More fun and games in my ongoing exploration of the world of JavaScript.
At the moment I am playing with AJAX, and found myself wondering how one would deal with calls from clients whose users were not logged in.
After a bit of experimenting I have found that if you do a plain redirect from the server, the browser happily follows it, but stuffs the result into the response passed to your beautiful AJAX code. So the user is left on the page that ran your AJAX, blissfully unaware of what is going on under the hood. This seems fair: the browser is leaving the decision making up to your AJAX code.
The problem being that if you write a nice filter to redirect all attempts to access protected content to a log in page, and your AJAX code is expecting a nice piece of JSON, there will be tears.
For my naked servlet experiment I have been forced to a slightly hacky solution: I have a created a servlet filter for JSON requests. If it finds that you are not logged in then it wraps the URL of the log in page in a piece of JSON and returns that. If the AJAX handler in the browser finds the redirectTo key in the returned object it promptly redirects the browser to the associated URL and does nothing more.
It would have been nice to handle the whole thing by popping up a log in dialogue (via an iFrame?) and not redirect the user to another page: but I am using Google App Engine as my servlet provider, and it would seem that the terms of service require me not to do this.
This doesn't seem very elegant. I am scratching my head to see if I can come up with a better way, but for the life of me, I can't see it. All hints and tips gratefully accepted!
Showing posts with label Applet. Show all posts
Showing posts with label Applet. Show all posts
Monday, May 23, 2011
Thursday, March 31, 2011
JavaScript notes: an Applet puzzle
This one has driven me a little crazy over the last few hours.
As part of my learning about JavaScript and HTML5 I thought I would try embedding an applet in an HTML5 page. Which I could easily do. Then I made the applet record a sound and then replay it. To do this the applet needs to be signed. So no problem, I used a self signed certificate, loaded my applet and everything just worked. Sweet.
The next thing I then tried to do was to get the JavaScript on the web page to call into the applet.
Hacky - In my defense, I was just trying to see if I could get the call to work...
When I pressed the HTML button in my browser:
POW!: java.security.AccessControlException: access denied (javax.sound.sampled.AudioPermission record)
This was a little unexpected - if the applet button was pressed, I recorded. If the HTML button was pressed, then I got a security error.
I Googled the world and found Bug 4406607 and Mozilla bug 60120
But somehow the answers within didn't seem satisfactory.
Then my searches hit gold: Java Access Control Mechanisms (pdf)
A very nice explanation of what was happening, with a simple answer: change my Java method that was being called by the JavaScript to the following:
Now my applet records when I hit the HTML button. Sweet.
As part of my learning about JavaScript and HTML5 I thought I would try embedding an applet in an HTML5 page. Which I could easily do. Then I made the applet record a sound and then replay it. To do this the applet needs to be signed. So no problem, I used a self signed certificate, loaded my applet and everything just worked. Sweet.
The next thing I then tried to do was to get the JavaScript on the web page to call into the applet.
<form>
<input type="button" value="record" onClick="document.getElementById('recorderApplet').doRecord();">
</form>
Hacky - In my defense, I was just trying to see if I could get the call to work...
When I pressed the HTML button in my browser:
POW!: java.security.AccessControlException: access denied (javax.sound.sampled.AudioPermission record)
This was a little unexpected - if the applet button was pressed, I recorded. If the HTML button was pressed, then I got a security error.
I Googled the world and found Bug 4406607 and Mozilla bug 60120
But somehow the answers within didn't seem satisfactory.
Then my searches hit gold: Java Access Control Mechanisms (pdf)
A very nice explanation of what was happening, with a simple answer: change my Java method that was being called by the JavaScript to the following:
public String doRecord() {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
replayRecorder.startRecording();
return "recording started";
}
});
}
Now my applet records when I hit the HTML button. Sweet.
Subscribe to:
Posts (Atom)