Search Results

Search found 5045 results on 202 pages for 'anonymous programmer'.

Page 80/202 | < Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87  | Next Page >

  • Non-Mainstream Languages, Bad for your resume?

    - by Joe
    Hi folks, I got my BS in Computer Science about seven years ago. I spent two years in neuroscience research and the next three providing what amounts to tech support. But I love computer programming - and I have since written, as a freelancer, non-trivial commercial code in Haskell, Smalltalk, and Objective-C. I used these languages because I find them rewarding, they make me a better programmer and thus, I thought, more attractive to companies. However the polar opposite has occured and I am now unhireable. The freelance market has bottomed out and I am looking for regular employment. But I am being repeatedly turned down, even for entry-level positions, because I don't specifically fit the requirements - eg. Java programmer with 2+ years with JUnit, JavaMail, Servlets etc. And none of the hiring managers, let alone the recruiters, have heard of either Haskell or Smalltalk and more disturbing is their thinly veiled contempt for my background. My question is , how should I market myself to these positions? Is anyone here in a similar position? What should I be doing different professionally? More broadly is this contempt for non-mainstream experience occurring everywhere or just my town? And if there are any hiring managers reading this, I'd love to hear your side. Please be brutally honest. thanks, joe

    Read the article

  • How do you handle your "Project Manager"

    - by Vecdid
    I currently work for a company who recently has downsized. I do all in house work, client installs, builds,q.a, well basically all the in house work. My direct boss is VERY untechnical and lately I have found it VERY hard to deal with his lack of knowledge. The biggest issues I have had are as follows: I am on many deadlines at a time. I get stopped to put together a half fast quote as I cannot be late on the deadline, in the meantime, three support calls comes in, I give quote, time too much so they outsource it. I then I have to fix everything the vendor broke. I get asked, when an issue arrises, why is the issue occurring and explain in detail, yet that detail means absolutly nothing to him. All he cares about are deadlines, yet he is the one who schdules everything. "I am a programmer not a graphic designer, meaqns nothing to him" I was hired as a .NET programmer, yet they let a vendor choose wordpress for many sites(yeah I had to learn all about it quick) I guess I can go on and on, but has anyone had to deal with this type of project manager? What is some advice, other than finding another job. Thanks in advance, and I made this a wiki, so please don't close...

    Read the article

  • Why avoid increment ("++") and decrement ("--") operators in JavaScript?

    - by artlung
    I'm a big fan of Douglas Crockford's writing on JavaScript, particularly his book JavaScript: The Good Parts. It's made me a better JavaScript programmer and a better programmer in general. One of his tips for his jslint tool is this : ++ and -- The ++ (increment) and -- (decrement) operators have been known to contribute to bad code by encouraging excessive trickiness. They are second only to faulty architecture in enabling to viruses and other security menaces. There is a plusplus option that prohibits the use of these operators. This has always struck my gut as "yes, that makes sense," but has annoyed me when I've needed a looping condition and can't figure out a better way to control the loop than a while( a < 10 )do { a++ } or for (var i=0;i<10;i++) { } and use jslint. It's challenged me to write it differently. I also know in the distant past using things, in say PHP like $foo[$bar++] has gotten me in trouble with off-by-one errors. Are there C-like languages or other languages with similarities that that lack the "++" and "--" syntax or handle it differently? Are there other rationales for avoiding "++" and "--" that I might be missing? UPDATE -- April 9, 2010: In the video Crockford on JavaScript -- Part 5: The End of All Things, Douglas Crockford addresses the ++ issue more directly and with more detail. It appears at 1:09:00 in the timeline. Worth a watch.

    Read the article

  • What's the purpose of "import package"?

    - by codethief
    As I just found out import package does not make the package's modules available through package.module. The same obviously holds true for from package import subpackage as well as from package import * What's the purpose of importing a package at all then if I can't access its submodules but only the objects defined in __init__.py? It makes sense to me that from package import * would bloat the namespace, which, however, doesn't apply in case of the other two ways! I also understand that loading all submodules might take a long time. But I don't know what these unwanted side-effects, "that should only happen when the sub-module is explicitly imported", are which the author of the previous link mentions. To me it looks like doing an import package[.subpackage] (or from package import subpackage) makes absolutely no sense if I don't exactly want to access objects provided in __init__.py. Are those unwanted side effects really that serious that the language actually has to protect the programmer from causing them? Actually, I thought that Python was a little bit more about "If the programmer wants to do it, let him do it." In my case, I really do want to import all submodules with the single statement from package import subpackage, because I need all of them! Telling Python in the init.py file which submodules I'm exactly talking about (all of them!) is quite cumbersome from my point of view. Please enlighten me. :)

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

    Read the article

  • iPhone: Accessing Composite Name in AddressBook Causes EXC_BAD_ACCESS

    - by Fyrian
    Hi everyone. I'm new to iPhone development and have a question I hope someone can help me with. I have a programmer working on an iPhone app for me and when I run the app in the simulator, it works great. But when I try to run it on my actual iPhone, I get a EXC_BAD_ACCESS error and the app locks up. Looking at the debugger, it's referencing the following code in my MainController as the problem: -(void)loadAddressBook{ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; addressBookLoaded=1; [AddressbookRecord readAllContactTable:[self getDBPath]]; ABAddressBookRef addressBook = ABAddressBookCreate(); for(NSUInteger i=1;i<=ABAddressBookGetPersonCount(addressBook);i++) { ABRecordRef myPerson =ABAddressBookGetPersonWithRecordID (addressBook,(ABRecordID)(i)); NSString *name = (NSString*)ABRecordCopyCompositeName(myPerson); //save in database AddressbookRecord *addObj = [[AddressbookRecord alloc] initWithPrimaryKey:0]; addObj.ClientName=name; [addObj addNewContactEntry]; } addressBookLoaded=2; [pool release]; } More specifically, it points to this specific line as the problem: NSString *name =(NSString*)ABRecordCopyCompositeName(myPerson); My programmer can't seem to figure out what the problem is since he can't replicate it on his end. Does anyone have any ideas what would cause this problem??? Thanks!

    Read the article

  • Easiest RPC client method in PHP

    - by T.K.
    I've been asked to help a friend's company to bring up a web application. I have very limited time and I reluctantly accepted the request, at one condition. As most of the logic goes on in the back-end, I suggested that I would finish the complete back-end only, allowing a front-end developer to simply interface with my backend. I plan to do the back-end in Java EE or Python (with Pylons). It does not really matter at this point. I plan to have my back-end completely ready and unit-tested, so that my input will hardly be needed after my work is done. I know they have a PHP programmer, but as far as I could tell he is a real rookie. I want him to basically interface with my backend's services in the easiest possible way, with no way of him "stuffing" it up. It's basically a CRUD-only application. I could implement the backend as accessible through a webservice such as XML-RPC or SOAP. Even a RESTful API could be possible. However, my main objective is to make something that complete "noob" PHP programmer can easily interface with without getting confused. Preferably I do not even want to talk to him because I generally have an extremely busy schedule, and doing "support calls" is not something I am willing to do. Which approach should I choose? I would welcome any suggestions and inputs!

    Read the article

  • How can we best represent the SDLC process as a board game?

    - by Innogetics
    I recently got interested in financial board games and saw how they can be very useful in educating children about certain concepts. It got me thinking whether it was also possible to represent certain aspects of executing a software project via a boardgame and make it fun. Here are a few things that I have come up so far: human resources and tools / techniques are represented as cards. requirements are also represented as cards, which are dealt equally to each player, and the objective is to move all requirement cards through an "SDLC" board (one per player) that represent a series of squares grouped according to phases (design all the way to deployment) the passage of time is represented in a main square board like monopoly, and completing a trip around the board (passing "Go") allows the player to move each of the requirement cards a number of steps through the SDLC board depending on the capability of the resource cards (senior programmer allows one requirement to move two squares in the dev phase, junior programmer only one, etc.) players will start with play money representing the project budget, and at every pass at "Go" is payday. the player is out of the game if he runs out of funds. the main board also has "chance" / "risk" cards, which represent things that can mess up a project. damage is applied at the roll of a die, and chance modifiers depend on whether the user has "bought" tools / techniques. I haven't implemented this idea yet as I'm still looking at more play elements that can make the game more engaging, as well as soliciting for more ideas. I am planning to release this under Creative Commons license but haven't decided on the exact license yet. Any more game play suggestions are welcome. UPDATE: This was posted in BoardGameGeek and there's now an active discussion thread there. http://www.boardgamegeek.com/article/4436694

