communicating to browser thru java swing app
we have a requirement where we need to display some PDF's to be viewed from java swing application.
we used applet servlet communicator to send an URL to browser so that the browser opens up and displays the PDF.
This works fine. but we have some issues.
a) on the server we need to determine that this URL came from "our" java swing application and not other third party code.
b) we even need to authenticate the user who has requested the URL on the server.
note: our server is clustered.
all suggestions appreciated
Thanks and regards
sharath
we used applet servlet communicator to send an URL to browser so that the browser opens up and displays the PDF.
This works fine. but we have some issues.
a) on the server we need to determine that this URL came from "our" java swing application and not other third party code.
b) we even need to authenticate the user who has requested the URL on the server.
note: our server is clustered.
all suggestions appreciated
Thanks and regards
sharath
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Looks good. One nice to have feature is to have a timeout for the sessionid being stored in application scope. If the browser to server communication fails by any chance, the session ids in application scope might get start piling up.
The most secure option will be to authenticate over https, also saving you from doing your own encryption
ASKER
thanks for your inputs
:-)
ASKER
as CEHJ suggested to send something(key as gireesh calls it) to server so that we could check that it came from our app.
but if someone copy's this URL and tries it on his/her browser it shouldn't work. how do we acheive this?
and we even need to authenticate user, so would it be a good idea to send the password encrypted in the URL?
what i am thinking is:
1) since java swing has already authenticated the user, send userId to server from swing app.
2) server checks if this user has proper authorizations and if available generates a sessionId and hold this sessionId in the application scope. send this sesionId to swing app, else throw AuthorizationException.
3) swing app opens the browser with this sessionId as key and the key of module to be displayed as PDF.
4) server checks:
if (sesionId exits in application scope) {
a) create a new session and place the sessionId in this session.
b) remove the sessionId from application.
c) display the PDF.
note: we are placing the sessionId in a new session so that if user refreshes the browser it can still display the PDF.
}else (sesionId exits in session scope) {
display the PDF.
}else {
//Either session is invalid or URL is copied and opened from different instance of browser.
display error message.
}
Let me know if this is a good idea.