I'm working on the applet that reads data files from one specific folder (lets call it 'Data folder'). Number of files and their names can change over time so I don't want to add them rigidly into the code. I would like to be able to list all the files stored in that folder (note: folder is stored on the same server as applet). I tried to do that using Files.walkFileTree method. It worked just fine when I ran it in the Eclipse but I got AccessControlException:
java.security.AccessControlException: access denied ("java.io.FilePermission" "Data folder" "read")
when I tried to run in the browser.
I can see why would jvm want to restrict applets from listing files on local computer but is it possible to list files stored on the server?
You have to distinguish between client side and server side code. Your applet is executed at client side, so it is unable to access the server's file system directly with Files.walkFileTree().
What you can do is to implement a service (like a REST service or a simple servlet) and run it on server side in a Tomcat or Jetty servlet container and then call this service from your applet. But be careful to make your service secure, so that it is not allowed for erveryone to see your server's whole file system.
Related
I'm developing local-only JSP application using Apache Tomcat server. I would like to put a promotion videos on my intro page, but I don't want to move them to webapp folder or anywhere else.
The promotion videos are located:
E:\data\videos\2018...
But writing a JSP/HTML like this wont launch the video, but however it works off-server (launching html from desktop for example, so the path may not be issue?)
<video src="file:///E:/data/videos/2018/promotion1.mp4" controls></video>
Local file links from remote resources are disabled by almost all browsers by default. There are certain possibilities to overcome that, e.g.:
http://kb.mozillazine.org/Links_to_local_pages_do_not_work
https://discourse.mozilla.org/t/opening-links-to-local-files-file/16449/2
To access your static media files from remote page you need to configure your Tomcat server as described here: http://teknosrc.com/access-local-files-static-content-images-videos-media-files-outside-web-application-system-apache-tomcat-server/
solution:
a.) make sure your server is on the same system where the media files are.
b.) If so, you have to create a folder (ex. media) in your application folder inside /src/main/webapp/ and have to put all media files inside a media folder. After that, you can surely access the media files through a server.
Ok, I'm a beginner so this maybe stupid but i afraid that clients can modify static resources (css/javascript files) on server if they can load them directly through URL path (Of course I have to put css/javascript files outside of WEB-INF folder).
If my hypothesis is wrong, could you give me links or quotes to help me expand my knowledge ? Thank you :)
When a user's browser requests resources from your server, they are performing a GET request. This request will not directly change any file on your server. The request will go through your web server and will be processed. In the case of the resources such as css/javascript files, the web server sees the user is requesting the file and sends the contents of the file back. There is no way the user can update the contents of those files on the server unless you write code on the server to allow them to update the files. If the user has direct access to the server via ssh or other protocol and has permissions on the folder that holds the resources, they would be able to change them.
The whole process is much more complex for going through the web server, but for brevity left out here. Here is a good article that explains what really happens when you go to an address in a browser:
https://medium.com/#maneesha.wijesinghe1/what-happens-when-you-type-an-url-in-the-browser-and-press-enter-bb0aa2449c1a
Can any one help me on the following issue. I have index.html file in that
<td><input type="file" id="testsuitepath1" value="testpath"></td>
By using the above line I am able to browse files from my local system path instead of server path. So ,in Servlets is there any way to access the files by clicking on browse button in the server location.
No, not by default. A web server, at least in part, does what you want - it serves files from the server side. But by default it doesn't let you just browse any file nor see all of the files on the server side. You could write a servlet to do this but you need to be careful to not all the client to access sensitive files.
The .html works at client side. That's why you are able to browse files from local system.
A servlet is delpoyed at server side , So a servlet can access files/resources stored in the web-app that is deployed on that server. This is called accessing relative resources.
Moreover, If you want to access the files from the server via browse button then, you should have the access to the network location where the web-app is deployed.
Later, in the filename(browse window) you can search the path of the server.
e.g: \\web-app\file1.jpg
Personally. I think you have a bad software design issue.
I have a web-application that I want to have the ability to read a file from a specific directory on the users PC (and send this file to a remote DB via some REST call) - and vice-versa, get this file from the remote DB and write to the users PC in this specific directory. Besides an Applet, what are some of the more common / secure ways of achieving this?
Unfortunately, this is not possible using a web-application. The browser will not allow this - as it represents a security breach on the client side.
You will need explicit permission from the user to upload a file onto the server - most web-applications use a file upload mechanism - which is a manual process.
You could, however use HTML 5 Web Storage, which is similar to cookies, but allows the browser to store key value pairs.
From what I understand, an applet is a Java program which is run outside of the browser on the client machine - which is therefore able to read / write to the local machine.
Hope this helps.
I have the following problem. In one server, I have a folder /protected/ that requires authentication using a SAML token.
When I try to access resources in this folder, I get redirected to a log-in page first, and after login I can access the resource.
Now, I added a .jnlp file inside the /protected/ folder with all resources required. When I try to access the .jnlp file, I get the login page as expected. After logging in Java Web Start initializes and tries to download the resources.
However, Smart Start fails immediately, complaining that it couldn't parse the .jnlp file. When I look into the debug console, I see that Java downloaded, instead of the jnlp file, the log-in page. So it seems that the Java Web Start application does not share the credentials of the browser, so it requires a new log-in
My identity provider is ZXID, and we are using SAML. I would assume that Java Web Start must somehow use the same SAML token as the browser, right? Is this correct? is it possible?
So far in my investigations, it seems that when the browser finds a .jnlp file, it starts Java immediately and the Java Application will try to download the jnlp, creating this issue. I did find out that the JNLP file must not contain the codebase entry. Otherwise the Java VM will try to re-download the file, but because it is not authenticated it will get the login page.
However, if the JNLP can be read, the resources can not be in the protected area either, because again JWS is not authenticated.
So I guess what is needed is that the JWS VM somehow gets the session id from the browser, so it is considered Authenticated.
Any ideas?
So far, I haven't found a proper solution to this problem. I did the following, and it worked:
Created a protected area on my server, and added a servlet behind it
My servlet creates a JNLP file on the fly, with a session id.
JNLP file is used to download the JARs from a public location
The session id is used by the web start application to load resources from the protected area.