I am dealing with a corporate web app which cannot be modified. It uses Java applets to hook into smart cards for authentication. All works fine on an open network but this particular site is a secure environment utilising a very locked down proxy which prevents download of JAR files, hence the app doesn't work. For most pages it uses a single applet, so by dropping that JAR in lib/applet it will load it from there instead of downloading.
However on 1 crucial page, 4 JAR files are required for various purposes (they actually are, it's not just Java overload for the sake of it). I put the JAR containing the initially executed applet class into lib/applet and the rest in lib/ext, but the browser/JRE continue to try and download all 4 of them every time.
I can't modify the secure proxy config, or the HTML of the web app. Is there a way I can configure the JRE to always use a local JAR for specific classes?
Thanks in advance.
Sounds like you are hitting the sandbox firewall. The docs state that sandbox applets cannot access client resources:
They cannot access client resources such as the local filesystem,
executable files, system clipboard, and printers.
Since it cannot access local resources, it is trying to get what it needs via network connections to the host it came from (which is its only authorized source).
Getting an applet to access the local filesystem can get complicated if the applet was not loaded from the local filesystem:
Applets that are loaded from the local file system (from a directory in the user's CLASSPATH) have none of the restrictions that applets loaded over the network do.
More info: Applet Security
Hope this helps.
Related
Scenario
I have an application that I have been developing for two years. I use the framework .NET to develop it in a language called Oxygene that comes from Pascal.
When I have something new in my code, I publish my application in File System method. I have a couple servers working on Amazon EC2, so I transfer this files to a folder in my IIS Server. In this IIS Server I already have a website that corresponds to my application, so I just replace the old files for the newest files.
I have another server that works as an SQL server.
Last detail is that in my application the user is able to attach files, import pictures, export PDF and Excel files. Attachments and pictures are stored in the same folder the application is located.
Issue
Here is my problem. I have got a new client that is kind of a big client. It seems like this company has a strong IT security, so the application must be located in their servers.
The big problem is that they required my application to be set in the following architecture:
I am used to only use an app server (works for external access) and a SQL server. They want the third server in DMZ net so they can let external access happen. The reason the application can't be placed in the DMZ is because there are the files I mentioned bellow that the user stores in the application. The database stores all the data, but not those files mentioned.
Solutions I have offered, but won't be accepted:
Publishing the application in a IIS server located in the DMZ: That won't be accepted since my application stores user attachments in the same folder the application is located. There are also images stored there.
Publishing the application in the app server, but also publishing a empty application in the DMZ server redirecting to the IIS server inside the LAN: That's the best solution I have come up.
Using a reverse proxy to protect the LAN Net: This is off the table, since reverse proxy is not safe at all.
I am kind of confused because I can't see a way to separate my application in two to make it work in that suggested architecture.
Can anybody give me a hint or ideas of how this would work?
-
You can't "redirect" to inside the LAN, a redirect is a client-side operation, so if the internal server isn't already exposed, you can't redirect someone to it.
A reverse proxy is likely your best bet. Why do you believe it is not safe? This is a tried-and-true solution, it allows you to leave additional ports/services open to internal requests (like a file server, which it sounds like you are trying to expose).
How are these files getting uploaded? Are you using FTP? SMB? HTTP? This solution will not expose those other protocols to the outside world (please don't expose SMB to the outside, it will result in tragedy). Do the external users need to upload these files?
I've completed a Java project with Hsqldb, the application works fine on my local machine, this is intended to be used as a standalone desktop application on the Windows platform. Please could you suggest any references/documentation on how to go about the deployment processes. Thanks in advance.
For deploying an embedded HSQLDB database, the only thing that can be different on the target is the location of the database files.
You define the directory where files are stored and it should be a writable directory. In this case, define the path and use it as an absolute path (which includes the drive name if any) to connect to HSQLDB.
You can also define the database connection URL to contain the user home directory path. This allows storing the database is a subdirectory of the user's home directory. See http://hsqldb.org/doc/2.0/guide/dbproperties-chapt.html#dpc_variables_url
This is not really a programming question, except that the answer may be that I need to program it myself. We have a JBoss deployment, and we want to be able to access the filesystem of the server as the running jboss user with the web browser. Is there an off the shelf Java webapp (.war) that will allow this? I know of the security issues, this is an internal server.
I have a dll i created that gets the excel object on users computer(if excel is installed) and has a handful of availalbe functions. I made a reverence to the dll in a Web Application. When I test this using the local host it works. If I deploy this on a Web Server will it still work or will it try to find the excel application on the server?
Without seeing your code I can only offer a guess, and my guess is that it will search the server and not the users computer.
You can probably use ActiveX to call Excel from the users computer, but that would only work in IE. I'm not sure who your audience is, but I needed similar functionality for the company I used to work for. For that I made a program that was installed to all users computers and then we used a custom http protocol that would open up programs on the client machine through a hyperlink. Doing it this way is cross browser compatible.
I'm trying to access local file system from Flex web application.
I know it is pretty difficult, but I think there must be a way. Is there a way that Flex app can use AIR components or maybe web application can call some AIR module in order to choose files and upload?
There is no direct way that a web based Flex/Flash application can access AIR based APIs. They aren't built into the Flash Player, but are rather extensions built into the AIR runtime. You can't access them directly because they aren't there.
If you have an AIR app installed on the user's local machine you can, in theory, use that app as a proxy with localConnection. That way the AIR app can access the file system directly, triggered by the browser based app. I'm not sure how user interaction would work, though.
If you have server software installed on the client machine, you can trigger file processing commands from Flex using RmoteObject/HTTPService/WebService commands. This wouldn't give the user any interaction ability and is not usually practical unless you have strong control over your client machines.
Either approach would present an app installation nightmare; which almost defeats the purpose of a browser based app in the first place.
You can use FileReference's methods to ask user to select files to open (load into flash, upload into server) or save (from server or bytes from flash).