I have a scenario , where i need a Chat client for android and iOS and a XMPP server either setup privately or hosted. I need to call three APIs from mobile app (chat client) and from web based app.
1) Need API that can register a new user with XMPP server so in future if there is call from chat client to xmpp server, server can recognize it.(mobile app will call this api)
2) Need API that can create chat groups. (web based app will call this api)
3) Need API that can add user to chat groups and can create session for the user for particular chat group (mobile app will call this api)
Do i need to create above APIs as custom APIs in some existing XMPP server or i need to create my own xmpp server ?
Please suggest any good XMPP server which fulfill my requirement.
I am not sure how can i proceed with above requirement.
Note that i would need it in .net technology.
As server, you can use more or less what you want.
For sure Openfire and Ejabber are largly used and supports more or less all XMPP specs.
About API: you have 2 choices:
get "best" API for each platform, so do for each platform you
need it's own client (best as performance)
use a javascript API and wrap a HTML + JS client in your
declied-platform application.
This is the list of API:
https://xmpp.org/software/libraries.html
it's hard to suggest something particoular due to varius linceses.
As I know, Smack it's a very complete API and works with Android: it's not that easy to use, but Bubbler is (even if not all it's supported).
About js:
strophe.js supports chat and groupchat
About session: it's 75% Server and 25% API. Api just require connect and login, server will store the session.
About creation: Smack does, have to check for others API.
However write this kind of function it's not that hard (XMPP require a fixed template XML, just replicate this XML). Of course it's better to have something already cooked, tested and ready but a single functionality can be developed in short time.
Related
Present Setup
I am trying to build a WhatsApp like chatting app on Android.
In the backend hosted on cloud, I have setup an Ejabberd Server.
Now using smack library on Android, I can connect and message other users via Ejabberd server I setup on my cloud.
Context
This works fine for now, but later I might want to move to MQTT based custom solution for chat replacing Ejabberd and that will force all my app users to compulsorily update their App, since app right now has in its source code stored URL of Ejabberd Server and directly communicates to it.
To solve this problem, I am trying to create a layer of API endpoints so that all communication happens from client phone to ejabberd server via API layer. So tomorrow if I replace Ejabberd server with custom MQTT solution (for scale), then I won't need my app users to update app, since API endpoints have same URL, and I can simply change code behind my API layer, thus keeping me free of depending on Ejabberd forever.
TLDR : Problem I am facing
I am not getting any resource on how to create API layer instead of letting client phones directly communicate with Ejabberd Server. Problem is as per XMPP protocol, client & Ejabberd server directly establish a persistant connection, so how do I put my API layer in between? Its been weeks of headbanging by now and I am stuck.
You can't really put your API Layer between this because XMPP is not publish/subscribe like pubsub.... and something HTTP API is also bad for chat because the client has to request everything and the server can't push anything. I would recommend you to stay with XMPP because it's made to scale very well.
I am looking for the best way, the most secure way to build Client-Server communication.
I have simple web site where I can login and sign up using well-known web secure implementation.
But I need to create standalone mobile client Android/iOS and make it possible to do the same (log in,sign up) from mobile client.
As far as mobile client will be native, not just mobile version of page. I need to create secure communication between client and server.
I have already implemented several projects using REST API with tokens over https, but it seems that there is better way to do this.
What is the most secure way to implement client server communication in this way.
Also in my case creating something like OAuth server doesn't make any sense because client communicating with server directly and I don't need to give some access to other apps like in OAuth.
Use web view but only for logging in and registering, of course on special mobile pages.
Just use https and REST API as I have done previously
Create some encrypted channel directly with TCP and sockets
I have no more IDEAS how to implement this, maybe someone can suggest how to do this or at least how this is done in apps like facebook, amazon, aliexpress .....
Thanks.
Unfortunately I haven't any tried and tested code for this, simply because I think there may be various ways to do this, but I am simply looking advice on which is best, as security and authentication is not my strong point.
I wish to have initially 2 clients - an android app and a grails based web client, both hitting grails RESTful web services. I have REST resources currently returning some data from the domain when using the web client, next step is to get the same data back into the android app. At the same time I want to integrate some user authentication so that the user must be logged in in order to receive back this JSON data from the REST layer.
In the past I have used Apache Shiro when creating a grails app when only using the grails web based client, is it possible to do the same with an android ap as the client?
In my Grails project with web/android front-ends I'm using for android auth a slightly extended version of SPRING_SECURITY_REMEMBER_ME token (yes, I'm using spring-security-core++ plugin). This fits well in the application, is an easy to implement, tried and tested solution.
I am new to mobile applications. I am basically from a web development platform. I am just playing around mobile frameworks like App Framework, LungoJS, Jquery Mobile, kendo etc to gain some knowledge in this vertical.
