Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello Pete, I think you are completely right in your interpretation. The SSL or VPN tunnel would encrypt all communcation between the PC and the (web and AS400) server. If the user would popup the HTML source he would indeed see (his own?) userid and password. The auto disconnect feature as you describe it would indeed do an signoff endcnn(*yes) as final command. For the Java part you would have to popup an applet or frame or whatever to create a session, launch it, add a session listener to it that closes on disconnection. I'll look into providing an example. Wim. Pete Helgren <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 16/06/2005 18:35 Please respond to tn5250j-general@lists.sourceforge.net To tn5250j-general@lists.sourceforge.net cc Subject Re: [Tn5250j-general] Passing User ID and Password in Applet Thanks to all. You gave me much to think about Wim, I don't know much about SSL or how it is initiated but I thought that if you used SSL the stream was fully encrypted. That is, if you are using SSL then the traffic that is passing over port 992 is encrypted, even the signon screen. Is that the case? Also, our HTML based menuing system can run in an HTTPS environment so executing the applet under HTTPS would encrypt the page I think, though if the user viewed the page source they would see the password in plain text, right? The encryption is just used between the browser and the server. The HTML as rendered by the browser is still in plain text. It *could* allow a user to view the source on another user's browser and see the password (at least I think this is possible). I think I understand the applet ending routine that you currently have but since I don't work that closely with the internals of 5250 some of what you and Kenneth are saying is going over my head. And I am still a relative rookie with Java so I need a bit more info and, if you can, a small snippet of code that demonstrates what you are talking about. For example, when you say "wrap the command" and then use a signoff with a disconnect, are you saying that I could just have a CL program that has a call to whatever program we want to run (in fact, we already have this) and then at the end of the command use SIGNOFF ENDCNN(*YES)? I think you also are saying that we need to add a sessionlistener to the applet code and then use that to trigger the navigation when the session is disconnected. I am not familiar with using a sessionlistener but with an example I think I can figure it out (code examples are always helpful). It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES) should be easy enough but I need a little help with the sessionlistener logic. Thanks! Now I just need to deal with the password issue and I think I have it. Pete BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If you can't find it in the archives, I can send it to you. [EMAIL PROTECTED] wrote: Hello Pete, I'm not quite sure why everybody make a problem about the clear passwords. When you would send them encrypted, the emulator telnets to the AS/400 and what does he do in the first place: send your userid and password to the as/400. I think that these are in clear text also. The only solution would be to SSL or VPN your communication to your webserver and AS/400. Next the autoclosing is fairly easy to implement using the autologin and scanning we have introduced in the emulator: when logging on you want to autostart a command. Lets call this the application command. What you can do is wrap this app command in you own shell command. e.g. start cmd('appcmd'). The start can do a few thing like setting liblists etc. But it's main purpose is to properly shutdown the emulator. You can do this in 2 ways: to a signof with disconnect. At the emulator side, you can attach a sessionlistener and have you applet navigate away from you page as the session gets disconnected. Or the start command can also trigger a scan code to the emulator: #! END so the applet can listen to this and perform an end of session. This way you can do a lot more than just ending. Hope this helps, Wim. Pete Helgren <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 15/06/2005 21:06 Please respond to tn5250j-general@lists.sourceforge.net To TN5250J List cc Subject [Tn5250j-general] Passing User ID and Password in Applet I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that r
Re: [Tn5250j-general] Passing User ID and Password in Applet
Pete Pete Helgren wrote: Thanks to all. You gave me much to think about Wim, I don't know much about SSL or how it is initiated but I thought that if you used SSL the stream was fully encrypted. That is, if you are using SSL then the traffic that is passing over port 992 is encrypted, even the signon screen. Is that the case? Also, our HTML based menuing system can run in an HTTPS environment so executing the applet under HTTPS would encrypt the page I think, though if the user viewed the page source they would see the password in plain text, right? The encryption is just used between the browser and the server. The HTML as rendered by the browser is still in plain text. It *could* allow a user to view the source on another user's browser and see the password (at least I think this is possible). You are correct here. Although a way around that would be as per my previous message with the samples I am putting together. It is not 100% secure but normal users would not be able to figure out the streams that are passed back and forth. Anybody