I want to implement a autmatic billing systen for one cybercafe.MEasning when some one want to surf net in my cafe he goes to attendent and attendent allocates him the pc and gives him the passswd which is generated by the applciation and the passswd will be valid for specific time(session of 1 hr or so depending on customer needs).Now when customer goes to his pc and opens any site he must be first redirected to my webapplication which will ask for passswd .If he enters correct details he will be allowed to surf the net for that particular and if his time expires he has to get the timer renevewd fro attnedent or else he cant serf.
In short i want a readymade proxy server module in java that i can combine with my webapplication. As i will need to implemet billing/ autontication based on this thigs.
What approach can i use? What proxy moduels are available?
The only Java proxy server I've encountered is jsocks. It should provide the proxy features you want.
You can then write your own authentication on top of this to make it behave you want with regards to time based logins e.t.c. Quoting from the jsocks page:
Authentication scheme is rather
simplistic, but can be extended, if
you know how to program in Java.
I would use CoovaChili or some other captive portal and then work the RADIUS part into the billing application.
Related
I have developed a web application.Same user(same login id) can login to the system by using multiple devices. I want to identify the devices seperately. The devices can be ipads,tabs etc...
As an example, there can be 3 ipads .So I need to uniquely identify which ipad was used to login. I need to implement this using java.
Thank you in advance
You cannot really identify each device uniquely because device does not send any type of unique identifier to server.
The typical solution is using cookie. You can create cookie that identifies you each device when it connect first time. The cookie may (for example) take into consideration the client IP, user-agent, timestamp and some random part or, alternatively just create UUID. The cookie should be persisted and never expired.
Now, every time the client connects it sends the cookie and you can identify it.
If you want to detect the device type use User-Agent HTTP header. This will allow you to limit number of devices of the same type as you want.
Obviously user can delete cookie from his browser or use other browser. This is the reason that I mentioned in the beginning of my answer: you cannot really identify the device uniquely. You can however do the best effort explained above.
*I think you can use method
java.lang.System.getProperty(String)
The blow two property be concated will ok.
* <dt>os.name <dd>Operating System Name
* <dt>user.name <dd>User account name*
the above is error.
You cat get client identifier by javascript .java is working with server.
I'm trying to get the windows user name of the user in my web application. Can any one suggest how to get it?
I'm developing a web application. So if a user is accessing my application, then I need to get the user's windows id and his host name. I tried a few different ways but it never worked. Any suggestions are highly appreciated.
Windows user details are not sent in plain HTTP requests, which makes it impossible for you to derive them from a user in a web application without additional data.
The host name from which the request is sent is available in the request headers, though.
If you'd still like to get Windows user details, you'll have to do some work, like ask the user to provide them in some form, or, if you have access to the user's Naming/Directory service, you can find things out through his IP/hostname.
This is something you generally don't have readily available in web applications, though.
Im not sure exactly to get the windows user name, but HTML5 The System Information API may provide some useful info. Go through this link once, You may find it helpful.
In YERY OLD(!) version of Internet Explorer the pattern %USER% inside of a URL was replaced by the login username. But with current browsers this doesn't work anymore, and that's good that way.
With JAVA applet you can request it via:
System.getProperty("user.name")
But I don't know if this works for you...
For the intranet case take a look at
How to retrieve the current windows logged on user for Single Sign On purposes in Java
and
Can you get a Windows (AD) username in PHP?
And it seems to be intentionally impossible in common case with modern browsers:
Can your Windows or Linux username be exposed to websites?
What would be good/scalable user session alternative in following scenario:
users don't have to have cookies enabled
URL query string restriction of 255 characters is imposed
lot of GET requests (no hidden form fields)
application runs on several servers (web farm)
some users connect over proxy (same IP)
users connect over HTTPS
50 000 concurrent users
If you can guarantee that the client always connects to the same web server, you can use the SSL ID as a simple session tracking mechanism. Some web servers expose this capability and automatically use it for session tracking when cookies aren't supported.
The only solution that will work no matter what is to include a session ID in the URL itself. Adding a parameter to the URL is the simplest way to do this, but the ID can be embedded anywhere in the URL, i.e. as part of the path. You would use this ID to fish information about the user out of a database.
You will run into the usual problems, of course, with ID spoofing and having the session database be a bottleneck.
First, IMHO, there is no good alternative to session. The question is how do you obtain it when cookies are disabled. The answer is using URL parameter. So, you have to append session id to each request (including links and forms). All other requirements are not really relevant. Make your logic stateless, so you do not have scalability problems: all requests should arrive to your logic via load ballancer, so you can add as many servers as you want.
Maybe URL Rewriting or some URI shortening mechanism like http://tinyurl.com or http://goo.gl so you can pass your session details well under 255 chars.
Note: Not recommending to use these services but the mechanism.
First of all, your requirements are very tight.
The only option I see is using an approach like this: http://code.google.com/p/seaside/
In short: your system will generate statless urls like
http://host/app/#123445568978
Then you will go on the db to get the session object.
50000 users doing what? Continuous drag-and-drop with position updates to the server or clicking a text link every 15 minutes? In the last case: move everything onto a single server with a lot of ram.
I'm building a Flash-based Facebook game with a Java backend, and I'm planning to use a RESTful approach to connect the two of them (not a persistent socket connection). I'm using the AS3 library to connect the client to Facebook, so that's where I have my session information stored. However, how do I authorize client connections back to the server? I can't leave the callback URLs open since that'd let people manipulate game state without playing the game. I need to make sure that the calls are coming from a valid client and through a valid session.
At the moment, users have no direct login to the backend server -- it's all handled through the client frontend. Can I pass the Facebook OAuth2 access token to the backend in a way that the backend can verify its validity? Should that be enough to trust a valid frontend connection?
I could do a two legged OAuth signed request or just use a simple shared secret, but the keys would have to be packed in with the flash client, which makes that almost useless for this use case.
Somebody has to have solved this problem, but I can't find it.
If you are using Java as a backend, I would consider using BlazeDS. It is a great library for doing AMF connections (which are async so fit your non-persistent socket requirement). If you are using Spring on the backend at all, I'd highly recommend using Spring-Flex as well. It adds a bunch of goodies that make exposing AMF services a breeze. Also, it adds hooks to allow 'easy' integration of Spring Security.
For the oAuth stuff, I would move the oAuth portion to the web side instead of the flash client (which I think I understand is what you do now). This way you can authenticate the web session on the server side and secure the page that contains the .swf. Then when your user loads the .swf in your code (assuming you're using spring security integrated into BlazeDS) you can call cs.authenticated on your cs:mx.messaging.ChannelSet. This will work, but may be more reword than you want to do.
We had similar problem in one of our project. What we ended up doing was used the following token passing method:
1) Fresh client connects to the server and get a token that's valid for x amount of time.
2) The client has an obfuscated part of code that uses an algorithm to change the token (and this algorithm changes at some frequency in sync with the server). The client uses the algorithm to change the token and includes it in the next request to the server.
3) The server knows the original token and the algorithm so now it can check to see if the new token in valid and it's from a valid client.
4) The cycle continues.
This is no 100% secure, since someone can really spend time and analyze the communication and eventually understand the pattern, but you can play around with the algorithm so much and change it often enough to make it hard for someone to guess it.
Hope this helps.
P.S. The application that I'm talking about that uses this has been in production for past 5 years and gets ~300k unique users a day and no one has broken in yet.
What I need to do is this:
<iframe src="http://www.google.com" width="800" height="600"></iframe>
But the constraint is, I want my website to fetch a requested website and display it in
frame. That is, the clients browser must only have a connection with my web server. My website
in turn will fetch requested url's and display them to the client.
The only way I have thought I could do this is perhaps passing the url to an application that in turn downloads the page and then redirects the clients browser to the page (now stored locally on my web server). The problem is however that this would only work with rather boring and static sites, I require the website in the website do be fully functioning, ie streaming video, secure connections...
What would be the best way to do this?
I hate to break it to you, but I don't think there's a foolproof way to do this. What you're trying to do is make a proxy, and there's several ways to do it, but either way you won't be able to take things like Flash and JavaScript into account. I've used a lot of different proxies to get around the filter at my school and not one of them has been 100% effective. In fact, I don't think a single one has been able to load the music player on either PureVolume or MySpace.
If you still want to give it a try, read this article: Using Apache As A Proxy Server
If one of your requirements is
... secure connections
that is not possible at all. By definition a secure end-to-end connections cannot go thru a proxy (see Man-in-the-middle)
I have found a solution, to who ever mentioned it and then deleted their answer, thanks.
Making use of a reverse proxy could do this, http://docsrv.sco.com/INT_Proxy/revpxy.htm shows some ways in which a reverse proxy may be used.
Paramesh Gunasekaran wrote a tutorial on creating your own reverse proxy with code supplied.
http://www.codeproject.com/KB/IP/reverseproxy.aspx