Session Transfer & Applet Security Related

N

ngajjar

Dear All,

I am providing the details about the requirement and possible solutions
that i have know. I request you all to have a look and provide your
inputs on this. Any kind of pointers will be appreciated.

Technology Used: Java, Apache, Tomcat

Server:
There are two Apache web-servers A & B, running with Tomcat as servlet
container. Needs to transfer the session object from server A to B.

Why need to transfer a session?
Because the user has already logged into the system using server A and
he/she would like access the service provided by server B without doing
a authentication once again.

Possible way to transfer the session from server A to B:
1) Using socket connection: Servlet running on server A makes socket
connection with server B on port P2 and transfer the session object that
contains the authenticated user's information. OR servlet uses a Java
components running in the same JVM, the Java component creates socket
connection with server B and transfers the session

2) Using RMI: Servlet running on server A uses a Java component running
in the same JVM. The Java component calls a method on the component
running on server B using the RMI to transfer the session.

Client: Secured Applet originating from server A needs to communicate
with the server B. The applet needs to transfer the user selected file
to server B. Of cource this is one of the functionality of the
application, for all other functionality the client browser will go to the
same
WS that has authenticated the user.

There are two way to do this as per my knowledge:
1) Using the HTTP Tunneling (Java.net.URLConnection/
HTTPUrlConnection), In this case server B will be running the Apache +
Tomcat.
2) Using the direct socket connection using Java.net socket. In this
case our own Server Process is running on server B. The server process is

listening on a particular port P1, applet make a connection on this
port and does a file transfer.


I would like to know:
- Which is the better option 1 or 2 for session transfer and file
transfer
- Is there any better way other than option 1 and 2 in both the cases
- Is there any issues for an applet to make connection using one of the
above option, with server B, as the applet might be behind the firewall
and proxy.

As per my knowledge applet might have problem in making a connection
using Java.net.socket, If it is behind proxy. As proxy by default
understand only HTTP request. It might be possible using SOCKS proxy. But
not
sure, More inputs on this will be appreciated.

Thanks & Regards
-Nilesh
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top