• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How does Java Web Start handle the cross domain issue

 
Ranch Hand
Posts: 165
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do we need a crossdomain.xml (or something like that) installed on a target server?
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's a Flash thing, isn't it? Anyway, what cross-domain issue would there be with JWS? The application runs on the client and the server is basically just a place to get new versions from.
 
John King
Ranch Hand
Posts: 165
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is an internet attack called crossdomain attack.

You get your Java application with JWS from one domain and try to access another another domain from you Java application.
Flash player checks the crossdomain.xml on the another domain to decide if it it allowed.

I'm not sure how JWS/JNPL handles it.
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, I am familiar with that. But consider how applets work in that context: An applet can't connect to any server except the one it was downloaded from. So far so good, no cross-domain access. Until you sign the applet, that is. Then it can connect to anything in the world. So it's an all-or-nothing choice.

I think it's the same with JNLP; there's an "all-permissions" element (I think) in the JNLP file which acts pretty much the same as signing the applet. All or nothing there, too.
 
reply
    Bookmark Topic Watch Topic
  • New Topic