Is it possible (maybe using Java security) for a Web Start application to write a file into java.home\lib\ext on the client's Windows XP?
I need this regardless of the user credentials as defined by Windows.
I don't think it is possible - while you can give the permission to escape the sandbox to a signed web start java app,this will run with the windows user privileges, which is not necessarily in the "administrators" group.
Related
I want to create an application in java that is monitoring logged users activities(create, delete, update folders/files).
The problem is that I didn't found how to get the OS of the logged user (java app is running on a windows server and users have windows on their machine, I want to know if there is a way to get the windows version of the logged users).
BRs,
Mihai
You would use JNI and call a native (windows-specific DLL) method to get the information. You would have to create this DLL yourself in (likely in C/C++)
System.getProperty("os.version")
If it's a web application you can use user-agent header. It can change easily, but worth to try. Check https://stackoverflow.com/a/1328393/5684110.
You're asking for a Windows-specific feature. I doubt Java would support that, so you will need a native module (written in C/C++ or something) to read that information and pass it into your Java application via JNI or a local socket connection. Maybe you could poll that data from Active Directory.
Another idea is, you could get the info through another Java app running on the client PC at startup. That way you would be able to monitor changes in the file system and some basic system properties like OS name and version (see Mustafa's answer). The app would be silently downloaded into the workstation and run automatically through Active Directory, sending the data to your server app via socket, web or a webservice.
Hope this helps you.
I would like to know if when I launch my Java Web Start application, I'm using my browser or the connection is directly from the Java sandbox against the server through Http/Https protocol.
I want ot know, wether once the JAR has been downloaded and stored locally, next time when the applciation is launched, it will use my browser?
No, Java WebStart doesn't use the browser. It uses the JRE to connect to a remote server using HTTP or HTTPS.
The browser is only involved in the download of the .jnlp file. And even here, you could send the JNLP file by e-mail or any other mean. It would work too.
I'm under Ubuntu and I have already installed icedtea.
the is the applet I'm trying to execute is auto signed.
I know that there is a security config under icedtea to prevent such applet to be run.
I'm asking where/how can I add an exception so that website will be authorized to run his applet ?
You must add your certificate (the one you used to sign the applet) to your keystore.
The way to do this depends on your browser and operating system, you'l need to specify these for more help.
I have embedded a JSCH SSH Java applet in a web page and need to know if it's possible to run a script (of any language like PHP) to automate logging in and running commands. I have heard of expect4j and java robot but cannot see any way to implement it. Keep in mind, I'm not great with Java so I don't know everything about it. Any help is appreciated.
JSch is an SSH client library, and by itself only allows programmatically steered connections to another server. The user interaction has to be build around it by users of the library.
The JCTerm applet provided on the website also contains a terminal emulator in form of a Java GUI. If you only want to automatically execute some command (and maybe show its output in the web page), you could do everything on the server side, and don't need the applet with its terminal emulator. (You would need either some PHP-Java bridge on the server side or some Java-enabled webserver with a Servlet or similar, though.)
(If the web server would be the same machine as the server you'll run the command on you wouldn't even need the SSH connection, but could execute the stuff directly.)
If the server can't do anything (i.e. a "static server"), an applet is the way to go, yes. You can either modify JCTerm or create a new applet from scratch (using JCTerm's connection code as an example on how to connect to to the server).
If you don't have to fear any malicious users in your LAN (i.e. between web server and user, the SSH server doesn't matter), you can embedd the password (or preferably a private key for public-key authentication) into the applet's jar file, and pass it to the library for connection. (You should also include the server's public key for easier checking.)
Provide the command(s) to a ChannelExec (instead of a ChannelShell), this makes it easier to provide input (if necessary) and capture the output. Pipe the output in a text area, or simply use a green/red label saying if the command was successfully executed.
(I might have a look at this in the next days and try to do it. No promise, though.)
I would like to implement a Java application which runs on a webpage and allows:
User A (from its browser) can request a file to User B (with its browser opened). Of course User A knows User B's IP and port.
User B can respond this request from its browser.
Which options (Java libraries, technologies,...) do I have?
THANKS!
If you want Java in the browser, the only way to go is applets.
But a normal (untrusted) applet:
can not access files on the local system
can not listen at any ports
can only open sockets on the server it came from.
This is for security reasons: an applet should not be able to harm the user whose computer it runs on.
So, if you want to do what you said, you need the user to trust you and give you more permissions. For the file access, the way to go would be the JNLP API (i.e. start your applet with a jnlp file, and then use the API in javax.jnlp, specially FileOpenService and FileSaveService. The user then needs to confirm the access before choosing a file with a file chooser.
This still does not help for the network access - your applets need to have suitable SocketPermissions there, if you don't want to proxy everything on your server (which would not be peer-to-peer). For this, you need to sign your applet, and request all permissions from the user (there is no finer-grained way to give only the necessary SocketPermissions, I think). You can do this in the jnlp-file.