dhis2-devs team mailing list archive

Thread
Date

Re: Mobile Visualizer

To: Yuriy Ivanovich <yuriybugryn@xxxxxxxxx>
From: Saptarshi Purkayastha <sunbiz@xxxxxxxxx>
Date: Mon, 17 Jun 2013 13:37:05 +0200
Cc: dhis2-devs@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAHkMhi0zy5288=XAWCwacXc3BroJ0rp5eGdmqaL__fEoZ=PTow@mail.gmail.com>

Hi Yuriy,

Why do you get a cross-domain issue??
Is it because you are developing on localhost and the server you are using
is http://apps.dhis2.org/demo <http://apps.dhis2.org/dev>?
All DHIS2 URLs support Basic Authentication... so all you have to do is
pass the authorization headers.
Thus, I dont think we need a separate URL for authentication. Also tokens
for getting this done during the summer is not feasible IMO.

To deal with cross-domain calls, I suggest you to do either one of the two
things.
1. Put all your CSS, HTML, JS inside a folder in expanded tomcat dhis and
run tomcat. You'll be hosted in the same tomcat as DHIS2 and hence not have
cross-domain issues
2. If you wish to work with the your mobile app from localhost and make
calls to dhis2 demo, you can start Chrome with flags:
chrome.exe --disable-web-security -–allow-file-access-from-files (or
similar in Linux)

Also, since this will be mobile app, the mobile browser WebView or what
have you for the different platforms, allow cross-domain calls. So that
will not be a deployment problem.

---
Regards,
Saptarshi PURKAYASTHA

My Tech Blog:  http://sunnytalkstech.blogspot.com
You Live by CHOICE, Not by CHANCE

On 17 June 2013 02:45, Yuriy Ivanovich <yuriybugryn@xxxxxxxxx> wrote:

> Hello guys,
>
> I already started working on my task with Mobile Visualizer .
>
> The first point in my plan is : Implement authentication functionality.
>
> So, I started working on first point and get some problems.
>
> It is very inconveniently using standart way of authentication  . I get
> problems with Cross-domain and other.
>
> So, I suggest implements some new security for accessing for API.
>
> It will be look like :
>
> Client makes a request to .../authenticate (unprotected URL) with
> credentials; server returns a secure token which contains enough
> information for the server to validate future requests.
>
> Client makes subsequent requests to various (protected) URLs, appending
> the previously obtained token as a query parameter.
>
> Since we use Spring already, the solution will make use of Spring Security.
>
> So , I think this solution will be very useful for my future application
> and for future external applications which use DHIS API.
>
> If you agree with me I can start investigating how to implement this
> functionality.
>
> Best Regards,
> Yuriy Bugryn
>
> --
> *Yuriy Bugryn* | *Junior Software Developer*
>
> skype : tojayura
>