Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (495)
Games in Android Showcase (114)
games submitted by our members
Games in WIP (563)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Single sign-on for jsp-website and applet  (Read 3420 times)
0 Members and 1 Guest are viewing this topic.
Offline adon_y_coya

Senior Newbie





« Posted 2009-10-24 21:41:53 »

I have developed a jsp website (runs on tomcat) and the user logs in/out.
A part of the protected content involves a client/server minigame that runs on an applet and custom (nio) server.
They both share the same backend mySql database.

I'd like to have the player only login once, at the jsp login - then the applet should know who's playing and where to store the results etc.

The only way I've come up for doing it, is to have tomcat store the opened logined session in the database:
<username><password><status:logined><since:19239048566><ip:1.2.3.4>
When the applet loads, it connects on the custom java server, which looks up the IP info in the DB, and if status is 'logined' then the minigame starts.
If not, then it denies access to the applet and updates the record in the db (for web server's update).

Can anyone think of something better?
Offline Karmington

Senior Member


Medals: 1
Projects: 1


Co-op Freak


« Reply #1 - Posted 2009-10-26 18:51:49 »

people's ip:s change over time. Using that won't work long term...
I think pretty much all sites have accepted that a user must login,
and leave it to browsers to remember the name and password for automatic entrance.
I'm passing the login info to the applet as parameters, f.ex.
gokgs applet has login at the beginning, you cant even use browser memory for it.
I think either is acceptable.

EDIT: yep session data is the trick...
of course if you are just changing the ip every time user logins, no prob with that then,
or is it causing some trouble? main thing i see is that it's unnecessary server traffic...

Offline steveyO
« Reply #2 - Posted 2009-10-26 21:08:26 »

I pretty do the same as Karmington for my site.. When user logs on store their credentials in a session.
When they access the applet (in the restricted session) pass the credentials as applet parameters and use them for authenticating back to the server.

https://play.google.com/store/apps/details?id=com.bullsquared.alggame Annoying Little Gits (Android)
www.bullsquared.com   Play java (applet) games! www.chessclockpro.com Free Online Chess Clock
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline adon_y_coya

Senior Newbie





« Reply #3 - Posted 2009-10-27 06:21:41 »

@Karmington:
Browsers remember things like that with cookies (but users have the option to disable them).
And how can an applet read the cookie?

@SteveyO:
So you just echo back to the client, in the html code that initiates the applet, the username/password that was initially entered?
Is this secure?
Offline Karmington

Senior Member


Medals: 1
Projects: 1


Co-op Freak


« Reply #4 - Posted 2009-10-27 07:27:39 »

Applet doesnt need to know password, surely.
Assume the login is valid, spawn the applet for the _unique_ username, or if not unique then need unique ID,
why pass the password anyway?

Offline steveyO
« Reply #5 - Posted 2009-10-27 08:34:10 »

Ok to explain a bit better,  in my jsp page I pass the following (am using JOGRE engine but the principle can be the same for any other client/server applet)

1  
2  
3  
4  
5  
6  
<applet archive="blah.jar" code="blah.class" width="800" height="500">
   <param name="username"   value="steve"/>
   <param name="password"   value="xxxxxx"/>
   <param name="serverhost" value="xxx.xxx.xxx.xxx"/>
   <param name="serverport" value="xxxx"/>                      
</applet>


When the user first connects to the applet their credentials are validated against the server, and if so they can play the game.
The password isn't necessary, (in jogre you can just validate against the username).  Of course anyone can get the password by viewing the HTML Source Code so you need to consider this.

https://play.google.com/store/apps/details?id=com.bullsquared.alggame Annoying Little Gits (Android)
www.bullsquared.com   Play java (applet) games! www.chessclockpro.com Free Online Chess Clock
Offline adon_y_coya

Senior Newbie





« Reply #6 - Posted 2009-10-27 08:48:18 »

@steveyO:
OK, got it now.
There may be a security issue here, I wonder how can jogre just validate against the username.
side-note: Isn't the serverhost param superfluous? I mean applets are not allowed to connect to sites other than the ones that downloaded them, right?

@Karmington:
Appler is just a class in a jar, couldn't it have been loaded from outside the private context?
As from a saved in browser offline content?
So I assumed that on init() the applet will offer credentials again, instead of considering 'any' connecting applet to the server as 'trusted'.
I guess your proposal chimes with steveyO's, right?

On the IP issue: The IP is updated with each succesful jsp login, so no problem with dynamic IPs.
Cookie: how can an applet read one?
Offline Karmington

Senior Member


Medals: 1
Projects: 1


Co-op Freak


« Reply #7 - Posted 2009-10-27 09:34:04 »

has to go throught the jsp, dont think applet can directly access cookie.
http://www.quirksmode.org/js/cookies.html
I think we just used session data and parameter passing in our previous project.

Offline steveyO
« Reply #8 - Posted 2009-10-27 11:55:05 »

Yeah, in my case the serverhost is the IP address of my Server (otherwise, as you say the applet cannot connect, unless it is signed!).
The reason it is here is so I dont have to hard-code the IP address in the client applet code. Jogre has its own db table with its users so I guess it just validates against the username, although dont quote me,  its been about 10 months since I integrated the applets in my site.

https://play.google.com/store/apps/details?id=com.bullsquared.alggame Annoying Little Gits (Android)
www.bullsquared.com   Play java (applet) games! www.chessclockpro.com Free Online Chess Clock
Online Riven
« League of Dukes »

JGO Overlord


Medals: 798
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #9 - Posted 2009-10-28 08:53:29 »

Just use cookies...

And to get the sessionid in the HTML you either generate the page, or create some javascript that writes the sessionid in the applet->param node, using the DOM.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

Dwinin (28 views)
2014-09-12 09:08:26

Norakomi (57 views)
2014-09-10 13:57:51

TehJavaDev (76 views)
2014-09-10 06:39:09

Tekkerue (38 views)
2014-09-09 02:24:56

mitcheeb (58 views)
2014-09-08 06:06:29

BurntPizza (45 views)
2014-09-07 01:13:42

Longarmx (30 views)
2014-09-07 01:12:14

Longarmx (35 views)
2014-09-07 01:11:22

Longarmx (35 views)
2014-09-07 01:10:19

mitcheeb (40 views)
2014-09-04 23:08:59
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!