Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can I call these java methods/functions from JavaScript?

Posted on 2005-05-16
37
Medium Priority
?
307 Views
Last Modified: 2012-05-05
Hello all,

I've been working on some Java code to launch my rich-client application in the browser along with my thin-client ones.
Functionally speaking, it works fine so far in the test runs. However, the applet does stand out in the otherwise minimalist look-and-feel I'm going for.

I'm working on the UI for the applet, but I've also been given the suggestion to call my "launch rich-client application" method from JavaScript.
Can I do that? I've heard that it was possible to launch some public methods of an applet from JavaScript, but I'm using a digitally-signed applet that launches a local windows application.

Would that work? Security-wise, is that even advisable? I'm not a huge fan of this idea, but I've got to know whether this is technically possible or not. I don't like to shoot down any idea unless I take a hard look at it first.

Thanks!
0
Comment
Question by:Inward_Spiral
  • 14
  • 12
  • 11
37 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 14010501
>>Can I do that? I've heard that it was possible to launch some public methods of an applet from JavaScript, but I'm using a digitally-signed applet that launches a local windows application.

Should be able to. The security is provided by your having signed the applet and cannot be bypassed by JavScript invocation.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14010510
0
 

Author Comment

by:Inward_Spiral
ID: 14011794
Hmm...just tried it out, and it looks like I'm running into a snag when I try to call it from JavaScript.

I've got the launching method set up like below:

   public void launchApp(String s) {

    try {Process proc =  Runtime.getRuntime().exec(s) ;}
    catch(IOException ieo) {System.out.println("ERROR!" ) ;}
  }

If I reference it from within the applet, like through init() or actionPerformed(), the application launches, no problem.

Right now I just tried to access it using notepad as a test:
<strong><a onclick="document.testApplet.launchApp('c:\\windows\\notepad.exe');">Test</a></strong>

Here's what I get from the browser:
Error: java.lang.Exception: java.security.AccessControlException: access denied (java.io.FilePermission c:\windows\notepad.exe execute)

It works within the java applet, but gets security errors if referenced from from outside JavaScript.
Suggestions, anyone?


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 86

Expert Comment

by:CEHJ
ID: 14011825
That surprises me. It definitely works when done directly in the applet for notepad?
0
 

Author Comment

by:Inward_Spiral
ID: 14012620
Yup.

If I have launchApp within the init() like so, it works fine:
public void init(){
 launchApp("c:\\windows\\notepad.exe");

}

But if I try to reference it from JavaScript, I get the "access denied" message.
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 200 total points
ID: 14012663
Hmm that could mean the JS has it own security context too
0
 

Author Comment

by:Inward_Spiral
ID: 14013053
Looks like it does...I've found a few references to "signed JavaScript" here and there, but it's not as detailed as I'd like.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14013121
OK but the first thing to do is to ascertain for certain whether the above supposition is correct or a lot of time could be wasted
0
 

Author Comment

by:Inward_Spiral
ID: 14013216
True.

I guess the question is, is this a limitation on the JavaScript side of things, or does the java applet restrict the types of commands it accepts from outside of the applet?
0
 
LVL 92

Expert Comment

by:objects
ID: 14014685
> The security is provided by your having signed the applet and cannot be bypassed by JavScript invocation.

Can you explain what you mean by this.

0
 
LVL 92

Assisted Solution

by:objects
objects earned 200 total points
ID: 14014693
> But if I try to reference it from JavaScript, I get the "access denied" message.

That is because your js is untrusted code, it cannot call your applets trusted code.
You need to also sign your js code so that it is also trusted.

0
 

Author Comment

by:Inward_Spiral
ID: 14015264
But will signed JS code work in Internet Explorer?
I've seen a few postings about writing trusted JS for Mozilla-based browsers, but haven't seen anything to do with IE yet.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14015303
I'm wondering though, when you've gone to the trouble of building a rich interface, why give yourself these very narrow hoops to jump through by calling it from a poor one?
0
 
LVL 92

Expert Comment

by:objects
ID: 14015343
> why give yourself these very narrow hoops to jump through by calling it from a poor one?

What are you talking about????
0
 

Author Comment

by:Inward_Spiral
ID: 14015383
Excellent question, CEHJ...one that I've been asking myself several times today.

