I am currently coding a program using the language JSP. I was wondering if/how you would restrict the directories a File Open dialogue box can browse, for instance:
The default directory is in C:/userFiles/username/ I want the user to be able to browse files in that /username/ directory, or directories within that directory, but not any directories above like C:/, or C:/userFiles. I have done some research, and I could not come across an answer. Is this possible with JSP, HTML, or Java and if so, how would I do it? I would prefer JSP or HTML.
Additional Info:
The dialogue box would browse files on a remote server, not on the user's computer.
The File Open dialog is on the client machine and is part of the operating system. You cannot change its behaviour.
In order to list files on a SERVER you would not use a File Open dialog, you'd be turning the list of files into HTML and serving that to the browser. Since you're the one writing the server-side code, you are ALREADY the one in control over which files make it into that list in the first place.
Saying you'd prefer "JSP or HTML" is a pretty good indicator that you don't fully understand the client-server relationship of the web.
Related
I have a set of help files for my SWT application that I have open in-application using the Browser control. Navigation through the help files is done through hyperlinks of relative pathnames (i.e: <a href="aboutUs.htm">, so only one html file is actually opened by java code, helpHome.htm. I am opening this using String homeURL = this.getClass().getResource("/help/helpHome.htm").toString(); and browser.setURL(homeURL); This works beautifully when I'm just debugging it in Eclipse. Unfortunately, when I move the project into a .jar, the browser gives the standard "can't find this webpage" error. I've tried using the browser.setText(String); function as described in this link, which works for helpHome.htm, but when I click a hyperlink, it brings me to a blank page displaying the relative pathname. Is there a way to convince browser to open an html file from an executable jar using the setURL(String) method? If not, are there any suggested workarounds for me to achieve similar results?
Thanks in advance!!
You have to start an internal Server as explained here on any available port on your application start up and make your html files available as static resources to the server.
Then set the browser.setURL(homeURL). All the subsequent hyperlinks will now point to the server, which knows how to serve the requested resources.
The hyperlinks are resolved to File System Path (Ex. file://C:\workspace....) while you are running or debugging your application in eclipse and things were working fine then. But that is not the case when you run your app from a runnable jar.
This was a question about testing file upload functionality using a local java server on Windows 7 platform. Since the question evolved with Marko's input, I have edited it, so that those who run into the same challenge do not waste time on evolution details and reach conclusions sooner.
The challenge was to direct uploaded file to a folder outside of the WAR structure and successfully read it from there. For example: upload an image into c:/tmp/ and then redirect to a confirmation page that displays the image <img src="c:/tmp/test.jpg" />. The upload worked but image would not be displayed. And based on Marko's input, this makes sense because browser sitting at localhost will refuse to load anything from local disk structure using c:. Maybe these are security considerations similar to those with file input control where we cannot set a default path...
The following tag will work in a locally created .html file but when pasted into a jsp, it won't work. And the difference is that browser uses localhost to get to the jsp.
<img src="c:/tmp/test.jpg" />
Solutions
I think that Marko's answer pretty much defines what needs to be done. While I didn't go with that approach, it clearly is the better way to do it and I will accept that as the answer. Thanks, Marko!
For those who don't want to bother installing a Web server and are willing to live with a bit of a hack, here's what I have done. Again, I didn't want to upload files into my WAR structure because I would then need to remember about clearing that folder before deploying to the server. But that upload folder still needs to be accessible, so I simply created another dummy project and put that upload folder under its WebContent. This works for the purposes of my local testing. The only nuisance is that after uploading a file, I need to refresh the dummy project's WebContent in Eclipse.
config.properties
#for uploading files
fileUploadDirectory=C:/javawork/modelsite/tmp/WebContent
#for building html links
publicFileServicePrefix=http://localhost:8080/tmp
<img src="http://localhost:8080/tmp/test.jpg" /> // this works - tmp is the name of my dummy project.
If you are citing literally the HTML that goes to the browser (the one that you access via "vieew source") then this has nothing to do with Java. The browser is the one who interprets these links. If they fail to load, the problem is in the browser/file system.
UPDATE
According to the results of your additional diagnostics, I conclude that the browser (sensibly!) refuses to load anything from your local disk if it is referenced from an HTML file coming from an internet URL, even when that URL is localhost.
UPDATE 2
(Deleted, irrelevant)
UPDATE 3
However you handle the files uploaded to the server, it's definitely not going to look like your solution -- the file is on the server's local filesystem, not client's. This sort of thing can be handled at the Apache HTTP server level -- reserve an URL section for static content and configure Apache with a base directory from which to serve the static content. Even if you run the server locally, on the same machine where you test it, you still need to go through the network interface.
Kind of hard to explain in one line but my problem is essentially like this:
I made a java applet that I want to run on a web page that I packaged into a .jar file. I'm able to get the applet working fine using the <applet> tag but the problem is, if the user views the page source, they will see:
<applet archive="directory/program.jar">
Assuming .jar files can be easily opened and all the class files decompiled, all the user would have to do is go to www.url.com/directory/program.jar to download my .jar and they would have all my source code :(
So I'm wondering if there is either a way to protect my code/jar from being decompiled (other than obfuscation) or to use some kind of server-side script to feed the contents of the .jar directly to the browser from a server-side location not publically visible.
Any help is appreciated.
This is fundamentally impossible.
Java applets run the client.
Anything that runs on the client can be disassembled and modified by a sufficiently advanced user.
