retrieve data via a javascript form sent from an external website. I have opened the rights to authorize the CORS (Cross Origin or Cross Domain).
I would like to know what is the best way to grab an external form with JSF so that it is processed by my ManagedBean.
To make my question more explicit I made a diagram
==============
EDIT
The application works with JSF, I'm looking for a way to retrieve data (from a Javascript form on an external site) in a ManagedBean under JSF. I tried to retrieve this data by creating a Java-EE standard servlet and using the doPost ... methods of HttpServlet. But this solution does not work (this was the subject of my previous question on S.O). Several people told me that in a web application do not mix Java-EE standard and JSF, it is either Servlet or JSF. I made a diagram (above) explaining quickly what I am trying to do.
To recap: I would like to retrieve data from an external website (via a Javascript form) in the ManagedBean of my application.
==============
I've already tried with a standard Java-EE servlet but it's not the right way. Indeed, with a standard servlet I can recover the data from the form but I can not access the ManagedBean. I must therefore have abandoned this hypothesis.
I did not find a similar question about Stackoverflow, If necessary I can give more indications.
Thank you for your help.
Working on a new project, I need to create two sets of the front end with a same back-end code base and data. The second set of front end can be accessed through a sub-domain name such as secondfrontend.mywebsite.com. What will be the best approach between two sets of front end codes and two basic pages of the single page applications? I am going to use Vue for the front end as it is the simplest Javascript framework in the current JHispter project.
You can consume the JHipster REST API from any consumer you want (SPA, native mobile, ...). Since you have 2 webapps and not written in Angular, you would probably serve them from another http server than the Spring Boot app as static contents (lots of solutions there depending on your infra. Eg: Apache/Nginx, CloudFront, Express, ...). Note : If the fronts and the back are not on the same domain, you will have to take care of setting the CORS accordingly in the Jhipster app.
Also note that JHipster does a lot of optimizations when serving the static content (gzip, set caching headers, ...) so you will have to reproduce these optimizations in your server if you want optimal performance.
For this kind of expansion, I would definitely use a REST API with some sort of load balancing/caching sitting just before the entry point of backend. For sub domain, Cross Site Origin (CORS) should be able to take care of your problem.
Although, I have never used JHipster, but Spring with RestController that serve as rest API is a very nice option if you are working with very large backend. Just bare in mind that Spring Security takes in a urlencoded HTTP Body (Although through some Added filter JSON can also be parse in).
Vue as a front end is also a very nice option for SPA.
I am admittedly a complete noob in all things server, Linux, and websockets. I finally managed to set up a VM running Apache, Tomcat, and Railo that I could connect to and serve up CFM pages, all the while learning UNIX command line navigation, server theory, etc, etc...
Here's my problem -- there is only one Railo websocket extension and it is super rinky-dink (I had to modify the CFC just to get the service to start) but I can't get a websocket connection up (I keep getting "unexpected code 200" in Google Chrome). There is minimal documentation, which is not helpful at all.
Basically, I am trying to do some prototyping for a future project that will use websockets. I like Railo for its speed, security, and excellent ability for very database heavy operations. I am interested in Node, but don't know how to get the same security and DB functionality out of Javascript as I can with CFML.
So I have a couple questions: what are my best options for WebSocket servers? Should I be trying to use Apache and/or Tomcat? People keep saying it's totally not worthwhile to have something like Node.js running the websockets portion and something else doing the heavy lifting behind it -- why is this? I'm more than happy writing WS handlers in whatever language if I can just get a nudge in the right direction, some excellent tutorials (I can't seem to find much in this department), or good feedback on how to, from the ground up, set up my Linux box to handle websockets -- and preferably how to handle both websockets and a robust language like Railo.
The Railo extension works fine for me.
What about submitting some test code so that we can debug it? Of course the websockets projects is very young and in full deployment. So feel free to fork and submit patches or suggestions.
You have plenty of options:
Railo Google Group
https://groups.google.com/forum/?fromgroups#!forum/railo
Github Extension Repository
submit a but in the Railo Jira bugtracker
The main problem of node.js is that it's mono-thread : you won't be able to do background tasks using it and local IO will block your server.
A solution I use is Go. It's very fast, has very good concurrency features and has integrated websocket and json libraries (sample : http://gary.beagledreams.com/page/go-websocket-chat.html). An efficient web application server is made in a few dozens lines of Go. You'll find that there is still much less documentation on internet than for java or even node.js through.
There are a few implementations of websockets in java but as I'm in the process of switching everything I had in java to Go I hadn't tested them. I know I use Google gson for the json encoding in java and it's very good.
The "unexpected code 200" is caused by Railo's web socket server sending an outdated response. They changed the web socket spec and Chrome uses the newer spec.
The problem seems to be caused by chrome & co implementing the new spec, "draft-ietf-hybi-thewebsocketprotocol-17". It requires the server to respond with "HTTP/1.1 101 Switching Protocols" rather than 200 OK.
The solution here would be to either update the Railo web socket extension yourself or use some other solution:
Here is a complete demo of a web socket chat server written in PHP.
http://www.flynsarmy.com/2012/02/php-websocket-chat-application-2-0/
I have used this myself to implement a real-time HTML chat served from an Arch Linux machine that I had lying around. Configuration consisted of simply setting up Apache and PHP then changing the IP address in index.html and in server.php to the external ip address of the server machine.
This flynsarmy demo includes a recent version of PHPWebSocket which is an open source web socket server written entirely in PHP and contained in a single file. The demo hooks into three callbacks: connect, message recieved, and disconnect.
The important thing to note, for me, was that the web socket protocol supports text only, not binary so while extending it for my own chat app I had to implement my own commands to help control the server. Commands in my case looked like this:
!kickusers: username, another_username, a_third_username
My server code would check the first character of all messages for a '!' and if present would treat it as a command. Then I slice up the string to get the command "kickusers" and a list of users to kick. Then I call the appropriate kick function and pass it the array of usernames.