    Read the article

  • jQuery code in ajax loaded content only runs once

    - by Michael Howland
    I have been looking around SO for a while and haven't been able to find anything that matches my issue, which I'm not even sure I can explain that well, so take that for what it's worth. I have a page that loads content into a div via AJAX (using the .load() method). There are several links in the navigation, meaning the content will change while navigating the site without refreshing the entire page. (Actually, to be honest, I just cribbed the DocTemplate layout [http://css-tricks.com/examples/DocTemplate/] from css-tricks.com. Apparently while I'm not a re-invent the wheel type programmer, I am a bash my head against the wheel incessantly to get it to work programmer.) So, index.php loads up some DB content in a div. There is also a jQuery UI modal input form on index.php. Essentially, the only HTML on the page is an empty div and a form. This all works fine, until I call up another page, then go back to index.php. The DB content is not loaded, and my form is shown there in all its naked glory. I know why this is happening. The page was not refreshed, nothing kicked off the code to load the content and hide the form. My question is, how can I ensure that the AJAX .load() and the .dialog() will run when loading index.php again? Is it even possible? Thanks, and my apologies for the length. I get verbose when I'm confused.

    Read the article

  • Definition of the job titles involved in a software development process.

    - by Rafael Romão
    I have seen many job titles for people involved in a software development process, but never found a consensus about they mean. I know many of them are equivalent, and found some other questions about that here in SO, but I would like to know your definitions and comments about them. I want not only to know if there is really a consensus, but also to know if what I suppose to be a Software Architect, is really a Software Architect, and so on. The job titles I mean are: Developer; System Analyst; Programmer; Analyst Programmer; Software Engineer; Software Architect; Designer; Software Designer; Business Manager; Business Analyst; Program Manager; Project Manager; Development Manager; Tester; Support Analyst; Please, feel free to add more titles to this list in your answers. It would be very helpful.

    Read the article

  • Fitting title for my position

    - by lithander
    In the last 2 years my company has developed a boxed and full-price computer game. All the software development has been done collaboratively by me and my co-developer. We know each other from university and got hired at the same day to equal conditions and we share the same responsibilites including the decisions of what technology to license and how to spend development resources and even how team-workflow is organized. But I struggle to find the correct wording for my position. Can I call myself a senior developer with only 3 years working-experience? Can I call myself lead programmer if I don't really have a team to "lead"? All these fancy names used in the industry (Technical Lead, Development Lead, Software Architect) seem to imply that you aren't actually coding anymore or have staff under you. On the other hand titles like "Programmer" or "Software Engineer" seem to imply that there's someone between you and the project management. That makes it hard to fill out a resume or even the badges you typically wear on conferences... people tend to judge you by your title and I'd like to avoid confusion where possible.

    Read the article

  • Why would this Lua optimization hack help?

    - by Ian Boyd
    i'm looking over a document that describes various techniques to improve performance of Lua script code, and i'm shocked that such tricks would be required. (Although i'm quoting Lua, i've seen similar hacks in Javascript). Why would this optimization be required: For instance, the code for i = 1, 1000000 do local x = math.sin(i) end runs 30% slower than this one: local sin = math.sin for i = 1, 1000000 do local x = sin(i) end They're re-declaring sin function locally. Why would this be helpful? It's the job of the compiler to do that anyway. Why is the programmer having to do the compiler's job? i've seen similar things in Javascript; and so obviously there must be a very good reason why the interpreting compiler isn't doing its job. What is it? i see it repeatedly in the Lua environment i'm fiddling in; people redeclaring variables as local: local strfind = strfind local strlen = strlen local gsub = gsub local pairs = pairs local ipairs = ipairs local type = type local tinsert = tinsert local tremove = tremove local unpack = unpack local max = max local min = min local floor = floor local ceil = ceil local loadstring = loadstring local tostring = tostring local setmetatable = setmetatable local getmetatable = getmetatable local format = format local sin = math.sin What is going on here that people have to do the work of the compiler? Is the compiler confused by how to find format? Why is this an issue that a programmer has to deal with? Why would this not have been taken care of in 1993? i also seem to have hit a logical paradox: Optimizatin should not be done without profiling Lua has no ability to be profiled Lua should not be optimized

    Read the article

  • Will Learning C++ Help for Building Fast/No-Additional-Requirements Desktop Applications?

    - by vito
    Will learning C++ help me build native applications with good speed? Will it help me as a programmer, and what are the other benefits? The reason why I want to learn C++ is because I'm disappointed with the UI performances of applications built on top of JVM and .NET. They feel slow, and start slow too. Of course, a really bad programmer can create a slower and sluggish application using C++ too, but I'm not considering that case. One of my favorite Windows utility application is Launchy. And in the Readme.pdf file, the author of the program wrote this: 0.6 This is the first C++ release. As I became frustrated with C#’s large .NET framework requirements and users lack of desire to install it, I decided to switch back to the faster language. I totally agree with the author of Launchy about the .NET framework requirement or even a JRE requirement for desktop applications. Let alone the specific version of them. And some of the best and my favorite desktop applications don't need .NET or Java to run. They just run after installing. Are they mostly built using C++? Is C++ the only option for good and fast GUI based applications? And, I'm also very interested in hearing the other benefits of learning C++.

    Read the article

  • Developer friendly open-source license?

    - by Francisco Garcia
    As a software engineer/programmer myself, I love the possibility to download the code and learn from it. However building software is what brings food to my table. I have doubts regarding the type of license I should use for my own personal projects or when picking up one project to learn from. There are already many questions about licenses on Stackoverflow, but I would like to make this one much more specific. If your main profession and way of living is building software, which type of license do you find more useful for you? And I mean, the license that can benefit you most as a professional because it gives you more freedom to reuse the experience you gain. GPL is a great license to build communities because it forces you to give back your work. However I like BSD licenses because of their extra freedom. I know that if the code I am exploring is BSD licensed, I might be able to expand not only my skills, but also my programmer toolbox. Whenever I am working for a company, I might recall that something similar was done in another project and I will be able to copy or imitate certain part of the code. I know that there are religious wars regarding GPL vs BSD and it is not my intention to start one. Probably many companies already take snipsets from GPL projects anyway. I just want to insist in the factor of professional enrichment. I do not intend to discriminate any license. I said I prefer BSD licenses but I also use Linux because the user base is bigger and also the market demand.

    Read the article

  • Java-Eclipse-Spring 3.1 - the fastest way to get familiar with this set

    - by Leron
    I, know almost all of you at some point of your life as a programmer get to the point where you know (more or less) different technologies/languages/IDEs and a times come when you want to get things together and start using them once - more efficient and second - more closely to the real life situation where in fact just knowing Java, or some experience with Eclipse doesn't mean nothing, and what makes you a programmer worth something is the ability to work with the combination of 2 or more combinations. Having this in mind here is my question - what do you think is the optimal way of getting into Java+Eclipse+Spring3.1 world. I've read, and I've read a lot. I started writing real code but almost every step is discovering the wheel again and again, wondering how to do thing you know are some what trivial, but you've missed that one article where this topic was discussed and so on. I don't mind for paying for a good tutorial like for example, after a bit of research I decided that instead of losing a lot of time getting the different parts together I'd rather pay for the videos in http://knpuniversity.com/screencast/starting-in-symfony2-tutorial and save myself a lot of time (I hope) and get as fast as possible to writing a real code instead of wondering what do what and so on. But I find it much more difficult to find such sources of info especially when you want something more specific as me and that's the reason to ask this question. I know a lot of you go through the hard way, and I won't give up if I have to do the same, but to be honest I really hope to get post with good tutorials on the subject (paid or not) because in my situation time is literally money. Thanks Leron

    Read the article

  • Learning libraries without books or tutorials

    - by Kawili-wili
    While many ask questions about where to find good books or tutorials, I'd like to take the opposite tack. I consider myself to be an entry-level programmer ready to move up to mid-level. I have written code in c, c++, c#, perl, python, clojure, vb, and java, so I'm not completely clueless. Where I see a problem in moving to the next level is learning to make better use of the literally hundreds upon hundreds of libraries available out there. I seem paralyzed unless there is a specific example in a book or tutorial to hand-hold me, yet I often read in various forums where another programmer attempts to assist with a question. He/she will look through the docs or scan the available classes/methods in their favorite IDE and seem to grok what's going on in a relatively short period of time, even if they had no previous experience with that specific library or function. I yearn to break the umbilical chord of constantly spending hour upon hour searching and reading, searching and reading, searching and reading. Many times there is no book or tutorial, or if there is, the discussion glosses over my specific needs or the examples shown are too far off the path for the usage I had in mind or the information is outdated and makes use of deprecated components or the library itself has fallen out of mainstream, yet is still perfectly usable (but no docs, books, or tutorials to hand-hold). My question is: In the absence of books or tutorials, what is the best way to grok new or unfamiliar libraries? I yearn to slicken the grok path so I can get down to the business of doing what I love most -- coding.

    Read the article

  • What is your personal approach/take on commenting?

    - by Trae
    Duplicate What are your hard rules about commenting? A Developer I work with had some things to say about commenting that were interesting to me (see below). What is your personal approach/take on commenting? "I don't add comments to code unless its a simple heading or there's a platform-bug or a necessary work-around that isn't obvious. Code can change and comments may become misleading. Code should be self-documenting in its use of descriptive names and its logical organization - and its solutions should be the cleanest/simplest way to perform a given task. If a programmer can't tell what a program does by only reading the code, then he's not ready to alter it. Commenting tends to be a crutch for writing something complex or non-obvious - my goal is to always write clean and simple code." "I think there a few camps when it comes to commenting, the enterprisey-type who think they're writing an API and some grand code-library that will be used for generations to come, the craftsman-like programmer that thinks code says what it does clearer than a comment could, and novices that write verbose/unclear code so as to need to leave notes to themselves as to why they did something."

    Read the article

  • Are certain open-source licenses more suitable than others for career growth?

    - by Francisco Garcia
    As a software engineer/programmer myself, I love the possibility to download the code and learn from it. However building software is what brings food to my table. I have doubts regarding the type of license I should use for my own personal projects or when picking up one project to learn from. There are already many questions about licenses on Stackoverflow, but I would like to make this one much more specific. If your main profession and way of living is building software: which type of license do you find more useful for you? And I mean, the license that can benefit you most as a professional because it gives you more freedom to reuse the experience you gain. GPL is a great license to build communities because it forces you to give back your work. However I like BSD licenses because of their extra freedom. I know that if the code I am exploring is BSD licensed, I might be able to expand not only my skills, but also my programmer toolbox. Whenever I am working for a company, I might recall that something similar was done in another project and I will be able to copy or imitate certain part of the code. I know that there are religious wars regarding GPL vs BSD and it is not my intention to start one. Probably many companies already take snipsets from GPL projects anyway. I just want to insist in the factor of professional enrichment. I do not intend to discriminate any license. I said I prefer BSD licenses but I also use Linux because the user base is bigger and also the market demand.

    Read the article

  • Resources and techniques/methods for SCJP preparation ?

    - by BenoitParis
    I am passing the SCJP 6 exam in a month. I have the "SCJP Sun Certified Programmer for Java 6 Exam 310-065" book. It seems great for the exam. But I want your advice on this. Getting the closest possible to 100% would be great. I have found a site that answered some of the questions you ask yourself when you go trough the book. Here is it : http://www.janeg.ca/java2.html As you can see it was written for Java 2 :/ I have written another specific question here on StackOverflow about the usefulness of JVM specification and Java compiler code for the SCJP. Will Update the results here. Here it is. Please share the resources you used in preparing the exam. Please also specify any resources that you think might help. Any type of resource is welcome: books, code, specs, sites, wikies, papers, online tests, grandmas... Please also share on any method/technique that helped you prepare the exam. Please also comment on the return you got from the resource and the method (for the learning process and for points in the exam) I'll begin: Book : "SCJP Sun Certified Programmer for Java 6 Exam 310-065". Seems like the official book for the preparation. Technique : Writing code in a text editor and compiling it with javac to test a question. NO IDEs! It helps you get a a straight answer to a question you have. It helps you pay attention to every word in the code (and this is very important in the SCJP) EDIT: Added dimension: Are there good, up-to-date online tests?

    Read the article

  • Can Haskell's monads be thought of as using and returning a hidden state parameter?

    - by AJM
    I don't understand the exact algebra and theory behind Haskell's monads. However, when I think about functional programming in general I get the impression that state would be modelled by taking an initial state and generating a copy of it to represent the next state. This is like when one list is appended to another; neither list gets modified, but a third list is created and returned. Is it therefore valid to think of monadic operations as implicitly taking an initial state object as a parameter and implicitly returning a final state object? These state objects would be hidden so that the programmer doesn't have to worry about them and to control how they gets accessed. So, the programmer would not try to copy the object representing the IO stream as it was ten minutes ago. In other words, if we have this code: main = do putStrLn "Enter your name:" name <- getLine putStrLn ( "Hello " ++ name ) ...is it OK to think of the IO monad and the "do" syntax as representing this style of code? putStrLn :: IOState -> String -> IOState getLine :: IOState -> (IOState, String) main :: IOState -> IOState -- main returns an IOState we can call "state3" main state0 = putStrLn state2 ("Hello " ++ name) where (state2, name) = getLine state1 state1 = putStrLn state0 "Enter your name:"

    Read the article

  • In need of a Smarter Environmental Package Configuration

    - by Jeremy Liberman
    I am trying to set up a package template in SSIS, following the Wrox Programmer to Programmer book, SQL Server 2008 Integration Services: Problem - Design - Solution. I'm really liking this book even though it is 2008 and we're using SQL Server 2005. I've got a working package template that uses an Indirect XML package configuration to identify what environment (local developer, dev, QA, production, etc) the package is being run in. That locates the SQL Server package configuration for the environment. That set-up is great and all except for the environment variable at the very front of it all. My team would prefer it if the package could use the same environment resource locator as all our other applications and tools use, so we don't two environment markers with essentially the same information in them. Normally we look up a registry key in HKey_Local_Machine but the Registry Package Configuration type only lets you look up the HKey_Current_User registries. My first thought was to write a new Package Configuration Type class that extends the Registry type; after all we'd had such luck writing our own custom log provider. SSIS is super extendable, right? So there doesn't seem to be a way to write your own Package Configuration Types. Is there still some way I can configure my SSIS SQL Server package configuration from a HKLM registry key connection string? If this is not possible, what other workarounds are available? My idea is to write a PowerShell script that will create/modify the Environment Variable that the package will use by fetching the connection string from the registry. This way there's still two markers, but at least then it's automatically maintained and automated. Is this kind of workaround necessary? Thank you for your time.

