• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How does Java Web Start handle the cross domain issue

 
John King
Ranch Hand
Posts: 165
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do we need a crossdomain.xml (or something like that) installed on a target server?
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's a Flash thing, isn't it? Anyway, what cross-domain issue would there be with JWS? The application runs on the client and the server is basically just a place to get new versions from.
 
John King
Ranch Hand
Posts: 165
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is an internet attack called crossdomain attack.

You get your Java application with JWS from one domain and try to access another another domain from you Java application.
Flash player checks the crossdomain.xml on the another domain to decide if it it allowed.

I'm not sure how JWS/JNPL handles it.
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, I am familiar with that. But consider how applets work in that context: An applet can't connect to any server except the one it was downloaded from. So far so good, no cross-domain access. Until you sign the applet, that is. Then it can connect to anything in the world. So it's an all-or-nothing choice.

I think it's the same with JNLP; there's an "all-permissions" element (I think) in the JNLP file which acts pretty much the same as signing the applet. All or nothing there, too.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic