Hi All, regarding the https://wso2.org/jira/browse/CARBON-14144
Currently we cant embed any applets within our JSP pages. The root cause being session check during applet class file, load requests in the carbon server and applet loaders using different sessionID. Starting from tomcat 7 container implementation they don't allow applet code to use same browser session. [1] [2] Starting with tomcat 7, user has to explicitly pass in sessionID to the applet code in order to authenticate the request. however we can get this to work by making .class files and .jar files as non-secured content in the CarbonSecuredContext#allowNonsecuredContent() method. have to evaluate whether this will introduce any security vulnerabilties. One other option is to make NonsecuredContent configurable.. [1] http://mail-archives.apache.org/mod_mbox/tomcat-users/201107.mbox/%[email protected]%3E [2] https://groups.google.com/forum/#!topic/eid-applet/zAnrlfzm-1k thanks, --Pradeep
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
