Imagine I use a web service, whose url changes occasionally.
Is there a way to make my application independent of the current url of the web service, so that my program automatically accesses the current url of the web service (whatever it may be at the moment)?
In my opinion this is not possible since the url is the unique identifier, but I am not absolutely sure.
Related
I have a general question about what Akamai can provide for web services. We are looking to develop a web service and our web service application is hosted in the US, but we would expect that our web service can be accessed from across the globe. I would like to know if 1) Akamai caches dynamic content like web services, and 2) can Akamai provide some better performance if it can cache a web service.
Such as a .ASMX endpoint where there is nothing static about it. The content is 100% dynamic as it fetches data from the back-end like a database and returns it. I’m wondering if Akamai would apply here.
Akamai can definitely be used for web services, it all comes down to your own decisions about how long content should be valid before the server (your service) needs to supply a new version of the content. In simple terms Akamai are only doing what http will do for you anyway, if you set cache control headers for the resources you serve from your API then clients will look at those headers and not request new copies of resources if you've told them that the resource is valid for 10s/10m/10h, etc.
Of course in practice Akamai does a lot more than that, firstly they have over 200k servers globally so your content will sit close to your users wherever they are in the world meaning if that content is still fresh your users will get it very quickly (from a server near them, not from your servers). Secondly, if they do need to request content from you, they do it over a super-optimised network which monitors itself to ensure the quickest route across the globe is taken. If you're concerned about them serving stale content you can even have every request go to your service to check if there's a more up to date copy, eg by using eTags.
The whole thing is highly configurable as well as being extensible from your end using custom headers to instruct their network how you want to deal with different content and endpoints. This is just a quick overview, they can do a lot more as well, definitely worth a look.
Trying to understand which of the better modules to use for my page's specific need. Services module is popular, but that seems more for providing service, where the Web Service Client is good for consuming a web service.
Here's the requirement:
On the web page, I've got a form whose fields (location, service areas, region, indicators, etc) are to be built dynamically and some are selectable based on other selections. (So choosing worldwide would make Hubzone 8A not appear.)
Another team built the SOAP web service, it sits on another server outside the web server. What they delivered to me is a URL to invoke, basically an XML file:
http://webserviceurl.com:52901/navigator/NavigatorServices?wsdl
(Obviously, I just can't use the Feeds module to import the XML manually, right? The whole point of the web service approach is that as the data in the web service is updated, the Process form will by dynamic.)
So I'm really at the beginning of this. Need some guidance.
Web Service Client and SOAP Client are the ones that should do the work for you.
If you find it difficult to understand how to use them, you can simply use nuSOAP library + some PHP code inside a module. This article provides a good tutorial about providing and consuming Web Services using nuSOAP.
PHP provides a SOAP API. So you can simply create a module using this API (and Drupal Form API).
Lets have an example scenario:
Client opens a web site and finds the sum of two numbers which he enters from the textboxes.Then clicks on the ADD button.Two parameters are HTTP GET'ed to server where PHP code is written to add the numbers and result is echo'ed.
Based on this scenario could anybody explain the difference between Web services and application?
In your case if you have User Interface for providing two numbers and then getting the result, it should be called a web application. But if you have an API exposed to receive two numbers and return result over http , then it should be called a web service.
At low level, both Web application and web service are kind of same thing. But the main point is that web services are for machine/program to machine/program communication whereas Web application is for Users.
I'd say that web applications are intended for users and web services are intended for other applications. That's the most important difference. Web applications usually present data in HTML which looks nice to the user and web services usually present data in XML which easy to parse by other applications.
A person drives a car. That car could be powered by an internal combustion engine, electric motor, or nuclear reactor. The power source doesn't matter to the driver though, as all they need to see are the controls and the road ahead.
The application is the car. Web services are the nuclear reactor.
To add 2 no.s we write a web service, to subtract we write a diffrent web service, however calculator is an web application that uses add,subtract and many other webservices in combine.
Lets take an example of Google search.
We can use Google search in two ways. First, we can visit http://www.google.com and put out query for search. Google the returns the result. Second, we can integrate Google Search in our websites with custom search API.
In first case Google Search is acting as web application while in second example it is acting as web service.
Here we can point out few differences,
User interacts with web application while machine interacts with web service.
To access web application, one must visit application. While web service can be access from anywhere (from any application which integrated it). We don't need to visit the service explicitly.
A webservice is equivalent to a method in java that has a web wrapper around it. It lives on the server and it can be sent data / queried etc. and may or may not return a result. It does not have any front end it can only be accessed via http get, put, delete etc.
A web Application is a fully functional piece of software that lives on a sever that is designed to help people achieve a task. This would have a front end that would allow users to interact with it / enter data etc.
A web application could use multiple webservices to achieve its goal / end result
There is little difference between web application and web services.
Web Application: In web application when user request any data then the server embeds the response into some HTML and forward it to the user and on browser the HTML is rendered.
While in web services it's done differently that when some user requests for some data then the server returns it a json or XML array of objects and the data can be displayed by anyway the web designers wants.
Thanks Hope it resolves the matter.
