This post details some of the finer intricacies of working with Rapyd.
To set a title on the grid :
$provider_item_grid = new datagrid_library(); $provider_item_grid->label = 'My grid title'; |
To show more than 5 rows in a grid
$provider_item_grid->per_page = 100000; |
To format the output text for a column in a grid
$provider_item_grid->column('real_value','Denomination Face Value')->callback('format'); . . . . function format($row) { $avalue = $row['real_value']; $obj =& get_instance(); return currency_format($avalue); } |
To make a a column that links elsewhere:
$provider_item_grid->column('item_description','Denomination')->url(site_url('service_provider_items/?show={service_provider_item_id}'),''); |
To enable sorting on a column
$provider_item_grid->column('item_description','Denomination', true); |
In this article I would like to describe how to get your RESTful webservice to output XML. RESTful doesnt output as much detail as the SOAP specification, but it gives you enough data to work with, assuming you know what the data types are.
Firstly, create a class that represents your output. Remember the import!
import javax.xml.bind.annotation.XmlRootElement; @XmlRootElement public class userData { public String firstname; public String lastname; public String idnumber; public String pin; public int status; } |
Then we can start coding the webservice. I’m not going to go into detail, but am just going to put in the specifics that are relevant for this article
import java.util.ArrayList; import java.util.List; @Path("airtime_functions") public class airtime { @GET @Path("get_users") @Produces("application/xml") public List<userData> get_users(@QueryParam("user_id") String user_id) { List<userData> retUser = new ArrayList<userData>(); try { errorMsg = ""; con = getJNDIConnection(); stmt = con.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); String sql = "SELECT * from users where user_id = ?"; PreparedStatement prest = con.prepareStatement(sql); prest.setString(1, user_id); prest.execute(); rs = prest.getResultSet(); while (rs.next()) { userData toReturn = new userData(); toReturn.firstname = rs.getString("firstname"); toReturn.idnumber = rs.getString("idnumber"); toReturn.lastname = rs.getString("surname"); toReturn.pin = rs.getString("pin"); toReturn.status = rs.getInt("status"); retUser.add(toReturn); } con.close(); return retUser; } catch (Exception e) { userData toReturn = new userData(); toReturn.firstname = "Error: " + e; toReturn.idnumber = ""; toReturn.lastname = ""; toReturn.pin = ""; toReturn.status = 0; retUser.add(toReturn); return retUser; } } |
To access this resource we do it something like this http://localhost:8080/this_ws_name/airtime_functions/get_users?user_id=1
That should send an XML packet containing the data back to your client. From there it is up to you what you want to do with it
I hope this helps make RESTful a little bit simpler
There are a number of ways to prevent replay attacks when writing RESTful webservices.
Each option will depend on your requirements.
For transactional webservices I have designed a method which i find to be reasonably secure
lets say that this is how your webservice is currently invoked
https://localhost:8181/someWebService/getVoucherNumber?service_provider_item_id=4&posuser_idnumber=7902115131088&posuser_pin=1234&license_code=cd15b372-cfec-11de-b323-82ddcd6bb138
this is all good and well, BUT any attacker can re-use this string as many times as they want.
The solution is to add another parameter. Lets call this parameter “signature”
To generate a signature, we do the following:
1) take the current UTCS datetime and format it like this “yyyy’-'MM’-'dd’ ‘HH’:'mm’:'ss”.
2) blowfish encrypt that string
3) hex encode the resulting string so we end up with something like this “60e215044148b7a4a831a16065b180fa4a823b91″
Now we call our webservice with the added parameter
https://localhost:8181/someWebService/getVoucherNumber?service_provider_item_id=4&posuser_idnumber=7902115131088&posuser_pin=1234&license_code=cd15b372-cfec-11de-b323-82ddcd6bb138&signature=60e215044148b7a4a831a16065b180fa4a823b91
The webservice does the following
1) hex decode the string
2) blowfish decrypt it
3) make sure that the resulting datetime stamp is within “10″ seconds of the current time
If the signature is valid, then continue processing the webservice request
encrypting and decrypting between different languages and character sets can be painful. It took me many hours of tweaking to get to a working robust solution.
The PHP code will encrypt and decrypt a string.
