sachin burange

Thanks Amit for reply. I am using salt in little unconventional way. Here it is

There are two parties Party A and Party B.

Party A are the webservices itself.
Party B are the caller of webservices.

Both Parties are agreed upon on shared secret key.

Now when Party B calls the rest webservices it generates the salt and signature and send it across.
As soon as it reaches to party A, it gets the salt, use with secret key and generates the signature.

Now Party A matches generated signature with the signature it received from Party B. If that matches then it is valid request other wise it will deny the services.

Now my initial question was, dynamic salt and signature will be in HTTP body and services will be installed on https. Is this much security is OK, or we can enhance it and restrict the unwanted user by any other techniques ?


Best Regards,
sachin

Hi,

I have wrote couple of restful webservices. As part of security i have added SALT and signature param so that not anyone can access it.
These Services will be deployed under https. JSON request looks like below.

{
"instrumentName": "InName",
"instrumenGroup": "InstrynentGrooup",
"salt" : "KVq88mTrqjoYPiCVhfmh4Q==",
"signature" : "ZinT6BvBZvBCzBTKaCPG4l+L8FuB4U9/575aDXaZ9yA="

}

SALT and SIGNATURE will be unique on every request.

My question is will this much security is enough or malicious user can also grab salt and signature and hit other endpoints. If yes, then what should can be done further to enhance security for rest calls ?


Best Regards,
sachin

How to create different nodes in webshper 7.0 in an clustered environment on a single machine.
Step by step process is needed for clustering webshper 7.0.

Thanks
Sachin Burange

Hello guys,

come on.. Forgive SCJP.. those who wants to do it let them do it and those don't let them free.
Nothing will change in your life discussing it is good or not.

Keep rocking. cheers

Try adding getters and setters ij object.
and add AutoWire keyword in top of setter method.

In Eclipse go to Window->Show View->Error Log

I hope this helps.

If i am not wrong then it should be inside endorsed directory of JBOSS.

How to create ThreadPool and define the size of thread pool

I guess in your case just build the project again and refresh the project.
JBOSS should detect the class changes, just try with sys out first.

Hello Hem,

JBOSS does detect the changes. what you have to do is

1. put a class files or its jar file in WEB-INF folder of deployment directory.
2. Reload the context adding space in web.xml

Using these two steps you will able to see that application redeployment starting automatically.

Siva i guess request attribute normally comes from servlet to jsp.
We are trying here in reverse i.e from jsp to servlet.

anyone comments on this ?

Try to clean the project and build it again.
See the problem view of eclipse are their any problems
if not "R.java" should be automatically created.

Kevin,
Try to increase the memory allocation for simulator.
i.e increase avd space.

Try to Use Calendar methods:


public abstract boolean equals(Object obj)
public abstract boolean after(Object when)
public abstract boolean before(Object when)

Congrats Shruti