Publishing Java Applet Enabled Applications through IAG

  • Article

Most of the times I have been asked on how to publish a Java applet enabled application through IAG. Now IAG is an application proxy that intercepts the traffic to and from the backend webserver , now if you invoke an applet within your web application then considering Java applets compiled byte code and its own sandbox , IAG cant intercept applet communication to its dedicated java servlet. So the java applet web app isnt handled by IAG filter easily and it cannot rewrites the URL as expected . Now if you run in this kind of a situation then IAG does have a type of application wizard called "Generic Client Application - multiple server type" its pretty staright forward to handle the scenario as long as both the servers (webserver and the applet servlet) are on your network. If servlet is on internet then the story is bit more complicated.

here are the steps that should work to publish the Java applet:

  • Isolate the Java applet publishing from the web application using a GCA (Generic ClientApplication).
  • Verify the servlet URL and Port on the JRE console on your desktop.
  • Publish the applet using GCA (multi server) template wizard as a seperate application.
  • Ensure the Java applet works as expected via the tunnel.
    After the Java applet is functional, create a web-based application (main app i.e Java applet depenedant) in the IAG portal that will allow the URL to be auto-launched on the client, for both IE and Firefox browsers.

PS: Servlet URL need to be bypassing the proxy or put it on exception list. If you want to ensure that proxy is not fiddling gthen on the client ping to servlet URL and you should see its resolving to 127.0.0.x.

 

So the entire flow goes like this:

servlet is launched with GCA tunnel and by passes the proxy and since its the prerequsite of the main web application when you publish the application as a web app, it will launch successfully. Any Java applet control within the app should work seemlessly.

 

From security perspective its important to understand that Java applets run in their own sandbox so its your responsibility to ensure that you verify that the serlet is what this applet should be communicating with and basically using IAG we are simply tunneling it and not rewriting anything in the sandbox.