I had to perfrom a mutual authentification with certificate between a Javascript client and a Server running with TomCat
I change the configuration of my server so it will find the trust/keys store
But for the client part,i found many exemples with a JAVA client using the javax.net.ssl to define parameters (keyStore/Truststore) but i did not found anything for a JavaScript Client
is it Possible and how i can do it?
Thanks a lot!
Related
I have a JavaScript client that uses the Guacamole.Client (guacamole-common-js class) and I would like to directly connect to guacd avoiding the tunneling through a server (like they do in the example).
So I need to pass the parameters like the ip and port of the RDP-host, username and password etc. from the JavaScript client to the guacd proxy and open the connection.
For anyone who may be interested, I found a (sort of) workaround:
I couldn't find a way to connect from the Javascript client directly but I found an alternative to the server side Java servlet. It's an npm package called guacamole-lite. With that, you can tunnel your request through a node js backend.
I want to authenticate users of my app, I know how to do it using php on client but Electron can't use PHP at client side
Is there a way to authenticate users from mysql in Electron's app?
I need something like $_SESSION (PHP)
Thanks for the help :D
First never authenticate on the client side. Always on server side. Use OAuth´s PHP Implementation or write you own implementation. Then simply use node´s native https request and return json from your server, PHP script. Please do a lot more research on application design and security.
we are about to code a client side mvc app in javascript (angularjs). on the server side we ha ve node.js running to serve the templates etc.. i am new the "front end" side of the story - i am "typical" java backend guy - so apologies in advance ;-)
i want to authenticate and talk against our own internal rest api which is based on oauth. i can get the handshake to work and the basic setup seems to be working.
my question is: where do i put all the oauth handshaking and "wrapping" code?
so far i've found these solutions:
let's assume both, client and server side are implemented in javascript and the "real server" is a jetty serving the rest api secured with oauth.
client (js) -> server (node.js) -> server (jetty+oauth)
client -> node.js -> does all the oauth stuff
client -> directly to jetty server
version 1. has the benefit of securing all the details of the api and oauth handling (so nobody looking at the source code of the html/js could see this)
version 2. has the advantage of skipping the intermediary layer, but everybody could see the oauth key/secret ....
i hope you get what i mean. is there any guideline/tutorial detailing "best practices" for dealing with a secured api that is needed by a client side mvc application running inside the browser of the user?
any help highly appreciated.
cheers
marcel
I want to connect to a Java Restful webservice that uses SSL from a Javascript client.
I could write standalone Java client that connects to the keystore and imports the certificates and could connect successfully.
How can I achieve the same thing using Javascript, XMLHttpRequest.
Thanks in advance for any pointers.
I'm not entirely sure I understand your question. But, to make a SSL asynchronous request against a server with JavaScript, the only change you need to make is to use https in your RESTful target URL instead of http.
This is more of a conceptual question.
I'm trying to create a Javascript jabber client that can be installed on any arbitrary page (on x.com and y.com), and I'd like this client to be able to communicate with a remote jabber server (chatserver.com).
According to the readme of one javascript client I'm lookign at (jsjac), it is an inherent limitation of javascript that it can't communicate with a remote server due to cross site issues.
I'd appreciate hearing from anyone about how to overcome this hurdle. A pointer to an example would be extremely helpful.
[Update] I'm assuming here that I have no control over x.com and y.com, the client servers. The folks at Hab.la seem to have pulled this off, not sure how.
The simplest way around this is to proxy the requests from the JavaScript client to the remote server, via the server that hosts the client.
Apache's mod_proxy extension handles this fine.