communicating to browser thru java swing app

Posted on 2006-05-22
Last Modified: 2010-03-31
we have a requirement where we need to display some PDF's to be viewed from java swing application.
we used applet servlet communicator to send an URL to browser so that the browser opens up and displays the PDF.
This works fine. but we have some issues.

a) on the server we need to determine that this URL came from "our" java swing application and not other third party code.
b) we even need to authenticate the user who has requested the URL on the server.

note: our server is clustered.

all suggestions appreciated

Thanks and regards

Question by:sharath_kulal
    LVL 86

    Accepted Solution

    a) get the Swing client to send something in the URL query string that can be checked at the servlet
    b) this is best done by the servlet container

    Assisted Solution

    - Have a servlet on the server to read the send the pdf file to browser
    - From the java swing application generate a "key" and pass it along with the URL for pdf file. This URL should point to ur servlet, for serving pdf
    - The servlet can verify the key and confirm that the URL originated from ur swing component
    - The same servlet can authenticate user and send serve the pdf file to browser

    LVL 1

    Author Comment

    yeah i agree with both of you.

    as CEHJ suggested to send something(key as gireesh calls it) to server so that we could check that it came from our app.
    but if someone copy's this URL and tries it on his/her browser it shouldn't work. how do we acheive this?

    and we even need to authenticate user, so would it be a good idea to send the password encrypted in the URL?

    what i am thinking is:

    1) since java swing has already authenticated the user, send userId to server from swing app.

    2) server checks if this user has proper authorizations and if available generates a sessionId and hold this sessionId in the application scope. send this sesionId to swing app, else throw AuthorizationException.

    3) swing app opens the browser with this sessionId as key and the key of module to be displayed as PDF.

    4) server checks:
     if (sesionId exits in application scope) {
         a) create a new session and place the sessionId in this session.
         b) remove the sessionId from application.
         c) display the PDF.
         note: we are placing the sessionId in a new session so that if user refreshes the browser it can still display the PDF.
     }else (sesionId exits in session scope) {
         display the PDF.
     }else {
         //Either session is invalid or URL is copied and opened from different instance of browser.
         display error message.

    Let me know if this is a good idea.

    Expert Comment

    Looks good. One nice to have feature is to have a timeout for the sessionid being stored in application scope. If the browser to server communication fails by any chance, the session ids in application scope might get start piling up.
    LVL 86

    Expert Comment

    The most secure option will be to authenticate over https, also saving you from doing your own encryption
    LVL 1

    Author Comment

    thanks for your inputs
    LVL 86

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    1. Package the applet into a JAR file. The applet must be in a JAR file before a certificate can be attached to it. Use the jar JDK utility. If the applet was previously referenced with the help of a codebase attribute in  tag, replace the codebase …
    For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
    Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
    This video teaches viewers about errors in exception handling.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now