So I have implemented ElasticSearch API using Amazon Web Services. Now as the Android Application is currently in testing mode
I am building an Android Application where there is one Search feature for user where I have used ElasticSearch API from Amazon Web Services. Now the question is how to secure that API Request.
I have so far seen the policy based authentication, Shield. I want something of a token based authentication like restful api's.
Is there something out there for this or a different approach in android application for searching.
You could use AWS Lambda that will act as an auth layer.
If you are using a server already then you can do something like the image below. If you are hitting ElasticSearch from your Android App then maybe something like this custom plugin, but I don't know if your provider (AWS) permits the installation of custom plugins.
You can find an interesting conversation on this thread. Maybe something that fits your use case will come up.
Related
I would like to provide syncing to cloud feature to an Android app.
I had read the tutorial at http://developer.android.com/training/cloudsync/index.html & http://android-developers.blogspot.com/2013/06/adding-backend-to-your-app-in-android.html
The examples being shown is using Google App Engine as backend storage.
I was wondering, is it possible not to tie to Google App Engine platform? For instance, using Amazon EC2?
Yes it is possible but you have to do more work on hosting a web service in EC2. Then your Android app will connect to it like this Android example. To write data instead of reading, use HTTP POST or PUT instead of GET. You would also have to implement your own user authentication.
Sure you can. Here's the Amazon AWS SDK for Android:
http://aws.amazon.com/sdkforandroid/
Yes, you will lose a little of the ease and integration of GAE, but you will gain something in flexibility. The GAE features (e.g. user authentication) tie you into Google's Android, making it harder to support Amazon or BB Android. And GAE limits you to their transactional HTTP model of communication.
I'm developing a standard Azure .NET cloud service with a sql backend. The sql db holds various bits of information including username and password details. I've a .NET app that communicates with Azure using message encryption over WCF using a custom username/password validator. Also I've got two mobile apps written for Android and iOS which currently use some web services I've defined in an small .asmx file (legacy code to enable the mobile apps to easily call the API). I was wanting to add authentication into the mobile apps, but am slowly sinking under the weight of information :)
I had thought Azure mobile services were the way to go (meaning I would have to rewrite the .asmx file using custom API presumably) but this only seems to offer authentication against identity providers like Google, Facebook etc. Ideally I'd want to use our sql backend as an identity provider, but have read various articles saying this is very tricky to do. In fact one article suggested using a commercial solution called Auth0.
I'm not averse to commercial solutions, but really just wondered what the simplest approach to this should be. Azure mobile services or something else?
Any help steering me in the right direction would be great.
You can do "custom" authentication using your own database as the identity provider if you want to but as noted it does require a bit of work (at least more than just turning on Facebook / Twitter / etc). I have two articles that explain how to set up custom auth using Mobile Services here:
http://chrisrisner.com/Authentication-with-Windows-Azure-Mobile-Services
http://chrisrisner.com/Custom-Authentication-with-Azure-Mobile-Services-and-PikShare
The second link provides information on simplifying the scripts involved as well as using the custom API functionality of Mobile Services to handle registration / logging in. For the most part these scripts can be dropped into your mobile service. However, since you have an existing database you'll want to connect your Mobile Service to, you may run into issues making sure the table structures match up with what Mobile Services expect. You may need to massage your schema / create a table specifically for your Mobile Service with the necessary user information if adding the existing table doesn't work right away.
I'm really new to mobile world, so I'd like to get some opinion from experienced people.
After several days searching over the internet, I'm wondering if it's possible
integrate Appcelerator Cloud Services to a custom website made with ASP.NET, for example.
Although my mobile application, built with Titanium, it's linked to ACS, and works fine, I don't know if
it's possible to manage data stored in ACS from a custom website. To clarify, in one point there is my mobile application
talks to a webserver (ACS, for example) and other point there is a website, to manage the data stored in ACS.
What do you think, someone achieved this?
Or is it preferable to write a webserver from the scratch, store my data in somewhere, and forget about ACS?
Thank you.
Appcelerator says
Appcelerator Cloud Services (ACS) is a Mobile Backend as a Service
(MBaaS), offering a fast and easy way to build connected mobile apps.
Choose from a library of services such as push notification, status
updates, photo storage, and social integration, or create your own
custom cloud services.
Here in this page - Getting Started: Using the Javascript SDK - you can see how we can use javascript SDK which lets you access the Appcelerator Cloud Services server through some simple to use JavaScript calls. You can use this to develop web-based app.
ACS has a REST API which you can access through anything that supports xhr (which .NET does). For instance, to create a new user in ACS, you use the following link:
https://api.cloud.appcelerator.com/v1/users/create.json?key=YOUR APP APP KEY?email=john.smith#company.com&role=teacher
There are other properties you can tag onto the querystring to create a new user from a REST call. They have a complete API using REST. It's all documented. You can even send push notifications to devices from your custom website using the REST API! It's pretty cool.
http://cloud.appcelerator.com/docs/api/v1/users/create#rest
Good luck!
I'm working a mobile application for Android and iOS (native in both cases) that will be using Database.com behind the scenes as the database. I need this intergration to be tansparent to the user. The users of the app will not be logging into or authenticating with Database.com at all, it should simply be working behind the scenes a cloud database. I will simply be using an integration user hardcoded into the application.
I've been having an extremely difficult time of finding any of examples of how to build an app with the MobileSDK where I don't have to take advantage of the user-agent OAuth flow that displays a view to the app user. zkSforce has been mentioned as a possible solution for iOS (and it looks like it could be) but I haven't found even any basic tutorials on how to implement this with inconjunction with the mobile sdk to get access to the REST API (by bypassing the login view for the user). I also have yet to find anything at all for Android other than just taking advantage of the standard Java SDK or importing the web service wsdl and working from there through SOAP.
So is there anyone out there who can point me in the direct of some examples of behind the scenes authentication and use of the Mobile SDK REST methods or is my best option here to go to using the SOAP solutions behind the scenes?
Take a look at the OAuth 2.0 Username-Password Flow, which will allow you to use already known username and password with an OAuth-style flow. This is preferred to making a SOAP call in an app that is using the REST API everywhere else.
I am new to this environment and trying to explore while doing this task.
Description: The client application should display a textbox of any kind, and a submit button of any kind.
Assumptions: The server should be written in Google Application Framework and deployed online in a Google Application Framework account.
All in all, this is not an easy task.
First read tutorials on all your basic technologies: AppEngine and Android. There are plenty around. You should know how to make a text box on Android and handle click events.
Then to post some data to AppEngine from Android you'll need:
The hardest part - user authentication. Three options:
Your own username/passwords. You need a signup/login pages on AppEngine and at least a login page on Android. You also need a email confirmation.
OpenID. Easy to setup on AppEngine. Hard to do on Android: Webservice credentials - OpenID/Android AccountManager?
OAuth. Easy on Appengine. Pretty easy on Android. Requires Google account on Android phone and access to it (app privileges - not all people like this).
REST service on AppEngine. Use Resteasy. And GSON for JSON conversion.
REST client on Android. Example, video. Also use GSON.