• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

communicating to browser thru java swing app

we have a requirement where we need to display some PDF's to be viewed from java swing application.
we used applet servlet communicator to send an URL to browser so that the browser opens up and displays the PDF.
This works fine. but we have some issues.

a) on the server we need to determine that this URL came from "our" java swing application and not other third party code.
b) we even need to authenticate the user who has requested the URL on the server.

note: our server is clustered.

all suggestions appreciated

Thanks and regards

  • 3
  • 2
  • 2
2 Solutions
a) get the Swing client to send something in the URL query string that can be checked at the servlet
b) this is best done by the servlet container
- Have a servlet on the server to read the send the pdf file to browser
- From the java swing application generate a "key" and pass it along with the URL for pdf file. This URL should point to ur servlet, for serving pdf
- The servlet can verify the key and confirm that the URL originated from ur swing component
- The same servlet can authenticate user and send serve the pdf file to browser

sharath_kulalAuthor Commented:
yeah i agree with both of you.

as CEHJ suggested to send something(key as gireesh calls it) to server so that we could check that it came from our app.
but if someone copy's this URL and tries it on his/her browser it shouldn't work. how do we acheive this?

and we even need to authenticate user, so would it be a good idea to send the password encrypted in the URL?

what i am thinking is:

1) since java swing has already authenticated the user, send userId to server from swing app.

2) server checks if this user has proper authorizations and if available generates a sessionId and hold this sessionId in the application scope. send this sesionId to swing app, else throw AuthorizationException.

3) swing app opens the browser with this sessionId as key and the key of module to be displayed as PDF.

4) server checks:
 if (sesionId exits in application scope) {
     a) create a new session and place the sessionId in this session.
     b) remove the sessionId from application.
     c) display the PDF.
     note: we are placing the sessionId in a new session so that if user refreshes the browser it can still display the PDF.
 }else (sesionId exits in session scope) {
     display the PDF.
 }else {
     //Either session is invalid or URL is copied and opened from different instance of browser.
     display error message.

Let me know if this is a good idea.
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Looks good. One nice to have feature is to have a timeout for the sessionid being stored in application scope. If the browser to server communication fails by any chance, the session ids in application scope might get start piling up.
The most secure option will be to authenticate over https, also saving you from doing your own encryption
sharath_kulalAuthor Commented:
thanks for your inputs
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now