We have a set of web apps and want to identify if they have a Java client-side dependency i.e. if they invoke the client installed JRE.
Is there an easy way to do this? or do we have to manually scan the code for or anything else that may have a Java client dependency?
Thanks.
No, there is no easy way to do this.
It would be easy if all your web-apps would use a <applet> html tag or a <object> html tag, then you could simply match every html source. This you can do anyway to find some of the web-apps that use java, at least on the start page of the app.
But since it is also possible to load java applets using javascript and an automatism cannot navigate through an app like a user, there is no easy way to do this.
If you have control over the clients (e.g. company internal), you might turn off java on a few clients and let the users do the checking (e.g. they will call if something does not work). Maybe you even have key users for application tests.
I am new in java web application, (Java EE, JSF).
I tried to change the contents of a csv file on the client computer with a java web application, so that the client does not have to download a new file, because the file is already in the set to be used for applications in the client. so I just wanted to rewrite the csv file.
Could it be done in java web application? If yes, please give me an example. I am very grateful if there is a better solution.
No, absolutely not. You can't change the contents of a file on a client computer from a web browser. The best you could do is have them upload a version of a file and then send them another version to download. Giving write access to the filesystem would be a massive security hole.
Place the CSV on a network share somewhere. The client can edit it, the back-end server can edit it. Requires more infrastructure, of course, but may work depending on the type of application.
Not that I think this is what you want, but if the 'client computer' was also acting as the server (i.e. was the host running Jetty/Tomcat/whatever), then you could modify files on it using the java IO api.
Again, very likely not what you want, just saying it would work.
I have a Java applet embedded into a web page which generates a file that the user must download. I understand there is a way to do this by communicating with a Javascript API.
Could somebody please explain to me how to do it this particular way?
Javascript doesn't allow file saving just yet, and the hacks that "work" need modern browser that understands data URI:s. In that case you would simply send the binary data as base64 and make the browser navigate to the data URI by setting document.location.href = 'data:application/octet-stream...' The download prompt would look like this in firefox:
http://img824.imageshack.us/img824/5080/octetstream.png
Flash allows for real download/save dialogs though so you could also look into that... or find out if java applets have that too.
If the user can be expected to have (or be willing to upgrade to) a Plug-In 2 architecture JRE (e.g. Sun's 1.6.0_10+)1, it is possible to launch the applet using Java Web Start. When an app. is launched using JWS, it can access the JNLP API, that offers file services that allow even sand-boxed code to save information to the local file-system.
Here is a demo of the JNLP files services.
That is if the applet needs to be embedded. JWS could launch applets free-floating since it was introduced in 1.2.
Wondering if anyone knows if there is a way to "return" something from a java web start application into the code on the website. For example say the user needed to select a location in the java application. This would then pass the location value back to the code on the webpage (which is php and javascript). I have figured out how to pass arguments into a program, but so far cannot figure out any way to get them out after much googling. Any help would be much appreciated, thanks.
In principle no, since the Webstart application can be running without any Website open at all.
But if your clients use the Java-plugin from 1.6.0_10 or later (and not Safari and some other browsers with special Java-handling), you can use a JNLP-enabled applet, which is able to do the same things as a Webstart application (i.e. loading files and such), and is always bound to a webpage. It then can use the Javascript-bridge, or simply a loadDocument with the right parameters to feed back information.
You can use URL or sockets to connect back to the "same-origin" host. You can also use BasicService to open a web page, possibly from a different server, in a browser (although this shouldn't be used to send information back, as it'll be a GET not a POST).
I am really looking for implementation advice as I have entered a new realm that I am not familiar with.
At the simplest level, I would like to find a way that I can read/write to a users machine from my web server. For this to work, I think I will have to install some sort of "plugin" on the users machine which can receive (or poll?) the server for instructions.
The above is the line of thought that I currently have, maybe using JAVA to do this. This needs to work on Linux, Mac and Windows OS.
I am really looking for advice on the above, is it a good idea? Is there a better way of doing this? Is there something out there already that I can build on top of?
I really appreciate all input and advice as this is something I have not done before.
Thanks all
For Java, you could launch a client application via Java Web Start that will be able to perform a limited set of operations on the file system.
If this is too restrictive, then you would need to provide a link to a download of a client application that would be installed / executed on the user's desktop machine.
I'm assuming you want to read and write specific files on the users' machine that are not normally accessible (i.e. not temp files, or files in a sandbox). And you want to do this from your webserver.
As you looking for cross platform, I'd go with java. Given that your needs are simple (read/write files from remote commands) you could probably target JRE 1.4, which is now many years old, but is installed on ca. 98% of desktops (source).
Here's an overview of how you can approach this:
Create a java applet or Java Web Start application that fetches a list of commands from a URL. The URL can contain any specific identification that you need to identify the machine, such as the users ID (see below for alternatives.)
Your webserver generates the list of commands that the applet should execute - create file, read file, write file and sends these as the response.
Sign the applet/application, so that it can escape the restrictions of the sandbox. To do this, you need to obtain a certificate. More on this later.
Inform and educate your users about what the applet is doing. E.g. a page on your site about why they are being asked to trust your certificate and what the implications are.
You can implement this as an applet or an application, the bulk of the work is pretty much the same. I talk about applet, but remember it applies equally to application.
In more detail:
The applet requests a list of commands from a URL. To hamper attempts at using your applet on another malicious site, you should use HTTPS to fetch the list of commands so that the server is authenticated. The URL should be hard-coded into your applet, so that any attempts to change this will break the signing. How you communicate the commands to the applet via the URL is up to you, e.g. you can use XML or use RMI and simply send over the list of commands as an object.
I mentioned using the userid to identify the machine - using the machine's MAC address is also a possibility. See how to get the mac address of the host.
Once you have the list of commands, your applet executes these using java file I/O apis. See File, FileReader/FileWriter in the javadocs. You include appropriate logging so the applets actions can be audited later if necessary. Once the applet has executed the commands, it sends the result of the commands back to the server, either as a POST operation, or another RMI method call, if you settle on RMI.
If you want to continually send commands from the server, then the applet can poll the URL/invoke the RMI method regularly. A Timer can help with this.
With communciation errors, it will be necessary for the client to request the list of commands more than once. Thus each time you produce a list of commands from the server, it is given an id. The server gives out the same list with the same id until it receives acknowledgement from the applet that the commands have been executed.
To sign the applet, you should obtain an rsa certificate from a certficiate authority. You can self-sign, but then you are opening the door to others modifying your app and impersonating your certificate. Details on obtaining and using certificates are given here.
If you don't know java, then all of this may not make a huge amount of sense, and it's not a trivial project to get started on, particularly considering the implications for your users if your implementation has holes and defects.
It may be wise to exercise caution: although you can do this, doesn't necessarily mean you should. I imagine that most expert users would frown on the use of this app, and would not accept the certificate. And then there is culpability - if your app accidentally deletes a critical file through a bug, misconfiguration, human error etc, how will you be prepared for that?
For the user, a web browser plugin may be the easiest, since the user won't have to manage yet another running application, however it has its limitation such as having to develop a plugin for each browser. In addition, the user would need their browser running.
You could have the user install a desktop application, which they would have to keep running, so installing it as a service might be ideal.
You could also use a plugin as a wedge between the web browser and a desktop application, which is how Flash works.
To really know you will have to answer the "why" question, why do you wan tot do this.
If you are just trying to store some state on the user's machine that you need to have locally then for small things you can fall back on cookies, or for larger needs you can use the new Web Database features in HTML5 http://dev.w3.org/html5/webdatabase/
If you need to access specific files then you are actually going to have to circumvent the security sand boxing that Java does when run on a webpage. I will leave that for others to go into, I don't know how to do it off hand myself.
In my opinion, Applet will be a better solution. I have made one applet which downloads a zip file from the server on client machine into temp folder, extracts the zip file into a directory specified by client (browser user) and then deletes the zip file.
thanks.
The lowest hanging fruit might be to provide WebDAV access through your web server to a given set of files, as this allows the users to see the files as a part of their usual filesystem with all their usual tools. You then do not have to do all that functionality.
Looks like Slide can deploy on Tomcat, and JBoss has ModeShape.
Will that be useful enough?