We are going to have stateless web services which accept JSON as parameter.
Wev'e read JWE's RFC but one thing I can't understand is how can a token (which is a fixed part of each request) be stateless without being hijacked?
Or we should encrypt the whole JSON parameter as the plain text defined in the reference sheet in every request?
Related
I am trying to use Jmeter for performance testing of a WPF app that uses WCF Web Service. I see that the service is using msbin1 encoding format. Hence i am no able to make out what the request parameters are. How to handle this in Jmeter
In order to make the request you need to just add HTTP Header Manager and configure it to send Content-Type header with the value of soap-msbin1. In order to send the actual payload you can use i.e. HTTP Raw Request sampler.
If you need extended functionality, i.e. to be able to build requests from text and perform correlation of responses you will have to use the code from WCF-Binary-SOAP-Plug-In in JSR223 Test Elements and perform payload encoding/decoding using Groovy language
I am trying to write a test case for a jersey resource using InMemory container provided by Jersey.
As my service method contains many multivalued parameters as filters, I opted to send all of those values as single JSON parameter, so that it will be easy to send a list of values for each filter.
When i send the JSON string using target("path").queryParam("filters", jsonString).request().get(); the call fails die to Jersey clients internal query builder, which is parsing the url and checking for path param templates in the url. Since the url contains my JSON with "{" in it, they are interpreted as path param.
If I try to encode the JSON using URLEncode.encode(jsonStr, "UTF-8"), the path param template issue is solved but white spaces in JSON are received by server as "+" as jersey client encoding URL one more time, but server decoding it only once.
If I make the Queryparam as post param test is working, but i don't want to use POST for just to retrieve data.
I can't post original code due to company policies.
My question is, is there any way to disable path template check in jersey clieny by setting custom builder.
A simpler solution would be to replace the '+' by '%20' as suggested here and here:
URLEncode.encode(jsonStr, "UTF-8").replaceAll("\\+", "%20");
Being new to web development, I need some help in understanding what is the difference between the javax.servlet.http.Cookie and javax.ws.rs.core.Cookie.I assume that the latter can be used to set cookie into the response of a rest service. But can we also set the initial Cookie object into the HTTPServletResponse?
These are objects that represent the same underlying entity, namely an HTTP cookie as defined by the RFC. Both "do" the same thing, representing a cookie header in an HTTP response (a request cookie is a name=value pair only, whereas response cookies can have several additional attributes as described in the RFC). Where you use one vs the other is simply a matter of what you are coding. If you are writing a JAX-RS provider, then the JAX-RS apis will use javax.ws.core.Cookie. If you are writing an HttpServlet, then you use the javax.servlet.http.Cookie. JAX-RS implementations will also allow you to use context injection so that you can have direct access to the HttpServlet objects within your JAX-RS service provider
javax.servlet.http.Cookie is created and placed on the HTTP response object with the addCookie method.
Instead, the description for javax.ws.core.Cookie reads:
Represents the value of a HTTP cookie, transferred in a request
… so you'd expect the getCookies method on the HTTP request object to return an array of that type of cookies, but no, it returns an array of javax.servlet.http.Cookie. Apparently javax.ws.core.Cookie is used by some methods in the javax.ws.rs packages. So you use javax.ws.core.Cookie with jax-rs web services and javax.servlet.http.Cookie with HttpServlets and their request / response objects.
I am used to consuming Web services via a XMLHttpRequest, to retrieve xml or JSON.
Recently, I have been working with SharePoint REST services, which can return a single value (for example 5532, or "Jeff"). I am wondering if there is a more efficient way than XMLHttpRequest to retrieve this single value. For example, would it work if I loaded the REST url via an iframe, then retrieved the iframe content? Or is there any other well established method?
[Edit] By single value, I really mean that the service just returns these characters. This is not even presented in a JSON or xml response.
Any inefficiency in XMLHttpRequest is largely due to the overhead of HTTP, which the iframe approach is going to incur, as well. Furthermore, if the Sharepoint service expects to speak HTTP, you're going to need to speak HTTP. However, an API does not have to run over HTTP to be RESTful, per Roy Fielding, so if the service provided an API over a raw socket -- or if you simply wanted to craft your own slimmer HTTP request -- you could use a Flash socket via a library like: http://code.google.com/p/javascript-as3-socket/. You could cut the request message size down to under 100 bytes, and could pull out the response data trivially.
The jQuery library is a well established framework which you can use. It´s also an article which answer your concrete question at StackOverflow.
I've created a ColdFusion Web Service, but it's returning WDDX instead of SOAP. How do I make it return SOAP instead of WDDX?
Have the <cffunction> return an XML object, and have the "returnformat" parameter be set to "plain".
<cffunction name="GetData" returntype="xml" returnformat="plain">
For complex objects, you need to setup the CFCs correctly. Read: Using ColdFusion components to define data types for web services
update: Or, you can create the XML representation of your object yourself with <cfxml>, then return the XML object with returnType="xml" in cffunction.
You may check out coldbox's XMLConverter Plugin as code sample for converting built-in CF complex types into XML.
A CFC method with access=remote ought to return soap, rather than WDDX. I'm sure I've used this functionality for years. What I'm suspecting may be happening is that the content-type is based on the request a client makes. I would download Soap-UI and test http://your.server/yourCFC.cfc?wsdl to see whether SOAP-UI gets WDDX thrown back at it. If is does, I'm at a bit of a loss, but do report it here anyway and I'll take a further look.
If Soap-UI sees a proper response, take a look at the headers it's sending and compare them to the request you're making (possibly through the browser?)
You can also use Fiddler to record soap-ui traffic and compare that against any other source of requests.
The http request thing above may be completely off, but it's relatively easy to check and I think it's ringing a bell.
You may also want to check the return type of the function you're writing. In order for CF to generate a good WSDL, it needs to be able to extract metadata from the CFC you're returning.
A bit late to the game but were you hitting it as a plain HTTP request and not as with a SOAP packet?
For example were you doing this:
http://api.example.com/something.cfc?method=test&arg1=val1
instead of an actual SOAP request with envelope, headers, body, etc?
The HTTP request returns WDDX by default or JSON by specifying the returnformat, while a SOAP request will return data in the format you are seeking.