Re: what's the referer of an applet ?
On May 16, 8:58 am, LC's No-Spam Newsreading account
<nos...@mi.iasf.cnr.it> wrote:
On Thu, 15 May 2008, Owen Jacobson wrote:
On May 15, 9:48 am, LC's No-Spam Newsreading account
This prevents people to bookmark the data files and access them if they=
are not logged in the old servlet.
Why?
Scientific data right issues.
And all already nicely managed by an .htaccess file which deals with all
other possible accesses.
Then I'll leave it to you to determine whether an ultimately
ineffectual security mechanism meets the legal requirements imposed on
you. Nobody said the law (or the contract) made sense. :)
1) how can I force the applet to declare a specific Referer ?
By adding the Referer: header to its request. If you're using
URLConnection, see the setRequestProperty and addRequestProperty
methods. If you're using some other HTTP library, see the docs on how=
to set request headers.
I was not using URLConnection, I just used in my own constructor
quikFitsImage(URL url) the call
DataInputStream in = new DataInputStream (new BufferedInputStrea=
m(
url.openStream(), 2880));
Per the javadocs for java.net.URL, openStream() is shorthand for
openConnection().getInputStream().
I replaced this with
URLConnection urlc = url.openConnection() ;
urlc.setRequestProperty("Referer","myApplet24");
urlc.connect();
DataInputStream in = new DataInputStream (new BufferedInputStrea=
m(
urlc.getInputStream(), 2880));
And this effectively sets the referer to a string I can test.
My questions now are :
(a) is it correct to call explicitly urlc.connect() before getting
the stream ? Or is it redundant ?
The call to connect() is redundant, but harmless. If no connection
has been made, getInputStream() opens one as if by connect().
(b) when I've retrieved my data in my quikFitsImage class, I did (and
still do) an in.close()
Is it necessary to do urlc.disconnect() ? Or the connection wil=
l
be reset anyhow ?
my applet will call the quikFitsImage repeatedly for differe=
nt
images
I see no "disconnect()" method here. Reaching the end of the stream
or closing it are sufficient to close the connection to the server, if
it's still open.
(c) in my servlet I use DataInputStream in = new DataInputStream (new
BufferedInputStream(myurl.openStream(), 2880)); similar to abov=
e
immediately followed by an in.close() ; to test the validity of=
an URL (a not existing one throws an exception)
Can this be made for efficient using an URLConnection ?
Will url.openConnection() or urlc.connect() throw an excepti=
on
before (and faster) than urlc.getInputStream() ?
openStream() is shorthand for using URLConnection. Calling connect()
on a URLConnection, among other things, sends the request (and after
connect()ing, you can't modify the request properties any more);
whether or not you read the response, at that point the server starts
sending it. So the difference is probably immeasurably small.
It's probably worth noting that just because the server can reach a
given URL does not *necessarily* mean the client can, so I'm not sure
if you're actually gaining anything other than complexity from this
check. The client still needs to be prepared for failures related to
the URL it gets.
-o