with a protocol sniffer would but that will not be in your environment I would think. I think I understand the applet ending routine that you currently have but since I don't work that closely with the internals of 5250 some of what you and Kenneth are saying is going over my head. No problems Pete with the example you will see what we are talking about. Actually it is not the internals of 5250 at all really but how we manipulate it. Just to regress a little. I always thought it was 5250 as well so wanted to know the magic behind it all thus the emulator. What you really get is how the 5250 emulator/client, not the datastreams at all, manipulates the 5250 information. The 5250 information is all in the objects of tn5250j we just need to react to certain events. And I am still a relative rookie with Java so I need a bit more info and, if you can, a small snippet of code that demonstrates what you are talking about. For example, when you say "wrap the command" and then use a signoff with a disconnect, are you saying that I could just have a CL program that has a call to whatever program we want to run (in fact, we already have this) and then at the end of the command use SIGNOFF ENDCNN(*YES)? I think you also are saying that we need to add a sessionlistener to the applet code and then use that to trigger the navigation when the session is disconnected. I am not familiar with using a sessionlistener but with an example I think I can figure it out (code examples are always helpful). It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES) should be easy enough but I need a little help with the sessionlistener logic. You could do it that way as well. I will put an example program out there for that as well. It really just depends on how much control you want. With the signoff end connection you really do not know if the application ended or there was a problem but using both the session listener and the scanlistener you can control just about anything. Thanks! Now I just need to deal with the password issue and I think I have it. I agree but I think we have that covered as well. Pete BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If you can't find it in the archives, I can send it to you. Thanks but I went ahead and coded it myself. The concept was easy enough but never had a need for it before. We will have you up and running in no time. Something to play with over the weekend :-P Regards Kenneth [EMAIL PROTECTED] wrote: Hello Pete, I'm not quite sure why everybody make a problem about the clear passwords. When you would send them encrypted, the emulator telnets to the AS/400 and what does he do in the first place: send your userid and password to the as/400. I think that these are in clear text also. The only solution would be to SSL or VPN your communication to your webserver and AS/400. Next the autoclosing is fairly easy to implement using the autologin and scanning we have introduced in the emulator: when logging on you want to autostart a command. Lets call this the application command. What you can do is wrap this app command in you own shell command. e.g. start cmd('appcmd'). The start can do a few thing like setting liblists etc. But it's main purpose is to properly shutdown the emulator. You can do this in 2 ways: to a signof with disconnect. At the emulator side, you can attach a sessionlistener and have you applet navigate away from you page as the session gets disconnected. Or the start command can also trigger a scan code to the emulator: #! END so the applet can listen to this and perform an end of session. This way you can do a lot more than just ending. Hope this helps, Wim. Pete Helgren <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 15/
Re: [Tn5250j-general] Passing User ID and Password in Applet
Thanks to all. You gave me much to think about Wim, I don't know much about SSL or how it is initiated but I thought that if you used SSL the stream was fully encrypted. That is, if you are using SSL then the traffic that is passing over port 992 is encrypted, even the signon screen. Is that the case? Also, our HTML based menuing system can run in an HTTPS environment so executing the applet under HTTPS would encrypt the page I think, though if the user viewed the page source they would see the password in plain text, right? The encryption is just used between the browser and the server. The HTML as rendered by the browser is still in plain text. It *could* allow a user to view the source on another user's browser and see the password (at least I think this is possible). I think I understand the applet ending routine that you currently have but since I don't work that closely with the internals of 5250 some of what you and Kenneth are saying is going over my head. And I am still a relative rookie with Java so I need a bit more info and, if you can, a small snippet of code that demonstrates what you are talking about. For example, when you say "wrap the command" and then use a signoff with a disconnect, are you saying that I could just have a CL program that has a call to whatever program we want to run (in fact, we already have this) and then at the end of the command use SIGNOFF ENDCNN(*YES)? I think you also are saying that we need to add a sessionlistener to the applet code and then use that to trigger the navigation when the session is disconnected. I am not familiar with using a sessionlistener but with an example I think I can figure it out (code examples are always helpful). It sounds like that is the way to go. Adding a SIGNOFF ENDCNN(*YES) should be easy enough but I need a little help with the sessionlistener logic. Thanks! Now I just need to deal with the password issue and I think I have it. Pete BTW Kenneth, Gaurav posted his code to the list on July 2nd, 2003. If you can't find it in the archives, I can send it to you. [EMAIL PROTECTED] wrote: Hello Pete, I'm not quite sure why everybody make a problem about the clear passwords. When you would send them encrypted, the emulator telnets to the AS/400 and what does he do in the first place: send your userid and password to the as/400. I think that these are in clear text also. The only solution would be to SSL or VPN your communication to your webserver and AS/400. Next the autoclosing is fairly easy to implement using the autologin and scanning we have introduced in the emulator: when logging on you want to autostart a command. Lets call this the application command. What you can do is wrap this app command in you own shell command. e.g. start cmd('appcmd'). The start can do a few thing like setting liblists etc. But it's main purpose is to properly shutdown the emulator. You can do this in 2 ways: to a signof with disconnect. At the emulator side, you can attach a sessionlistener and have you applet navigate away from you page as the session gets disconnected. Or the start command can also trigger a scan code to the emulator: #! END so the applet can listen to this and perform an end of session. This way you can do a lot more than just ending. Hope this helps, Wim. Pete Helgren <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 15/06/2005 21:06 Please respond to tn5250j-general@lists.sourceforge.net To TN5250J List cc Subject [Tn5250j-general] Passing User ID and Password in Applet I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello all First cover samples and then the questions afterwards. I have basically taken the day off to write some sample programs. Am thinking of creating a samples directory and delivering them on the SF download site. If anybody has any sample code they have written to do some of the stuff that comes up on the list. Please share this if you would like and I will package in the samples as well. Yes they are in clear text. There is a specification for encrypting the password during this negotiation if anybody is interested in implementing it within the emulator. Contact me and I will give you a link and the process to follow for this implementation. It envolves using DES encryption routines. Any takers and we can kick this clear text password problem in the rear end once in for all. Now as for the sample program I wrote I provide a copy of the description from the program here. /** * First this is an example program copied from the delivered My5250App.java * program written for the tn5250j emulator. * * @author Kenneth J. Pouncey * * You will find two parts interesting for this example: * 1) Communicating with a Servlet (PasswordServlet) to obtain user signon *creditials. These are then loaded into the properties to be *used for connection. * 2) The use of a scanning listener. See the information for the method * scanned() implemented for the interface ScanListener(); * * */ If need be the communication with the PasswordServlet servlet could be https:// but of course if we were serving from an https server we really would not need this. This should take care of the first of the requirements unless I mis-understood the problem with trasmitting the password in clear text to begin with. I assume the password problem was being passed as a parameter in the applet html code. In both the servlet code and example program you could write a very simple encryption routine to send the password encrypted. There is some sample encryption code in org.tn5250j.tools called DESSHA1 that I use for the Options Access password encryption. You could use it in the servlet to encrypt the password before sending it and then decrypt it when it arrives in the applet. Also; this implements the scanning listener to do anything you would like when you receive the command. I also have an example AS/400 program to test with if you are interested. If you follow the outline that Wim mentions below you could do just about anything you want including change the flow of the screens for the user. Pete I will send the code in a few. If anybody else is interested in this let me know. Regards Kenneth Quoting [EMAIL PROTECTED]: > Hello Pete, > > I'm not quite sure why everybody make a problem about the clear passwords. > When you would send them encrypted, the emulator telnets to the AS/400 and > what does he do in the first place: send your userid and password to the > as/400. I think that these are in clear text also. >The only solution would > be to SSL or VPN your communication to your webserver and AS/400. > > Next the autoclosing is fairly easy to implement using the autologin and > scanning we have introduced in the emulator: when logging on you want to > autostart a command. Lets call this the application command. What you can > do is wrap this app command in you own shell command. e.g. start > cmd('appcmd'). The start can do a few thing like setting liblists etc. But > it's main purpose is to properly shutdown the emulator. You can do this in > 2 ways: to a signof with disconnect. At the emulator side, you can attach > a sessionlistener and have you applet navigate away from you page as the > session gets disconnected. Or the start command can also trigger a scan > code to the emulator: #! END so the applet can listen to this and perform > an end of session. This way you can do a lot more than just ending. > > Hope this helps, > Wim. > > > > > Pete Helgren <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 15/06/2005 21:06 > Please respond to > tn5250j-general@lists.sourceforge.net > > > To > TN5250J List > cc > > Subject > [Tn5250j-general] Passing User ID and Password in Applet > > > > > > > I had posted some of this about two years ago when I first started > working with the 5250 applet. The problems that I had (and still have) > have to do with the passing of UserID and password in the clear when I > start an applet session. Gaurav posted some code that has a servlet > that talks to the applet and passes the password back to it. I think I > can follow the approach but wanted to know if anyone else had solved > this problem in a different way. > > We have an HTML based menuing system that runs on the iSeries (under an > Apache web server). The user logs in via an HTML login prompt and then > the menu(s) are generated from there. Some of the menu items are HTML > based but some are 52
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello Pete, I'm not quite sure why everybody make a problem about the clear passwords. When you would send them encrypted, the emulator telnets to the AS/400 and what does he do in the first place: send your userid and password to the as/400. I think that these are in clear text also. The only solution would be to SSL or VPN your communication to your webserver and AS/400. Next the autoclosing is fairly easy to implement using the autologin and scanning we have introduced in the emulator: when logging on you want to autostart a command. Lets call this the application command. What you can do is wrap this app command in you own shell command. e.g. start cmd('appcmd'). The start can do a few thing like setting liblists etc. But it's main purpose is to properly shutdown the emulator. You can do this in 2 ways: to a signof with disconnect. At the emulator side, you can attach a sessionlistener and have you applet navigate away from you page as the session gets disconnected. Or the start command can also trigger a scan code to the emulator: #! END so the applet can listen to this and perform an end of session. This way you can do a lot more than just ending. Hope this helps, Wim. Pete Helgren <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 15/06/2005 21:06 Please respond to tn5250j-general@lists.sourceforge.net To TN5250J List cc Subject [Tn5250j-general] Passing User ID and Password in Applet I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hi Pete/Kenneth, Been a while, but I keep following the goings-on in this group from time to time. I had done a POC a couple of years ago as Pete mentioned. I was successfully able to pass the username/password to the applet from a servlet. The applet had to be signed for this purpose. The username/password pair was present in a text file in my local file system. The password was encrypted using a simple encryption tool. But the business users still had a problem putting the password, even though encrypted, in a text file. Some other team in my project has been working on the project now and they have dropped the web aspect of it, i.e. the applet-HTML interface. From a web page, they launch and use the Mocha 8.0 emulator combined with an ActiveX control to pass the keystrokes to the emulator. Do lemme know if I can provide you any more info. BR/ Gaurav Kenneth Pouncey <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/16/2005 12:07 PM Please respond to tn5250j-general@lists.sourceforge.net To tn5250j-general@lists.sourceforge.net cc Subject Re: [Tn5250j-general] Passing User ID and Password in Applet Pete Here is the part about the flow control that he uses and is actually quite cool for the implementation. Had not thought of doing it that way. It would be a change on the host but very small as the original command is wrapped and the application process is not changed in anyway. = - What we normally do, is to wrap the normal command they want to launch in a special command of our own. E.g. instead of issuing a WRKUSRJOB USER(user) we issue a STRCMD CMD('WRKUSRJOB USER(user)'); the only thing our STRCMD does is launching the command, but when the normal command ends and we fall back in the program stacking onto our wrapper command, we send the !# event or just do a signof with disconnect. The emulator at the Java side knows to close itself then. In GUI mode we can then even issue 5250 as modal dialogs etc without a problem. So we do make it interactive! We can not however send back information towards the web application directly as we can keep synchronisations in there. We did once start to cache the 5250 sessions, but that poses more of problem than it brings advantages. The only thing I still would like is to be able to create a protocol bean, connect it, start the initial command and only then hook it to a interactive terminal. This way the user would'n see the login and launch scenario pass by as they do now. Here is the link to the full message: http://www.mail-archive.com/tn5250j-general@lists.sourceforge.net/msg00219.html This should solve just about everything except the user and password problem but am thinking of the applet to servlet would take care of this or the SessionBean and wrapping everything up yourself in your own Applet code. Regards Kenneth Pete Helgren wrote: I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast.
Re: [Tn5250j-general] Passing User ID and Password in Applet
Wim, Pete and all CORRECTION! Sorry about what was written. It sounded like I did not like Wim's implementation but meant I did not like the implementation of the portal article as the thread mentions and gives reasons why. Sorry. It seems I need to go back and learn how to write in my native language :-) Kenneth Kenneth Pouncey wrote: Hello Pete Pete Helgren wrote: I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. I do not remember this post for having the applet talk with a servlet. That would take a modification of the applet code correct? What would be the key to pass to the servlet to obtain the information? Actually asking what the flow is for the communication. It actually sounds quite neat and if you have an example could you post it again. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. What about doing the signin within the code first using a ProtocolBean or SessionBean? When the applet is served it would already be on the display that would like. Kind of like the Portal conversation that Wim and I were having a couple of days ago. That is bascially what he was doing. Not sure I like the solution he suggests as I think there are more elegant ways to do this within the code base. With the SessionBean you can set this information before doing the connect via the setter methods. Including the program and library to start with. Look in the list archives for the Portal conversation. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I am not to sure how to handle this scenario of closing an applet but what you could do is attach a scan listener to the session object and then trap that code in your listener. Am not clear on the applet closing part though as to what exactly it should do. Within your scanner listener you could then call another servlet to close the session or redirect you to another page. It would actually take a modification to the host application though to do this. Basically it would be a screen that starts with #! in the first position with the command to parse after it. All the code is there to see how it works in scan() method. I think I posted something on this last week and that is how Wim does this within his application. Well actually from what I understand he passes whole processes to the scan listener to run custom objects but the concept is the same. Again unfortunately a modification of the host system to call the new display screen at the end though. That is the only way the applet/emulator would know when it should close down. I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Hopefully the above helps. Am sure Wim could answer some more questions on this as that was what we came up with when he was asking about this. I had some very basic code implementing this idea in the emulator but Wim and his team went way further with it. Actually works like a charm. Regards Kenneth Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general . --- SF.Net email is sponsored by: Discover Easy
Re: [Tn5250j-general] Passing User ID and Password in Applet
Pete Here is the part about the flow control that he uses and is actually quite cool for the implementation. Had not thought of doing it that way. It would be a change on the host but very small as the original command is wrapped and the application process is not changed in anyway. = - What we normally do, is to wrap the normal command they want to launch in a special command of our own. E.g. instead of issuing a WRKUSRJOB USER(user) we issue a STRCMD CMD('WRKUSRJOB USER(user)'); the only thing our STRCMD does is launching the command, but when the normal command ends and we fall back in the program stacking onto our wrapper command, we send the !# event or just do a signof with disconnect. The emulator at the Java side knows to close itself then. In GUI mode we can then even issue 5250 as modal dialogs etc without a problem. So we do make it interactive! We can not however send back information towards the web application directly as we can keep synchronisations in there. We did once start to cache the 5250 sessions, but that poses more of problem than it brings advantages. The only thing I still would like is to be able to create a protocol bean, connect it, start the initial command and only then hook it to a interactive terminal. This way the user would'n see the login and launch scenario pass by as they do now. Here is the link to the full message: http://www.mail-archive.com/tn5250j-general@lists.sourceforge.net/msg00219.html This should solve just about everything except the user and password problem but am thinking of the applet to servlet would take care of this or the SessionBean and wrapping everything up yourself in your own Applet code. Regards Kenneth Pete Helgren wrote: I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general .
