castle / castle-java Goto Github PK
View Code? Open in Web Editor NEWJava bindings for Castle
Home Page: https://castle.io
License: MIT License
Java bindings for Castle
Home Page: https://castle.io
License: MIT License
Sending "include": "timestamps"
in authenticate request bodies results additional info in the response, for example:
{
"action": "deny",
"user_id": "1234",
"device_token": "5678",
"created_at": "2019-02-14T02:43:53.405Z",
"last_seen_at": "2019-03-06T01:55:51.839Z",
"approved_at": null,
"escalated_at": "2019-02-26T10:12:43.836Z",
"mitigated_at": null
}
I understand these were introduced experimentally, however they are quite useful for measuring timing, and aid in tracking things on the client side.
We use Spring and it would be good to have a way to programmatically create the client instance.
We don't want for example to use the CASTLE_SDK_API_SECRET
env to configure the sdk, we have our own configuration provider for that.
It could be something like this:
CastleSdk.builder()
.withApiSecret("XXX")
.withAppId("YYY")
.build();
When manually setting the value for User Agent and Client Id, our SDK only supports String types. However, our docs recommend setting the values to Boolean False if those values on not available.
We need to add support for manually setting both String and Boolean values for User Agent and Client ID
The guava library version is 23, and this only supports java 8.
A switch to version 'com.google.guava:guava:jar:23.0-android' should be done to be compatible with java 7.
Add support for custom authenticate and track payloads. Add methods buildTrackRequest(CastleMessage request)
, sendTrackRequest(JsonElement request)
, buildAuthenticateRequest(CastleMessage request)
, sendAuthenticateRequest(JsonElement request)
.
Build methods are used to get the standard payload json object, which can be expanded with custom fields. The JsonElement is then sent using the send methods.
Reported by Anders:
If an async callback is sent to "track" but "doNotTrack" is set to "true" then async callback will never be called and thus never complete. This is because of the "return" that probably should be a "asyncCallbackHandler.onResponse(true)". But I guess it has to do with how you interpret "doNotTrack", is it a no-operation call that should not trigger callbacks or is it a mocked "all is good call".
public void track(String event, @Nullable String userId, @Nullable String reviewId, @Nullable Object properties, @Nullable Object trait, AsyncCallbackHandler<Boolean> asyncCallbackHandler) {
Preconditions.checkNotNull(event);
if (doNotTrack) {
return;
}
These tests are found flaky:
io.castle.client.model.CastleContextTest.minimalContextAsJson
io.castle.client.model.CastleDeviceTest.fullBuilderJson
io.castle.client.model.CastleDeviceTest.jsonSerialized
io.castle.client.model.CastleMessageTest.fullBuilderJson
io.castle.client.model.CastleMessageTest.jsonSerialized
io.castle.client.model.CastleMessageTest.properties
io.castle.client.model.CastleUserAddressTest.jsonSerialized
io.castle.client.model.CastleUserDeviceContextTest.fullBuilderJson
io.castle.client.model.CastleUserDevicesTest.fullBuilderJson
io.castle.client.model.CastleUserDeviceTest.fullBuilderJson
io.castle.client.model.CastleUserDeviceTest.jsonSerialized
io.castle.client.model.CastleUserTest.jsonSerialized
io.castle.client.model.DeviceUserAgentTest.fullBuilderJson
when running mvn -pl ./ edu.illinois:nondex-maven-plugin:1.1.2:nondex -Dtest=TESTNAME
.
Here is an example of the error log:
[ERROR] Failures:
[ERROR] CastleMessageTest.fullBuilderJson:72 expected:<"{"[created_at":"2018-01-01","timestamp":"2018-01-01","device_token":"1234","event":"event","properties":{"key":"val"},"review_id":"2345","user_id":"3456","user_traits":{"key":"val"}]}"> but was:<"{"[user_id":"3456","user_traits":{"key":"val"},"timestamp":"2018-01-01","review_id":"2345","properties":{"key":"val"},"event":"event","device_token":"1234","created_at":"2018-01-01"]}">
After taking a closer look, I found the problems could be using gson.tojsontree()
, it produces non-deterministic like above for each NonDex
run. I would recommend sort or using other serialize strategies, or change the test method instead of using simply equals()
to avoid flaky tests.