The java code will successfully decrypt a string encrypted by the PHP code.
Encrypt and decrypt in PHP:
function encryptString($pin) { $cipher = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_CBC, ''); // The block-size of the Blowfish algorithm is 64-bits, therefore our IV // is always 8 bytes: $iv = '12345678'; $key = encryptKey(); //32chars = 256bit encryption // The strengh of the encryption is determined by the length of the key // passed to mcrypt_generic_init if (mcrypt_generic_init($cipher, $key, $iv) != -1) { $cipherText = mcrypt_generic($cipher, $pin); mcrypt_generic_deinit($cipher); return $cipherText; } else { mcrypt_generic_deinit($cipher); return ""; } } function decryptString($pin) { $iv = '12345678'; $key = encryptKey(); return mcrypt_cbc(MCRYPT_BLOWFISH, $pin, $ciphertext, MCRYPT_DECRYPT, $iv); } function hex2bin($h) { //this function is the opposite of php's bin2hex if (!is_string($h)) return null; $r=''; for ($a=0; $a<strlen($h); $a+=2) { $r.=chr(hexdec($h{$a}.$h{($a+1)})); } return $r; } //usage: $encrypted_string = encryptString('Some text to encrypt'); $decrypted_string = decryptString($encrypted_string); |
To decrypt in JAVA
private static String decryptBlowfish(String to_decrypt) { try { String iv = "12345678"; byte[] IVBytes = getBytes(iv); if (IVBytes == null) { return null; } IvParameterSpec IV = new IvParameterSpec(IVBytes); String strkey = "12345678901234567890123456789012"; //must be the same key we used to encrypt the data byte[] strkeyBytes = getBytes(strkey); if (strkeyBytes == null) { return null; } SecretKeySpec key = new SecretKeySpec(strkeyBytes, "Blowfish"); try { Cipher cipher = Cipher.getInstance("Blowfish/CBC/NoPadding"); try { cipher.init(Cipher.DECRYPT_MODE, key, IV); try { byte[] encrypted = getBytes(to_decrypt); if (encrypted == null) { return null; } byte[] decrypted = cipher.doFinal(encrypted); return new String(decrypted); } catch(Exception e) { errorMsg = "ERROR: decryptBlowfish(dofinal) : to_decrypt :" + to_decrypt + " : message : " + e; return null; } }catch (Exception e) { errorMsg = "ERROR: decryptBlowfish(init) :" + e; return null; } }catch (Exception e) { errorMsg = "ERROR: decryptBlowfish(getInstance) :" + e; return null; } } catch (Exception e) { errorMsg = "ERROR: decryptBlowfish :" + e; return null; } } private static String hexToString(String input, int groupLength) { try { StringBuilder sb = new StringBuilder(input.length() / groupLength); for (int i = 0; i < input.length() - groupLength + 1; i += groupLength) { String hex = input.substring(i, i + groupLength); sb.append((char) Integer.parseInt(hex, 16)); } return sb.toString(); } catch (Exception e) { errorMsg = "ERROR: hexToString :" + e; return null; } } private static byte[] getBytes(String toGet) { try { byte[] retVal = new byte[toGet.length()]; for (int i = 0; i < toGet.length(); i++) { char anychar = toGet.charAt(i); retVal[i] = (byte)anychar; } return retVal; }catch(Exception e) { errorMsg = "ERROR: getBytes :" + e; return null; } } //USAGE String stringSignature = hexToString(signature, 2); String decryptSignature = decryptBlowfish(stringSignature); |
public static String encryptBlowfish(String to_encrypt, String strkey) { try { SecretKeySpec key = new SecretKeySpec(strkey.getBytes(), "Blowfish"); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(Cipher.ENCRYPT_MODE, key); return new String(cipher.doFinal(to_encrypt.getBytes())); } catch (Exception e) { return null; } } public static String decryptBlowfish(String to_decrypt, String strkey) { try { SecretKeySpec key = new SecretKeySpec(strkey.getBytes(), "Blowfish"); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(Cipher.DECRYPT_MODE, key); byte[] decrypted = cipher.doFinal(to_decrypt.getBytes()); return new String(decrypted); } catch (Exception e) { return null; } } |
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire