Unsing Java for a transparent servlet login?

Discussion in 'Java' started by alex, Jun 28, 2004.

  1. alex

    alex Guest

    Hi all

    I have following problem, and I lack the programming experience!!

    There exists a Web Server (by which I have no admin access), let's say
    http://www.google.com, which has a Java Servlet for user
    authentication - using a FORM object with POST method. Now, I have a
    login/password combination available, e.g., Jon/MyPas.

    My problem is, I want to build a html page, through which the contents
    of this web server are made available to a predefined local group of
    people. For example, I own the http://www.XX.com site, and there
    exists there a Web Server. Me, an example user, enter my
    login/password combination at http://www.XX.com, and the corresponding
    web server after authentication, sends transparently the data
    Jon/MyPas to http://www.google.com, and I have access to the password
    protected documents.

    I started with Javascript and it fully worked, the problem was that
    the Jon/MyPas data had to be present in clear text in the HTML source
    code, which I do not like. Then, I considered using Java so that the
    login data are hidden inside an executable (e.g. an Applet), which
    makes it a bit harder to find out.

    Can anybody direct me towards the right course of action? Do I need
    Servlet technology? Or can I build an applet which can build a virtual
    HTML page with a hidden FORM object and send it to
    http://www.google.com ???

    Thanks a lot
    alex, Jun 28, 2004
    #1
    1. Advertising

  2. alex

    Roedy Green Guest

    On 28 Jun 2004 01:53:32 -0700, (alex) wrote or
    quoted :

    >Can anybody direct me towards the right course of action? Do I need
    >Servlet technology? Or can I build an applet which can build a virtual
    >HTML page with a hidden FORM object and send it to


    The safest way to do this is to have the web page or applet talk to
    the Servlet and the servlet talks to google. That way the client does
    not have a copy of your password to hack.

    This avoids the signed applet problem, though it takes longer.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Jun 28, 2004
    #2
    1. Advertising

  3. alex

    Nigel Wade Guest

    On Mon, 28 Jun 2004 01:53:32 -0700, alex wrote:

    > Hi all
    >
    > I have following problem, and I lack the programming experience!!
    >
    > There exists a Web Server (by which I have no admin access), let's say
    > http://www.google.com, which has a Java Servlet for user
    > authentication - using a FORM object with POST method. Now, I have a
    > login/password combination available, e.g., Jon/MyPas.
    >
    > My problem is, I want to build a html page, through which the contents
    > of this web server are made available to a predefined local group of
    > people. For example, I own the http://www.XX.com site, and there
    > exists there a Web Server. Me, an example user, enter my
    > login/password combination at http://www.XX.com, and the corresponding
    > web server after authentication, sends transparently the data
    > Jon/MyPas to http://www.google.com, and I have access to the password
    > protected documents.
    >
    > I started with Javascript and it fully worked, the problem was that
    > the Jon/MyPas data had to be present in clear text in the HTML source
    > code, which I do not like. Then, I considered using Java so that the
    > login data are hidden inside an executable (e.g. an Applet), which
    > makes it a bit harder to find out.
    >
    > Can anybody direct me towards the right course of action? Do I need
    > Servlet technology? Or can I build an applet which can build a virtual
    > HTML page with a hidden FORM object and send it to
    > http://www.google.com ???
    >
    > Thanks a lot


    I'd have thought CGI would be the simplest approach. The CGI could be
    protected by the usual server-side mechanisms to ensure only your
    predefined group can access it.

    All the CGI has to do is contact www.google.com, download the protected
    document and pass it back to the client.

    The CGI can be in any language you like, and the authentication data is
    never passed to the client.

    --
    Nigel Wade, System Administrator, Space Plasma Physics Group,
    University of Leicester, Leicester, LE1 7RH, UK
    E-mail :
    Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
    Nigel Wade, Jun 29, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Siegfried Steiner

    Slow Flash Remoting unsing Java on the server

    Siegfried Steiner, Oct 17, 2003, in forum: Java
    Replies:
    0
    Views:
    496
    Siegfried Steiner
    Oct 17, 2003
  2. Andy Fish
    Replies:
    4
    Views:
    2,415
    Andy Fish
    Dec 17, 2003
  3. circuit_breaker
    Replies:
    2
    Views:
    1,995
    Jack Jia
    Apr 4, 2004
  4. Replies:
    0
    Views:
    1,119
  5. javadev
    Replies:
    5
    Views:
    12,901
    javadev
    Nov 16, 2006
Loading...

Share This Page