Our new APIs allow Admins to directly approve and report a device with a device token, not need to collect the request context. However, these APIs, included the Device fetching API, are not available via our SDK.
Can we add methods to the SDK that can handle these three APIs:
GET https://api.castle.io/v1/users/{user-id}/devices
PUT https://api.castle.io/v1/devices/{device_token}/approve
PUT https://api.castle.io/v1/devices/{device_token}/report
PUT https://api.castle.io/v1/users/{user_id}/archive_devices
See more on each API here: https://castle.io/docs/device_management_tool
Was looking to replace the generic CastleMessage and CastleResponse with the Log/Filter/Risk FilterResponse/RiskResponse models. Risk seems ok but Log and Filter are missing required status values that we use.
According to Castle api docs.
Log.StatusEnum should have "$requested" as an option (for challenge)
Filter.StatuesEnum should have "$attempted" as an option
See
Castle Api docs
https://reference.castle.io/#operation/log
https://reference.castle.io/#operation/filter
My hypothesis is when the Castle jdk is added to a repo using okhttp
3.4.1
, since the pom.xml
defines the minimum version as 3.13.1
it does not update okhttp
.
However, 3.4.1
is actually an older version than 3.13.1
as illustrated here.
This causes a compilation error as this jdk references TLSv1.3 here, which exists in 3.13.1
as we can see here, but not in 3.4.1
as we can see here.
Team noticed several Null pointer exceptions being thrown by the Castle SDK.
java.lang.NullPointerException: null
at io.castle.client.internal.backend.OkRestApiBackend.sendAuthenticateSync(OkRestApiBackend.java:67)
at io.castle.client.internal.CastleApiImpl.authenticate(CastleApiImpl.java:82)
May be caused when user_id is not available in the following call:
final String userId = ((JsonObject) payloadJson).get(“user_id”).getAsString();
Add internal
field to Verdict class which contains the raw server response as a JsonElement. This can be used to access all fields in the response.
We should offer a simple way to configure the header that should be checked for the true client ip via our SDKs.
For example, in our Java SDK, we automatically set the client ip to the value of REMOTE_ADDRESS
. This is done here:
However, many customers need to change this to X-Forwarded-For
or true-client-ip
for example. It would be great if they could easily change that in a config file
Add CastleApiInternalServerErrorException
and CastleApiTimeoutException
to represent server error and timeout exceptions.
I am getting the following log message for every call to archive a user device.
A connection to https://api.castle.io/ was leaked. Did you forget to close a response body?
The stack trace is:
java.lang.Throwable: response.body().close()
at okhttp3.internal.platform.Platform.getStackTraceForCloseable(Platform.java:143)
at okhttp3.RealCall.captureCallStackTrace(RealCall.java:78)
at okhttp3.RealCall.execute(RealCall.java:66)
at io.castle.client.internal.backend.OkRestApiBackend.sendArchiveUserDevicesRequestSync(OkRestApiBackend.java:274)
at io.castle.client.internal.CastleApiImpl.archiveUserDevices(CastleApiImpl.java:289)
We are using castle-java 1.5.1
Any Plans to Migrate from javax (Java EE 8) to Jakarta namespace (Java EE 9+). The javax packages are now renamed to Jakarta.
We are upgrading our java services to Spring Boot 3 and this is not fully compatible anymore.
To get around it I have had to use custom versions of io.castle.client.Castle
and io.castle.client.internal.utils.CastleContextBuilder
and either replace imports of javax.servlet.http.*
with jakarta.servlet.http.*
. or remove references to javax namespace.
See
https://spring.io/blog/2022/05/24/preparing-for-spring-boot-3-0
Also see that you have an open PR to upgrade to Spring 6.
#122
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.