So I have two Java applications, a server and a client. They are simple programs no GUI elements just console applications. They work just fine running on my machine, and I have a client version that can even connect to the server via the internet.
Instead of hosting the Server on my local machine I would like to host it from a site like Openshift. Which I already have a HTML site up at using Tomcat 7. I would also like to be able to go to a page on the web server and have that page act as the client program.
I want to embedded the client program into the web server but....
How do I make the connection between the two servers? Pretty much how do I get the Web Page to reach out to the other server and make the connection(I am using sockets)? Do I need to be using a servlet, JSP, or something like Jquery?
If you feel like you need to see either the server program or the client let me know and I will post them.
I would like to host a client version on the web page.
Your JSP or servlet would be the client in that case, it would open a socket to the server process. Have a look at HttpServlet and its doGet method, this is basically what you would implement, and where you would place much of your client code, like opening a socket to your server process and returning data. You'll find tons of examples on the internet, see for instance
how to write hello world servlet Example
Browsing to the servlet's URL will invoke the doGet method and execute your client code. It should be stateless though, i.e. take whatever parameters are in the HttpServletRequest, do its thing based on that, and return as soon as possible. If your clients need to retain their connection to the server process, it will be a different story, and you may need for instance websockets (I have insufficient experience with that but it would sound like a good fit in that case).
Related
I am trying to block certain websites using a web application. So, when a I type a url suppose "http://www.google.com" it should first check whether google is blocked by my application or not. If not open the website otherwise reject the browser request to open it. I am unable to find a way to capture all HTTP request from browser so that I can process it.
I Know proxies are the most suitable option but is there any alternative solution to this. After some searching I found a library - jpcap (a network packet capture library) and I was wondering if this could help me or not?
What you are trying to create is a proxy-server.
You have to configure the browser to go through the proxy, then you can deny websites, reroute them etc.
There are many proxies already there (open source and commercial) that offer what you want.
For example: Squid http://www.squid-cache.org/
See Wikipedia description of a proxy here: https://en.wikipedia.org/wiki/Proxy_server
Many firewall products offer the service of a transparent proxy, redirecting all http/https traffic going through the firewall into a proxy server. It seems, you have a direct connection but your packages are really filtered. Aka transparent proxy.
If your assignment does not allow this context, you need to check the assignment again, if you really got the scope of filtering right.
You cannot take over the browser's ip communication from a servlet or servlet filter. Using a (servlet) filter, you can only filter requests directed to your application. One step above, using an application server valve (Tomcat uses this term, others may use a different one), you can only filter requests directed at that server. One step above (or below) your application server is the physical server and the network it is running in.
If your client does not share the same network as your server, you can't even apply transparent proxy to it. Since browsers are running on the client computer, most clients in the world do not share the same network zone as the server.
It just does not work as you expect it.
All..
I am hoping someone who can confirm for me, what I read and what I have observed, regarding the Tomcat Java applet server?
I have Linux server running Tomcat (I built two new ones, but based the configuration off the previous two that were present when I came on the job). I am fairly new to Tomcat servers -vs- web servers.
When a client connects to the Tomcat server address...
A static web page is served, with a link to a java applet:
When they click a link, Tomcat serves up an applet to the browser.
When the applet is served:
All connections and traffic that the applet creates is tunneled back to the Tomcat server? (pretty sure this is happening, and what is supposed to happen)
All connections connect through the client network connection? (All tests I have done can not confirm this.)
Is the tunneling a reason why Tomcat is used over just serving up the Java applet via a Apache server?
We have a SSL secure connection with certificates setup to allow https connections to the Tomcat server, and I am assuming all the data between Tomcat server and the applet is encrypted because of this?
Thanks!
There's no good reason from what you've told us so far to use Tomcat over a lighter httpd such as apache or nginx - if it's really just serving a Java applet and web page (static content). The former two are application servers, and as that implies that means a little more than just static content - although it will serve static content just fine, too. But there is no "Default" integration between the two technologies. In particular - your data will not be encrypted by default, you've got to make sure that your applet makes secure request. Serving the applet offer SSL only protects the connection that actually serves the applet, not subsequent ones - though there's no reason these shouldn't also go through the same SSL endpoint, the applet has to initiate that, there's nothing "magical" going on.
Here's a good article on when you'd want to use one or the other.
