after searching google for two days now I am left pretty confused.
I can imagine why use an XML file (web.xml) to define init parameters - if the file is fed to the server container without recompilation it enables us to readapt parameters much more easily, at runtime - or at most to require a restart of the server app.
But if we define init parameters in an annotation, meaning: in a java source file, it is not available on the production server for us to modify, and will require a re-compilation. In that case, why not just use a constant?
Please refrain from lecturing me about how bad/good the use of constants is in general, my question is very specific to init params in annotations. I understand that you may feel obligated to spread your religion to the world and show me the light, but don't. Just don't.
Related
I need to build an LDAP proxy that I can program to inspect and modify the LDAP requests and responses - some of the LDAP requests/responses will simply be passed through, but for others I might want to send two different requests to the server and then combine the results (that's just one example - there will be other use cases).
I've looked at the proxying options documented for OpenLDAP's slapd, and I see that it has quite flexible configuration and 'overlays', but no capability to insert custom code.
So I think that's not a solution, unless slapd's source code is easy to modify, to insert my own modules plus hooks to/from the existing code (?)
An alternative would be to start with a friendly TCP/IP framework library (or even a complete TCP/IP proxy). Then I can link to an ASN.1 decoding/encoding library, and write the rest myself.
I'd prefer to avoid having to write (& learn) all the TCP/IP connection/message handling and event loop myself.
So I'm looking for the most complete starting point that does the hard work and gives me the flexibility to write what I need. Typical lazy/greedy approach :-)
Must be open source, ideally in C or C++, and I'll probably be targetting RHEL/CentOS 8 in a container.
I have to override the default implementation of the DatabaseQueue in Drupal 8. The reasons for this are not important.
I was looking at the QueueFactory and I learnt that for each queue worker there can be a different QueueInterface implementation. If it's not specified they fall back to the DatabaseQueue (well in fact one can specify different queue factory but this simplification is quite accurate anyway).
The QueueFactory uses the Settings object as it's source of configuration for the queues:
$this->settings->get('queue_service_' . $name, $this->settings->get('queue_default', 'queue.database'));
The problem is (as far as I can tell) that Settings object takes configuration data from the sites/*/settings.php file. In fact, if I extend this file with queue configuration, like this one:
$settings['queue_service_my_custom_queue_worker'] = 'my_module.my_custom_queue_factory';
then it works fine.
But here's the deal. I'm creating a module that will be distributed to many clients. This approach for editing the settings.php file is not ideal. Imagine asking everyone to make this change. It's very prone to errors. So, is there a way to extend those settings from my module?
I tried using the configuration overrides but it doesn't work for this case.
You could decorate the queue service to provide a custom behavior of its get() method for your custom queue.
See this doc: https://www.phase2technology.com/blog/using-symfony-service
I have a db with original file names, location to files on disk, meta data like user that owns file... Those files on disk are with scrambled names. When user requests a file, the servlet will check whether he's authorized, then send the file in it's original name.
While researching on the subject i've found several cases that cover that issue, but nothing specific to mine.
Essentially there are 2 solutions:
A custom servlet that handles headers and other stuff the Default Servlet containers don't: http://balusc.omnifaces.org/2009/02/fileservlet-supporting-resume-and.html
Then there is the quick and easy one of just using the Default Servlet and do some path remapping. For ex., in Undertow you configure the Undertow subsystem and add file handlers in the standalone.xml that map http://example.com/content/ to /some/path/on/disk/with/files .
So i am leaning towards solution 1, since solution 2 is a straight path remap and i need to change file names on the fly.
I don't want to reinvent the hot water. And both solutions are non standard. So if i decide to migrate app server to other than Wildfly, it will be problematic. Is there a better way? How would you approach this problem?
While your problem is a fairly common one there isn't necessarily a standards based solution for every possible design challenge.
I don't think the #2 solution will be sufficient - what if two threads try to manipulate the file at the same time? If someone got the link to the file could they share it?
I've implemented something very similar to your #1 solution - the key there is that even if the link to the file got out no one could reuse the link as it requires security. You would just "return" a 401 or 403 for the resource.
Another possibility depends on how you're hosted. Amazon S3 allows you to generate a signed URL that has a limited time to live. In this way your server isn't sending the file directly. It is either sending a redirect or a URL to the front end to use. Keep the lifetime at like 15 seconds (depending on your needs) and then the URL is no longer valid.
I believe that the other cloud providers have a similar capability too.
From what I understand, PUT requests send the whole object while PATCH requests just send the diff, which is used to update the object in the database.
Why would you do a PUT over a PATCH? PATCH seems much lighter. I don't see any upsides to PUT (I'm sure they exist, I just don't know what they are).
A better way of looking at is that PUT replaces a resource, whilst PATCH is for providing an instruction to change a resource.
Replacing a resource is always a safe and idempotent operation as it has no dependency on the existing state of the resource. Meanwhile a request to change a resource may be dependent on the state of that resource and can therefore have other effects.
The HTTP PATCH verb is defined in RFC 5789, which states:
The difference between the PUT and PATCH requests is reflected in the
way the server processes the enclosed entity to modify the resource
identified by the Request-URI. In a PUT request, the enclosed entity
is considered to be a modified version of the resource stored on the
origin server, and the client is requesting that the stored version
be replaced. With PATCH, however, the enclosed entity contains a set
of instructions describing how a resource currently residing on the
origin server should be modified to produce a new version. The PATCH
method affects the resource identified by the Request-URI, and it
also MAY have side effects on other resources; i.e., new resources
may be created, or existing ones modified, by the application of a
PATCH.
It goes on to say:
PATCH is neither safe nor idempotent
You might want to create the resource, or there might not be an applicable PATCH format available (think binary files).
with using POST as only option to create resources
only having JSON resources (RFC 7396)
making your PATCH endpoint implementation idempotent
Is there still a need to provide a PUT endpoint in an API?
Maybe I don't want to take the diff and deduce where I should save it so that everything makes sense. Maybe I just want to work with full resources instead of messing around with little parts of them. >> you can use PATCH for full update as well, no?
A considerable part of the HTTP standard is outdated, so it is not surprising that PATCH can completely replace PUT.
In RESTful API, people often mistakenly regard PUT as "update the entire resource", but in fact the semantics of PUT is "replace the resource". Unfortunately, there is a sad design in the HTTP: PUT is defined to create new resources when they don't exist, so PUT is sometimes used as an idempotent alternative to POST.
PATCH is an imitation of PUT to a certain extent, so it also incorporates part of the responsibilities of POST. However, if you only want to have an action of "modify the existing resource", you only need to use PATCH (PATCH is not idempotent, another sad design of HTTP).
Those who study REST and HTTP standard methods in depth will eventually find that a simple RPC interface can better implement all the actions you need.
I am creating a MVC 3 application (although just as applicable to other technologies e.g. ASP.NET Forms) and was just wondering if it is feasible (performance wise) to serve images from code rather than using the direct virtual path (like usual).
The idea is that I improve the common method of serving files to:
Apply security checks
Standardised method of serving files based on route values
Returning modified images (if requested) e.g. different dimentions (ok this would only be used sparingly so don't relate this to the performance question above).
Perform business logic before allowing access to the resource
I know HOW to do it but I don't know IF I should do it.
What are the performance issues (if any)
Does something weird happen e.g. images only load sequentially (maybe that's how HTML does it currently i am not sure - exposing my ignorance here).
Anything else you can think of.
Hope this all makes sense!
Thanks,
Dan.
UPDATE
OK - lets get specific:
What are the performance implications for using this type of method for serving all images in MVC 3 using a memory stream? Note: the image url would be GenericFetchImage/image1 (and just for simplicity - all my images are jpegs).
public FileStreamResult GenericFetchImage(string RouteValueRefToImage)
{
// Create a new memory stream object
MemoryStream ms = new MemoryStream();
// Go get image from file location
ms = GetImageAndPutIntoMemoryStream(RouteValueRefToImage);
// return the output as a file
return new FileStreamResult(ms, "image/jpeg");
}
I know that this method works, because I am using it to dynamically generate an image based on a session value for a captcha image. It's pretty neat - but I would like to use this method for all image retrieval.
I guess I am wondering in the above example if this is ok to do or whether it requires more processing to perform and if so, how much? For example, if the number of visitors were to multiply by 1000 for example, would the server be then processingly burdened in the delivery of images..
THANKS!
A similar question was asked before (Can an ASP.Net MVC controller return an Image?) and it appears that the performance implications are very small to serving images out of actions vs directly. As the accepted answer noted, the difference appears to be on the order of a millisecond (in that test case, about 13%). You could re-run the test locally and see what the difference is on your hardware.
The best answer to your question of if you should be using it is from this answer to (another) similar question (emphasis mine):
DO worry about the following: you will need to re-implement a caching strategy on the server, since IIS manages that for static files requested directly. You will also need to make sure you manage your client-side caching with the correct headers included in the response. Ultimately, just ask yourself if re-inventing a method of serving static files from a server is something that serves your application's needs.
To address the specific cases you provided with the question:
Apply security checks
You can already do this using the IIS 7 integrated pipeline. Relevant bit from documentation:
Allowing services provided by both native and managed modules to apply to all requests, regardless of handler. For example, managed Forms Authentication can be used for all content, including ASP pages, CGIs, and static files.
Standardised method of serving files based on route values
If I'm reading the documentation correctly you can insert a module early enough in the pipeline to re-write incoming URLs to point directly to static resources and let IIS handle the request from there. (For the sake of completeness there also this related question regarding mapping routes to mages: How do I route images using ASP.Net MVC routing?)
Empowering ASP.NET components to provide functionality that was previously unavailable to them due to their placement in the server pipeline. For example, a managed module providing request rewriting functionality can rewrite the request prior to any server processing, including authentication.
There are also some pretty powerful URL rewrite features that come with IIS more or less out of the box.
Returning modified images (if requested) e.g. different dimentions (ok this would only be used sparingly so don't relate this to the performance question above).
It looks like a module that does this is already available for IIS. Not sure if that would fall under serving images from code or not though, I guess it might.
Perform business logic before allowing access to the resource
If you're performing business logic to generate said resources (like a chart) or as you mentioned a captcha image then yeah, you basically have no choice but to do it this way.