We're building a web extension to synchronise a third party website with our app. Our app publishes a restful API that the extension can call.
We launch the third party site by doing a 307 redirect from a separate web site that we control. We have no control over any of the code, or endpoints etc, running in the third party app.
What we would like to do is have our extension call either our development, test or production app, depending on which environment the launch site was invoked.
E.g. dev-launch --> third party --> our extension --> dev-app
test-launch --> third party --> our extension --> test-app
prod-launch --> third party --> our extension --> prod-app
We initially thought to get our launch site to write a cookie but cookies cannot cross top level domains.
How can we signal to the extension which environment it has been launched in ?
Related
Is there any way to configure the order in which the OpenLiberty container launches deployed web apps (deployed WARs)? I need a particular web app to be ready before other web apps are fully loaded. Thanks.
I am developing a chrome packaged app. There is already an VB application running with mysql. I want to access the same database but use chrome packaged app as client.
How to access local mysql server from chrome packages app using javascript ?
I am aware of IndexedDB.
You have two options:
Create a web service (e.g. some PHP pages) that talks to MySQL and allows your app to use it as a go-between
Write your own MySQL driver/communicator to communicate with it directly: http://developer.chrome.com/apps/socket.html
The first is the easiest and would take the form:
Your chrome app would use AJAX to communicate with the PHP pages (probably via "POST")
Your PHP pages would expect it to login, use SSL and then use a token to continue identification during a session
The PHP would have generic capabilities to do CRUD actions
The PHP would spit back JSON for the results
but the second option would make you a hero if you took the time to develop that and put it on sourceforge or github under a permissive open source license.
Does anyone have any idea on how to run a sencha touch 2 app without installing a web server (like LAMP/XAMP). (PS : I'm new to Sencha Touch)
I know there is one way - Including phonegap's javascript file in the app.json of the Sencha Touch 2 app. Which'll look like this
"js":
{
"path": "cordova-2.5.0.js"
}
After this the sample application runs on the browser without the web server.
Is there ANY other way?
How does adding the phonegap js file help in running the sencha touch app without web server anyway??
Starting chrome with --allow-file-access-from-files --disable-web-security flags also does the trick.
Sencha requires web server because if app is in development mode microloader in sencha make Ajax request for app.json file and from it, it loads other files. You can see this in
../sencha-sdk/mircroloader/development.js
file with following code -
var xhr = new XMLHttpRequest();
xhr.open('GET', 'app.json', false);
When you start chrome with above mentioned flags, chrome does allow making ajax requests even if file opened with file://.... url scheme.
When you deploy the app after compressing js/css with sencha cmd, all files are bunched into one single file. You no more need a webserver in that case.
Update
From Cordova docs for Whitelisting domain
Domain whitelisting in Apache Cordova is a security model that controls access to outside domains, such as http://google.com. The default security policy is to block all network access. The application developer can then declare access to specific network domains and subdomains.
And
In the Widget Access specification, the element is used to declare access to specific network domains. In the future, Apache Cordova will abstract the platform whitelisting implementations to the W3C Widget Access specification. However, for now each platform must implement it's own domain whitelisting.
Moreover, W3C Widget Access does not enclose the security and user agent enforce policy. It is defined in XMLHTTPRequest.
So what Cordova essential does is, adds an exception in policy to allow access to certain network resource outside app domain with whitelisted domains.
I have a Silverlight application that calls a REST service. I want to enable single sign on with another website so I'm inclined to implement passive authentication. When the browser navigates to the XAP file, it will get redirected to the STS. After presenting credentials, the browser downloads the XAP file.
At this point the browser has 2 cookies: 1 identifying a session with the STS and 1 indicating a session with the RP that hosted the XAP file. All HTTP traffic generated by the Silverlight app goes through the browser so the STS session cookie is automatically included outgoing requests even though I don't have direct access to it. The other website trusts the same STS so it respects the existing STS session and everything's grand.
But now I want to implement an iOS client which will probably be active. Can this client consume the same REST services, and if so, how?
New to JAVA. I developed Web application(JSP) successfully delpoyed on TOMCAT 6.0. Now the client want to use external SSO to authenticate users. As of now when the users are authenticated the website is displayed with Login Page where the user has to login again.
I am using the Login.jsp to bring the user roles from the SQLDB for Website.
What I want to accomplish now is when User is authenticated login.jsp should retrieve the credentials from the SSO and display the website thus accomplishing the purpose of Single sign on process.
I read a lot from this forum and other websites but kinda lost in the process.
Any help would be appreciated.
thank you
We developed a Tomcat extension (valve) which does just that. Basically you use standard J2EE security (role-ref etc) in your app and our Tomcat valve then acts as a bridge between Tomcat and our SSO platform. You can find out more at www.cloudseal.com
Of course you may not want to use our SSO platform :-( but you can still use our Tomcat valve and modify it to fit your needs. It's released under an Apache 2 license and you can grab the source from Github