aspose file tools*
The moose likes JNLP and Web Start and the fly likes How does Java Web Start handle the cross domain issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JNLP and Web Start
Bookmark "How does Java Web Start handle the cross domain issue" Watch "How does Java Web Start handle the cross domain issue" New topic
Author

How does Java Web Start handle the cross domain issue

John King
Ranch Hand

Joined: Aug 27, 2002
Posts: 165
Do we need a crossdomain.xml (or something like that) installed on a target server?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18656
    
    8

That's a Flash thing, isn't it? Anyway, what cross-domain issue would there be with JWS? The application runs on the client and the server is basically just a place to get new versions from.
John King
Ranch Hand

Joined: Aug 27, 2002
Posts: 165
There is an internet attack called crossdomain attack.

You get your Java application with JWS from one domain and try to access another another domain from you Java application.
Flash player checks the crossdomain.xml on the another domain to decide if it it allowed.

I'm not sure how JWS/JNPL handles it.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18656
    
    8

Yes, I am familiar with that. But consider how applets work in that context: An applet can't connect to any server except the one it was downloaded from. So far so good, no cross-domain access. Until you sign the applet, that is. Then it can connect to anything in the world. So it's an all-or-nothing choice.

I think it's the same with JNLP; there's an "all-permissions" element (I think) in the JNLP file which acts pretty much the same as signing the applet. All or nothing there, too.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How does Java Web Start handle the cross domain issue