This week's book giveaway is in the Server-Side JavaScript and NodeJS forum.
We're giving away four copies of Modern JavaScript for the Impatient and have Cay Horstmann on-line!
See this thread for details.
Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Accessing a value from the application.properties

 
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to use a value defined in the application.properties and thought it was a simple as the below example (I even think I used it before), but I have been more envolved with PHP and RPA, now that I returning to my first love, I maight have to refresh a couple of things



in my application.properties:


When I try to print out the value of bitPandaApiKey it prints the name, instead of the value...
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nevermind, I looked it up and noticed, it should have been:

But now I'm having an error that the bean of MainApp can't be created caus there's a dependency failling, normally I would solve that by forcing the springcontext with

but I can't really do that with the application.properties can I?
I also tried setting the value in a constructor, but that als didn't work.
Neighter did using an Enviroment instance to acces the properties
When I set the apiKey variable in the service by hardcoding the value, it does work
 
Saloon Keeper
Posts: 22480
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tell us more about the "dependency failing".
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah whoeps, yeah never even posted my stacktrace
 
Tim Holloway
Saloon Keeper
Posts: 22480
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An HTTP 401 response is sent by the webapp server when it determines that the user needs to be logged in. For JEE, I think that means that a gui client would have a login dialog pop up. If you're using a non-GUI client of your own code, you need to detect the 401 challenge and send credentials.
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's what I'm doing and why I need the apiKey...


 
Tim Holloway
Saloon Keeper
Posts: 22480
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think that the API key here is the same as your webapp user login. A 401 requires a user ID and password in accordance with the standard Internet RFC's, and an API key is usually simply a key.
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the API documentation: "Everything regarding user accounts and order management. Private endpoints are protected by api keys and rate limits."
And then it wouldn't work eather when I assign a hardcoded value to the bitPandaApiKey in the service
 
Tim Holloway
Saloon Keeper
Posts: 22480
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An API key is data passed to the application program as part of a GET or POST request. The webapp server knows nothing about the API key, since's it's just application data and only the application knows what to do with it.

The 401 challenge is sent by the appserver when a URL request is made to a resource protected by the webapp server (container). That system works entirely outside of the webapp. In fact, the webapp itself never sees any of that process and only sees the URL request after - and IF - login is successful.

Unless your API is being clever, a 401 would only be seen if the URL matched one of the protected URL patterns set up in the application's web.xml file (or via an annotation equilvalent). Since the 401 blocks at the server level, the API cannot be seen until you have successfully passed the 401 challenge by submitting a valid iser ID and password.

If your API key is sufficiently long and random, you probably wouldn't need an actual login-protected URL(s). Basically the API key would be acting much like a security certificate in that case, except within the app rather than within the appserver. But you would need to send such requests only via SSL (https) connections or anyone snooping your network traffic could harvest API keys for their own evil purposes.
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All true, but still dosn't explain why (if I needed a login, which I don't even have) the call is returning the correct response with a hardcoded variable in the client
Have a look at The developers guide
 
Master Rancher
Posts: 4663
49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So, if you use that api key directly (not injecting it) does it work?
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yup
 
Dave Tolls
Master Rancher
Posts: 4663
49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK.
And have you debugged and logged the apiKey value in both cases?
 
Tim Holloway
Saloon Keeper
Posts: 22480
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You would get a 401 challenge ONLY in one of two cases.

1. The URL that was submitted matched one of the protected URL patterns in the webapp's web.xml. If you submit a URL request and the URL does not match any of those patterns - or if no patterns are defined - then there will be no 401 challenge from the server

2. The application has manually responded with "401". It shouldn't do that, however, since 401 is expected to trigger specific action by the client (sending user ID and password).

If an API key was missing or invalid on a URL request, the application should consider returning either 403 (Forbidden) or 404 (Not Found). 404 helps promote Security Through Obscurity, since 403 indicates that further challenges using the same URL may help crack the system, whereas 404 means that the application isn't going to volunteer anything at all.

So I checked BitPanda's specs at https://developers.bitpanda.com/platform/#/trades-get and yes, they do mis-use 401.

But in the end, that still doesn't tell me what your "dependency failing" error was. Dependencies failing usually means an exception was thrown.
 
Pieter Vandevelde
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:You would get a 401 challenge ONLY in one of two cases.
But in the end, that still doesn't tell me what your "dependency failing" error was. Dependencies failing usually means an exception was thrown.


I know, but I wasn't able to reproduce it
 
We're being followed by intergalactic spies! Quick! Take this tiny ad!
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic