Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello Pete,
I think you are completely right in
your interpretation. The SSL or VPN tunnel would encrypt all communcation
between the PC and the (web and AS400) server. If the user would popup
the HTML source he would indeed see (his own?) userid and password.
The auto disconnect feature as you describe
it would indeed do an signoff endcnn(*yes) as final command. For the Java
part you would have to popup an applet or frame or whatever to create a
session, launch it, add a session listener to it that closes on disconnection.
I'll look into providing an example.
Wim.
Pete Helgren <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
16/06/2005 18:35
Please respond to
tn5250j-general@lists.sourceforge.net
To
tn5250j-general@lists.sourceforge.net
cc
Subject
Re: [Tn5250j-general] Passing
User ID and Password in Applet
Thanks to all. You gave me much to think about
Wim, I don't know much about SSL or how it is initiated but I thought that
if you used SSL the stream was fully encrypted. That is, if you are
using SSL then the traffic that is passing over port 992 is encrypted,
even the signon screen. Is that the case? Also, our HTML based
menuing system can run in an HTTPS environment so executing the applet
under HTTPS would encrypt the page I think, though if the user viewed the
page source they would see the password in plain text, right? The
encryption is just used between the browser and the server. The HTML
as rendered by the browser is still in plain text. It *could* allow a user
to view the source on another user's browser and see the password (at least
I think this is possible).
I think I understand the applet ending routine that you currently have
but since I don't work that closely with the internals of 5250 some of
what you and Kenneth are saying is going over my head. And I am still
a relative rookie with Java so I need a bit more info and, if you can,
a small snippet of code that demonstrates what you are talking about. For
example, when you say "wrap the command" and then use a signoff
with a disconnect, are you saying that I could just have a CL program that
has a call to whatever program we want to run (in fact, we already have
this) and then at the end of the command use SIGNOFF ENDCNN(*YES)? I
think you also are saying that we need to add a sessionlistener to the
applet code and then use that to trigger the navigation when the session
is disconnected. I am not familiar with using a sessionlistener but
with an example I think I can figure it out (code examples are always helpful).
It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES)
should be easy enough but I need a little help with the sessionlistener
logic.
Thanks! Now I just need to deal with the password issue and I think I have
it.
Pete
BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If
you can't find it in the archives, I can send it to you.
[EMAIL PROTECTED]
wrote:
Hello Pete,
I'm not quite sure why everybody make a problem about the clear passwords.
When you would send them encrypted, the emulator telnets to the AS/400
and what does he do in the first place: send your userid and password to
the as/400. I think that these are in clear text also. The only solution
would be to SSL or VPN your communication to your webserver and AS/400.
Next the autoclosing is fairly easy to implement using the autologin and
scanning we have introduced in the emulator: when logging on you want to
autostart a command. Lets call this the application command. What you can
do is wrap this app command in you own shell command. e.g. start cmd('appcmd').
The start can do a few thing like setting liblists etc. But it's main purpose
is to properly shutdown the emulator. You can do this in 2 ways: to a signof
with disconnect. At the emulator side, you can attach a sessionlistener
and have you applet navigate away from you page as the session gets disconnected.
Or the start command can also trigger a scan code to the emulator: #! END
so the applet can listen to this and perform an end of session. This way
you can do a lot more than just ending.
Hope this helps,
Wim.
Pete Helgren <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
15/06/2005 21:06
Please respond to
tn5250j-general@lists.sourceforge.net
To
TN5250J List
cc
Subject
[Tn5250j-general] Passing
User ID and Password in Applet
I had posted some of this about two years ago when I first started
working with the 5250 applet. The problems that I had (and still
have)
have to do with the passing of UserID and password in the clear when I
start an applet session. Gaurav posted some code that has a servlet
that talks to the applet and passes the password back to it. I think
I
can follow the approach but wanted to know if anyone else had solved
this problem in a different way.
We have an HTML based menuing system that runs on the iSeries (under an
Apache web server). The user logs in via
Re: [Tn5250j-general] Release
Richard I have heard that before but have never gotten that. Maybe a 1.5 problem but without testing can not be sure. Anyway this should be fixed in CVS now. Update and give it a try. Richard Houston wrote: One small thing. I seem to have an issue when starting th5250j. Once the connection screen pops up it is behind the tn5250j splash screen. If I click on the connection screen the connection screen will not pop above the splash screen. The splash screen seems frozen and will not move and no window will pop above it. Once I connect the splash screen goes away and all is good again. Any ideas? I am testing with sun jdk 1.5.0_3 complied with the same version on Linux. Also the spawn issue with firefox work now! Regards, +--+ | Richard Houston .^. | | R.L.H. Consulting /V\ | | E-Mail <[EMAIL PROTECTED]>/( )\ | | WWW^^-^^| +--+ Kenneth Pouncey said: Hello all What is in CVS will be frozen as of tomorrow my time unless there are some show stoppers. I will put out a release tomorrow or saturday. The release number will be 0.6.0. If anybody has any opinions on this let me know. Regards Kenneth --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general .
Re: [Tn5250j-general] Applet [was]Passing User ID and Password in Applet
Hello Gaurav
Yes been a while. Just some questions if you have the time.
What did you find annoying about using the emulator as an applet? Pete
says that it was back in 2003 that you were doing this correct? Also;
only for straight emulation and sending keystrokes. You never needed
to manipulate the emulator within any application framework correct?
If using the ActiveX you were stuck using IE and windows so no other
OS's to support I assume. Does there ActiveX component allow you to
catch events and manipulate it in anyway besides keystrokes?
I ask these questions because I really have no use for applets and was
just trying to get some feedback on the usefulness of them and the
why's and where fores of using them.
If you were to change anything in the 5250j applet what would it be?
Regards
Kenneth
[EMAIL PROTECTED] wrote:
Hi Pete/Kenneth,
Been a while, but I keep following
the
goings-on in this group from time to time.
I had done a POC a couple of years
ago
as Pete mentioned. I was successfully able to pass the
username/password
to the applet from a servlet. The applet had to be signed for this
purpose.
The username/password pair was present in a text file in my local file
system. The password was encrypted using a simple encryption tool.
But the business users still had a
problem
putting the password, even though encrypted, in a text file. Some other
team in my project has been working on the project now and they have
dropped
the web aspect of it, i.e. the applet-HTML interface. From a web page,
they launch and use the Mocha 8.0 emulator combined with an ActiveX
control
to pass the keystrokes to the emulator.
Do lemme know if I can provide you
any
more info.
BR/ Gaurav
Kenneth
Pouncey <[EMAIL PROTECTED]>
Sent by:
[EMAIL PROTECTED]
06/16/2005 12:07 PM
Please
respond to
tn5250j-general@lists.sourceforge.net
To
tn5250j-general@lists.sourceforge.net
cc
Subject
Re:
[Tn5250j-general] Passing User ID
and Password in Applet
Pete
Here is the part about the flow control that he uses and is actually
quite
cool for the implementation. Had not thought of doing it that way.
It would be a change on the host but very small as the original
command
is wrapped and the application process is not changed in anyway.
=
- What we normally do, is to wrap the normal command they want to
launch
in a special command of our own. E.g. instead of issuing a WRKUSRJOB
USER(user)
we issue a STRCMD CMD('WRKUSRJOB USER(user)'); the only thing our
STRCMD
does is launching the command, but when the normal command ends and we
fall back in the program stacking onto our wrapper command, we send the
!# event or just do a signof with disconnect. The emulator at the Java
side knows to close itself then. In GUI mode we can then even issue
5250
as modal dialogs etc without a problem. So we do make it interactive!
We
can not however send back information towards the web application
directly
as we can keep synchronisations in there. We did once start to cache
the
5250 sessions, but that poses more of problem than it brings
advantages.
The only thing I still would like is to be able to create a protocol
bean,
connect it, start the initial command and only then hook it to a
interactive
terminal. This way the user would'n see the login and launch scenario
pass
by as they do now.
Here is the link to the full message:
http://www.mail-archive.com/tn5250j-general@lists.sourceforge.net/msg00219.html
This should solve just about everything except the user and password
problem
but am thinking of the applet to servlet would take care of this or the
SessionBean and wrapping everything up yourself in your own Applet code.
Regards
Kenneth
Pete Helgren wrote:
I had posted some of this about two years ago when I
first
started working with the 5250 applet. The problems that I had (and
still have) have to do with the passing of UserID and password in the
clear
when I start an applet session. Gaurav posted some code that has
a servlet that talks to the applet and passes the password back to it.
I think I
Re: [Tn5250j-general] Passing User ID and Password in Applet
Pete
Pete Helgren wrote:
Thanks to all. You gave me much to think about
Wim, I don't know much about SSL or how it is initiated but I thought
that if you used SSL the stream was fully encrypted. That is, if you
are using SSL then the traffic that is passing over port 992 is
encrypted, even the signon screen. Is that the case? Also, our HTML
based menuing system can run in an HTTPS environment so executing the
applet under HTTPS would encrypt the page I think, though if the user
viewed the page source they would see the password in plain text,
right? The encryption is just used between the browser and the
server. The HTML as rendered by the browser is still in plain text. It
*could* allow a user to view the source on another user's browser and
see the password (at least I think this is possible).
You are correct here. Although a way around that would be as per my
previous message with the samples I am putting together. It is not
100% secure but normal users would not be able to figure out the
streams that are passed back and forth. Anybody with a protocol
sniffer would but that will not be in your environment I would think.
I think I understand the applet ending routine that you currently have
but since I don't work that closely with the internals of 5250 some of
what you and Kenneth are saying is going over my head.
No problems Pete with the example you will see what we are talking
about. Actually it is not the internals of 5250 at all really but how
we manipulate it. Just to regress a little. I always thought it was
5250 as well so wanted to know the magic behind it all thus the
emulator. What you really get is how the 5250 emulator/client, not the
datastreams at all, manipulates the 5250 information. The 5250
information is all in the objects of tn5250j we just need to react to
certain events.
And I am
still
a relative rookie with Java so I need a bit more info and, if you can,
a small snippet of code that demonstrates what you are talking about.
For example, when you say "wrap the command" and then use a signoff
with a disconnect, are you saying that I could just have a CL program
that has a call to whatever program we want to run (in fact, we already
have this) and then at the end of the command use SIGNOFF
ENDCNN(*YES)? I think you also are saying that we need to add a
sessionlistener to the applet code and then use that to trigger the
navigation when the session is disconnected. I am not familiar with
using a sessionlistener but with an example I think I can figure it out
(code examples are always helpful).
It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES)
should be easy enough but I need a little help with the sessionlistener
logic.
You could do it that way as well. I will put an example program out
there for that as well. It really just depends on how much control you
want. With the signoff end connection you really do not know if the
application ended or there was a problem but using both the session
listener and the scanlistener you can control just about anything.
Thanks! Now I just need to deal with the password issue and I think I
have it.
I agree but I think we have that covered as well.
Pete
BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If
you can't find it in the archives, I can send it to you.
Thanks but I went ahead and coded it myself. The concept was easy
enough but never had a need for it before.
We will have you up and running in no time. Something to play with
over the weekend :-P
Regards
Kenneth
[EMAIL PROTECTED] wrote:
Hello Pete,
I'm not quite sure why everybody
make
a problem about the clear passwords. When you would send them
encrypted,
the emulator telnets to the AS/400 and what does he do in the first
place:
send your userid and password to the as/400. I think that these are in
clear text also. The only solution would be to SSL or VPN your
communication
to your webserver and AS/400.
Next the autoclosing is fairly
easy
to implement using the autologin and scanning we have introduced in the
emulator: when logging on you want to autostart a command. Lets call
this
the application command. What you can do is wrap this app command in
you
own shell command. e.g. start cmd('appcmd'). The start can do a few
thing
like setting liblists etc. But it's main purpose is to properly
shutdown
the emulator. You can do this in 2 ways: to a signof with disconnect.
At
the emulator side, you can attach a sessionlistener and have you applet
navigate away from you page as the session gets disconnected. Or the
start
command can also trigger a scan code to the emulator: #! END so the
applet
can listen to this and perform an end of session. This way you can do a
lot more than just ending.
Hope this helps,
Wim.
Pete
Helgren <[EMAIL PROTECTED]>
Sent by:
[EMAIL PROTECTED]
15/
Re: [Tn5250j-general] Release
One small thing. I seem to have an issue when starting th5250j. Once the connection screen pops up it is behind the tn5250j splash screen. If I click on the connection screen the connection screen will not pop above the splash screen. The splash screen seems frozen and will not move and no window will pop above it. Once I connect the splash screen goes away and all is good again. Any ideas? I am testing with sun jdk 1.5.0_3 complied with the same version on Linux. Also the spawn issue with firefox work now! Regards, +--+ | Richard Houston .^. | | R.L.H. Consulting /V\ | | E-Mail <[EMAIL PROTECTED]>/( )\ | | WWW ^^-^^| +--+ Kenneth Pouncey said: > > > Hello all > > What is in CVS will be frozen as of tomorrow my time unless there are some > show > stoppers. I will put out a release tomorrow or saturday. > > The release number will be 0.6.0. If anybody has any opinions on this let > me know. > > Regards > > Kenneth > > > > --- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > ___ > Tn5250j-general mailing list > Tn5250j-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tn5250j-general > > --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general
Re: [Tn5250j-general] Passing User ID and Password in Applet
Thanks to all. You gave me much to think about
Wim, I don't know much about SSL or how it is initiated but I thought
that if you used SSL the stream was fully encrypted. That is, if you
are using SSL then the traffic that is passing over port 992 is
encrypted, even the signon screen. Is that the case? Also, our HTML
based menuing system can run in an HTTPS environment so executing the
applet under HTTPS would encrypt the page I think, though if the user
viewed the page source they would see the password in plain text,
right? The encryption is just used between the browser and the
server. The HTML as rendered by the browser is still in plain text. It
*could* allow a user to view the source on another user's browser and
see the password (at least I think this is possible).
I think I understand the applet ending routine that you currently have
but since I don't work that closely with the internals of 5250 some of
what you and Kenneth are saying is going over my head. And I am still
a relative rookie with Java so I need a bit more info and, if you can,
a small snippet of code that demonstrates what you are talking about.
For example, when you say "wrap the command" and then use a signoff
with a disconnect, are you saying that I could just have a CL program
that has a call to whatever program we want to run (in fact, we already
have this) and then at the end of the command use SIGNOFF
ENDCNN(*YES)? I think you also are saying that we need to add a
sessionlistener to the applet code and then use that to trigger the
navigation when the session is disconnected. I am not familiar with
using a sessionlistener but with an example I think I can figure it out
(code examples are always helpful).
It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES)
should be easy enough but I need a little help with the sessionlistener
logic.
Thanks! Now I just need to deal with the password issue and I think I
have it.
Pete
BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If
you can't find it in the archives, I can send it to you.
[EMAIL PROTECTED] wrote:
Hello Pete,
I'm not quite sure why everybody
make
a problem about the clear passwords. When you would send them
encrypted,
the emulator telnets to the AS/400 and what does he do in the first
place:
send your userid and password to the as/400. I think that these are in
clear text also. The only solution would be to SSL or VPN your
communication
to your webserver and AS/400.
Next the autoclosing is fairly easy
to implement using the autologin and scanning we have introduced in the
emulator: when logging on you want to autostart a command. Lets call
this
the application command. What you can do is wrap this app command in
you
own shell command. e.g. start cmd('appcmd'). The start can do a few
thing
like setting liblists etc. But it's main purpose is to properly
shutdown
the emulator. You can do this in 2 ways: to a signof with disconnect.
At
the emulator side, you can attach a sessionlistener and have you applet
navigate away from you page as the session gets disconnected. Or the
start
command can also trigger a scan code to the emulator: #! END so the
applet
can listen to this and perform an end of session. This way you can do a
lot more than just ending.
Hope this helps,
Wim.
Pete
Helgren <[EMAIL PROTECTED]>
Sent by:
[EMAIL PROTECTED]
15/06/2005 21:06
Please
respond to
tn5250j-general@lists.sourceforge.net
To
TN5250J
List
cc
Subject
[Tn5250j-general]
Passing
User ID and Password in Applet
I had posted some of this about two years ago when
I first started
working with the 5250 applet. The problems that I had (and still
have)
have to do with the passing of UserID and password in the clear when I
start an applet session. Gaurav posted some code that has a servlet
that talks to the applet and passes the password back to it. I think
I
can follow the approach but wanted to know if anyone else had solved
this problem in a different way.
We have an HTML based menuing system that runs on the iSeries (under an
Apache web server). The user logs in via an HTML login prompt and
then
the menu(s) are generated from there. Some of the menu items are
HTML
based but some are 5250
[Tn5250j-general] Release
Hello all What is in CVS will be frozen as of tomorrow my time unless there are some show stoppers. I will put out a release tomorrow or saturday. The release number will be 0.6.0. If anybody has any opinions on this let me know. Regards Kenneth --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello all
First cover samples and then the questions afterwards.
I have basically taken the day off to write some sample programs. Am thinking
of creating a samples directory and delivering them on the SF download site.
If anybody has any sample code they have written to do some of the stuff that
comes up on the list. Please share this if you would like and I will package in
the samples as well.
Yes they are in clear text. There is a specification for encrypting the
password during this negotiation if anybody is interested in implementing it
within the emulator. Contact me and I will give you a link and the process to
follow for this implementation. It envolves using DES encryption routines.
Any takers and we can kick this clear text password problem in the rear end once
in for all.
Now as for the sample program I wrote I provide a copy of the description from
the program here.
/**
* First this is an example program copied from the delivered My5250App.java
* program written for the tn5250j emulator.
*
* @author Kenneth J. Pouncey
*
* You will find two parts interesting for this example:
* 1) Communicating with a Servlet (PasswordServlet) to obtain user signon
*creditials. These are then loaded into the properties to be
*used for connection.
* 2) The use of a scanning listener. See the information for the
method
* scanned() implemented for the interface ScanListener();
*
*
*/
If need be the communication with the PasswordServlet servlet could be https://
but of course if we were serving from an https server we really would not need
this.
This should take care of the first of the requirements unless I mis-understood
the problem with trasmitting the password in clear text to begin with. I assume
the password problem was being passed as a parameter in the applet html code.
In both the servlet code and example program you could write a very simple
encryption routine to send the password encrypted. There is some sample
encryption code in org.tn5250j.tools called DESSHA1 that I use for the Options
Access password encryption. You could use it in the servlet to encrypt the
password before sending it and then decrypt it when it arrives in the applet.
Also; this implements the scanning listener to do anything you would like when
you receive the command. I also have an example AS/400 program to test with if
you are interested.
If you follow the outline that Wim mentions below you could do just about
anything you want including change the flow of the screens for the user.
Pete I will send the code in a few. If anybody else is interested in this let
me know.
Regards
Kenneth
Quoting [EMAIL PROTECTED]:
> Hello Pete,
>
> I'm not quite sure why everybody make a problem about the clear passwords.
> When you would send them encrypted, the emulator telnets to the AS/400 and
> what does he do in the first place: send your userid and password to the
> as/400. I think that these are in clear text also.
>The only solution would
> be to SSL or VPN your communication to your webserver and AS/400.
>
> Next the autoclosing is fairly easy to implement using the autologin and
> scanning we have introduced in the emulator: when logging on you want to
> autostart a command. Lets call this the application command. What you can
> do is wrap this app command in you own shell command. e.g. start
> cmd('appcmd'). The start can do a few thing like setting liblists etc. But
> it's main purpose is to properly shutdown the emulator. You can do this in
> 2 ways: to a signof with disconnect. At the emulator side, you can attach
> a sessionlistener and have you applet navigate away from you page as the
> session gets disconnected. Or the start command can also trigger a scan
> code to the emulator: #! END so the applet can listen to this and perform
> an end of session. This way you can do a lot more than just ending.
>
> Hope this helps,
> Wim.
>
>
>
>
> Pete Helgren <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 15/06/2005 21:06
> Please respond to
> tn5250j-general@lists.sourceforge.net
>
>
> To
> TN5250J List
> cc
>
> Subject
> [Tn5250j-general] Passing User ID and Password in Applet
>
>
>
>
>
>
> I had posted some of this about two years ago when I first started
> working with the 5250 applet. The problems that I had (and still have)
> have to do with the passing of UserID and password in the clear when I
> start an applet session. Gaurav posted some code that has a servlet
> that talks to the applet and passes the password back to it. I think I
> can follow the approach but wanted to know if anyone else had solved
> this problem in a different way.
>
> We have an HTML based menuing system that runs on the iSeries (under an
> Apache web server). The user logs in via an HTML login prompt and then
> the menu(s) are generated from there. Some of the menu items are HTML
> based but some are 52
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello Pete,
I'm not quite sure why everybody make
a problem about the clear passwords. When you would send them encrypted,
the emulator telnets to the AS/400 and what does he do in the first place:
send your userid and password to the as/400. I think that these are in
clear text also. The only solution would be to SSL or VPN your communication
to your webserver and AS/400.
Next the autoclosing is fairly easy
to implement using the autologin and scanning we have introduced in the
emulator: when logging on you want to autostart a command. Lets call this
the application command. What you can do is wrap this app command in you
own shell command. e.g. start cmd('appcmd'). The start can do a few thing
like setting liblists etc. But it's main purpose is to properly shutdown
the emulator. You can do this in 2 ways: to a signof with disconnect. At
the emulator side, you can attach a sessionlistener and have you applet
navigate away from you page as the session gets disconnected. Or the start
command can also trigger a scan code to the emulator: #! END so the applet
can listen to this and perform an end of session. This way you can do a
lot more than just ending.
Hope this helps,
Wim.
Pete Helgren <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
15/06/2005 21:06
Please respond to
tn5250j-general@lists.sourceforge.net
To
TN5250J List
cc
Subject
[Tn5250j-general] Passing
User ID and Password in Applet
I had posted some of this about two years ago when
I first started
working with the 5250 applet. The problems that I had (and still
have)
have to do with the passing of UserID and password in the clear when I
start an applet session. Gaurav posted some code that has a servlet
that talks to the applet and passes the password back to it. I think
I
can follow the approach but wanted to know if anyone else had solved
this problem in a different way.
We have an HTML based menuing system that runs on the iSeries (under an
Apache web server). The user logs in via an HTML login prompt and
then
the menu(s) are generated from there. Some of the menu items are
HTML
based but some are 5250 apps and we launch them using tn5250j in an
applet. We generate the HTML that launches the applet on the fly
using
a template but so far we have had to pass the password in the clear, not
a good solution. So, if you have any ideas that we could use to start
the applet without passing the password in the clear, I'd like to hear
about it.
We also have a need to end the application gracefully when the users are
done running the 5250 application. Right now, we display a message
that
says "Click the Exit link to end the program" and the user has
to click
the link to end the session. What I would like to do is have the
applet
close when the 5250 application has ended automatically. I am not
sure
how to accomplish this since the 5250 session would have to "tell"
the
applet to close
I'd appreciate anyone's idea as to how to solve these two issues as
simply as possible.
Thanks,
Pete Helgren
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
___
Tn5250j-general mailing list
Tn5250j-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tn5250j-general
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hi Pete/Kenneth,
Been a while, but I keep following the
goings-on in this group from time to time.
I had done a POC a couple of years ago
as Pete mentioned. I was successfully able to pass the username/password
to the applet from a servlet. The applet had to be signed for this purpose.
The username/password pair was present in a text file in my local file
system. The password was encrypted using a simple encryption tool.
But the business users still had a problem
putting the password, even though encrypted, in a text file. Some other
team in my project has been working on the project now and they have dropped
the web aspect of it, i.e. the applet-HTML interface. From a web page,
they launch and use the Mocha 8.0 emulator combined with an ActiveX control
to pass the keystrokes to the emulator.
Do lemme know if I can provide you any
more info.
BR/ Gaurav
Kenneth Pouncey <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/16/2005 12:07 PM
Please respond to
tn5250j-general@lists.sourceforge.net
To
tn5250j-general@lists.sourceforge.net
cc
Subject
Re: [Tn5250j-general] Passing User ID
and Password in Applet
Pete
Here is the part about the flow control that he uses and is actually quite
cool for the implementation. Had not thought of doing it that way.
It would be a change on the host but very small as the original command
is wrapped and the application process is not changed in anyway.
=
- What we normally do, is to wrap the normal command they want to launch
in a special command of our own. E.g. instead of issuing a WRKUSRJOB USER(user)
we issue a STRCMD CMD('WRKUSRJOB USER(user)'); the only thing our STRCMD
does is launching the command, but when the normal command ends and we
fall back in the program stacking onto our wrapper command, we send the
!# event or just do a signof with disconnect. The emulator at the Java
side knows to close itself then. In GUI mode we can then even issue 5250
as modal dialogs etc without a problem. So we do make it interactive! We
can not however send back information towards the web application directly
as we can keep synchronisations in there. We did once start to cache the
5250 sessions, but that poses more of problem than it brings advantages.
The only thing I still would like is to be able to create a protocol bean,
connect it, start the initial command and only then hook it to a interactive
terminal. This way the user would'n see the login and launch scenario pass
by as they do now.
Here is the link to the full message:
http://www.mail-archive.com/tn5250j-general@lists.sourceforge.net/msg00219.html
This should solve just about everything except the user and password problem
but am thinking of the applet to servlet would take care of this or the
SessionBean and wrapping everything up yourself in your own Applet code.
Regards
Kenneth
Pete Helgren wrote:
I had posted some of this about two years ago when I first
started working with the 5250 applet. The problems that I had (and
still have) have to do with the passing of UserID and password in the clear
when I start an applet session. Gaurav posted some code that has
a servlet that talks to the applet and passes the password back to it.
I think I can follow the approach but wanted to know if anyone else
had solved this problem in a different way.
We have an HTML based menuing system that runs on the iSeries (under an
Apache web server). The user logs in via an HTML login prompt and
then the menu(s) are generated from there. Some of the menu items
are HTML based but some are 5250 apps and we launch them using tn5250j
in an applet. We generate the HTML that launches the applet on the
fly using a template but so far we have had to pass the password in the
clear, not a good solution. So, if you have any ideas that we could
use to start the applet without passing the password in the clear, I'd
like to hear about it.
We also have a need to end the application gracefully when the users are
done running the 5250 application. Right now, we display a message
that says "Click the Exit link to end the program" and the user
has to click the link to end the session. What I would like to do
is have the applet close when the 5250 application has ended automatically.
I am not sure how to accomplish this since the 5250 session would
have to "tell" the applet to close
I'd appreciate anyone's idea as to how to solve these two issues as simply
as possible.
Thanks,
Pete Helgren
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
__
