简体繁体 English

如何在Web服务器上编辑用户文件系统上的文件？

[英]How to edit files on the users file system from my web server?

原文 2010-05-17 14:12:14 3 6 java/ windows/ linux/ macos

I am really looking for implementation advice as I have entered a new realm that I am not familiar with. 我进入了一个我不熟悉的新领域，因此我确实在寻找实施建议。

At the simplest level, I would like to find a way that I can read/write to a users machine from my web server. 在最简单的层次上，我想找到一种可以从Web服务器读取/写入用户计算机的方法。 For this to work, I think I will have to install some sort of "plugin" on the users machine which can receive (or poll?) the server for instructions. 为此，我认为我必须在用户机器上安装某种“插件”，该机器可以接收（或轮询？）服务器以获取指示。

The above is the line of thought that I currently have, maybe using JAVA to do this. 以上是我目前的思路，也许使用JAVA来做到这一点。 This needs to work on Linux, Mac and Windows OS. 这需要在Linux，Mac和Windows OS上运行。

I am really looking for advice on the above, is it a good idea? 我真的在上面寻求建议，这是个好主意吗？ Is there a better way of doing this? 有更好的方法吗？ Is there something out there already that I can build on top of? 我已经可以在上面建立一些东西了吗？

I really appreciate all input and advice as this is something I have not done before. 我真的很感谢所有意见和建议，因为这是我以前从未做过的事情。

Thanks all 谢谢大家

6 个解决方案

For Java, you could launch a client application via Java Web Start that will be able to perform a limited set of operations on the file system. 对于Java，您可以通过Java Web Start启动客户端应用程序，它将能够在文件系统上执行一组有限的操作。

If this is too restrictive, then you would need to provide a link to a download of a client application that would be installed / executed on the user's desktop machine. 如果限制太严格，那么您需要提供一个链接，该链接指向将在用户的台式机上安装/执行的客户端应用程序的下载。

I'm assuming you want to read and write specific files on the users' machine that are not normally accessible (ie not temp files, or files in a sandbox). 我假设您想在用户的计算机上读写通常无法访问的特定文件（即非临时文件或沙箱中的文件）。 And you want to do this from your webserver. 您想从您的网络服务器上执行此操作。

As you looking for cross platform, I'd go with java. 当您寻找跨平台时，我会选择Java。 Given that your needs are simple (read/write files from remote commands) you could probably target JRE 1.4, which is now many years old, but is installed on ca. 鉴于您的需求很简单（从远程命令读取/写入文件），您可能会针对JRE 1.4，它已经存在很多年了，但已安装在ca. 98% of desktops ( source ). 98％的台式机（来源）。

Here's an overview of how you can approach this: 以下是如何实现此目的的概述：

Create a java applet or Java Web Start application that fetches a list of commands from a URL. 创建一个Java小程序或Java Web Start应用程序，该应用程序从URL中获取命令列表。 The URL can contain any specific identification that you need to identify the machine, such as the users ID (see below for alternatives.) 该URL可以包含您需要用来标识计算机的任何特定标识，例如用户ID（有关替代方法，请参见下文）。
Your webserver generates the list of commands that the applet should execute - create file, read file, write file and sends these as the response. 您的Web服务器生成小程序应执行的命令列表-创建文件，读取文件，写入文件，并将其作为响应发送。
Sign the applet/application, so that it can escape the restrictions of the sandbox. 对小程序/应用程序签名，以便它可以摆脱沙箱的限制。 To do this, you need to obtain a certificate. 为此，您需要获取证书。 More on this later. 稍后对此进行更多讨论。
Inform and educate your users about what the applet is doing. 通知和教育您的用户有关小程序的操作。 Eg a page on your site about why they are being asked to trust your certificate and what the implications are. 例如，您网站上的一个页面，说明为什么要求它们信任您的证书以及其含义是什么。

You can implement this as an applet or an application, the bulk of the work is pretty much the same. 您可以将其实现为applet或应用程序，大部分工作几乎相同。 I talk about applet, but remember it applies equally to application. 我说的是applet，但请记住它同样适用于应用程序。

In more detail: The applet requests a list of commands from a URL. 更详细地：小程序从URL请求命令列表。 To hamper attempts at using your applet on another malicious site, you should use HTTPS to fetch the list of commands so that the server is authenticated. 要阻止尝试在另一个恶意站点上使用Applet的尝试，应使用HTTPS来获取命令列表，以便对服务器进行身份验证。 The URL should be hard-coded into your applet, so that any attempts to change this will break the signing. 该URL应该硬编码到您的applet中，以便任何尝试更改此URL都将破坏签名。 How you communicate the commands to the applet via the URL is up to you, eg you can use XML or use RMI and simply send over the list of commands as an object. 如何通过URL将命令传达给applet取决于您，例如，您可以使用XML或RMI并简单地将命令列表作为对象发送。

I mentioned using the userid to identify the machine - using the machine's MAC address is also a possibility. 我提到使用用户ID来识别机器-也可以使用机器的MAC地址。 See how to get the mac address of the host . 了解如何获取主机的mac地址。

