Applet will contact website the 1 time only.

Thread view:

Blaine & Alexis - 28 Nov 2007 21:59 GMT

Hi,

I'm trying to make and applet that will contact another website, on
the click of a button from a webpage. In order to do this I've created
a Signed Applet below.. Where all the work of contacting the web page
is done in the shift4 class.

Anyhow, when I load this applet, it will contact the website (ie the
code validateCreditCard is run during the init). However when the
webpage calls this same code I get a security problem (Exception :
access denied ).

I would like to have this so it only does validateCreditCard when the
button is pressed. I only put it in the init for test.. Why does it
work one way fine, and not the other?

--- Code in FireFox Browser --
<form name="shift4" method="POST">
<applet id="shift4Processing"
code="com.webrezpro.browser.shift4Test" archive="./dist/
WebRezProBrowserJava.jar" width="300" height="300">
</applet>
<input type="button" value="Test"
onClick="alert( this.form.shift4Processing.validateCreditCard('http://
java.webrezpro.com/test/t.txt', 10000,'test=test') )" />
</form>

--Basic Applet Setup
public class shift4Test extends java.applet.Applet{
shift4 processing;

/** Initializes the applet shift4Test */
public void init() {

try {
java.awt.EventQueue.invokeAndWait(new Runnable() {
public void run() {
initComponents();
}
});

this.processing = new shift4();
System.out.println( this.validateCreditCard("http://
www.google.com", 11000, "") );

} catch (Exception ex) {
ex.printStackTrace();
}
}

/** This method is called from within the init() method to
* initialize the form.
* WARNING: Do NOT modify this code. The content of this method is
* always regenerated by the Form Editor.
*/
// <editor-fold defaultstate="collapsed" desc=" Generated Code
">
private void initComponents() {
jButton1 = new javax.swing.JButton();

setLayout(new java.awt.BorderLayout());

jButton1.setAction(jButton1.getAction());
add(jButton1, java.awt.BorderLayout.CENTER);

}// </editor-fold>

// Variables declaration - do not modify
private javax.swing.JButton jButton1;
// End of variables declaration

public String validateCreditCard(String URL, int timeout, String
postVars){

return this.processing.validateCreditCard(URL, timeout,
postVars);

}

}

Reply to this Message

Andrew Thompson - 28 Nov 2007 23:08 GMT

...

> I'm trying to make and applet ...

..applets are a lot easier to debug with an URL (not that
I am deeply motivated to debug applets at this instant).

As a general comment thouhg, some browsers will consider
combined applet/JS to be an even higher security concern
than a trusted applet - doing trusted applet things.

My first recommendation for this type of thing (broken
applets) is to search Sun's bug DB using the string
'applet+browsername'. In this case you might add
'trusted+javascript'.

--
Andrew T.

Reply to this Message

Roedy Green - 29 Nov 2007 03:50 GMT

On Wed, 28 Nov 2007 13:59:12 -0800 (PST), "Blaine & Alexis"
<blaine@worldweb.com> wrote, quoted or indirectly quoted someone who
said :

>--- Code in FireFox Browser --
> <form name="shift4" method="POST">
[quoted text clipped - 6 lines]
>java.webrezpro.com/test/t.txt', 10000,'test=test') )" />
> </form>

I would suggest getting rid of the JavaScript and do all the logic in
your Applet. See http://mindprod.com/applet/creditcard.html
for source.

Alternatively send the number off to the sever with your form to be
validated. You quadruple your headaches trying to combine paradigms.

Your Applet can also send the pre-validated credit card number to your
server. You can do that with SSL or with code such as in the
Transporter if you don't have SSL. See
http://mindprod.com/products1.html#TRANSPORTER

Signature

Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com

Reply to this Message

Applet will contact website the 1 time only.

Free Magazines