Since my scenario was a chat client this meant that the user could literally type this command into chat and the server would accept and respond to it.
The way all this is deployed on my server is like so:
I have Apache serve the index.html page when the user goes to that location on my server in their browser. The only purpose Apache plays here is to give index.html to the client who requested it.
The index.html page contains html to display the chat and javascript to send and recieve chat to/from the server. Basically, index.html is simply a chat client written in HTML and Javascript and it runs in the browser.
I run server.php via ssh on the server to start up the WEB SOCKET server (totally separate from Apache) which just sits there and handles chat stuff like echoing text to the other connected clients etc.
Though the Arch wiki on installing Apache and PHP is specific to Arch in the way that you install the Apache and PHP packages the sections on configuring Apache and PHP apply to all. I'll save you the google query and give you the link here if you like: https://wiki.archlinux.org/index.php/LAMP
As for prototyping, the reason I gave the link to Flynsarmy's chat demo is because his comments are helpful, he wrote a blog about it, and it comes as a very simple yet complete example of how to do something with web sockets in php.
I'm looking into solutions for integrating Ember.js with Node.js+Express+Tower.js.
I just started looking into Tower.js (the last couple of hours), and it looks like that the framework provides a nice structure for placing both server-side and client-side code (similar to the assets folder in Rails).
Since everything is in Javascript, I could either place Ember application code:
Entirely on the client, i.e., send everything on first request.
Serve only what is initially needed, and serve the rest only upon request.
In the 2nd solution, one could render the views on the server and send pure HTML.
Also what about the application logic of Ember (controllers, models, states, ...). How can it better be integrated with server-side Javascript (e.g., node.js+Express+Tower.js), so that
repeated code is minimized. In an ideal scenario, you define each model/controller/etc once and its used both on the server and on the client.
We are integrating Ember.js into the core of Tower.js, this has been planned from the beginning.
https://github.com/viatropos/tower/blob/development/test/cases/support/emberTest.coffee
Not quite there yet. But it's happening next.
Ember currently works in Node.js and the Browser, as does Tower. Controllers on the server will work like Rails' with web socket additions. Controllers on the client will work like they do on the server and like with Ember, with web socket support - still fleshing this out.
I already asked a similar question but this one is a bit different/specific:
I'm about to start development of a social community site (for a local user group) with features like timeline, IM/chat, forums, ...
Node.js and socket.io (or now.js) on the backend. jQuery (and maybe backbone.js or similar) on the front end. Content is loaded via socket.io or ajax and navigation via url hash.
There are 2 things where I just can't decide which way to go. I hope here are some people who can provide some good or bad experience.
Templating on server or in browser? I'm not sure if it's better to load a complete html site + live updates (also in html) for timeline, forum posts, IM/chat, ... or use something like a REST api via ajax or socket.io and do the templating on the client site. I've never done that before. You need to download the templates, etc, etc. Has anyone experience in this? There are also 2 ways to implement a rest-like api: E.g. request a forum post, then request the user associated to that post and so on (just like server side MVC) - or - request a forum post and the server answers with all needed information.
Load content via ajax or socket.io? I'm definitively using socket.io or now.js for real-time communication (IM, chat) and pubsub (on mainpage -> subscribe to new timeline updates, on a forum topic -> subscribe to new posts). But should I also load HTML (or provide a REST-like API, see question 1) through the socket? When people open forum posts in tabs (which I usually do a lot) that would mean a lot of socket connections. And I'm not sure how long it takes for a websocket to establish connection.
So there a 4 ways to do this:
HTML via AJAX - probably the most stable way that doesn't need a lot javascript to do the templating - Browser can use open HTTP connections to request stuff.
HTML via socket.io - The websocket must be established to load content (may be slower)
API via AJAX - as it probably needs more requests as HTML via AJAX there might be some HTTP header overhead + you need to authentication in each request- I'm not a friend of too many ajax requests.
API via socket.io - Socket must only be authenticated only once and you can request API objects on the fly. However I would still load templates and js via HTTP for browser caching.
I know this is a huge post but I'm debating for many days now and just can't decide as it would be a lot of work to switch the system once started developing. This is not a public project, it's limited to ~10k-15k local people and thus must not be that perfect, a good opportunity to learn new things in my opinion (I'm completely new to node, classic PHP MVC + jquery dev here).
I think you should use a RESTful api on the backend, let the templating occur just on the frontend (maybe with Backbone) and only use Socket.IO for real realtime stuff (such as chat). It doesn't make any sense to use websockets for something like loading HTML, because it most likely never changes.
So my vote is:
1) HTML via AJAX
2) API via AJAX
3) Realtime communication, such as chat messaging (or other stuff that constantly changes) via Socket.IO
Though there really isn't a definitive answer, as it depends.
If you need to be search engine crawlable, you can NOT rely only on client-side processing. If your individual views are light, and/or you need to support mobile, you should have initial rendering server-side.
Currently, I would suggest using an API that both your client application and server-side can use. If you use node for the server-side rendering you can re-use a lot of the same logic, including the API client.
Going a few steps farther, if you look starting with the Yahoo flux examples project on github, you can use the same logic both client and server-side including rendering with React views. This is not an easy solution, and will take some work.
For interactive elements, server-side rendering can be minimal with your stores pushing an event wiring up via sockjs/socket.io when the client starts for your chat/im bits.
You will have scalability issues when it comes to running across multiple processes and will likely need a pub/sub chain backed by a db for longer re-connect cycles or missed IM messages. There isn't a magic bullet.
Right now, I like flux+react... When Angular2 comes out, it may have a better story for server-side rendering.