I wrote a simple socket in java, with netbeans, that listens for connections and that can perform other simple actions.
The problem is that, i have to force users of my app, to use a specific browser (i.e. firefox). How i can achive this?
It's a good idea attach it (in a portable version) to my .jar? If yes, how i can do this?
Exist some other way to do it?
I'm not very expert in Java, so any idea or any help is appreciated :)
Thanks.
Assuming you can (legally and otherwise) bundle Firefox to your application (and I still recommend otherwise), here's a minimal example of how to use a process in java, to run Firefox parametrized with a given URL.
// this is Linux-ish - adapt accordingly
String myBundledFirefox = "/usr/bin/firefox";
String myAppURL = "http://stackoverflow.com";
ProcessBuilder pb = new ProcessBuilder(myBundledFirefox, myAppURL);
pb.start();
This may (or may not) run Firefox in your machine and open the SO page, given a relatively broad list of circumstances.
Take a look at the API, to set your expectations straight about this.
In particular, the start method lists a number of exceptional conditions, the most relevant of which listed here (quoting the docs):
SecurityException - if a security manager exists and its
checkExec method doesn't allow creation of the subprocess, or the standard input to the subprocess was redirected from a file and the security manager's checkRead method denies read access to the file, or the standard output or standard error of the subprocess was redirected to a file and the security manager's checkWrite method denies write access to the file
IOException - if an I/O error occurs
Enforcing a special browser is a bad habit.
I would suggest to rewrite some portions of your code to make it X-browser compatible.
If you have done this, you could use java-FX and create a webkit based browser instance, without using any system dependencies.
Related
I need to call some Unix commands from my Servlet.
I have some Perl script, but I want to "translate" them into Java.
Here is something that I want to do on Java, but that I've made in Perl:
system("myfolder/myscript.sh > /myfolder/logs/myscript.log");
Is it possible to do this on a Servlet?
Yes, but note that redirect is part of the shell you will want:
ProcessBuilder pb =
new ProcessBuilder("/bin/sh", "-c", "myfolder/myscript.sh > /myfolder/logs/myscript.log");
pb.start();
Short answer:
it's possible but it's bad design, and can pose a security risk.
better to flag somehow that the script needs to run and check the flag via script
Long answer (following the commments):
Servlets are usually used to provide a user interface (or api) to something, for example accessing data or in your case triggering an action. As such, they imply the possibility of access from a remote resource such as a remote computer. In some (actually most) cases, that remote computer may even be out of the network, for example somebody's home.
Every server which is exposed to the outside world has the potential of being hacked or attacked in some way, with the risk being directly related to the level of interest this resource poses.
For example, if you work for a big company (which is then noticeable by hackers), and this servlet is used to trigger a build in your local repository, and you decide that developers will be able to work from home and need to login in order to trigger a build or check their build status, it means that anyone with the right credentials can potentially access the servlet, from anywhere in the world. Now lets assume that your perl script needs to access your CI server for some data, and your source repository for another data (maybe it even copies the sources instead of letting the CI server do it). In this case, you just created a direct link between someone sitting somewhere in the world, to the company's source code. It also means that even if it's too hard to penetrate your incredibly secure service because you spent a vast amount of time closing all potential gaps, they may still be able to trigger many unnecessary builds, and if you work in Continuous Deployment even make those builds go to production (maybe causing a DOS attack or service disruption). If at some point someone decides that the script also needs to get a parameter from the servlet, you've even made the hacker's life easier and could eventually give him access to your system.
All I described in the previous paragraph may be completely irrelevant to your case, you might be developing a service which will run on your home computer and won't interest anyone but yourself, but this does not change the fact that this is bad design (which might be ok for home use by the way).
What I said in the short answer is that it's better to have servlets flag the system that an action is needed, for example set a flag in DB or even in a file, in this case a hacker's life would be much more difficult, as there's no direct link. This also makes the servlet respond immediately, possibly automatically updating on status, instead of waiting for the perl script to finish running.
Did u try Jsch.It can do ssh and execute shell commands.
