Back to Monkton

Rebar Android Data in Transit

Monkton, Inc. 2018

Part of Rebar's compliance with NIAP and other associated security profiles is adherence to the API Boundary for Data in Transit (DIT). DIT compliance for the app is achieved by leveraging Rebar's network interfaces.

We take a slight break in mimicking built in functionality for Android at this time, though it will be reintroduced in the future.

Web Service Configuration

Rebar's io.monkton.rebar.wrapper.RestfulWrapper relies on interacting with the Rebar Middleware. The Rebar Middleware acts as a secure proxy to backend web services within your system, leveraging authentication mechanisms like JWT.

The middleware allows you to define web service connections to backend systems. Those hooks can be accessed within your app with the RestfulWrapper class by simply calling the Web API methods.

The RestfulWrapper class provides common functionality like post, put, and get you'd expect for HTTP calls.

Leveraging RestfulWrapper

RestfulWrapper encapsulates all the functionality necessary to make secure HTTPS calls over TLS using NIAP compliant algorithms. The implementation ensures that simple calls are necessary to invoke server API methods.

The RestfulWrapper is intended to be used with the Rebar's API Endpoint for APIs.

With the API Endpoints, all that needs to be specified as the URL value is the Usable API Path from the Endpoint screen.

class RebarAppWrapper : RestfulWrapper() {	

	/**
		Perform a server GET
	*/
	func myGet(): ServiceResult {
		return get("api/demoapp/my-get-method", nil);
	}
	
	/**
		Perform a server PUT
	*/	
    fun myPut(context: Context): ServiceResult {
        return put(context, "api/demoapp/my-put-method", RestfulWrapper.MIME_TYPE_JSON, null, null)
    }
	
	/**
		Perform a server POST
	*/
	func myCreate(email: String!, password: String?, fullName: String?) {
		val credentials = JSONObject()
				
        return put(context, "api/demoapp/add-some-account", RestfulWrapper.MIME_TYPE_JSON, null, credentials)
	}
	
}

Invoking a Wrapper Class

Rebar's HTTPS wrapper is meant to be simple to develop against. Rebar expects most requests to be JSON data, thus the getJson methods for the ServiceResult class which returns a JSONObject object. Developers are expected to make RestfulWrapper calls wrapped in Android Loaders to facilitate transactions with backend resources.

class AppActionLoader(context: Context) : AsyncTaskLoader<JSONDataResult>(context) {

       override fun loadInBackground(): JSONDataResult {
        val reg = RebarAppWrapper()

        val result = reg.myGet()

        return JSONDataResult(result)
    }
}

After the result is returned, developers should always check for errors that may have occurred during the request.

    override fun onLoadFinished(loader: Loader<JSONDataResult>, result: JSONDataResult) {

        // Restart now
        this.loaderManager.restartLoader(REQUESTED_LOADER, null, this)

        // Can we process this request?
        if (result.wasSuccessful() && !result.hadError()) {
            // Continue with login
            AppController.instance.continueWithLogin(this, result.dataAsMap!!)
        }
        else {
        	// Handle the error
        	var errorHandled = result.getError();
        }

    }