I'm creating a Java applet which communicate with my PHP website by requesting pages and retrieving their contents. It works pretty well, and it allows my applet to use PHP sessions.
However, I tried to launch the applet with Opera (instead of Firefox), and it appears that Opera doesn't let my applet use its PHP session, and as Java (or at least IcedTea) doesn't handle PHP sessions itself, I can't make my applet work.
Is there any way to make Java be able to handle PHP sessions?
You would have to carry the PHP session ID in every query. That is, make a start_session.php which returns only the result of session_start(); and echo session_id() and use that number in the subsequent queries, that is, other.php?sid=XXXXX inside other.php use session_id($_GET['sid']); to start the session.
Related
Here's what I would like to do.
I have a PHP file in my server where I would like to call java applet. The applet function will send a get request to read a page from third party server. Now I want page read from applet function to be sent to PHP script. To simply put ,i want the return value of the applet request function in a PHP variable. Is it possible to do?
I want to do this way because I already have the code to parse the page information in PHP, so I don't want to rewrite that in java again.
I wanted the Java applet because the request has to be sent using the client information like IP. So I don't want to use proxies.
Note: I am not trying to hack anyone's server. I am not a advanced programmer of either Java or PHP. Please reply me in a descriptive manner possibly with pseudo code.
I already have the code to parse the page information in PHP, so I don't want to rewrite that in java again.
PHP should be able to get that page more easily than can a Java applet. The applet would need to be trusted or in communication with a site that uses the 'cross-domain resources' file that explicitly allows hot-linking.
Searches on 'php proxie' seemed to spill out around 7.32 million hits. I'd start there.
Is there any interaction between applets and their hosting browser when making HTTP requests, or are requests made completely independently of native browser code?
Specifically, do Java applets running in a browser have some implicit way of sharing the browser's session state and cache?
I've read a few posts from non-authoritative sources saying that when an applet makes an HTTP request that it will use the browser's cache, and that it will also have access (somehow) to the browser's cookies.
Tests I've done using URLConnection suggest that this is not the case, and my gut feeling is that it sounds far too convenient to be true. I would assume that nothing in the JVM knows anything about the world outside of that JVM, meaning the only other way this could work would be if the JVM implementation is specific to the browser its implementation of the URL-related methods delegate to native browser code?
If cookie data is not implicitly shared or available, is best practice to pass a session ID in a param tag to the applet? Are there security concerns with this approach? If the applet doesn't use the browser's cache for requests, how does caching requests in an applet work?
Applets are executed by the Java Plugin, which is a browser plugin. The applet is indeed part of an HTML page loaded by the browser, can communicate with the browser DOM and with JavaScript code in the page, and uses the browser to send requests to its originating server.
See http://docs.oracle.com/javase/tutorial/deployment/applet/appletExecutionEnv.html and http://docs.oracle.com/javase/tutorial/deployment/applet/server.html for more information.
My testing with Windows 7, Java 1.6.23 and Firefox, Chrome and Internet Explorer is that HttpURLConnections from within an applet's JVM interact in no way with the browser. They don't use the cache, and don't have cookie headers added.
I think it depends on the Java plugin. My experience is that usually it uses the browser cache for network connections, and usually it transmits the cookies. I have had to empty the browser cache before to get a new file in an applet.
If you look at the Oracle Java 7 Plugin Control Panel, you will see an option in the network parameters to use direct connections for the applets, but the default is to use "browser parameters".
As for the cookies, I have seen in the past some Java plugins that did not transmit the session cookies, in particular on MacOS X (Apple even suggested a workaround). But most developers now assume that they are transmitted, and in practice it usually works.
Applets do not share the session information by default, but you can pass the session ID via Applet parameter while initializing. And use the session ID for each HTTP request.
Applets can interact with the browser to make HTTP requests via JavaScript calls.
If you use any Java HTTP APIs e.g. UrlConnection, Apache HTTPClient, java.net.Socket these libraries will not interact with the browser. They behave as if they were in a standalone JVM.
Caching id depenednt onthe API you use, Apache HttpClient has a cache. URLConnection lets you write your own cache easy enough.
You can not directly access the existing cache in JavaScript yet, its comming tho. https://developer.mozilla.org/en-US/docs/Web/API/CacheStorage.
A param tag can not change once the page is rendered, e.g. OAuth tokens need refreshing periodically.
You could fetch cookies from the browser via JavaScript and manually add them to a Java initiated HTTP request. This mechanism allows them to be updated.
There is not much added risk sharing a cookie. You would have to remove the HTTPOnly flag on the cookie if there is one.
If you are allowing Java in the browser your users are letting you do pretty much anything. Java inside the browser does have a sandbox but its worryingly easy to break out. If you can design apps without Java they will be much more secure for users.
From the point of view of the person writing the Applet, Java is secure and much more flexible than JavaScript in a Browser.
Scenario: server provides same Webstart Applet to many different (but authenticated) clients. Each Applet has to "know" which client it is on. Therefor the server has to be able to pass some parameters to the client, which is then read by the Applet, running on that client.
Is it possible for a Webstart Applet to access the cookies of the web browser from which it was launched?
Is it possible for a Webstart Applet to access the URL by which it was identified?
Some other options?
EDIT: Perhaps Webstart Applet is a wrong term. I mean just a Webstart Client App.
See the applet-desc element in JNLP File Syntax for details.
Addendum: See also Accessing Cookies.
More pertaining to your 2nd point. URL query parameters can be parsed using JavaScript and added to the applet element. Attributes in the applet element will add to, or overwrite, the values set in the JNLP file.
I need to be able to access my database, which in it's own isn't hard as java can directly access it. I want to, however, use a php script to access it, as I need to insert stuff into the database as well, and I don't want to have the username and password of a read-write accoutn for my database in my java code. If someone decompiles it, he can just access my database and do stuff with it...
So basicly, I want to use a PHP script and send $_POST request info from my java code to my php script
(yes, java, not javascript ;-) )
You can do this, no problem. Use a URLConnection with setDoOutput(true), and get its output stream for the POST.
Of course, your PHP script should make sure that all data which is sent is sane, as anyone could send such a request to your PHP script. (Or you would need some way for the Java application to authenticate itself to the PHP script, which simply shifts the problem of hiding these credentials instead of the database ones.)
You should store DB credentials in configuration file to avoid embedding them directly into the code.
Here is my ideal situation. I log into www.philstockworld.com using chrome. Once logged in I start up my java application that uses the cookies just stored by chrome. Then my java application goes to work. So here is my question.
Here is what my program can do now, I can login to the website using whatever browser I want, then look up the value of the PHPSESSID cookie and start up my app using that value. Then my app can do what it needs to. I can also supply my app with my username and password and have it log in, then store the returned PHPSESSID cookie and do what it needs to. However, what I would like to have happen is I login to the website using a browser, then my app starts and uses the PHPSESSID cookie from my browser session, without me having to look it up and copy it.
Is there a way for my java application to get the value of that cookie, without me having to manually type it in?
The location of the Cookies file is:
On Linux:
$HOME/.config/google-chrome/Default/Cookies
For other OS's see the user data page on chromium.org.
However, the file is stored in a binary format, so it's going to be hard for you to load the data within.
Joel's answer tells you where the cookie data is stored. This data is a sqlite3 database file. See this question for how to read a sqlite3 database.
I can't find how/where Chrome stores cookies, on Linux at least. Chances are that they won't be cached as simple plain text files and thus not be easily readable. You say you don't want to hard code your username/password in your java app - but why do you have do this? You could just pass them as arguments to your app?