Android synchronisation - SyncAdapter or general Service for HTTP Basic Auth? - android

I want to synchronise a local Android database with a remote database on a server somewhere. For now, I want to do this via a REST API with basic HTTP authentication.
I have done some reading and watched the Google I/O 2010 "Developing Android REST Client Applications" video, however I am still a little confused as to which approach will be most suitable for me:
1.) Content Provider + Service
2.) Content Provider + SyncAdapter
3.) Something else?
I have already written a Content Provider. I am a bit confused about the SyncAdapter and how authentication works - can I used basic HTTP authentication with a SyncAdapter?.

Authentication is done with accounts in Android. Have a look at this class: https://developer.android.com/reference/android/accounts/AbstractAccountAuthenticator.html
Also have a look at this blog post:
http://www.c99.org/2010/01/23/writing-an-android-sync-provider-part-1/
Regarding which approach to choose: If you want to sync between a remote DB and a local DB (that is you really want to sync and not only download content) a sync adapter is always the best choice!
If you have downloaded Android's samples you should also dig into the SampleSyncAdapter project. This should get you started.
BTW: Never ever do Basic HTTP authentication. This is not encrypted and all communication between your server and the app is readable to all. Always use TLS (SSL) instead!

Related

Developing Android App with Amazon EC2 Database

I've looked around trying to find an answer to this question, but have so far been unsuccessful. I have a current version of an Android mobile application that stores items in the local database, and I'm trying to hook it up to a 'cloud' database (not sure if this is the right term) so that other people that download the app will be able to view and post things to the database.
I have an ec2 service set up, with my LAMP stack installed. I have the database set up on this server ready to go. How do I go about hooking up the Android application so that it can communicate (insert/view/delete items) with the database? I am a new developer so any help/insight/guidance you have is much appreciated!
You haven't mentioned the type of database you have setup on cloud.
I am assuming it to be some kind of relational database (e.g. MySQL).
You can use standard JDBC connection from a regular java code but it is not yet possible (supported) to do it directly from Android code.
I faced a similar issue, what I did was this:
Create a Servlet and deployed it on GAE (Google App Engine).
Make an HTTP request from your android application code to this Servlet (SELECT/UPDATE/DELETE).
Initiate a JDBC connection to your database (on EC2) from that Servlet.
Shoot the SQL statement to the database.
Get the result and send the response back from servlet to your android code.
There may be other better solutions but I could not find any and tried this on my own, it worked like a charm, multiple times.
After writing the previous answer, I kept on thinking of alternate solution.
FYI: This may or may NOT work !
Instead of hosting your servlet on GAE, you can host it on the same EC2 instance as your database, using tomcat or any other package.
This way your android code would communicate directly with the instance that has servlet and database deployed together.
In the servlet, you can shoot SQL queries internally and send the results back to android code.
How to host a servlet in Tomcat 7
Adding new security group and linking it with my instance..worked for me

How to connect android to python web services and MySQL database

I'm new to Android and to web services in general.
This is what i gotta do: My company has a back end website(for the client to monitor the sales) that's used to manage/monitor sales on some stores and it connects to a MySQL db to store data about sales and users(usernames and passwords).
What I want to do is to get data from that database and to add (sync operations) new rows, all of this from my android app.
I googled this many times and it came up with some similar projects but using another languages.
I would like to see some code samples if possible and some how-to theory, what theory should I follow when developing this, how and what ways of communicating between android and python web services and from the web services to the MySQL database.
Thank you in advance.
You will need a working API, that allows you to communicate to the web service from the android application. I would read into how to write an API and how to build a RESTful service using JSON as a way of communicating between server and android app. There are alternatives to JSON, but JSON is better suited for Android than perhaps AJAX and soap is being used less and less. (Can ajax call be done in Android? It can but has limitations)
(I could only post two full hyper links as i don't have enough reputation yet to do so, you may have to remove the spaces)
API:
http://sharismlab.com/blog/2012/07/21/how-to-write-an-api-for-your-web-app/
REST:
www .restapitutorial. com/lessons/whatisrest.html/
JSON:
htt p:// www.r evillweb.co m/article s/why-use-j son/
You may want to check out restjee. It allows you to define and implement RESTful data access APIs without having to write any server side code. Works with just about any database.

How can I securely (indirectly) query a postgresql database within android?

The current solution that I have to adopt uses JDBC and stores the user/password of the database inside the android app. That's as far as I'm concerned not a good solution. I would like to implement a mapping layer on the webserver in the middle.
Is there any best practice or recommended strategy for this? Should I use SOAP or JSON or something completely different (because they're well implemented and/or easy to use in Java)?
Are there any mapping tools for postgresql <-> SOAP/JSON/whatever in PHP or will I need to write these scripts by myself?
Any pointers will be greatly appreciated.
Quick version:
Use a web service midlayer running on a public host you control (possibly but not necessarily the database host). Expose public web service methods to do the limited work you want to permit and nothing else.
Related questions:
Driver JDBC PostgreSQL with Android
How to connect to a PostgreSQL server via JDBC in Android?
Implementation options
Personally I'd use a Java application server like Apache Tomcat or JBoss AS 7 and I'd write my web service methods using JAX-RS to produce a nice REST-style API for my app to use. That's what I'm familiar with and it works well, but you have lots of options including implementations of:
REST-like APIs (Java's JAX-RS impls Jersey and RESTEasy, various other langs tools) that use HTTP requests and produce JSON or XML replies.
SOAP with WSDL, the classic "web service" layer. In Java done with JAX-WS among other options. Most languages have tools for SOAP+WSDL but it's kind of crappy to work with especially on intermittently connected devices like mobiles.
XML-RPC if you like pain
There are some JAX-RS quickstarts on the JBoss AS 7 quickstarts list; just search for "JAX-RS". The "kitchen sink" quickstart is useful, though perhaps not ideal if you're not familiar with the basics of JBoss AS 7 and Jave EE 6. Fort the JAX-RS specifics you're better off with a Jersey or RESTEasy tutorial like this or this.
Important considerations
Use HTTPs if possible, and if access isn't to be public use a suitable HTTP authentication scheme like HTTP Basic auth over HTTPs. Any decent web services implementation will offer authentication options or support those of the platform on which it runs. Avoid the temptation to implement your own authentication and user management at the web services layer, you will screw it up; use the auth at the HTTP layer that's already written and tested. This may require the use of something like Apache's mod_auth_pgsql, JBoss AS 7's JDBC security realms, etc. The only case I'd consider not doing proper per-user HTTP auth is where I don't need to separate my users for security reasons, I only care that it's my app accessing the server, ie if my security requirements are quite weak. In this case I'd use a fixed username/password for the whole app and possibly an X.509 client certificate if Android supports them.
Remember that no matter how you secure things, all credentials are either known to the user or can be extracted trivially from a .apk so you still have to assume anybody could access your web service methods, not just your app. Write them accordingly.
Do not just send SQL from your app over a web service call to the server and return the results as JSON. This is horrifyingly insecure, as well as ugly and clunky. Write a web service method for each individual task you want the app to be able to perform and keep the SQL in the server. Remember to use parameterised queries and be careful of other SQL injection risks. These web service methods may use one or more queries to produce a single reply - for example, you might collect a "Customer" record and all associated "Address" and "Contact" records then return the result in a nice JSON object the Android device can consume, saving numerous slow and unreliable network round trips.
No matter what you use, make sure to do your web service calls in a background worker thread and not to block the user interface. Be prepared for timeouts and errors, and for the need for retries. Test your app by simulating intermittent connection loss, high latency, and high rates of packet loss and make sure it remains usable.
Is there a best practise:
It depends on the person. All have their strength and weakness.
I prefer, and I think many but not all will agree on JSON cause it is really easy to use in Android. It's also lightweight and very easy to use in php. Php has methods to convert an array/object to json and back.
It is indeed not recommended to save your postgres data on an android device.
My strategy is usually:
PHP server side with a POSTGRESQL database, using PDO to communicate between my models and the database.
If you are not familiar with PDO(php data objects), I recommend you make yourself familiar with it.
php.net PDO
Android as client, using JSON as method of transfering data from and to.
There are many examples that can help you.
Android has standard libraries to handle json parsing.
See this answer for an example:
example

Store data in App Engine datastore from an Android app

I have created an AppEngine connected Android application, and I'm trying to modify it to be able to store some user data on the server. I do not know what's the easiest way to do so, because I want it to be as simple as possible. I just want to store some basic data for every user. This data is: Name, Email, and some other Strings. I have created a form in the android side which will allow the user to type all the requested data, but I do not know how to send this information to the GAE server and store it in the datastore. I guess I will have to use a Servlet and some kind of RPC service to call the methods. I'm really lost because it is my first time doing this. I'm not experienced neither in android nor in web apps. I hope you can help me.
Update
Well, maybe I did not explain myself well. The system I've been asked to build consists on a web service that store your personal login credentials for most common sites (facebook, gmail, etc). Using a chrome extension, you ask the server for the credentials on the website you are navigating, and then the server asks to your phone for authorization. It will ask (do you give me permission to send your credentials to "some user"), and you have to ansewer yes or no and then the server will act in consequence. The point is that you have to store your credentials in the server in some way, maybe from the android app (which is what I was trying) or from somewhere else. I will also need authentication.
Pd: I use java for the server side.
Since you already started with AppEngine connected Android application, it makes sense to continue customizing it: App Engine Data Access: Adding Entities and RPC.
Update:
There are of course many ways to exchange data between client and server. The most simple would be a servlet handling GET and POST requests with some query parameters.
Also, most popoular lately is REST:
Android REST client: http://appfulcrum.com/2010/08/20/android-how-to-call-rest-service-using-asynctask/ (try using GSON instead to parse JSON)
Server: use a REST framework. My personal choice is RESTEasy. An example: http://ankiewsky.blogspot.com/2010/08/resteasy-on-googleappengine-corerest.html
Update 2:
The simplest possible way - making/handlin a simple POST request:
Android client - making POST request with parameters: http://www.androidsnippets.com/executing-a-http-post-request-with-httpclient
Server handling POST (or GET) and extracting parameters: http://www.exampledepot.com/egs/javax.servlet/GetReqParam.html
Find and follow thoroughly the Topic Index on this page. Gud luck

Needs workflow ideas for Android app

I'm planning on writing an android app that can view and update data on a local network Oracle DB.
I have already written a python script which checks the oracle db every couple of minutes and writes out XML files which I then plan to parse through my android app to display the data.
As I mentioned though this will only work if the android device is part of the same network (either connected locally or through a vpn), and the XML will be stored on a Unix server.
The question is how to access that Unix server with the android app? Can I use FTP via an android app, or should I be looking to change the python script to send the XML to an easily retrievable location?
EDIT To clarify what you mean, you have a web service running on something like tomcat, the client sends a request to get the data from the oracle db (can also use some form of authentication), the web service responds and sends the data in a format (XML, JSON etc.), the client then sends a request back to the web service to change some data on the oracle db, and in turn it does the clients bidding?
Normally you would create a web service to provide data to mobile clients. There are several reasons for this:
Web services are accessed via HTTP/HTTPS which is a standard protocol and is guaranteed to work on all networks. Corporate wifi networks are especially notorious for locking down protocols except for web and email.
Web services compared to static XML files have an advantage of creating response on the fly. Which means that data will be current.
Web services can take some input parameters and create response based on this parameters.
Authentication: it is a common approach to implement username/passord authentication in the web service, especially if you serve some private data.
Update:
REST is a very popular type of web service. Look at some implementations in Python: Recommendations of Python REST (web services) framework?
This book helped me a lot: http://oreilly.com/catalog/9780596529260
REST is a way of designing your web service. Folks much more intelligent than you and me have divined that all of the work needed for something to work on the net can be handled through a combination of HTTP status codes, HTTP verbs like POST, GET, DELETE, PUT etc. and a clear hierarchy of resources (nouns). It sounds very limiting but it's quite beautiful when it all works together.
Have a look at the Facebook Open Graph API (developers.facebook.com) to get an idea of what a proper REST service looks like.

Categories

Resources