Can you make http client connections from a web app(flash, java)?

Question

Before I jump both feet in and waste my time learning something that I can't use for my needs, I have to ask:

Can I make a http connection to another website from within a java applet or a flash file?

Say I have a java applet that wants to load results from google. Will the JVM give me access to such a call? What about Flash? I've read about URLLoader but am confused with the this:

" * Data loading is not allowed if the calling file is in the local-with-file-system sandbox and the target resource is from a network sandbox. * Data loading is also not allowed if the calling file is from a network sandbox and the target resource is local."

Anyway if it isn't possible, will it fail on the user silently or will it ask for permission?

Thanks a lot.

Answer 1

Of course you can do that in Java, and also flash. However some browsers and environments may restrict by forcing security levels.

The warnings you found were related to local<->remote. For web applications which is hosted on network, you can usually access other network resources. (well, some may restrict you for "other" domains - you'll need to check the security models)

But modern technology usually suggest you to do that with the combination of JavaScript. Google for "Ajax" and search for some frameworks that best fits your requirement - that would save a lot of time.

Answer 2

Yes, but the problem is that for security reasons, many browsers only allow the application to connect to the domain from which the application came from.

so for example, if I go to website A and my app is trying to make an access to website B, it could sometimes be blocked (e.g., to avoid spamming, attacks, etc.). A work-around, if you control website A, is to create a "pass-through" script on website A that will send the request to B.

Answer 3

Can I make a http connection to another website from within a java applet or a flash file?

From Flash, yes. You do need to read up on the Flash Security Model to be sure what you can and what you cannot ask. Most of the time this is to stop unauthorized access and/or XSS or similar attacks. Flex (a related technology), for example, does not give you access to your disk, whereas AIR does. Take your pick.

As for applets, you'll have to wait for someone else to explain it to you. But AFAIK, it also has a security model to pose the least threat to its users.

Answer 4

Not with ease. By definitions Java sandbox won't let your applet call other than the origin it came from. You will have to sign your applet properly. Then users will either trust your applet and let it call elsewhere, or deny it - it's up to user. You can self-sign your applet, but I would personally never allow such thingy on my computer. It's good for testing and stuff like that. So you'd probably need to buy a certificate from reputable source. Same to the Flash, I believe the idea is identical.

Answer 5

Java, JavaScript, Flash, etc., implement some form of "same origin" policy which only allows untrusted code to read from the site it was downloaded from. One way around this, supported to some extent by recent versions of Flash and Java since 6u10 is crossdomain.xml (Google it). This allows sites to permit access via code downloaded by other sites. Note, this requires the site you want to access to grant you permission to do so.