DDevelopment & Design

NextBeer, a sample OpenApi application for T-Mobile

Last summer I responded to a request for proposal from T-Mobile in Poland. This rather large telco, wanted to share its services in an easy way on-line, so that every little private developer could use them, a bit like Facebook/Amazon does. We got the job, though the news came so late, I had already started another project (for yet another telco), and as an effect, could not participate in the one for T-Mobile.

The project has a fitting name: OpenApi, because that’s what it really is. An open API for everyone who wants to use it. I’ve heard there was an initiative, to build a common API for all telcos, quite a smart move which would ease creating applications even further, but for now it’s custom designed and build.

My friends finished coding a portal for developers, and I was asked to write a sample application. It made a lot of sense to me: the guys deeply in the guts of the system, should not create samples – their perspective is different to real users. I, on the other hand, while knowing what the system is supposed to do (I wrote the proposal together with Piotr Jagielski), haven’t seen in yet.

And so, a sample application was born, created in Grails, though a bit Java-style (I wanted to keep it familiar to all those Java/C# folks, who know no Groovy).

The user story is simple. It’s Friday, late evening, you are sitting in a pub, together with your friends, but the place is going to be closed at 10pm, which is very unfortunate, as the sweet brunette on your right has just noticed your presence.

You need to move the party forward, to another place, so you take your shiny, last-gen iSmartphone from your pants, only to find out its battery has died. Running all those apps of your design was really demanding.

So the sweet brunette on your right, pulls her old, dumb Nokia, and send an sms. Few minutes later she gets one back, with addresses and phone numbers of all the pubs in 3km range. That’s how far she can get on her high hills.

Your party is saved. Your sweet brunette may be truly yours someday. The application which responded to the sms and saved the day, is the sample application I wrote, using OpenAPI and Google Places. It’s called: NextBeer.

One picture is worth thousand words, so here is a sequence diagram for the whole thing.

You can find the code on github: https://github.com/jakubnabrdalik/nextbeer

I won’t go into details, the code is self documenting, and there is even a nice tutorial for all those who know nothing of Grails (though it’s in Polish, as that was the target audience of my example).

If you want to register to OpenAPI, to write your own, go here: https://developers.t-mobile.pl

Hope that saves you a nice brunette one day.

Solution Architect @ TouK

— Previous article

GeeCON 2012 review

Next article —

Zielone biuro

You May Also Like
DDevelopment & Design

Phonegap / Cordova and cross domain ssl request problem on android.

In one app I have participated, there was a use case:
  • User fill up a form.
  • User submit the form.
  • System send data via https to server and show a response.
During development there wasn’t any problem, but when we were going to release production version then some unsuspected situation occurred. I prepare the production version accordingly with standard flow for Android environment:
  • ant release
  • align
  • signing
During conduct tests on that version, every time I try to submit the form, a connection error appear. In that situation, at the first you should check whitelist in cordova settings. Every URL you want to connect to, must be explicit type in: 
res/xml/cordova.xml
If whitelist looks fine, the error is most likely caused by inner implementation of Android System. The Android WebView does not allow by default self-signed SSL certs. When app is debug-signed the SSL error is ignored, but if app is release-signed connection to untrusted services is blocked.



Workaround


You have to remember that secure connection to service with self-signed certificate is risky and unrecommended. But if you know what you are doing there is some workaround of the security problem. Behavior of method 
CordovaWebViewClient.onReceivedSslError
must be changed.


Thus add new class extended CordovaWebViewClient and override ‘onReceivedSslError’. I strongly suggest to implement custom onReceiveSslError as secure as possible. I know that the problem occours when app try connect to example.domain.com and in spite of self signed certificate the domain is trusted, so only for that case the SslError is ignored. 

public class MyWebViewClient extends CordovaWebViewClient {

   private static final String TAG = MyWebViewClient.class.getName();
   private static final String AVAILABLE_SLL_CN 
                               = "example.domain.com";

   public MyWebViewClient(DroidGap ctx) {
       super(ctx);
   }

   @Override
   public void onReceivedSslError(WebView view, 
                                  SslErrorHandler handler, 
                                  android.net.http.SslError error) {

       String errorSourceCName = error.getCertificate().
                                  getIssuedTo().getCName();

       if( AVAILABLE_SLL_CN.equals(errorSourceCName) ) {
           Log.i(TAG, "Detect ssl connection error: " + 
                       error.toString() + 
                       „ so the error is ignored”);

           handler.proceed();
           return;
       }

       super.onReceivedSslError(view, handler, error);
   }
}
Next step is forcing yours app to  use custom implementation of WebViewClient. 

public class Start extends DroidGap
{
   private static final String TAG = Start.class.getName();

   @Override
   public void onCreate(Bundle savedInstanceState)
   {
       super.onCreate(savedInstanceState);
       super.setIntegerProperty("splashscreen", R.drawable.splash);
       super.init();

       MyWebViewClient myWebViewClient = new MyWebViewClient(this);
       myWebViewClient.setWebView(this.appView);

       this.appView.setWebViewClient(myWebViewClient);
       
       // yours code

   }
}
That is all ypu have to do if minSdk of yours app is greater or equals 8. In older version of Android there is no class 
android.net.http.SslError
So in class MyCordovaWebViewClient class there are errors because compliator doesn’t see SslError class. Fortunately Android is(was) open source, so it is easy to find source of the class. There is no inpediments to ‘upgrade’ app and just add the file to project. I suggest to keep original packages. Thus after all operations the source tree looks like:

Class SslError placed in source tree. 
 Now the app created in release mode can connect via https to services with self-signed SSl certificates.