This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Other JSE/JEE APIs and the fly likes Open remote app, locally. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Open remote app, locally." Watch "Open remote app, locally." New topic
Author

Open remote app, locally.

Juan Javaloyes
Greenhorn

Joined: Mar 22, 2010
Posts: 13
Hello!.

I'm in need of help. I have a JEE war app running on a Jboss 5.1 server (Seam + hibernate + jsf). All ok.

There are some windows applications the users need to run (some fox systems). Those apps are stored on other server, for example //192.168.1.16/system/app/app.exe.

Whenever I execute the app, it gets executed, but on the server, not on the client. I know it's logical, since Runtime.getRuntime().exec("//192.168.1.16/system/app/app.exe") is executed locally on the server. My question: is there a way I can execute those apps on the client?.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

By "the client" you mean the computer which is running a browser which sent your server some kind of an HTTP request, I suppose?

In that case, sure. You send the executable program as the response to that request, and allow the user to run it. (Or not.) If you think about it for a second, allowing an HTTP server to run applications on the computers of clients who connect to them would be a huge security failure.
Juan Javaloyes
Greenhorn

Joined: Mar 22, 2010
Posts: 13
Paul Clapham wrote:By "the client" you mean the computer which is running a browser which sent your server some kind of an HTTP request, I suppose?


Yep, that's right

In that case, sure. You send the executable program as the response to that request, and allow the user to run it. (Or not.)

Some example? I want to avoid using iExplorer and javascript.

If you think about it for a second, allowing an HTTP server to run applications on the computers of clients who connect to them would be a huge security failure.

Yep, I know that. But it will run over intranet only and until I finish replacing those legacy programs into JEE modules
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Juan Javaloyes wrote:
Paul Clapham wrote:In that case, sure. You send the executable program as the response to that request, and allow the user to run it. (Or not.)

Some example? I want to avoid using iExplorer and javascript.


Google for "download servlet".

If you think about it for a second, allowing an HTTP server to run applications on the computers of clients who connect to them would be a huge security failure.

Yep, I know that. But it will run over intranet only and until I finish replacing those legacy programs into JEE modules


No. Think about security again. What kind of security is provided when you say "No, really, I don't mean any harm by this action"? None whatsoever. That's why the browser will ask the user "Do you want to execute this application?" after they download it. You aren't trustworthy no matter what your motivations might be.
Juan Javaloyes
Greenhorn

Joined: Mar 22, 2010
Posts: 13
Google for "download servlet".

Now I get your point

No. Think about security again. What kind of security is provided when you say "No, really, I don't mean any harm by this action"? None whatsoever. That's why the browser will ask the user "Do you want to execute this application?" after they download it. You aren't trustworthy no matter what your motivations might be.


I know, I know. But what can I do if the boss wants me to develop it that way? :(
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Juan Javaloyes wrote:I know, I know. But what can I do if the boss wants me to develop it that way? :(


It's just as if your boss asked you to make Java do subtraction when you write "x + 10". It just doesn't work that way and no amount of boss-tantrums will change that. So no matter how much your boss wants you to arrange things so that your clients' browsers are vulnerable to everything the Russian mafia puts out there on the internet, fortunately, you can't do that. (Your clients do also use their browsers to connect to the web, don't they?)

Besides, once the client has downloaded the application they don't ever need to do it again. They already have it on their computers and they can run it as often as they like and whenever they like. So they only have to be asked once if they want to trust it.
Juan Javaloyes
Greenhorn

Joined: Mar 22, 2010
Posts: 13
Paul Clapham wrote: (Your clients do also use their browsers to connect to the web, don't they?)

Nope. They don't. They only have intranet connection, no internet.

Besides, once the client has downloaded the application they don't ever need to do it again. They already have it on their computers and they can run it as often as they like and whenever they like. So they only have to be asked once if they want to trust it.

There's one problem: the program needs to be executed on the location (ex: //192.168.1.x/app.exe) because they are VFOX apps, not just the .exe, they have the DBF DB and such, shared.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Aha. So downloading it to the client won't work. Why don't you just e-mail the users a link to that executable, then? Just like what you posted. Then they can click on the link and run it at any time and you don't have to worry about web application security.
Juan Javaloyes
Greenhorn

Joined: Mar 22, 2010
Posts: 13
Sorry for the delay...

Resolved with javascript + internet Explorer.



"program" receives the path to the executable (work over an array... there are many executables). Too bad I still can't figure out how to pass a samba protected directory, so I have to put the programs on a non-protected (but read-only) place. All limited to intranet (even the samba server)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Open remote app, locally.
 
Similar Threads
Using Runtime.exec in a web application
launchClient
Web-application
Difference between command and strategy
Can I use RMI for remote system calls?