How can I make a Java applet for crossdomain request with client certificate and cookie session?

Question

How can I make a Java applet for crossdomain request with client certificate and cookie session?

I have a problem with a Java applet that I cannot get to send the correct cookie. The stream is as follows:

Web sequence flow

Without the crossdomain.xml file on port 80, the applet simply refuses to execute any CORS request at all, but with the help of the crossdomain file, requests come through BUT without any cookies. However, the client certificate is sent in the request.

It is also worth mentioning that JNLP is loaded from the same domain as the REST interface, which should allow Java to interact with this domain.

How can I get Java to make REST requests using cookies. The HTTP_ONLY or Secure flag is not enabled in the session cookie.

+5

java session-cookies cors applet crossdomain.xml

Martin k Dec 15 '14 at 10:03

source share

1 answer

Mikhail · Answer 1 · 2014-12-15T10:39:02+0000

Starting with the release of Java 6 Update 10 (2008-10-15), unsigned applets can now make network connections to remote servers (servers other than the server hosting the applet) using a special XML file called the crossdomain.xml file. This file must be available on the server that the applet is trying to connect to.

You must sign your applet to make requests using crossdomain.

How can I make a Java applet for crossdomain request with client certificate and cookie session?

More articles: