• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Deploying applets with Tomcat

 
Vad Fogel
Ranch Hand
Posts: 504
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I'm trying to call an applet from a servlet using Tomcat 5.0.14. First, I tried to set the response content header to text/html within doGet() to create a page on the fly and reference the applet from there. I put the applet .class file in the same directory as the servlet, but it didn't work. Then, I tried to use RequestDispatcher to locate the applet like this:

My applet was in the same directory as sample.html which references it. And still it didn't work saying "Applet not inited".
Finally, I got it to work using response.sendRedirect() method, but it's not what I want to do because this way I have to store my applet class in a visible directory other than WEB-INF.
Are there any tricks about deploying applets that I'm missing big time?
Any help is highly appreciated.
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Vad,
I don't think there is any trick or anything. It is straightforward as you do it.
You can try protecting listing on that Html folder where you have the applet so make sure nobody can see the files listed but still that would not prevent downloading by URL if one knows the class file you know...OR you can make the html folder protected so that the user needs login of somekind to view or list any folder contents via the browser but that might put unnecessary issues on your plate.....
Any other inputs from anybody?
Regards
Maulin
 
Vad Fogel
Ranch Hand
Posts: 504
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your response, Maulin!
You got my point right about security. Now, after some tries, I think, there's no way that I can have an applet in one of the WEB-INF subfolders because otherwise the client browser won't see the .class file and won't be able to cache it. Finally, I got RequestDispatcher to work using codebase attribute of the <applet> tag. Anyhow, the applet and html end up landing in a directory other then a WEB-INF subdirectory, so the thing is not a secure deal. Do you think it's OK security-wise to allow the users to download .class files if they feel like doing it? I haven't seen so far too many decompiling tools (better than javap) that can recover source code from binary. :roll:
Thanks.
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Vad,
As again I would go with general convention,
if your code is not really a big product need to be secured tightly in terms of code breaking etc then,
- just obfuscate the code with simple obfuscation
- use the jar file sealing for the applet jar file (if you have one)
(if you just have one class then I guess it doesn't have extensive functionalities anyways so that we need to protect it)
you can look for jar sealing in google if you are not aware of that...its really easy...
this way atleast we would prevent easy breaking...
Regards
Maulin
 
Vad Fogel
Ranch Hand
Posts: 504
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks again, that was helpful.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic