[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Java JNLP program as postgresql client using tomcat6

Posted on 2011-03-06
13
Medium Priority
?
560 Views
Last Modified: 2012-05-11
I think I briefly explain my problem.

What I have is a java JNLP program that connects to a PostgreSQL backend.  A user will login using their assigned credentials.  Internally, the program knows the master (and only) DB user.  This internal DB user can query the database will check the user's entered username and password from a DB table program_users.  If this passes, then window becomes visible and allows the user to continue.  All queries in this program are also using the master DB user but the user can not run any queries unless they are authenticated.

The issue is that this requires that the DB port be open to enable the user to connect.  Is there a way to use tomcat6 like you can do with a web application and use j_security_check?  If this is possible, I would like to avoid opening a postgres port such as port 5432 and just use https port 443 or with tomcat6, use 8443.



0
Comment
Question by:mock5c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
13 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 35047229
>> If this is possible, I would like to avoid opening a postgres port such as port 5432 and just use https port 443 or with tomcat6, use 8443.

How can you query Postgres if the db is not listening on its port?
0
 

Author Comment

by:mock5c
ID: 35047262
Perhaps the tomcat6 server can connect to the db?  tomcat would be open to world and the db server could allow access from tomcat6.  Is this possible?
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 35047271
That would mean you'd have to convert http requests to postgres ones, unless you have the db access code, server-side. The latter might involve calling a servlet from your client-side (the web start app).

What exactly is the problem having the postgres port open though?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:mock5c
ID: 35047295
The network security team has concerns about opening the port as likely susceptible to brute force attacks, they say.  I'm trying to see if there are alternatives.  
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 35047312
The usual way would be to access the db from the web container in a web app. This would remove any security problems. You've opted to have client-side code, which is going to complicate the issue
0
 

Author Comment

by:mock5c
ID: 35047323
Yes, the application is a web start.  It checks and verifies hundreds or thousands of files on the client machine.  If they check out OK, they user can proceed to subsequent steps.  I did not want to upload all of the files to a web server for processing prior to verifying them.  
0
 
LVL 86

Accepted Solution

by:
CEHJ earned 2000 total points
ID: 35047334
You'll probably need to divide up your code and forward database access to a dedicated servlet, so it can be done server-side
0
 
LVL 92

Expert Comment

by:objects
ID: 35048153
you can use http tunneling if you want the connection to go though tomcat
another option would be to use ssl tunneling to go directly to the database, if its just ssl you need.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 35048214
That's not really an example of tunneling in the real sense, as it operates at the application level. It's actually more of an example of what i discussed earlier
0
 

Author Comment

by:mock5c
ID: 35074002
If I understand you correctly, I could have servlets handle http requestions.  Once such request may be authenticate user.  Another example may be requesting a list of items to populate a combobox in the application.  The servlet would handle this and return the results that would be parsed by the client program.

Would this mean that any client could access the servet (if the url is known)?  Or would there be a way to authenticate and set up some sort of session?
0
 
LVL 92

Expert Comment

by:objects
ID: 35074069
there are two ways, using a servlet to do the tunnelling is one. In which case you would need to secure the servlet.
the second way is you can tunnel directly to the database.
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 35074153
>>Would this mean that any client could access the servet (if the url is known)?  Or would there be a way to authenticate and set up some sort of session?

If you're using the 'adapter' version that i suggested originally (where a servlet gets the request and makes a db query) then you can have the url require authentication
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 35222685
:)
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Many developers have database experience, but are new to PostgreSQL. It has some truly inspiring capabilities. I have several years' experience with Microsoft's SQL Server. When I began working with MySQL, I wanted a quick-reference to MySQL (htt…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question