Applet Security doing HTTP

Thread view:

Kenneth P. Turvey - 12 Aug 2008 16:16 GMT

I'm having a discussion with a client and what the client says doesn't
seem to be possible, so I'm going through it out there and see if maybe
I'm mistaken in my understanding of how an applet does its thing.

The basic issue is that there is a PHP script that requires
authentication. I'm assuming they mean HTTP basic authentication since
nobody can seem to give me any other details. Then I have an applet that
I wrote that is intended to POST some data to the script. It doesn't do
anything to authenticate to the script. It doesn't pass any cookies or
security tokens explicitly.

The client says this works, but I can't replicate his results from here.
I'm also not sure his test is really valid.

The only way this could possibly work is if the JVM picks up security
tokens from the browser when it makes its HTTP connection. I don't think
it does this. Am I incorrect here? Is the JVM quietly taking care of
using the correct security tokens?

Thanks.

Signature

Kenneth P. Turvey <kt-usenet@squeakydolphin.com>
http://www.electricsenator.net

It is dangerous to be sincere unless you are also stupid.
-- George Bernard Shaw

Reply to this Message

Dave Miller - 12 Aug 2008 18:50 GMT

> I'm having a discussion with a client and what the client says doesn't
> seem to be possible, so I'm going through it out there and see if maybe
[quoted text clipped - 16 lines]
>
> Thanks.

AFAIK, there is no automatic token handling within Applet. Even if the
browser has authenticated via HTTP basic I don't see how that
automatically passes to a separate applet connection.

If your applet's not setting headers, it almost has to be either a
construct on the php side or a broken security scheme.

It would probably be real helpful to see the script.

Signature

Dave Miller
Java Web Hosting
http://www.cheap-jsp-hosting.com/

Reply to this Message

Applet Security doing HTTP

Free Magazines