J2EE web tier Authentication/Authorization delegated to servlet??
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Achilleus_Mantzios
Posted On:   Monday, October 10, 2005 03:52 AM

Hi, Thats how the issue arose: The whole system is generally based on jboss 3 with jetty and postgresql 7.4. I needed to find a way so that some browser end user could choose between a set of images stored in his local client and upload them to the server. The point here is that a key requirement is that the user must be able to *view* the images, click on the one he wants and upload it to the server. I tried to do that with the traditional way: multipart/form-data enctype method, and a selvlet doing the RFC1867 decoding. But i just couldn't display the images from the local file system! (due to the inherent mozilla (or an   More>>

Hi,

Thats how the issue arose:

The whole system is generally based on jboss 3
with jetty and postgresql 7.4.

I needed to find a way so that some browser end user
could choose between a set of images stored in his local
client and upload them to the server.

The point here is that a key requirement is that
the user must be able to *view* the images,
click on the one he wants and upload it to the server.

I tried to do that with the traditional way:
multipart/form-data enctype method, and
a selvlet doing the RFC1867 decoding.
But i just couldn't display the images
from the local file system! (due to the
inherent mozilla (or any browser)
security reasons)

I tried doing it with signed javascript,
but, i couldn't *set* the value of the
type="file" field. And i really tried hard
with this one.

I finally managed to do the image viewing part
with a signed applet.
But i still couldn't set the type"file" field of the upload multipart/form-data form at all.

So i ended up of thinking of doing it
with the applet doing the SQL instead
of doing javascript form field filling,
or doing HTTP calls.
But i didnt like it either, since it would
break the general set-up of having
the server, and thin browsers only.

So i thought of having the applet, doing
the http multipart/form-data encoding
and POSTing.

Which leads to the final question.

An applet in a HTML page coming from an *authorized*
web-resource, has any way of knowing this?
I mean read some cookies from the browser or something
similar ,
that will inform the server that this applet
is an autorized web client?

To make things worse for WEB tier, we use form-based
authentication, in a corporate VPN.

Any ideas, clues are welcome.

   <<Less
About | Sitemap | Contact