Liferay custom web services - web-services

I have some questions about the use of Liferay and Lyferay web services.
I have read the documentation liferay in particular the chapter 11 and 12 (development/Documentation)about the development (or use) of web services in Liferay ... but this documentation does not seem complete than what you can do (Searching on the web you can find different approaches regarding the use of Liferay).
So, here are my questions / concerns ...
Suppose you develop your portlets in Liferay .. This way I can interact with the 'core' of Liferay and also write the front-end of my webapp that will be on Liferay. For example I can authenticate the user in my webapp using the Liferay API.
If I wanted to have an authentication system to access in my web app through my mobile app?
I'm not crazy .. I also would like to have my own mobile app developed with native code. In this case I would expect to have a REST service to interact with Liferay.
I think that, in this case, I have to expose all of the functionality of my web app (portlet) also as web serivices
For example ... we can reason with regard to the user authentication..
I thought that you can:
1. Use the webservice native Liferay to access from the outside.
2. E'possibile to write my own web service.
   In this case, I'll have to write a portlet that is actually a webservice?
   When it might be convenient to implement a CAS?
As Liferay works as regards the user session (for authenticated users)?
   In this case we will provide somehow username and password.
If successful, I will have a token or session ID?
Here I can read:
To call the AXIS web service using credentials, you would use the
following URL syntax:
http://" + userIdAsString + ":" + password + "#[server.com]:[port]/api/secure/axis/" + serviceName
I did not really understand if this should be done only to authorize the untente during login
I probably I am confused but the official documentation for Liferay is not my friend right now: (

Yes you want to use custom portlet services in your native mobile app...
I have written very simple blog for doing exactly this:
Please follow the below link:
http://integrating-java.blogspot.in/2014/04/liferay-mobile-sdk-custom-services-part_4.html
By this you can use your portlet's custom service in your mobile native application.
And best part is you do not have to go through the authentication process if you use Liferay mobile sdk for this thing direct service call is enough.

Related

When you use DRF(Server API) + React(public Web Client), how do you implement for OAuth2 social login?

I am developing Django(Server) with React(Web Client).
And I want to use facebook social login.
I knew that client is public client, server is confidential. So I want to use authentication code grant way for authenticating user.
So I find out the way but there is no way to implement that. All the python oauth2 library limplements is just for django server side rendering.(Django Server + Web client).
So I confused about I am wrong or just the others just did not make the grant way.
When you use DRF(Server API) + React(public Web Client),
how do you implement for OAuth2 social login?
I wonder that. please give me some advise to me.
Thanks.
Let's start from basics, people usually split frontend and backend to improve the production speed as frontend and backend can be developed by two separate teams. But in order for the frontend and backend to work together, there needs to be a connection interface, an API.
React is a frontend that runs in the browser, so in order to talk to the server, it uses a REST protocol.
As the backend in this scenario is Django we use DRF as React uses REST API. DRF provides easy flexible pre-built packages to carry out this communication job between server and client.
Now the authenticator for web login you choose to be Facebook hence you will get the identity token from facebook, which will correspond to the rows in the Django User table which will give you access to the user's data in Django.
You don't need to do everything at once, you need to first implement the Facebook social auth and after test(test using postman app) only think about connecting React
A good place to start is this DRF documentation, look into Social OAuth2
https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit

Sharepoint 2013/2016 and Custom Web Api with custom database.

How do I authenticate to a Custom Web Api from a SharePoint 2013/2016 single page app? I've seen a couple examples of using session which i really don't want to use, I'm thinking maybe a custom security token service or would it be better to add the web api as a provider hosted app (high trust) since this is on premises?
I found a solution finally, this one actually makes sense: http://blog.baslijten.com/getting-sharepoint-2013-apps-and-webapi-to-work/

Login/Registration functionality in cq5

I need to create register/login functionality in CQ5. There are three ways
1 - The register/login functionality should be prepared as web service hosted on a Java Application Server and then we can consume data from web services.
2 - The functionality should be prepared as web service based on RESTFull that hosted on CQ itself since AEM is developed around the REST principal and REST web services is certainly one which will be supported. So I believe RESTfull web services can be hosted with CQ5.
3 - Why do we need web services? I do not think it requires web services since my application is not going to communicate with other application and it dont want to expose any services to outside world. Why don't we create register/login functionality as we do in normal web application. Can we create a OSGI bundle that invoke databases to store user details for register/login functionality?
I would go for 3rd option but my concern is AEM is not the place to build our business logic to carry out functions that are not related to content rendering.
which option would you choose and why? Kindly share your ideas and thoughts. I am just looking for best solution to develop register/login functionality in CQ.
Thanks
I think i am late to the party but it might help someone. Yes, you can very well create rest webservices in CQ and they work well. So, you can take that approach.
The way to go about implementing login/registration would be how it is done OOTB but OOTB is also bad in the way it implements it so you have to make modifications to overcome that.
1) You need to register and Authentication handler with CQ. If you are looking for a sample there is a form authentication handler source that you can look at.
2) We have integrated out Auth handler with Active Directory (AD). Since AD is supported by default, so it is easy to integrate with Auth Handlers.
3) Next you need to create a user login token for which you can look into TokenUtil class of CQ or if you are looking to develop SSO, you can look into SSO code that is packaged OOTB.

Web application as a client for web service

I am new to Web development. And hence, if the question is dumb, please be polite. For creating my application, I had to take a decision of whether writing a web service or a web application. After searching a few questions in stackoverflow, I came to know that, web service is something which doesn't involve human interaction. And web application is what human uses ( the UI/web page kind of stuffs ).
But lately, I saw gmail is a web service ( email service ). But I was confused from here on, because, gmail provides a UI, and human interactions do occur. And from there on, I got confused again.
So what I figured out from this is, gmail website is like a web application for users to use directly. The web application in turn uses the web service provided by Google for email. Is my understanding right? So can a web application be a client for web service?
If I am wrong somewhere, please do correct me. I hope to be clear after someone throws light on this with some good example. Thanks in advance.
You are quite right. Basically a Web Service has several endpoints over HTTP (normally) that provides data (generally in JSON or XML) and are meant to be consumed by Web Clients. Sometimes the are also called Web API's (Application Program Interface).
A Web Application is quite similar to a Web Service but it provides an interface where the user can interact with. Usually Web Applications are consumers of Web Services or Web APIs.
Following your example, Google email is could be considered as both, a Web Service and a Web Application. It is a Web Service because it provides a set of HTTP endpoints that works independently of its Web UI Application (GMail). In fact, you can find third party Web Apps that interact with the Google email Web API.
This concept is very important when designing Web Solutions. Ideally you want to design and implement a good Web API, usually a RESTful Service (in JSON/XML). Then you or others will be able to implement different types of applications (Web, Mobile, etc.) because of this API.

Session sharing in webservice

I am using a gwt based application and I want to introduce web service [Apache CXF ] to provide access business layer to other application which is build up in other technology like php, iphone and android.
As per client requirement,
->create gui pages in php
->create login module (with oauth concept) in php
->Use php webservice for login process
->Use java webservice to access business layer
Now my question is to access particular business layer for security reason we have to maintain user session some how. right?
so as I mention requirement how can I manage session in my Java EE app server. should I have to create a session for per user request?
How could I maintain session for user if my login module on Apache server?
Note: Please note that my login is using a php app which has some oauth feature and that will redirect to Java EE app.
Passing JSESSIONID between instances of application server will do you nothing. Unless sessions are clustered, each application has it's own session container and cannot be shared, (unless you write a custom valve that will search for all sessions in application server). Plus WS does not have a notion of http session, you would have to implement your own mechanism. Plese elaborate what are you trying to achieve? And then we will be able to help you more.