J2EE web tier Authentication/Authorization delegated to servlet??
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Achilleus_Mantzios
Posted On:   Monday, October 10, 2005 04:03 AM

By mistake i sent this question again but with garbled html output. Admin please remove that previous one if you wish. This is the one to keep. Thanx. Hi, Thats how the issue arose: The whole system is generally based on jboss 3 with jetty and postgresql 7.4. I needed to find a way so that some browser end user could choose between a set of images stored in his local client and upload them to the server. The point here is that a key requirement is that the user must be able to *view* the images, click on the one he wants and upload it to the server.    More>>




			
				
By mistake i sent this question again but with
garbled html output. Admin please remove that previous one
if you wish. This is the one to keep.
Thanx.





			
Hi,

Thats how the issue arose:

The whole system is generally based on jboss 3
with jetty and postgresql 7.4.

I needed to find a way so that some browser end user
could choose between a set of images stored in his local
client and upload them to the server.

The point here is that a key requirement is that
the user must be able to *view* the images,
click on the one he wants and upload it to the server.

I tried to do that with the traditional way:
multipart/form-data enctype method, and
a selvlet doing the RFC1867 decoding.
But i just couldn't display the images
from the local file system! (due to the
inherent mozilla (or any browser)
security reasons)

I tried doing it with signed javascript,
but, i couldn't *set* the value of the
type="file" field. And i really tried hard
with this one.

I finally managed to do the image viewing part
with a signed applet.
But i still couldn't set the type="file" field of the upload multipart/form-data form at all.

So i ended up of thinking of doing it
with the applet doing the SQL instead
of doing javascript form-field filling,
or doing HTTP calls.
But i didnt like it either, since it would
break the general set-up of having
one 2 tier server (ejbs and/or pgsql and servlets/JSPs), and thin browsers only.

So i thought of having the applet, building the upload form, doing
the http multipart/form-data encoding
and POSTing.

Which leads to the final question.

An applet in a HTML page coming from an *authorized*
web-resource, has any way of knowing that it is actually authorized?
I mean read some cookies from the browser or something
similar ,
that will inform the server that this applet
is an autorized web client?

To make things worse, for WEB tier, we use form-based
authentication, in a corporate VPN.

Any ideas, clues are welcome.
   <<Less

Re: J2EE web tier Authentication/Authorization delegated to servlet??

Posted By:   Achilleus_Mantzios  
Posted On:   Monday, October 10, 2005 04:18 AM

2nd mistake from my part in a row...


This must not be my day.

Substitute "delegated to servlet" with

"delegated to Applet".



Sorry.
About | Sitemap | Contact