As for the other part - there is a security model that comes with an applet. By default, the applet will only be able to make connections back to the server from which it came - this is to prevent certain kinds of "cross-site" attacks which were seen in the past. These days, different sites interoperating are more common so there are many technologies you could use to for that, if you need to - but applets are largely considered outdated and not widely used - but your end user may also configure applets to get around this default policy.
Here is information about the appliet security model, including network restrictions.
I currently have an TCP Java socket communication implementation in which I have a server that is listening to a port (let's say port 5478). Then I need an Android client to remotely connect to the Java server and send a SQL query, than will then be executed on the server side database and then I want to send a list of results back to the Android client (already implemented with a custom Java class named Result that implements Serializable). I do this by sending an ArrayList of Result to the Android client. The Java server is always listening to the port and supports multiple clients trough multiple Threads. How can I migrate this implementation to a more secure platform and what is the best way to do it? I don't need to respect HTTP protocol to afford this communication. Is Tomcat the best solution?
Thanks
I would use Servlet3.0 as part of tomcat.
Then from android you just have to send http requests to the server using a URL and the servlet can database them. You can also serialize the data as well if you need to.
I hope that answers your question.
~ Dan
//EDIT:
Once you have set up eclipse and tomcat, you can start writing servlets. First - you have to configure the server to use servlets for certain addresses, for example localhost:8080/myServlet - that means that anything you send to local host triggers the servlet. The code for your first servelet looks like this:
public class ExampServlet extends HttpServlet {
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
Your doPost method is what gets called when you perform a http post request on the address the servlet is listening on. Then, all you have to do it put some code in to read the request to get the data out of the message body. Basically you read your request object that gets passed in, and you write to your response object to send the response back to the client. There are plenty of guides out there. I followed something like this to get started:
http://www.coreservlets.com/Apache-Tomcat-Tutorial/tomcat-7-with-eclipse.html
Hope that helps :)
~ Dan
Tomcat is an Servlet container + webserver. If you plan to move to tomcat then you are implicitly moving to http. And yes, if you want a secure communication .. you can create a soap based webservice(apache axis) and host it on https.
I'm not sure how mutch additional security tomcat is able to provide for your application. Two tings come to mind:
Enforcing authentication and some access rules. This is not too hart to implement and heavily depends on the rule quality. However it may help f you use it. It's often replaced by own imlpementations. However, to get securty you need encryption i.e. https. Or it's possible to steel the session and gain the rights bound to it.
Request to file mapping. This in fact somewhat more complicated. You shouldn't code this on your own. It's more complicated than it looks at first sight.
However, one of the biggest security wholes ever is directly executing code you got from somewhere. For example SQL statements. Ok it's secure as long as your databse rights are set perfectly...
Developing a securly encrypted protocol is not simple either.
However, the major win on switching to tomcat (or whatever) might be scaleability for free. And I think implementing servlets is much simpler than programming against sockets. And there are many great to tools fo working with http(s) though ven it might be more complicated than yours, it's pretty simple to deal with.
Unfortunately I can't answer our question. I don't know what's the best solution is. But I think there's at least some potential for wins.
I'm connection to web servers using HttpURLConnection.
Is there a way to ask to the server to send the language that the page is built (PHP, Java, Python, Ruby, etc) and the web server that is running (Apache, ISS, etc.)?
As web servers just deliver whatever the end content is (html/javascript/a mp3 -- whatever), they are only obligated to tell you what the content they are giving you is, not how they created it. Often you will find a Server header that tells you the Apache/PHP version, but most people see that as as security vulnerability and a lot of people will disable it.
The two headers you'll want to look for are Server and X-Powered-By.
http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
As far as I know, no servers have any kind of built in API for asking what the server is. If you own the server you're wondering this about, you could of course make an API with JSP or PHP or whatever. I'm assuming that's not the case though or you'd already know :).
How to establish a way for Java application to listen to data being sent by php ? Sockets or Http POST ?
Essentially, I have Java application running on another server waiting for certain string data sent by PHP script running on other server.
Any library suggestions or example codes will be appreciated.
I suggest implementing a REST api. If you can't or don't want to, using sockets is the most secure way...
If you are sending FROM php, I recommend using a RESTful API with authentication. Send JSON data, get JSON data back. It allows for better future expansion too.
Your best bet is probably going to be to set up a java servlet "container" (server), such as tomcat (you can pay a lot of money for something else, if you have to for corporate reasons).
http://tomcat.apache.org/
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getReader()
or
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getInputStream()
Be aware there is a bit of work up front, just to set up and host "hello.jsp", but adding the mapping for the "myservice" servlet in web.xml is not too bad.