    Read the article

  • Oauth for Google API example using Python / Django

    - by DrDee
    Hi, I am trying to get Oauth working with the Google API using Python. I have tried different oauth libraries such as oauth, oauth2 and djanog-oauth but I cannot get it to work (including the provided examples). For debugging Oauth I use Google's Oauth Playground and I have studied the API and the Oauth documentation With some libraries I am struggling with getting a right signature, with other libraries I am struggling with converting the request token to an authorized token. What would really help me if someone can show me a working example for the Google API using one of the above-mentioned libraries. EDIT: My initial question did not lead to any answers so I have added my code. There are two possible causes of this code not working: 1) Google does not authorize my request token, but not quite sure how to detect this 2) THe signature for the access token is invalid but then I would like to know which oauth parameters Google is expecting as I am able to generate a proper signature in the first phase. This is written using oauth2.py and for Django hence the HttpResponseRedirect. REQUEST_TOKEN_URL = 'https://www.google.com/accounts/OAuthGetRequestToken' AUTHORIZATION_URL = 'https://www.google.com/accounts/OAuthAuthorizeToken' ACCESS_TOKEN_URL = 'https://www.google.com/accounts/OAuthGetAccessToken' CALLBACK = 'http://localhost:8000/mappr/mappr/oauth/' #will become real server when deployed OAUTH_CONSUMER_KEY = 'anonymous' OAUTH_CONSUMER_SECRET = 'anonymous' signature_method = oauth.SignatureMethod_HMAC_SHA1() consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY, secret=OAUTH_CONSUMER_SECRET) client = oauth.Client(consumer) request_token = oauth.Token('','') #hackish way to be able to access the token in different functions, I know this is bad, but I just want it to get working in the first place :) def authorize(request): if request.GET == {}: tokens = OAuthGetRequestToken() return HttpResponseRedirect(AUTHORIZATION_URL + '?' + tokens) elif request.GET['oauth_verifier'] != '': oauth_token = request.GET['oauth_token'] oauth_verifier = request.GET['oauth_verifier'] OAuthAuthorizeToken(oauth_token) OAuthGetAccessToken(oauth_token, oauth_verifier) #I need to add a Django return object but I am still debugging other phases. def OAuthGetRequestToken(): print '*** OUTPUT OAuthGetRequestToken ***' params = { 'oauth_consumer_key': OAUTH_CONSUMER_KEY, 'oauth_nonce': oauth.generate_nonce(), 'oauth_signature_method': 'HMAC-SHA1', 'oauth_timestamp': int(time.time()), #The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT. 'scope': 'https://www.google.com/analytics/feeds/', 'oauth_callback': CALLBACK, 'oauth_version': '1.0' } # Sign the request. req = oauth.Request(method="GET", url=REQUEST_TOKEN_URL, parameters=params) req.sign_request(signature_method, consumer, None) tokens =client.request(req.to_url())[1] params = ConvertURLParamstoDictionary(tokens) request_token.key = params['oauth_token'] request_token.secret = params['oauth_token_secret'] return tokens def OAuthAuthorizeToken(oauth_token): print '*** OUTPUT OAuthAuthorizeToken ***' params ={ 'oauth_token' :oauth_token, 'hd': 'default' } req = oauth.Request(method="GET", url=AUTHORIZATION_URL, parameters=params) req.sign_request(signature_method, consumer, request_token) response =client.request(req.to_url()) print response #for debugging purposes def OAuthGetAccessToken(oauth_token, oauth_verifier): print '*** OUTPUT OAuthGetAccessToken ***' params = { 'oauth_consumer_key': OAUTH_CONSUMER_KEY, 'oauth_token': oauth_token, 'oauth_verifier': oauth_verifier, 'oauth_token_secret': request_token.secret, 'oauth_signature_method': 'HMAC-SHA1', 'oauth_timestamp': int(time.time()), 'oauth_nonce': oauth.generate_nonce(), 'oauth_version': '1.0', } req = oauth.Request(method="GET", url=ACCESS_TOKEN_URL, parameters=params) req.sign_request(signature_method, consumer, request_token) response =client.request(req.to_url()) print response return req def ConvertURLParamstoDictionary(tokens): params = {} tokens = tokens.split('&') for token in tokens: token = token.split('=') params[token[0]] = token[1] return params

    Read the article

  • How can I use WCF with only basichttpbinding, SSL and Basic Authentication in IIS?

    - by Tim
    Hello, Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only BasicHttpBinding-binding? (I can’t use the wsHttpBinding-binding) The site is hosted on IIS 7, with the following authentication set up: - Anonymous access: off - Basic authentication: on - Integrated Windows authentication: off !! Service Config: <services> <service name="NameSpace.SomeService"> <host> <baseAddresses> <add baseAddress="https://hostname/SomeService/" /> </baseAddresses> </host> <!-- Service Endpoints --> <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://hostname/SomeMethodName/1" contract="NameSpace.ISomeInterfaceService" name="Default" /> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpsGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> <exceptionShielding/> </behavior> </serviceBehaviors> </behaviors> I tried 2 types of bindings with two different errors: 1 - IIS Error: 'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https]. <bindings> <basicHttpBinding> <binding> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> 2 - IIS Error: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. <bindings> <basicHttpBinding> <binding> <security mode="Transport"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> Does somebody know how to configure this correctly? (if possible?)

    Read the article

  • Spring Security Configuration Leads to Perpetual Authentication Request

    - by Sammy
    Hello, I have configured my web application with the following config file: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" /> <!-- Filter chain; this is referred to from the web.xml file. Each filter is defined and configured as a bean later on. --> <!-- Note: anonumousProcessingFilter removed. --> <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/**" filters="securityContextPersistenceFilter, basicAuthenticationFilter, exceptionTranslationFilter, filterSecurityInterceptor" /> </security:filter-chain-map> </bean> <!-- This filter is responsible for session management, or rather the lack thereof. --> <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> <property name="securityContextRepository"> <bean class="org.springframework.security.web.context.HttpSessionSecurityContextRepository"> <property name="allowSessionCreation" value="false" /> </bean> </property> </bean> <!-- Basic authentication filter. --> <bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> </bean> <!-- Basic authentication entry point. --> <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint"> <property name="realmName" value="Ayudo Web Service" /> </bean> <!-- An anonymous authentication filter, which is chained after the normal authentication mechanisms and automatically adds an AnonymousAuthenticationToken to the SecurityContextHolder if there is no existing Authentication held there. --> <!-- <bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentication.AnonymousProcessingFilter"> <property name="key" value="ayudo" /> <property name="userAttribute" value="anonymousUser, ROLE_ANONYMOUS" /> </bean> --> <!-- Authentication manager that chains our main authentication provider and anonymous authentication provider. --> <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider" /> <ref local="inMemoryAuthenticationProvider" /> <!-- <ref local="anonymousAuthenticationProvider" /> --> </list> </property> </bean> <!-- Main authentication provider; in this case, memory implementation. --> <bean id="inMemoryAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="propertiesUserDetails" /> </bean> <security:user-service id="propertiesUserDetails" properties="classpath:operators.properties" /> <!-- Main authentication provider. --> <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService" /> </bean> <!-- An anonymous authentication provider which is chained into the ProviderManager so that AnonymousAuthenticationTokens are accepted. --> <!-- <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider"> <property name="key" value="ayudo" /> </bean> --> <bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource" ref="dataSource" /> </bean> <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> <property name="accessDeniedHandler"> <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl" /> </property> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="securityMetadataSource"> <security:filter-security-metadata-source use-expressions="true"> <security:intercept-url pattern="/*.html" access="permitAll" /> <security:intercept-url pattern="/version" access="permitAll" /> <security:intercept-url pattern="/users/activate" access="permitAll" /> <security:intercept-url pattern="/**" access="isAuthenticated()" /> </security:filter-security-metadata-source> </property> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="accessDecisionManager" /> </bean> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.web.access.expression.WebExpressionVoter" /> </list> </property> </bean> As soon as I run my application on tomcat, I get a request for username/password basic authentication dialog. Even when I try to access: localhost:8080/myapp/version, which is explicitly set to permitAll, I get the authentication request dialog. Help! Thank, Sammy

    Read the article

  • Interesting issue with WCF wsHttpBinding through a Firewall

    - by Marko
    I have a web application deployed in an internet hosting provider. This web application consumes a WCF Service deployed at an IIS server located at my company’s application server, in order to have data access to the company’s database, the network guys allowed me to expose this WCF service through a firewall for security reasons. A diagram would look like this. [Hosted page] --- (Internet) --- |Firewall <Public IP>:<Port-X >| --- [IIS with WCF Service <Comp. Network Ip>:<Port-Y>] link text I also wanted to use wsHttpBinding to take advantage of its security features, and encrypt sensible information. After trying it out I get the following error: Exception Details: System.ServiceModel.EndpointNotFoundException: The message with To 'http://<IP>:<Port>/service/WCFService.svc' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Check that the sender and receiver's EndpointAddresses agree. Doing some research I found out that wsHttpBinding uses WS-Addressing standards, and reading about this standard I learned that the SOAP header is enhanced to include tags like ‘MessageID’, ‘ReplyTo’, ‘Action’ and ‘To’. So I’m guessing that, because the client application endpoint specifies the Firewall IP address and Port, and the service replies with its internal network address which is different from the Firewall’s IP, then WS-Addressing fires the above message. Which I think it’s a very good security measure, but it’s not quite useful in my scenario. Quoting the WS-Addressing standard submission (http://www.w3.org/Submission/ws-addressing/) "Due to the range of network technologies currently in wide-spread use (e.g., NAT, DHCP, firewalls), many deployments cannot assign a meaningful global URI to a given endpoint. To allow these ‘anonymous’ endpoints to initiate message exchange patterns and receive replies, WS-Addressing defines the following well-known URI for use by endpoints that cannot have a stable, resolvable URI. http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous" HOW can I configure my wsHttpBinding Endpoint to address my Firewall’s IP and to ignore or bypass the address specified in the ‘To’ WS-Addressing tag in the SOAP message header? Or do I have to change something in my service endpoint configuration? Help and guidance will be much appreciated. Marko. P.S.: While I find any solution to this, I’m using basicHttpBinding with absolutely no problem of course.

    Read the article

< Previous Page | 76 77 78 79 80 81 82 83 84 85 86 87  | Next Page >