Since I'm only launching one rich client application from the browser right now, and the applet UI I made still stands out a bit from the rest of the page, the suggestion to call the "launchApp" method from JS was made.

If it's going to be this much trouble though, I might just have to spend more time on blending the applet UI with the rest of the page.

0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14015397
Could be time well spent. The alternatives look pretty unpalatable ;-)
0
 
LVL 92

Expert Comment

by:objects
ID: 14015400
Personally have not had any problems calling an applet from javascript, and found it a satisfactory means of integrating web page with applet. And as an applet is intended to sit in a web page it seems perfectly reasonably that the two should be allowed to interact.
0
 
LVL 92

Expert Comment

by:objects
ID: 14015404
And if you want the applet to be totally seperate from the web page then why use an applet at all. An application launched via JWS would seem a more suitable solution.
0
 

Author Comment

by:Inward_Spiral
ID: 14015408
So, I'm assuming you "sign" all your JavaScript then?



0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14015415
If it's so easy perhaps you'd like to volunteer to sign it for each browser Inward_Spiral has to support? ;-)
0
 

Author Comment

by:Inward_Spiral
ID: 14015440
JWS could be a possibility objects, thanks.

I started with applets because they were a bit more familiar, I'm honestly not sure JWS was around last time I developed in Java.
Man, if that doesn't make me sound dated, I don't know what does...


0
 
LVL 92

Expert Comment

by:objects
ID: 14015454
> So, I'm assuming you "sign" all your JavaScript then?

If its needs to perform a trusted operation.

> JWS could be a possibility objects, thanks.
> I started with applets because they were a bit more familiar

If you don't actually have a need for the browser then switch to jws, it'll make your life a lot easier.
0
 

Author Comment

by:Inward_Spiral
ID: 14015513
Assume I do have a need for the browser...can JWS still work?

0
 
LVL 92

Expert Comment

by:objects
ID: 14015528
No JWS is independant of the browser.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14016984
There is a good reason for sticking with applets as opposed to JWS. When i last checked, it was still possible to get the runtime for an applet 'automatically' with the default browser (IE) if it's not already installed on the client. When i last checked, this was *not* the case with JWS. *Everyone* has a browser, nobody (ab initio) has JWS
0
 
LVL 92

Expert Comment

by:objects
ID: 14017328
Exactly what experience are you talking from there, cause I'd be interested to know where your information is coming from? Have you actually ever deployed a production app under JWS, or even an applet for that matter?
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14017367
I'm not here to give an account of myself to you. Instead of making unpleasant comments, try to contribute something useful. e.g. if you can get JWS to install itself in the same way as an applet can get the runtime installed then tell us how, thereby proving my statement incorrect in a constructive way. And i'll be pleased if you can
0
 
LVL 92

Expert Comment

by:objects
ID: 14017369
And what has JRE deployment got to do with calling java from javascript in the 1st place, lets stick to the question at hand shall we.
0
 

Author Comment

by:Inward_Spiral
ID: 14021551
Okay, the question at hand then.

Here's what I've come to at this point:
1) A signed applet can access the local filesystem and launch locally installed applications
2) JavaScript can call methods from the applet, but lacks the security to use the methods that access the local filesystem.
3) JavaScript can be signed/trusted so that it has the security to use those methods from the applet.

But, if I'm reading all this right, then signed/trusted JavaScript doesn't work the same in all browsers.
Mozilla/FF supports this, but MS/IE only signs ActiveX, which is a technology I'm trying to avoid.

Did I miss anything?  
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14021577
>>Did I miss anything?  

That's pretty much it afaics
0
 

Author Comment

by:Inward_Spiral
ID: 14021598
"afaics"?
0
 

Author Comment

by:Inward_Spiral
ID: 14021649
Sorry..."As far as I can see", got it.
0
 

Author Comment

by:Inward_Spiral
ID: 14047754
I left this open for a bit to see if anyone had another 2 cents to chip in...but I've got my answer...a conditional "NO".
Thanks to you both!
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 14049066
:-)
0
 
LVL 92

Expert Comment

by:objects
ID: 14049580
glad I could help :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question