Re: [Tn5250j-general] Passing User ID and Password in Applet
and link to the archives. Scroll down to tn5250j portal thread. http://www.mail-archive.com/tn5250j-general@lists.sourceforge.net/ Pete Helgren wrote: I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general . --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general
Re: [Tn5250j-general] Passing User ID and Password in Applet
Here is a link again to the article: http://www.itjungle.com/fhg/fhg042005-story01.html Like I said do not like the solution but the implementation is great. Pete Helgren wrote: I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general . --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general
Re: [Tn5250j-general] Passing User ID and Password in Applet
Hello Pete Pete Helgren wrote: I had posted some of this about two years ago when I first started working with the 5250 applet. The problems that I had (and still have) have to do with the passing of UserID and password in the clear when I start an applet session. Gaurav posted some code that has a servlet that talks to the applet and passes the password back to it. I think I can follow the approach but wanted to know if anyone else had solved this problem in a different way. I do not remember this post for having the applet talk with a servlet. That would take a modification of the applet code correct? What would be the key to pass to the servlet to obtain the information? Actually asking what the flow is for the communication. It actually sounds quite neat and if you have an example could you post it again. We have an HTML based menuing system that runs on the iSeries (under an Apache web server). The user logs in via an HTML login prompt and then the menu(s) are generated from there. Some of the menu items are HTML based but some are 5250 apps and we launch them using tn5250j in an applet. We generate the HTML that launches the applet on the fly using a template but so far we have had to pass the password in the clear, not a good solution. What about doing the signin within the code first using a ProtocolBean or SessionBean? When the applet is served it would already be on the display that would like. Kind of like the Portal conversation that Wim and I were having a couple of days ago. That is bascially what he was doing. Not sure I like the solution he suggests as I think there are more elegant ways to do this within the code base. With the SessionBean you can set this information before doing the connect via the setter methods. Including the program and library to start with. Look in the list archives for the Portal conversation. So, if you have any ideas that we could use to start the applet without passing the password in the clear, I'd like to hear about it. We also have a need to end the application gracefully when the users are done running the 5250 application. Right now, we display a message that says "Click the Exit link to end the program" and the user has to click the link to end the session. What I would like to do is have the applet close when the 5250 application has ended automatically. I am not sure how to accomplish this since the 5250 session would have to "tell" the applet to close I am not to sure how to handle this scenario of closing an applet but what you could do is attach a scan listener to the session object and then trap that code in your listener. Am not clear on the applet closing part though as to what exactly it should do. Within your scanner listener you could then call another servlet to close the session or redirect you to another page. It would actually take a modification to the host application though to do this. Basically it would be a screen that starts with #! in the first position with the command to parse after it. All the code is there to see how it works in scan() method. I think I posted something on this last week and that is how Wim does this within his application. Well actually from what I understand he passes whole processes to the scan listener to run custom objects but the concept is the same. Again unfortunately a modification of the host system to call the new display screen at the end though. That is the only way the applet/emulator would know when it should close down. I'd appreciate anyone's idea as to how to solve these two issues as simply as possible. Thanks, Hopefully the above helps. Am sure Wim could answer some more questions on this as that was what we came up with when he was asking about this. I had some very basic code implementing this idea in the emulator but Wim and his team went way further with it. Actually works like a charm. Regards Kenneth Pete Helgren --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tn5250j-general . --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ Tn5250j-general mailing list Tn5250j-general@lists.sourceforge.net https://lists.