I am student and I am actually new to Javafx or java world, but I like programming...
In my room I have an old computer, I made it as a Server for test. (Ubuntu Server Operating System).
In this Server, I installed Apache at port 80 and Tomcat at port 8080.
Now I have developed very simple Login GUI using Javafx. Now I want do "Login in" or "Sign up", I have 4 ideas(questions) and 1 Problems:
Client-Side:1 Problem
User click "Login in", what is the normal way to do such a request? I mean, I should firstly get the username and password; and then MD5(password); and then username.getbytes(), password.getbytes(); and then java Serialization; then transfer them to server side. Am i right? or should I need some cryptograph in the transfer process?
Serve-Side: 4 ideas or questions
The Server (my old Ubuntu server computer) get the request from Javafx GUI Application. Then how can I make such things, and response?
I mean:
If I want using Java Codes to handel the request under Http Apache Server (port 80), what should I do? I mean, write a Java Programm, and then how run it in Http Server? If a use PHP, will it the same?
If I want using Java Codes to handel the request under Tomcat Apache Server (port 8080), what should I do?
If I self write a Java Programm at some any port (e.g. 9999), something like: while(true) serverSocket.acceppt();}(at port 9999 e.g.) , what should I do , I should run it under Tomcat or Apache? Or what should I do? I really do not know....
If I want using Apache to forward the request to tomcat, I should use somethink like mod_jk or mod_proxy, right?
I need some help about one Concept or direction.
Client-Side:1 Problem
The normal process of using the authentication is to store the user passwords on the server and then every time the user wants to login, the server matches the password against the already stored password in the server. If it matches, then the user session starts.
You can have your password stored on the server as plain text (not at all recommended) or in encrypted form. If you decide to store it in the encrypted form then every time the user provides the password, you must encrypt it on the client side using java script encryption libraries and match it against the password saved on the server. For sending the encrypted password to the server you can use either ajax (e.g. JQuery) or just HTML submit method.
Serve-Side: 4 ideas or questions
The Server (my old Ubuntu server computer) get the request from Javafx GUI Application. Then how can I make such things, and response? I mean:
If I want using Java Codes to handel the request under Http Apache Server (port 80), what should I do? I mean, write a Java Programm, and then how run it in Http Server? If a use PHP, will it the same?
If you decide to build your server with Java language, then you can only have tomcat server (which is actually a servlet container). Each request on the server (such as for user login) is handled by a backend servlet which receives the HTTP request from the client side and performs the required operation. You can also write JSP.
If you decide to use PHP then you only need apache server and not tomcat server. For php, every request is handled by a PHP file on the server.
If I want using Java Codes to handel the request under Tomcat Apache Server (port 8080), what should I do?
If I self write a Java Programm at some any port (e.g. 9999), something like: while(true) serverSocket.acceppt();}(at port 9999 e.g.) , what should I do , I should run it under Tomcat or Apache? Or what should I do? I really do not know....
Writing a customer java program which listens to HTTP request on a specific port is called a server program and apache or apache tomcat are nothing but these program already written and provided for free. So, only in very specific situation you might decide to write your own but for sure having a login authorization doesn't require it.
If I want using Apache to forward the request to tomcat, I should use somethink like mod_jk or mod_proxy, right?
This is don't know.
Related
I have a php file on my wamp server that simply listens to new users that enters the page and prints their IPs.
I read a lot about IP spoofing and I'd like to test that.
Would it be possible to send multiple http requests from my computer and make the php "think" that different users are entering the page?
I don't care about the response from the php file.
Unless you configure apache to pass a random REMOTE_ADDR parameter there is no easy way to do it from your computer alone. What you can try is using proxies to connect, this will offcourse require that you have a public IP or a server.
Edit: GordonM made agood point in the comment, you can use multiple VM's to simulate a set of servers with their own IP addresses.
So I have two Java applications, a server and a client. They are simple programs no GUI elements just console applications. They work just fine running on my machine, and I have a client version that can even connect to the server via the internet.
Instead of hosting the Server on my local machine I would like to host it from a site like Openshift. Which I already have a HTML site up at using Tomcat 7. I would also like to be able to go to a page on the web server and have that page act as the client program.
I want to embedded the client program into the web server but....
How do I make the connection between the two servers? Pretty much how do I get the Web Page to reach out to the other server and make the connection(I am using sockets)? Do I need to be using a servlet, JSP, or something like Jquery?
If you feel like you need to see either the server program or the client let me know and I will post them.
I would like to host a client version on the web page.
Your JSP or servlet would be the client in that case, it would open a socket to the server process. Have a look at HttpServlet and its doGet method, this is basically what you would implement, and where you would place much of your client code, like opening a socket to your server process and returning data. You'll find tons of examples on the internet, see for instance
how to write hello world servlet Example
Browsing to the servlet's URL will invoke the doGet method and execute your client code. It should be stateless though, i.e. take whatever parameters are in the HttpServletRequest, do its thing based on that, and return as soon as possible. If your clients need to retain their connection to the server process, it will be a different story, and you may need for instance websockets (I have insufficient experience with that but it would sound like a good fit in that case).
I am working client -server architecture, i need to install one fingerprint device in client side, then i need to run some application in client side using server side to get the fingerprint image from client to server which has taken from the client side.I am planning like, applets are client sides and jsp are at server sides.please help me out.
Your design looks fine to me, but what is the exact issue that you are facing.
From the Applet you need to call a servlet by using some API like Apache HttpClient.
http://hc.apache.org/httpclient-3.x/
You can then use the response of the Http call in your client (Applet).
We have a Rest API that requires client certificate authentication. The API is used by this collection of python scripts that a user can run. To make it so that the user doesn't have to enter their password for their client certificate every time they run one of the scripts, we've created this broker process in java that a user can startup and run in the background which holds the user's certificate password in memory (we just have the javax.net.ssl.keyStorePassword property set in the JVM). The scripts communicate with this process and the process just forwards the Rest API calls to the server (adding the certificate credentials).
To do the IPC between the scripts and the broker process we're just using a socket. The problem is that the socket opens up a security risk in that someone could use the Rest API using another person's certificate by communicating through the broker process port on the other person's machine. We've mitigated the risk somewhat by using java security to only allow connections to the port from localhost. I think though someone in theory could still do it by remotely connecting to the machine and then using the port. Is there a way to further limit the use of the port to the current windows user? Or maybe is there another form of IPC I could use that can do authorization using the current windows user?
We're using Java for the broker process just because everyone on our team is much more familiar with Java than python but it could be rewritten in python if that would help.
Edit: Just remembered the other reason for using java for the broker process is that we are stuck with using python v2.6 and at this version https with client certificates doesn't appear to be supported (at least not without using a 3rd party library).
The most simple approach is to use cookie-based access control. Have a file in the user's profile/homedirectory which contains the cookie. Have the Java server generate and save the cookie, and have the Python client scripts send the cookie as the first piece of data on any TCP connection.
This is secure as long as an adversary cannot get the cookie, which then should be protected by file system ACLs.
I think I've come up with a solution inspired by Martin's post above. When the broker process starts up I'll create an mini http server listening on the IPC port. Also during startup I'll write a file containing a randomly generated password (that's different every startup) to the user's home directory so that only the user can read the file (or an administrator but I don't think I need to worry about that). Then I'll lock down the IPC port by requiring all http requests sent there to use the password. It's a bit Rube Goldberg-esque but I think it will work.
How to establish a way for Java application to listen to data being sent by php ? Sockets or Http POST ?
Essentially, I have Java application running on another server waiting for certain string data sent by PHP script running on other server.
Any library suggestions or example codes will be appreciated.
I suggest implementing a REST api. If you can't or don't want to, using sockets is the most secure way...
If you are sending FROM php, I recommend using a RESTful API with authentication. Send JSON data, get JSON data back. It allows for better future expansion too.
Your best bet is probably going to be to set up a java servlet "container" (server), such as tomcat (you can pay a lot of money for something else, if you have to for corporate reasons).
http://tomcat.apache.org/
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getReader()
or
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletRequest.html#getInputStream()
Be aware there is a bit of work up front, just to set up and host "hello.jsp", but adding the mapping for the "myservice" servlet in web.xml is not too bad.