[Building Sakai] Membership RESTful web service

Steve Swinsburg steve.swinsburg at gmail.com
Thu Aug 21 03:07:34 PDT 2014 

If you are able to run the application within Tomcat that Sakai runs in,
inject the APIs and use them.

If you still want to run it externally, thats fine also, but most of the
web services require a login first, hence the 403 response. So create a
session first via a POST to /direct/session and then use the response ID in
subsequent requests.

regards,
Steve




On Thu, Aug 21, 2014 at 6:42 AM, Sergio Muriel <sergioame at hotmail.com>
wrote:

> Even if I put my application in the Sakai server, I wouldn't know (I
> haven't seen any examples) of how to take and use that cookie. Therefore,
> as we don't have any Single Sign-On solution implemented yet, and I don't
> want the user to log in again, I think I'd build up my solution using
> Gonzalo's example.
>
>
> Best Regards,
> Sergio Muriel
>
> ------------------------------
> From: cschauer at txstate.edu
> To: sergioame at hotmail.com
> CC: sakai-dev at collab.sakaiproject.org
>
> Subject: RE: [Building Sakai] Membership RESTful web service
> Date: Wed, 20 Aug 2014 18:36:37 +0000
>
>
> Unless your application is running on the same domain as Sakai, you won't
> have access to it. As an example, you might have your sakai instance at
> something like sakai.youruniversity.edu and your application is at
> application.youruniversity.edu. The sakai session cookie's domain will be
> set to sakai.youruniversity.edu and the browser won't send it with any
> requests to application.youruniversity.edu.
>
>  Do you have something like CAS at your institution or some other single
> sign-on solution? If so, you could register your application to log in with
> CAS. Then your application would know the eid of the authenticated user and
> you could log in with an admin account server side to make the api request.
>
>  The other option is to have some javascript on the page that makes the
> API request (similar to Gonzalo's example). This would require setting up
> CORS (cross-origin resource sharing) on the sakai server to allow api
> requests from your application's domain.
>
>  -Chris
>
>  ------------------------------
> *From:* Sergio Muriel [sergioame at hotmail.com]
> *Sent:* Wednesday, August 20, 2014 10:55 AM
> *To:* Schauer, Christopher R
> *Cc:* Steve Swinsburg; sakai-dev at collab.sakaiproject.org
> *Subject:* RE: [Building Sakai] Membership RESTful web service
>
>   You're right Chris,
> it's another Java application completely separate from Sakai; but even if
> I create a new context in the Sakai server with my application there, it
> gives me the same result.
>
>  Any clues about how can I get and use that cookie?
>
>
> Best Regards,
> Sergio Muriel
>
>
>  ------------------------------
> From: cschauer at txstate.edu
> To: sergioame at hotmail.com
> CC: steve.swinsburg at gmail.com; sakai-dev at collab.sakaiproject.org
> Subject: Re: [Building Sakai] Membership RESTful web service
> Date: Tue, 19 Aug 2014 22:25:15 +0000
>
> Is there a reason you're sending the request from the server instead of
> sending it from the browser using javascript? The service uses the same
> session cookie that the rest of sakai uses to tell if a user is logged in
> or not and that cookie is only visible to the browser or the server that
> created it. It won't be available to your server which I'm assuming is
> another java application completely separate from sakai?
>
>  -Chris
>
>  On Aug 19, 2014, at 4:53 PM, Sergio Muriel <sergioame at hotmail.com> wrote:
>
>  Update:
> When the user (userId, or userEid) exists it gives me:
>
>    - JSP page: Exception: 403 Forbidden
>    - Browser with user logged in: {"entityPrefix": "membership",
>    "membership_collection": ......etc, means actual information.
>    - Browser with user not logged in: HTTP Status 403 - Security
>    exception handling request for view (/membership.json), this is typically
>    caused by the current user not having access to the data requested or the
>    user not being logged in at all :: message=Only admin can access other user
>    memberships, current user (null) cannot access ref: admin
>
>  When the user (userId, or userEid) does not exist it gives me:
>
>    - JSP page: Exception: 400 Bad Request
>    - Browser with user logged in: HTTP Status 400 -
>    IllegalArgumentException: Unable to handle output request for format json
>    for this path (/membership.json) for prefix (membership) for entity
>    (/membership), request url (/membership.json): unable to find user.
>    - Browser with user not logged in: Same as above.
>
>
>  Is there any way to make it work like the  /direct/membership service
> itself, which detects somehow if a user is logged in or not? I don't want
> the user to log in to the system again.
>
>
>
> Best Regards,
> Sergio Muriel
>
>  ------------------------------
> From: sergioame at hotmail.com
> To: steve.swinsburg at gmail.com
> Date: Tue, 19 Aug 2014 10:59:49 -0500
> CC: sakai-dev at collab.sakaiproject.org
> Subject: Re: [Building Sakai] Membership RESTful web service
>
>  This is how I'm making the request:
>
>  <%@ page import="org.springframework.web.client.RestTemplate" %>
> <%  RestTemplate restTemplate = new RestTemplate();
>         SakaiUserMemberships userMemberships = restTemplate.getForObject("
> http://my_server/direct/membership.json?includeSites=false&includeGroups=true&userEid=sergio@hotmail.com",
> SakaiUserMemberships.class);
> %>
>
>  SakaiUserMemberships is a bean that represents what /direct/membership
> gives, but I get a HTTP 400 Bad Request.
>
>
> Best Regards,
> Sergio Muriel
>
>  ------------------------------
> Date: Tue, 19 Aug 2014 21:26:55 +1000
> Subject: Re: [Building Sakai] Membership RESTful web service
> From: steve.swinsburg at gmail.com
> To: sergioame at hotmail.com
> CC: ottenhoff at longsight.com; sakai-dev at collab.sakaiproject.org
>
> The /direct/membership/describe tells you how to use it. What request are
> you trying to make and how are you making it?
>
>
> On Tue, Aug 19, 2014 at 3:14 AM, Sergio Muriel <sergioame at hotmail.com>
> wrote:
>
>  Great! Any examples of using this service?
> http://qa5-us.sakaiproject.org/direct/membership
>
> Best Regards,
> Sergio Muriel
>
>  ------------------------------
> From: ottenhoff at longsight.com
> Date: Mon, 18 Aug 2014 11:40:23 -0400
>
> Subject: Re: [Building Sakai] Membership RESTful web service
>  To: bkirschn at umich.edu
> CC: sergioame at hotmail.com; sakai-dev at collab.sakaiproject.org
>
>
> grep tells
> me core-providers/src/java/org/sakaiproject/entitybroker/providers/MembershipEntityProvider.java
>
>
> On Mon, Aug 18, 2014 at 11:26 AM, Kirschner, Beth <bkirschn at umich.edu>
> wrote:
>
> Try this:
>         http://qa5-us.sakaiproject.org/direct/membership/describe
>
> - Beth
>
> On Aug 18, 2014, at 10:00 AM, Sergio Muriel <sergioame at hotmail.com> wrote:
>
> > Dear All,
> >
> > Does anybody know where I can find the code of:
> > SAKAI_SERVER/direct/membership ?? (ex:
> http://qa5-us.sakaiproject.org/direct/membership)
> >
> > Also, does anybody have an example of using that service?
> > I'm getting a HTTP 400 Bad Request when I try to use it.
> >
> > Thank you in advance.
> >
> >
> >
> > Best Regards,
> > Sergio Muriel
> >
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
> _______________________________________________ sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev TO UNSUBSCRIBE:
> send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a
> subject of "unsubscribe"
>  _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140821/6e5352ae/attachment.html

More information about the sakai-dev mailing list