Embed Size (px)
Citation preview
Secure FTPJAVA StyleBY RICH HELTON
(SUN CERTIFIED (SC) JAVA PROGRAMMER, SC JAVA DEVELOPER, SC ENTERPRISE ARCHITECT)
January 2010
Secure Java FTP(Java Style)
JFtp– Java Network Browser
The program can be found at http://j-ftp.sourceforge.net/ The source code can be found at
http://sourceforge.net/projects/j-ftp/files/.
Benefits of JFtp
Can run the Java code from the browser through “Web Start”.
Can download the JAR file and run it locally.Cross Platform. Runs easily on Mac OSX, Linux,
Windows, etc.Runs multiple protocols, SFTP, SMB, NFS, HTTP, and
various transfer protocols.Open Source so the code can be used to execute batch
jobs.Free to use.
To Launch or Download
JFtp can be run directly from the browser or downloaded.
To Launch
Clicking on “Launch via Java Web Start” will launch the JFtp from the browser.
Java must be able to run from the local Browser. If so a Security Warning will pop up:
To Launch
After clicking the “Run” button. JFtp Starts:
To Launch
Clicking on File->Connect to SFTP Server…..SFTP Configuration Starts:
Matching
When configuring SFTP, the ports, encryption, and authentication must match the server configuration for handshaking.
The source for the dialog box can be found at http://kickjava.com/src/net/sf/jftp/gui/hostchooser/SftpHostChooser.java.htm
Testing
One method to test locally is to pull down OpenSSH on a test machine.
OpenSSH can be found at http://www.openssh.com/ .Using OpenSSH, users and groups can be created using: C:\Program Files\OpenSSH\bin>mkpasswd -l -u RichH >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
Starting open SSH is done with:
Verify it is started:
Testing
Let’s connect through SFTP:
If Successful, the log window will tell you:
Testing SSH
Let’s connect SSH through Tools->SSH Shell…:
If Successful, the SSH Shell will appear:
JAR File
Instead of running from the “Web Start”, a JAR file can be used to run it using the “java –jar jtp.jar” command.
If Java is configured correctly, the JFtp will run in a Java Console that works like the “Web Start” version.
Some information about the GUI may be displayed:
Compiling Java
Compiling at the JFtp Code
The source code can be found at http://sourceforge.net/projects/j-ftp/files/.
Unzip the source, cd to j-ftp and ensure that the build.xml file is present:
Build.xml is the build file, similar to a “make” file for “C”, that Apache Ant will use to build and deploy the files.
ANT
Ant is a Java library and command-line tool. Ant's mission is to drive processes described in build files as targets and extension points dependent upon each other. The main known usage of Ant is the build of Java applications.
It can be found http://ant.apache.org/
Building
After installing Ant, run it in the build.xml directory:
Running
The build will create a jtfp.jar file in the builds/jars directory.
This file can be run with the “java –jar jftp.jar” command.
Editing JFTP
Looking at the JFtp Code
The review Java Code, I usually use Jedit, because it is a simpler editor, found at http://www.jedit.org/ .
Eclipse is also one of the most Java Editor, found at http://www.eclipse.org/ . More information can be found at http://en.wikipedia.org/wiki/Eclipse_ide .
These editors are Open Source with any plugins for coding.
The main file will be found at “src\java\net\sf\jftp\JFtp.java”.
Notice that the “package” name is “net.sf.jftp” which will define where the file has to live as well, as will as where the files will be placed in the JAR.
Looking at the JFtp Code
Jedit on JFtp.java:
Looking at the JFtp Code
To get UML diagrams of the code, ArgoUML can be used to parse the code to display the diagrams.
ArgoUML is an Open Source UML Modeler found at http://argouml.tigris.org/ .
UML
The Unified Modeling Language (UML) is used to visualize the software and how it works in a standardized blueprint. An example Use case:
ArgoUML
Javadocs
Javadocs is a document generating tool that is part of Java that generates HTML files describing the Java code. Referenced from http://en.wikipedia.org/wiki/Javadocs .
This is a way to self document the code. Inserting macros and comments in the code will create an HTML browse able view of the code:
Free Samples, as always
JFtp provides free sample code if you don’t want to use the GUI.
Under the doc directory, FTPDownload.java provides a download examples, and FTPUpload.java provides a upload example.
The “Web Start” code can also be found in this directory in the code “jftp.jnlp”
Information on the Java Network Launching Protocol can be found at http://en.wikipedia.org/wiki/.jnlp .
Compiling FtpDownload
Make sure that the jftp.jar is in the classpath and compile the FtpDownload.java.
JFtp Libraries
JFtp makes use of 2 different Java Libraries
JFtp uses a library for Jcraft’s “jsch” library, which is their Java Secure Shell, when the “Use JSch instead of j2ssh” is selected:
JSch
The JSch package is found at http://www.jcraft.com/jsch/Otherwise the standard j2ssh library is used found at
http://sourceforge.net/projects/sshtools/ .Both libraries support the Secure Copy Protocol (SCP) for
copying files through SSH.JFtp creates wrappers in its net.sf.jtp.net.wrappers for use
of such classes as SftpConnection, NfsConnection, HttpTransfer, Sftp2Connection, etc. that does the connection, downloading, uploading, change directory, remove directory and other work.
JSch
The JSch package is found at http://www.jcraft.com/jsch/Otherwise the standard j2ssh library is used found at
http://sourceforge.net/projects/sshtools/ .Both libraries support the Secure Copy Protocol (SCP) for
copying files through SSH.JFtp creates wrappers in its net.sf.jtp.net.wrappers for use
of such classes as SftpConnection, NfsConnection, HttpTransfer, Sftp2Connection, etc. that does the connection, downloading, uploading, change directory, remove directory and other work.
Sftp2Connection Class
One of the wrapper classes that uses the Jsch library is the Sftp2Connection class.
This class has functionality for login, setLocalPath, upload, download, and more.
Sftp2Connection upload snippet
public static void main(String[] args) {
String username = "RichH";
String password = ”password";
Sftp2Connection conn = new Sftp2Connection("localhost", ""+22, null);
conn.login(username,password);
System.out.println("PWD:" +conn.getPWD());
System.out.println("Local Path:"+conn.getLocalPath());
conn.setLocalPath("/jars");
System.out.println("Local Path:"+conn.getLocalPath());
conn.upload("jftp.jar");
conn.disconnect();
}
Sftp2Connection Upload snippet
The code snippet will create a secure connection for the Sftp2Connection class.
Then the login( ) function will authenticate using the username and password.
The Local directory will be the root directory as well as the remote directory, so the local directory is changed to “C:\jars”.
This directory contains “C:\jars\jftp.jar” that is uploaded with the upload ( ) function.
If there is any error along the way, an exception will happen pointing at the stack where the error code appeared.
Sftp2Connection Upload snippet
Running through JFtp manually, you can observe if the file is uploaded:
Conclusion
There are many Open Source Solutions
Users are no longer dependent on the survival of the software vendor.
Users can continue to develop and change the core of the acquired software.
Users can benefit from successful developments by others who have used or developed the software.
Open standards, such as XML are used for data exchange. The standards are open and not proprietary.