The app I am developing is still in UI level. All I need is to fetch data from the server and populate in my app.
I need some ideas to establish server communication between the smart device and the server. My questions are
What kind of server needed for mobile applications ? A cloud or a
regular web server is enough ?
What are the ways to connect the app with the server ? ( on cross
platform mobile development )
What is the secure way to communication with the server ?
What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
Because you are creating a hybrid mobile application you can use any type of server side technology, it doesn't matter is it a classic web server technology (using Java, PHP or .NET) or some kind of cloud technology like Parse.com.
You also don't need to create anything from scratch. Best course of action would be to use some kind of micro RESTFul framework(like PHP Falcon or Java Play Framework). Read more about them here.
But, there's always a but. You can't use server side technology for classic content generation, you only need to use it to send data to your hybrid application. I will explain this later.
There's also an alternative to RESTFul services, you can create a webservice, again using Java, PHP or .NET.
What are the ways to connect the app with the server ? ( on cross platform mobile development )
You would use AJAX as a technology (in case of RESTFul), rest depends on you. You would probably do it in JSON format (or JSONP if you are doing cross-domain calls, but you don't need to think about JSONP when creating a hybrid application).
If you intend to use a web service then you would use a SOAP connection and communicate via XML format.
No matter which server side technology you use you will always use AJAX on a client side.
Now let me tell you why you should not generate your content on server side. Basically nothing can prevent you from doing that, you can generate your complete page on web server and just show it in PhoneGap app, it would still be a hybrid app. But, if you try to put this app in Apple store you will get yourself rejected.
What is the secure way to communication with the server ?
Security of course depends on server side technology. Every framework has its own kind of security handling, but all of them relay on HTTPS so you should not worry too much.
From the client side you can always encrypt JSON/XML data and send them using POST.
Examples:
If you want to use jQuery Mobile then take a look at this tutorial. It will show you basics of client - server side communication.
Since you are new to mobile application, ill try to give short answers
1) What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
A regular web server is good.
2) What are the ways to connect the app with the server ?
via web-services
3) What is the secure way to communication with the server ?
Use HTTPS webservices (SOAP, REST), HTTPS secures the transmission.
Above is a basic explanation for your quick help, I would recommend you to go through the documentation, and review some sample codes
This will really help you Sample
Please go through this link it will surely help you
http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/
Webserver,cloud anything is good for restful service
for security purpose you can use POST parameter to send and recieve data or if you want more security then you can encrypt and decrypt data through secure algorithm
I'm doing a chat application accessible via native apps on the iPhone and Android. I've spent some time researching how it would be done, but I sill don't have quite a good grasp of it yet. For example, I've seen and followed the tutorial on mobile tuts here (http://mobile.tutsplus.com/tutorials/iphone/building-a-jabber-client-for-ios-server-setup/)
However, let's say that I want my chat apps to be able to go beyond the login/check & send messages, how would I do that?
For example, one feature I would like to add is to be able to search the userbase for criteria such as:
users online now
users who meet certain critera (location, age, etc)
If, for example, I am using ejabberd or Openfire as my xmpp server, how do I add these new custom APIs that would be accessible from iPhone/Android?
I'm just making a rough example here, but maybe it would be nice to be able to do something like this:
-(NSArray*) findUsersInCity:(NSString *)cityName
How would I be able to make the xmpp server pass me back a list of those users who match the cityname criteria?
Thank you in advance!!
There are several different ways to extend an XMPP server:
XMPP Component
Components exist separately to the XMPP server. You can write them in pretty much any language and they connect to the XMPP server following a protocol (http://xmpp.org/extensions/xep-0114.html). A component registers to handle a subdomain of a server and any messages/IQ's addressed to that component are passed straight from the XMPP server to your code, for you to process and respond. For instance, a message could be addressed to user#search.domain.com/resource instead of user#domain.com/resource.
The benefit of a Component is that it should work with any XMPP server (that supports components anyway, which are most of the main ones). Should you change from Openfire to ejabberd for instance, you shouldn't have to do any work. The downside is that they can't access data within the server itself. Fine if you want to provide access to external data (say your own database) but might not be sufficient.
Plugin/Module
These are server-specific and must be written in the same language as the server. Openfire has plugins, ejabberd has modules. These can integrate with the XMPP server and give you far more options. Switching XMPP servers would require starting development from scratch however. If you want to make a plugin for Openfire, have a look at the Plugin Guide and the Openfire API: API Docs. The API is extensive and you can get at most of the data available to the server.
Modify Source Code
Not a good option but possibly worth mentioning - you could download the source code for Openfire, make your modifications and re-build it. I would only do this if you were certain the API can't give you what you need.