Web service is for application consumption , invoked through web application
To communicate with webservice data should be sent as SOAP message or as REST i.e XML over HTTP
Most of the times web service is not part of application because to facilitate the use by other web applications and it is not for direct consumption to end users
Web application is for human consumption invoked directly by GUI which may or may not use web service for giving response
I am working on a salesforce feature, where we are trying to expose a single web Service method in a custom class to a "Partner" so they can generate leads.
The class/method has been created/tested and functions as expects, so we are working on implementation.
I have been poring over all of Salesforce's Web Service documentation and cookbook recipes, but everything I see only talks about using either the Enterprise or Partner WSDL files, which would give them more access then I believe should be required.
If I import the WSDL file that is generated off the class itself, I have access to the methods, but I can't seem to find any way to log in (using their examples as reference).
I have 2 basic questions here.
Do I really need to give full access to my instance to expose a single method?
What is the bare minimum I need to provide?
The WSDL itself is just a definition of the web service and does not control actual access to your org. To get access to your org, a session id must be included in each request to the web service. Session ids are tied to a given user in your org, so you can also control what they can access by giving them their own profile and locking down access to only what they need to get to. The profiles are associated with objects/fields, not the web services themselves, think about what they will need to access in terms of data, because they could always use that same session to access other web services. There are also Apex class-level access controls on the profile, but this doesn't stop them from doing the same data operations through the SOAP APIs, so make sure you have their profile only expose what they need access to and that will be enforced everywhere.
As far as obtaining the session id, it somewhat depends on how you are interfacing with them and what their application is like. In general, the recommended way is to use OAuth (called "Remote Access" in Salesforce Help), which will make it so usernames and passwords don't have to be used in their application, but are rather sent directly to Salesforce by the end user. There are a few different flows to choose from depending on the app and are explained in Help. The REST API doc has a nice intro to using OAuht to get the session id (aka "token" in OAuth). Speaking of REST, you might even consider using the new Apex REST API, which allows you to make similar custom web services from Apex, but with REST interfaces.
The Partner and Enterprise APIs also have a login() method, which is convenient since it is also SOAP-based, but is losing favor because the app has to directly handle the username and password. If you do this option, you would login with either the Partner and Enterprise API, get the session id, and then switch over to your custom web service. So, yes, for this option you would have to consume both your WSDL and either the Partner or Enterprise WSDL, and just ignore the other methods, but again, the methods just being there does not mean they can access them (e.g. if you remove Delete from their profile for a given object type, they would not be able to use the delete() method for it).
What you provide, and what they can do are 2 separate things, if you give them a users credentials, then they can do anything the user can do regardless of which WSDL they use. So you'll want to create a user with restricted permissions that has the bare minimum rights to do what you want.
Once you've got that, it doesn't matter if you give them the enterprise, partner or a custom WSDL.
If you give them the apex class WSDL, then they'll need some way to login, which could be login from the partner WSDL, one of the OAuth2 flows, or a webtab or custom link. (depending on the exact scenario).
Finally, have you seen the web2lead feature, that allows for leads to be created in your salesforce account without needing a WSDL or credentials.
We don't exactly comply with the XML-RPC spec, but the concepts are nearly identical. A client comes in over HTTP/HTTPS with an XML payload. We respond with an XML payload answering the request. This is primarily machine to machine, so no human to type a username/password. Our construct runs within apache tomcat. We would like to authenticate the request and since not every service is available to every client, we need to authorize the request as well. We have both subscription and per use charging models so it is necessary to log everything.
What would you recommend for both server and client?
HTTP BASIC/DIGEST works fine for most machine to machine tasks, and it handled by the server so your API is unaffected.
It doesn't work as well for interactive uses because it's difficult to "log out" the user without closing the browser.
Otherwise you'll most likely need to alter your APIs to include authentication information and have your methods authenticate that within your code.
Or you could use the classic "login", set a cookie, keep a session technique.
But, frankly, for machine to machine work, HTTP BASIC is the easiest.
edit, regarding comments.
HTTP BASIC is simply a protocol used to present the artifacts necessary for authentication, and it works well for machine to machine web services.
HOW IT IS IMPLEMENTED is dependent on you and your application. Using Java, you can use container authentication and that will provide authentication as well as role mapping. The user -> role mapping is handled in either a data file or database. The URLs protected, and what roles are valid for each URL, is managed by web.xml.
If you continue to add different roles to different URLs, then, yes, you'll need to redeploy that application.
However, if you're just adding new users, then you simply update your file or database. And if you're adding new logic, and this new URLs, then you have to redeploy anyway. If you have a ROLE structure with a fine enough granularity, you won't have to be messing with the web.xml until you actually add new methods. For example you could, at the extreme, create a role per method, and assign them individually to users. Most don't need to go that far.
If you don't want to use container authentication, then write a Servlet Filter to implement your vision of mapping user and roles to URLs. You can still use the HTTP BASIC protocol for your clients, even if you implement your own facility.
If you're looking for an overall generic Java security framework, I defer to google -- there are several, I've not used any of them. I've had good luck with container authentication and writing our own.
#Will
I second the HTTP Basic suggestion, and can testify that it integrates fairly well with Spring Security, which I implemented on top of a legacy application that rolled its own DB-based authentication/authorization logic.