You should move your sensitive logic to the server and invoke it using HTTP requests ( and remember that the user can use Fiddler).
While you're at it, you should probably replace your applet with HTML and Javascript.
Other than obfuscation or encryption, no--one way or the other, the browser will have access to the jar.
You might be able to create an applet that loads more functionality at runtime.
There is no effective way to block access to the source code of any page; for the page to be readable by browsers and search engines, the source code has to be accessible, and therefore can be viewed and/or copied. That's just how the web works. HTML is sent as a text document and interpreted client-side.
Disabling the right-click is little more than an annoyance, and it works sporadically in alternative browsers. Even if you succeed, the View Source option in the menu is always present. The viewer could also use a download tool such as Wget, or even get the page from the Google cache without visiting your site at all.
Edit: Oops! I misunderstood your question. You should follow #SLaks advice and "move your sensitive logic to the server and invoke ot using HTTP requests ( and remember that the user can use Fiddler)."
While quantum mechanics do rule the universe, they have less of a grip on your code than you might suspect. You cannot both deploy code to the client browser and not deploy code to the client browser. You have the option of doing one or the other.
You can prevent direct browsing to your .jar file by locating it beneath the WEB-INF directory in your WAR file. This will also prevent <applet archive="directory/program.jar"> from working.
Once the jar is beneath the WEB-INF directory you will need something to feed the resource to the client browser; the Spring resources servlet is good for this (If you are using Java and Spring). I feel confident that other such tools exist. With the Sprint resours servlet, your would deploy your applet with something like this: <applet archive="resource/program.jar".
If you write your own resource distributor, you can add security to make it harder to get the jar file; perhaps add a header to your requests like IRGud: <user_id here> and fail any request that does not have that header (or acceptable contents in the header).
I have a need to "pop up" operating system folders from my web app, mostly to locate files in them. My users don’t want to use a conventional web upload/download paradigm. I have 7 or 8 static folders that need to be opened in explorer on a PC or in Finder on a mac. These folders are all network available, but are buried, and for convenience need to be shown on a web page.
There are IE tricks to do this, and I've written a sample flash app that only allows the browser to open, but I know most browsers sandbox this, and keep me from calling these folders. I am aware that some Java libraries deal with the opening of folders, does anyone have any thoughts or samples for this?
The only way I can imagine is to create a Signed Java Applet.
Applets cannot access the filesystem (and a lot of other ressources) if they are not valid signed. Maybe you can also grant the permission by a policyfile.
There ist a tutorial at JavaRanch.
But I am not sure, if this solution will be very helpful, because the JavaPlugin will be removed from a lott of browsers in near future. (I think FireFox already removed it).
I think there is actually NO solution to this problem.
There may be some workarrounds:
Put a Batch-File onto the server, which opens the folder, if executed
Can you create a local service, which handles requests from you webpage and opens the folder.
Create a webapplication, which opens the folder at serverside, and create a webpage, which displays the content in you website.
I have developed a command-line (read: no GUI) Java application which crunches through numbers based on a given dataset and a series of parameters; and spits out a series of HTML files as resultant reports. These reports hold a large amount of data in tables, so in order to give the users a easy and quick overview of the results, I utilized the JUNG2 library and created a nice graph.
Here's where it gets interesting; since I would like the graph to be interactive it should be deployed after the application has run and files are generated, whenever the user wants to view the reports. I decided to go with an applet based deployment, however I am not too happy with the current setup due to the following reasons:
I want to make the software as simple to use as possible (my users won't be tech-savvy, and even tech-intimidated in most cases). I would really like to distribute one JAR only, which forced me to put the applet with everything else it needs in a package in the same JAR as the main application.
The applet and the main application need to communicate the results, so I create a xML-based report which is used to hold information. As long as the files are on a local machine and are not moved around it all works fine. Unfortunately I also need the files to be moved around. A user should be able to take the "results" folder to a USB stick, go anywhere plug the stick to another computer and be able to use the report as he/she likes.
For the time being the applets are implemented with the following html code:
<applet code="package.myapp.visualization.GraphApplet.class"
codebase="file:/home/user/myApp"
archive="myApp-0.2.6-r28.jar"
width="750" height="750">
<param name=input value="results/test_name/results.fxml">
</applet>
As you can see this applet will not work if the parent folder is moved to another location.
As far as I know I have a couple of alternatives:
a) Change codebase to point to an URL on our webserver where I could put the jar file. This however creates the problem with permissions, as the applet will not be able to read the results file. Alternative is to upload the results file to the server when the user wants to visualize the graph, although I am not sure if that's a good option due to server security and also if it could be made so that upload happens automatically without bothering the user.
b) I can use a relative path on the codebase attribute, but then the whole folder hierarchy needs to be intact upon copy. This could be a last resort, if I cant come up with a better way to do it.
c) change the deployment method (would like to avoid this alternative to not spend more time on the development phase)
Any ideas? Am I missing something? How could I tackle this problem?
Thanks,
I'm not sure I entirely understand your use-case, but from what I do understand, I would suggest this:
Dump the applet for an application launched using Java Web Start. Have the JNLP file declare a file association for the fxml file type. When the user double clicks an fxml file, it will be passed as an argument to the main(String[]) of the JWS application.
A sand-boxed JWS application can gain access to resources on the local file system using the JNLP API. Here is my demo. of the JNLP API file services.