Once you have the list of commands, your applet executes these using java file I/O apis. 获得命令列表后，小程序将使用Java文件I / O API执行这些命令。 See File , FileReader/FileWriter in the javadocs. 请参阅javadocs中的File ，FileReader / FileWriter。 You include appropriate logging so the applets actions can be audited later if necessary. 您包括适当的日志记录，以便在必要时可以稍后审核applet的操作。 Once the applet has executed the commands, it sends the result of the commands back to the server, either as a POST operation, or another RMI method call, if you settle on RMI. 小程序执行命令后，如果您决定使用RMI，则将其结果作为POST操作或另一个RMI方法调用发送回服务器。

If you want to continually send commands from the server, then the applet can poll the URL/invoke the RMI method regularly. 如果要连续从服务器发送命令，则小程序可以轮询URL /定期调用RMI方法。 A Timer can help with this. 计时器可以帮助您。

With communciation errors, it will be necessary for the client to request the list of commands more than once. 出现通信错误时，客户端有必要多次请求命令列表。 Thus each time you produce a list of commands from the server, it is given an id. 因此，每次您从服务器生成命令列表时，都会为其指定一个ID。 The server gives out the same list with the same id until it receives acknowledgement from the applet that the commands have been executed. 服务器发出带有相同ID的相同列表，直到从小程序收到命令已执行的确认。

To sign the applet, you should obtain an rsa certificate from a certficiate authority. 要签署此小程序，您应该从证书颁发机构获得rsa证书。 You can self-sign, but then you are opening the door to others modifying your app and impersonating your certificate. 您可以自签名，但是随后您就可以打开其他人修改应用程序并假冒证书的大门。 Details on obtaining and using certificates are given here . 有关获得和使用证书的详细信息，请参见此处。

If you don't know java, then all of this may not make a huge amount of sense, and it's not a trivial project to get started on, particularly considering the implications for your users if your implementation has holes and defects. 如果您不懂Java，那么所有这些可能都不是很有意义，而且这不是一个容易上手的项目，尤其是考虑到实现中存在漏洞和缺陷对用户的影响。

It may be wise to exercise caution: although you can do this, doesn't necessarily mean you should. 谨慎行事可能是明智的：尽管您可以做到这一点，但不一定意味着您应该这样做。 I imagine that most expert users would frown on the use of this app, and would not accept the certificate. 我想大多数专家用户都会对使用此应用程序感到厌烦，并且不会接受证书。 And then there is culpability - if your app accidentally deletes a critical file through a bug, misconfiguration, human error etc, how will you be prepared for that? 然后就是罪魁祸首-如果您的应用通过错误，配置错误，人为错误等意外删除了关键文件，您将为此做好准备吗？

For the user, a web browser plugin may be the easiest, since the user won't have to manage yet another running application, however it has its limitation such as having to develop a plugin for each browser. 对于用户而言，Web浏览器插件可能是最简单的，因为用户不必管理另一个正在运行的应用程序，但是它有其局限性，例如必须为每个浏览器开发一个插件。 In addition, the user would need their browser running. 另外，用户将需要运行他们的浏览器。

You could have the user install a desktop application, which they would have to keep running, so installing it as a service might be ideal. 您可以让用户安装一个桌面应用程序，该应用程序必须继续运行，因此将其作为服务安装可能是理想的选择。

You could also use a plugin as a wedge between the web browser and a desktop application, which is how Flash works. 您还可以将插件用作Web浏览器和桌面应用程序之间的楔子，这就是Flash的工作方式。

To really know you will have to answer the "why" question, why do you wan tot do this. 要真正知道您将必须回答“为什么”问题，为什么要这么做呢。

If you are just trying to store some state on the user's machine that you need to have locally then for small things you can fall back on cookies, or for larger needs you can use the new Web Database features in HTML5 http://dev.w3.org/html5/webdatabase/ 如果您只是想在用户的计算机上存储需要本地存储的某些状态，则对于小的事情，您可以依靠Cookie，或者对于较大的需求，可以使用HTML5 http：// dev中的新Web数据库功能。 w3.org/html5/webdatabase/

If you need to access specific files then you are actually going to have to circumvent the security sand boxing that Java does when run on a webpage. 如果您需要访问特定文件，那么实际上您将不得不规避Java在网页上运行时所做的安全沙箱操作。 I will leave that for others to go into, I don't know how to do it off hand myself. 我会把这个留给别人去做，我自己也不知道该怎么办。

In my opinion, Applet will be a better solution. 我认为，Applet将是更好的解决方案。 I have made one applet which downloads a zip file from the server on client machine into temp folder, extracts the zip file into a directory specified by client (browser user) and then deletes the zip file. 我已经制作了一个applet，可将zip文件从客户端计算机上的服务器下载到temp文件夹中，然后将zip文件提取到客户端（浏览器用户）指定的目录中，然后删除该zip文件。

thanks. 谢谢。

The lowest hanging fruit might be to provide WebDAV access through your web server to a given set of files, as this allows the users to see the files as a part of their usual filesystem with all their usual tools. 最不容易的事情是通过Web服务器提供对一组给定文件的WebDAV访问，因为这使用户可以使用所有常用工具将这些文件视为其常用文件系统的一部分。 You then do not have to do all that functionality. 然后，您不必执行所有这些功能。

Looks like Slide can deploy on Tomcat, and JBoss has ModeShape. 看起来Slide可以部署在Tomcat上，而JBoss具有ModeShape。

Will that be useful enough? 这足够有用吗？