I am writing a web based version control system and when a user checks out a code file it is automatically copied to a shared network folder that they have access to. I would then like to automatically open that file on their computer with whatever their default program is for that file type. I do not want the user to have to download and then open the file as it needs to all be automated.
I tried writing a java applet but am hitting some road blocks and before I go further would like to know what people think would be the easiest or best way of implementing this functionality. I would prefer the user to not have to install a piece of software prior to using the system. That was my purpose in initially trying an applet.
I appreciate any advice or recommendations.
I decided to go with writing a client-side protocol handler that I could invoke by redirecting the browser to "myprotocol:data". Unfortunately it involves some client-side setup as they need the protocol handler but it is very simple, basic, and lightweight as well as event driven so no listener is necessary.
My Java app opens html documents by letting the windows default file handler deal with them. Before doing this I'd like to determine (for statistics) what the standard browser is and which version is installed.
Is it possible to find this information anywhere?
Update This app runs only on Windows.
Not in a standard or portable way. You'd need access to some facilities of the OS.
EDIT: On Windows, I think your only option is to mine the registry, possibly using a WSH script that you invoke using the Process class. Nasty.
I want to read the web address of all open windows. As soon as the window closes, I should know it too.
One way to do this is by asking the user to download a firefox plugin. This plugin should monitor the user web address.
But is this possible? How to go about executing it. I am pretty decent in Java and PHP.
EDIT:
What if the user wants to give permission to access all the websites he or she visits?
I want to display in a visual manner the statistics of the sites being visited by users who grant permission.
As noted, this cannot be done with standard JavaScript/DOM methods that run inside a page, for security and privacy reasons.
You could definitely do it with a Firefox add on, plugin or extension.
I suggest reading the Firefox addons developer guide and the Developer Hub in general. The language used to develop for Firefox is JavaScript.
nsIWindowMediator can be used to enumerate open windows, and properties can be obtained through the nsIDOMWindow objects. As explained here,
"While you can use JavaScript to get child windows opened from the parent window, you cannot get dialogs or windows that have no relation to that window. To overcome this limitation, nsIWindowMediator makes it possible to access all of Firefox's windows."
this likely violates the same origin policy, which rules this out
it basically controls the code so that it does not read anything it did not create
so no spying can be done
No, this would be a major security and privacy issue.
This is definitely a security violation similar to sniffing; and would require certain privileges to run on each platform (such as an activeX or plugin or a privileged applet).
However, this can be done using javascript only the page containing the script it self is responsible for opening windows (meaning not all windows such as window opened by user) - if that is what you are looking for, let me know.
I need to create an application "dll, script or exe" which when the user upload on a folder on his server using his ftp, it will automatically run on the current folder and do some image manipulations in the folder images,
My Question is how to make something like this, which the user will not need to configure anything on his server, all what he want is upload in the right folder, and it will run automatically and keep running
Is it possible? How do it? Which Language to use?
UPDATE: I am targeting shared hosting server, which the user have no way to configure his server OS, about the OS, lets start saying its just windows.
I know that "Not possible" may be the right answer, and also "its a virus" may be another answer, i just want to know if its possible or should i think in another new way.
Everything I have read in this question screams "security vulnerability exploit". Since it's one of the main things hosting companies are making sure doesn't happen, I would say your chances are very slim to have that work.
However, if it's a web server, with something like CGI or PHP enabled, you could leverage that by uploading a CGI or PHP script in a place it can be run, and then calling it through a browser, thus doing whatever file manipulations you need... Things like safe mode, reserved or virtual directories could get in the way, but I think there is a better chance of that working.
Hmmm... is this a Window's or Linux machine? If this were on Windows, I would say create a C# service that uses FileSystemWatcher to listen for changes to the FTP folder and do your processing. As a service, it has no user interface and can run automatically on bootup.
Yes, there is!
http://en.wikipedia.org/wiki/Self_(programming_language)
One way I can think of is to use C# directory monitor. So whenever it found out a file is created in the folder it opens it up, checks the file type and executes it if it is an executable. However, you do have to watch out for incomplete file uploads though.
which the user will not need to configure anything on his server
What's the rationale of this requirement?
What's wrong with doing an initial configuration?
What's the target server? Is it linux, window, both?
Please be more specific.