Unsing Java for a transparent servlet login?

[alex]

Hi all

I have following problem, and I lack the programming experience!!

There exists a Web Server (by which I have no admin access), let's say
http://www.google.com, which has a Java Servlet for user
authentication - using a FORM object with POST method. Now, I have a
login/password combination available, e.g., Jon/MyPas.

My problem is, I want to build a html page, through which the contents
of this web server are made available to a predefined local group of
people. For example, I own the http://www.XX.com site, and there
exists there a Web Server. Me, an example user, enter my
login/password combination at http://www.XX.com, and the corresponding
web server after authentication, sends transparently the data
Jon/MyPas to http://www.google.com, and I have access to the password
protected documents.

I started with Javascript and it fully worked, the problem was that
the Jon/MyPas data had to be present in clear text in the HTML source
code, which I do not like. Then, I considered using Java so that the
login data are hidden inside an executable (e.g. an Applet), which
makes it a bit harder to find out.

Can anybody direct me towards the right course of action? Do I need
Servlet technology? Or can I build an applet which can build a virtual
HTML page with a hidden FORM object and send it to
http://www.google.com ???

Thanks a lot

 

[Roedy Green]

Can anybody direct me towards the right course of action? Do I need
Servlet technology? Or can I build an applet which can build a virtual
HTML page with a hidden FORM object and send it to

The safest way to do this is to have the web page or applet talk to
the Servlet and the servlet talks to google. That way the client does
not have a copy of your password to hack.

This avoids the signed applet problem, though it takes longer.

 

[Nigel Wade]

Hi all

I have following problem, and I lack the programming experience!!

There exists a Web Server (by which I have no admin access), let's say
http://www.google.com, which has a Java Servlet for user
authentication - using a FORM object with POST method. Now, I have a
login/password combination available, e.g., Jon/MyPas.

My problem is, I want to build a html page, through which the contents
of this web server are made available to a predefined local group of
people. For example, I own the http://www.XX.com site, and there
exists there a Web Server. Me, an example user, enter my
login/password combination at http://www.XX.com, and the corresponding
web server after authentication, sends transparently the data
Jon/MyPas to http://www.google.com, and I have access to the password
protected documents.

I started with Javascript and it fully worked, the problem was that
the Jon/MyPas data had to be present in clear text in the HTML source
code, which I do not like. Then, I considered using Java so that the
login data are hidden inside an executable (e.g. an Applet), which
makes it a bit harder to find out.

Can anybody direct me towards the right course of action? Do I need
Servlet technology? Or can I build an applet which can build a virtual
HTML page with a hidden FORM object and send it to
http://www.google.com ???

Thanks a lot

I'd have thought CGI would be the simplest approach. The CGI could be
protected by the usual server-side mechanisms to ensure only your
predefined group can access it.

All the CGI has to do is contact www.google.com, download the protected
document and pass it back to the client.

The CGI can be in any language you like, and the authentication data is
never passed to the client.