views:

235

answers:

1

I have a Java Applet which needs to post some stuff to the web. The code, the author of which has long since disappeared, is currently using raw Java.net.Sockets to communicate with the server.

On the server side, the client requests are authenticated with NTLM or Kerberos. For requests coming from the browser itself, each HTTP header gets an added Authorization header.

Can a browser hosted java applet access the Authorization info from the browser? Or can the java applet use the browser's web stack instead (such as Flash and Silverlight), and have necessary authroization headers added by the browser itself?

A: 

Probably not, that sounds like it would be a security problem (i.e. you do not want any random java applet in the browser to reuse your authentication towards your online bank for instance).

hlovdal
But Java does have a HttpURLConnection class, which seems to reuse the browsers credentials. Can this then be used to upload files?I'm finding most docs out there extremely shady on the subject.
Benson