📄 ch13s21.html
字号:
}
}
/**Get Applet information*/
public String getAppletInfo()
{
return "JBoss EJB client Applet demo";
}
void callEjbButton_actionPerformed(ActionEvent e)
{
try
{
Properties jndiProps = new Properties() ;
String myServer = this.getCodeBase().getHost ();
jndiProps.setProperty("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory" ) ;
jndiProps.setProperty("java.naming.provider.url", myServer ) ;
jndiProps.setProperty("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces" ) ;
TestAppletHome home = (TestAppletHome)PortableRemoteObject.narrow( new InitialContext(jndiProps).lookup( "TestAppletBean" ),
TestAppletHome.class) ;
TestApplet remote = home.create() ;
ejbMessageLabel.setText( remote.getMessage() ) ;
}
catch ( SecurityException se )
{
se.printStackTrace ();
ejbMessageLabel.setText (se.toString ());
}
catch( Exception ex )
{
System.err.println( "APPLET" );
ex.printStackTrace();
}
}
}</pre><p>One of the most important part of this Applet are these two lines:</p><pre class="programlisting">String myServer = this.getCodeBase().getHost ();
jndiProps.setProperty("java.naming.provider.url", myServer ) ;</pre><p>We make sure that we access the server from which we have just been downloaded. Attempt to access another server would raise a security exception.</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><a name="d0e9499"></a>Warning</h3><p>you need to access your HTML page from the hostname or IP address to which the EJB server is bound! For the sandbox, 192.168.1.1 and 127.0.0.1 are two different hosts even if in reality they represent the same host.</p><p>Consequently, if you access your web page through http://127.0.0.1/TestApplet.html and, in your code, attempt to reach your EJB at IP 192.168.1.1, an exception will be raised.</p><p>Un-trusted Applets are very sensitive to their environment! For example, imagine you access your web page through the 127.0.0.1 IP address. The Applet will use this address when performing the lookup on the JNDI tree to get the home proxy. This will work. But you have no control on:<div class="itemizedlist"><ul><li><p><a name="d0e9507"></a>The codebase address used by the RMI subsystem on the server to allow dynamic code downloading</p></li><li><p><a name="d0e9510"></a>The RMI target that the proxy holds</p></li></ul></div>
</p><p>In consequence, as soon as the first EJB invocation will be fired or as soon as the client will need to dynamically load code from the server, it will use the address specified on the server i.e. 192.168.1.1 and a security exception will be raised.</p></div><p>We also need an HTML page from which the Applet will be launched:</p><pre class="programlisting"><HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>
HTML Test Page
</TITLE>
</HEAD>
<BODY>
Here is the demo Applet for EJB access coming below...<BR>
<!--"CONVERTED_APPLET"-->
<!-- CONVERTER VERSION 1.3 -->
<SCRIPT LANGUAGE="JavaScript"><!--
var _info = navigator.userAgent; var _ns = false;
var _ie = (_info.indexOf("MSIE") > 0 && _info.indexOf("Win") > 0 && _info.indexOf("Windows 3.1") < 0);
//--></SCRIPT>
<COMMENT><SCRIPT LANGUAGE="JavaScript1.1"><!--
var _ns = (navigator.appName.indexOf("Netscape") >= 0 && ((_info.indexOf("Win") > 0 &&
_info.indexOf("Win16") < 0 && java.lang.System.getProperty("os.version").indexOf("3.5") < 0)
|| (_info.indexOf("Sun") > 0) || (_info.indexOf("Linux") > 0)));
//--></SCRIPT></COMMENT>
<SCRIPT LANGUAGE="JavaScript"><!--
if (_ie == true) document.writeln('<OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" WIDTH = 400
HEIGHT = 100 NAME = "AppletEjbCaller"
codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
<NOEMBED><XMP>');
else if (_ns == true) document.writeln('<EMBED type="application/x-java-applet;version=1.3"
CODE = "org.jboss.docs.appletclient.applet.AppletEjbCaller" CODEBASE = "."
ARCHIVE = "AppletClient.jar, jboss-client.jar, jboss-j2ee.jar, jbosssx-client.jar,
jnp-client.jar, jndi.jar, jaas.jar" NAME = "AppletEjbCaller" WIDTH = 400 HEIGHT = 100
scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html">
<NOEMBED><XMP>');
//--></SCRIPT>
<APPLET CODE = "org.jboss.docs.appletclient.applet.AppletEjbCaller" CODEBASE = "." ARCHIVE = "AppletClient.jar,
jboss-client.jar, jboss-j2ee.jar, jbosssx-client.jar, jnp-client.jar, jndi.jar, jaas.jar" WIDTH = 400
HEIGHT = 100 NAME = "AppletEjbCaller"></XMP>
<PARAM NAME = CODE VALUE = "org.jboss.docs.appletclient.applet.AppletEjbCaller" >
<PARAM NAME = CODEBASE VALUE = "." >
<PARAM NAME = ARCHIVE VALUE = "AppletClient.jar, jboss-client.jar, jboss-j2ee.jar, jbosssx-client.jar,
jnp-client.jar, jndi.jar, jaas.jar" >
<PARAM NAME = NAME VALUE = "AppletEjbCaller" >
<PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
<PARAM NAME="scriptable" VALUE="false">
</APPLET>
</NOEMBED></EMBED></OBJECT>
<!--
<APPLET CODE = "org.jboss.docs.appletclient.applet.AppletEjbCaller" CODEBASE = "." ARCHIVE = "AppletClient.jar,
jboss-client.jar, jboss-j2ee.jar, jbosssx-client.jar, jnp-client.jar, jndi.jar, jaas.jar"
WIDTH = 400 HEIGHT = 100 NAME = "AppletEjbCaller">
</APPLET>
-->
<!--"END_CONVERTED_APPLET"-->
</BODY>
</HTML></pre><p>This HTML file has been transformed, from a standard HTML file with a standard <applet> tag definition by the SUN HTML converter for their Java plugin. This tools reads HTML files and replaces standard applet definition by browser specific declarations that will call the Java Plugin at runtime instead of the embedded JVM.</p><p>You then need to:<div class="itemizedlist"><ul><li><p><a name="d0e9525"></a>deploy our stateless session bean</p></li><li><p><a name="d0e9528"></a>copy the AppletEjbCaller.jar, jboss-client.jar, jboss-j2ee.jar, jbosssx-client.jar, jnp-client.jar, jndi.jar, jaas.jar (found in the Jboss/client folder) and the HTML file in a directory and share it for web access.</p></li></ul></div>
You should now be able to use your applet to access your bean.
</p><p>While building the provided example, if the JBoss distribution is correctly referenced in the build script, the build process will automatically deploy the bean in JBoss and copy the Applet JAR and HTML file to the JBoss client folder.</p></div><div class="section"><a name="clientappletsigned"></a><div class="titlepage"><div><h3 class="title"><a name="clientappletsigned"></a>Signed client Applet</h3></div></div><p>One way to easily use Applets for EJB access is to circumvents the sandbox! This can be done by signing the Applet and all code it uses. When downloaded from a browser, it indicates to the user that this Applet is signed by a particular entity and ask for the permission to suppress the sandbox restriction.</p><p>The main problem with Applet signing is that almost each JVM vendor/browser requires its own method! For this reason, we will concentrate on the JDK 1.3 plugin from SUN that can be plugged in any browser on many platforms. Thus, use of signed Applets is more interesting in a controlled environment such as an intranet.</p><div class="section"><a name="d0e9541"></a><div class="titlepage"><div><h4 class="title"><a name="d0e9541"></a>Signing an Applet</h4></div></div><p>To sign an Applet, you first need to obtain a valid certificate. There are mainly two ways:<div class="orderedlist"><ol type="1"><li><p><a name="d0e9547"></a>Buy a code signing certificate from a recognised Java Plugin company (Thawtes or Verisign for example). <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><a name="d0e9550"></a>Note</h3><p>To get the list of the recognised emitters for a particular JDK Plugin, you can run this command:</p><pre class="programlisting">keytool -keystore KEY_STORE -list</pre><p>where KEY_STORE represent your JDK default keystore, generally available in %JDK%/lib/security/cacerts.</p><p>When asked for a password, the default value is "changeit".</p></div>
</p></li><li><p><a name="d0e9560"></a>Generate your own certificate. For this, you can run this command:<pre class="programlisting">keytool -keystore KEY_STORE -genkey</pre>You will then be prompted for your key information. You then need to insert this key in the key store of all computers that will be used to access the Applet. This can be done by this command: <pre class="programlisting">keytool -keystore KEY_STORE -import -alias ANY_NAME -file YOUR_CERT_FILENAME</pre>
</p></li></ol></div>
</p><p>As you can see it, if you can afford a certificate from a recognised emitter, it is worth the pain.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title"><a name="d0e9572"></a>Note</h3><p>The Java plugin security documentation states that, on WIN32 systems, the JVM will also look in Windows keystore for recognised certificates emitters. Thus it would also be possible to get a certificate from on of the Internet Explorer emitters or add you own key to Windows keystore (which is just a matter of double-clicking on a certificate file). While this has been true for the first release of the JDK 1.3, future revision (1.3_001 and 1.3_002) have lost this capability without the documentation being updated. Recent feedback seems to indicate that this feature is again supported in release 1.3.1 of the Java Plugin.</p></div><p>Next, you need to sign your JARs. Not only your Applet Jar, but all JARs that are being used by your Applet. Consequently, all JBoss JARs mentioned in the first part (jboss-client.jar, jboss-j2ee.jar, jbosssx-client.jar, jnp-client.jar, jndi.jar, jaas.jar) also need to be signed. You may also group all these JARs in a single JAR and thus sign only the resulting JAR.</p><p>Signing a JAR can be done by executing the following command:</p><pre class="programlisting">jarsigner -keystore KEY_STORE -genkey -storepass STORE_PASS JAR_FILE KEY_ALIAS_NAME</pre><p>Or, if using ANT:</p><pre class="programlisting"><signjar jar="${build.lib.dir}/monitron_Applet_client_bean.jar" keystore="${key.store.db}" alias="${key.store.alias}" storepass="${key.store.pw}"/></pre><p>Everytime the JAR is re-generated, it needs to be signed again. As the signing operation can be quite time consuming, it is generally better to first sign JBoss JAR and then only sign your own JAR(s). Thus, JBoss JARs need only be signed once.</p></div></div></div><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="432" height="79"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch13.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch13.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch13s16.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch13s16.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch13s26.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch13s26.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table></body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -