Would like to use Retrofit for handling network requests between Android Client and GAE endpoints.
GAE endpoints give Client/Server endpoint libraries to handle all the networking and also Oauth2 authentication which is nice.
Retrofit helps well for asynchronous call, cancellation, parallel calls...so is better than android client asynctask.
So can this Retrofit lib be configured with Appengine GAE endpoints or need to go through normal GAE servlet?
Just to clarify my question and make answers clear for any who read this :
I had for my App :
Client side : cloud endpoint library generated by google plug in for eclipse
Back end side GAE : different API with methods coded in JPA such as :
#ApiMethod(name = "insertMyShareItem")
public ShareItemData insertMyShareItemData(ShareItemData shareitemdata) {
logger.log(Level.SEVERE, "insertMyShareItem");
}
Advantages of google cloud endpoint was endpoint libray , easy use of Auth2 and automatically use of secure connections via HTTPS
Now I want to give up Async task in order to implement Retrofit or Volley. I understood I cannot use google cloud endpoint anymore and need to transform my methods on GAE Back end side in methods which extends HttpServlet so I can access them by URL call with normal setup of Retrofit.
Which means now I need to care :
how I pass my object to Retrofit and how I retrieve them on back end
how I transform Retrofit HTTP call in a HTTPS call for secure connection
how I implement and manage Auth2 and tokens between Client and GAE back end to establish secure authentication.
This is what I understood from search and below answers.Thks
Use the Google Cloud API URL as the base URL and proceed with the normal setup of Retrofit. I don't think it is a big deal. Here is a link to a tutorial that could help you get started with Retrofit.
[source]
Related
Is it possible to use Android Account Manager using Cookie-based authentication? How (a code with a explanation would be much appreciated)?
I have seen many examples regarding authentication token, but that is not the case. I have just implemented cookie-based authentication on Python FLASK.
OBS.: I'm using Android Volley for the requests of the application.
All you need to do is to add this line in onCreate in your Application class:
CookieHandler.setDefault(new CookieManager());
this line will make your HttpUrlConnection hold cookies like browser, and since most of the http agents like Volley or okHttp are based on HttpUrlConnection they also will hold your cookies )
I'm working on an android apps. I am using ionic framework. In some pages I need to get data from a web server and the result is an object json.
My problem is if some one arrives to GET the pages where I get the json data, one can fetch all my database data by changing the http request.
Is there any way that can improve security of my apps?
You should make some kind of authentication mechanism, for example, a token in the header, that way you know wether the user has access to that resource or not.
So when you make your request you can generate a configuration for that particular request.
Example:
var url = "http://yourserver.com/api/your/path";
var config = {
"headers": {
"Authorization": "Bearer someBearerFromTheServer"
}
};
$http.get(url, config);
The backend implementation for this to work depends on the language you use. Here google is your best friend.
A more advanced way to do this, is to use interceptors in the $http service and attach the token to the header in every request, but be careful, you should secure this so you won't send your credentials to every request you make (sometimes your app might need to request data from another server).
You can read more about $http services and its configurations in the $http service documentation.
Regards
is there are any way to mock Loopj AndroidAsyncHttp responses?
I am developing application which depends on REST API, but API is not ready yet and I want to develop application independently from API. Retrofit has a lot of mock implementations, but I was not able to find any solutions for AndroidAsyncHttp. Is there are any way?
I tried to send success message to handler on request creation handler.sendSuccessMessage(200, new Header[1], new byte[1]); , but onSuccess or something else is not called.
As example, you may create on any hosting php file with responsing json.
Or you can use my template for this cases http://so.five-dots.ru/api-test.php
Make responsing on this address and implements your logic. Then RESTfull API backend service will be ready, you can replace adresses on real and getting responseBody will reqirement data.
Most of the backend stuff is in PHP which handle JSON request and response flow of data from Android app to backend.
I'd like to start writing Python code to handle the extra features I'm going to add in my app. How can I do that? Do I need to install Django or something like it in the backend? Our webhost does show "Python support". I'm guessing just a couple of Python classes and some helper library files would suffice.
But here's where I'm conceptually stuck:
In Android, on the app, in the user's side, suppose I send all my queries to backend with this function:
//Pseudo code on Android app
getServerResponse()
{
url = " ??? ";
jsondata = {somedata[a:b]};
response = sendData_andGetResponse(jsondata); // suppose this function sens json data and expects a server response.
showResults(response);
//Pseudo code on backend - BackendProcessing.py
def processRequest():
# some processing done here
response = "some_processed_data"
return response
My problem is, what and how do I integrate the backend Python code and the client side Android app code to communicate with each other. What should the URL be in my Android code to pass data from user to backend? How do I link them?
Do I need to specially setup some third party Python API to handle calls from the Android app at the backend? Or can I just do it with simple Python functions and classes with HTTP request and responses coming in for a particular URI?
You can include URL of the backend server in the android code. Define a variable for the URL of your backend server and use Httppost method for communication between backend and frontend.
Details here http://developer.android.com/reference/org/apache/http/client/methods/HttpPost.html
You can do it with simple Python functions and classes with HTTP request and responses coming in for a particular URI. A third party Python API is not necessary.
You can also use Python based web frameworks like Django for the backend.
In my asp.net mvc4 project, I am using ApiControllers to serve both web clients and mobile clients. To secure the web services, I am using the [Authorize] annotation.
So for now, the web client is working fine. However, when I tend to invoke some Web API from a mobile application (e.g. Android), I got an error.
when I looked back at code snippet:
[Authorize]
public List<double> GetSomeInfo(int param1, string param2)
{
User user = SessionData.CurrentUser;
// do something using user.UserId
// ....
}
Session Data does hold user connected properties only when he is connected to the Web App. But in the case of mobile clients, Session Data is null. So, is there any appropriate method to resolve this problem.
In my opinion, I think that userId should be provided as a parameter for any Web API that may need it to do achieve some treatment.
What do you think ?
You are talking about two different things :
Session
As Darrel said, Web Api was not design to support Asp.net Session. HTTP and Rest Services are stateless – and as a result each HTTP request should carry enough information by itself for its recipient to process it to be in complete harmony with the stateless nature of HTTP.
So, do not rely on Session Variables, but add more paramters in your request.
Of course, there are a way to use session in Web Api, I suggest you to to use it.
Authentication
Because working with only paramaters ( such as UserId, AccountId, ...) is not very secure, you have to use Authentication and Authorization. I highly suggest you to read the security section in asp.net web api web site. Web Api support many authentications (Basic, OAuth, Windows, Custom, ...). You have to choose what is the best for you.
Web API was not designed to support sessions as they are a HTTP anti-pattern. You can get the currently authenticated user by accessing Thread.CurrentPrincipal if you have setup the necessary authentication mechanisms.