Tu Nguyen

Daeja viewone/ Java 6/ HttpOnly: Is this making any senses?

In my company, we use Daeja viewone product to view an image.  The part that we are using is the Java Applet and we got the big hit when Oracle enforce the java security on jre 1.7_0.45 and while client users are locked down with citrix environment and so on but that is a different story.

Recently, we upgrade the application so upgrade Daeja viewone applet (which is Daeja 4.1.4) is also a part of it.  When we test the viewer with the client, they could not view the image: the applet would display the error that said: FileNotFound, Java Runtime Log the bytes length is zero return from the connection.   But when we pasted the servlet url in the new tab, they image is there.  This happened when client is using Java runtime 6 (1.6_0.26).  I had tested with Java 7 and it is working perfectly fine on my end.  This is the java runtime console log when it is running java 6.

-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000624/000000000): 1442426518621> Net: Setting X-Client-Version: 4.1.4.0.0.2892
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000624/000000000): > Net: Connection using j1: false/false
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000624/000000000): > Net: Waiting for connection...
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000640/000000016): No streamerURL set
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000640/000000000): cookieDomainList is not set or empty, not returning cookies
network: Connecting https://cat.client.mycompany.biz/cat/webapp/loadImage?docIndex=0 with proxy=DIRECT
network: Connecting http://cat.client.mycompany.biz:443/ with proxy=DIRECT
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000640/000000000): > Net: Waited for connection...
network: Connecting https://cat.client.mycompany.biz/cat/webapp/loadImage?docIndex=0 with cookie "BIGipServerpool_client-cat-8090=291377324.39455.0000"
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000047): > Net: Connection date: 0
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: null = HTTP/1.1 200 OK
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: Date = Wed, 16 Sep 2015 18:01:58 GMT
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: Server = Apache-Coyote/1.1
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: Content-Language = en-CA
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: Content-Length = 0
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: Connection = close
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): Net: Connection Header: Content-Type = text/plain
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net: Connection processed...
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(5569): Connection: retrieving content length...
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(5569): Connection: Length = 0...
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(5569): Connection: retrieving content type...
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(X-Custom-Param1): Custom1: null
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(X-Server-Version): null
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(5569): Custom parameters2: 
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000687/000000000): > Net(5569): Connection params: 0/text/plain/0
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000015): > Net(5569): Connection state: false/text/plain - txt/0
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): > Net(5569): Reading...
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): NumRead is -1
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): > Net(5569): Read complete (0 bytes)
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): Num-bytes-so-far is 0
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): FileNotFoundException: #4: https://cat.client.mycompany.biz/cat/webapp/loadImage?docIndex=0
Server response: 200(HTTP_OK)
OK
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): > Net(5569): Error#2: step = 33
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): Network read checksum: 0
-a1> 8 ji.document.q -a1 16 Sep 2015, 14:01:58, EDT (000000702/000000000): File load completed in 78 milliseconds (https://cat.client.mycompany.biz/cat/webapp/loadImage?docIndex=0)
java.io.FileNotFoundException: #4 File not found
(Empty file): https://cat.client.mycompany.biz/cat/webapp/loadImage?docIndex=0
(https://cat.client.mycompany.biz/cat/webapp/loadImage?docIndex=0)
Server response: 200(HTTP_OK)
OK

Luckily, I remove my Java runtime 7 and install the same version as client is running (java 6) and I am able to produce the problem.  Open the ticket to IBM and they advised that client need to upgrade to Java 7 and not support by Java 6 to use the latest Daeja viewer.  But client advised that they are not ready to update Java version and rather to stay with older version of the viewer (which is 3.0.56).  But when I test with the older version, I have the same problem.  So what’s the hell wrong ???.

I scratch my head over the weekend since that I promise the client that we will have this working for them to test on Monday.  Run so many tests that I can think of: use the viewer to load a physical image file, it displays perfectly.  Changing the content type of the image, no effect.  I even wrote exactly same servlet class as current servlet for pushing the image out, but instead of grab the byte arrays from the session, this one is get it from url resource file and it displayed perfectly fine.  Debug more in the code and it seemed that the servlet is only executed up to before the line that session.getAttribute() and did not go any further.  Then I remember I did see IBM mention on the webphere to set httpOnly=false for streaming so I give this a try even though we are using Tomcat and IT WORKED.

Sample of Tomcat Context.xml

<Context httpOnly="false">... </Context>

Is this making any sense to you? Java applet is the client side application, if It get the session from the client side then it would make sense but this case would call the servlet to display the image from the response outputstream. HttpOnly is to prevent the Cross Site Scripting and I am able to see the image by the same servlet without the viewer.  How come Java 7 is working perfectly fine?  I wish that I have all the answers.  If you do, please email me at tuphuongvy2013@gmail.com.