Administering a JSim-enabled Web Site

Introduction

This document gives describes how to write and serve JSim-enabled Web pages which allow you to demonstrate JSim, or particular models, to the public. This document assumes you are familiar with HTML, Web server administration and JSim remote server administration .

Contents:

  • Trusted and Untrusted Applets
  • Remote Model Computation
  • HTML Usage
  • Browser Requirements
  • Applet Trust Implementation at NSR
  • Comments or Questions?

Give feedback

Trusted and Untrusted Applets

Sim can run as a Java Web Start application through an HTML Web page. It may operate in either trusted or untrusted mode. In either mode, the JSim client applet can load demonstration projects, run models and plot results. However, when operating in untrusted mode the applet may not:

  • read or write files in the user's local file system. In JSim's case, this means loading or saving project, model, data and preferences files. (However, demostration project, model and data files can be loaded at program launch from accessible Web sites.)
  • establish network connections any host other than the one that serves the applet jar file (JSimClient.jar). In JSim's case, this affects the JSim remote server connection and any files loaded on the command line.

When an untrusted applet attempts an unpermitted operation, an error message will be generated, and the program will exit or continue as is appropriate.

Establishing an applet as trusted is a complex subject, and will not be dealt with here in great detail. The method used at the NSR website to establish trust is described at the end of this document.

Remote Model Computation

Since JSim's numerical library relies on native libraries, which are not allowed in applets (trusted or not), JSim applets perform model calculations on a host running the JSim server . Untrusted applet network connections are restricted to the host that serves the applet jar file (JSimClient.jar), meaning a JSim server must be running there. Trusted applets may connect to any network host (see the -server switch below).

HTML Usage

A comprehensive HTML and WWW server administration tutorial is beyond the scope of this document, which offers only a few simple examples of JSim applet usage within HTML. HTML authors interested in the JSim applet should consult HTML standard documentation for complete details and work with their local WWW server administrator.

An JSim applet is embedded in HTML via the object or applet tags using the java archive JSIMHOME/lib/JSimClient.jar from your JSim distribution. AN example jnlp file for a model demo.mod:

< jnlp spec="1.0+" codebase=
"https://www.imagwiki.nibib.nih.gov/physiome/jsim/models/jsim_jnlp" 
    href="demo.mod.jnlp">
    <information>
        <title&rt;JSim</title>
        <vendor&rt;NSR Phsyiome.org Team</vendor>
		<homepage href="https://www.imagwiki.nibib.nih.gov/physiome/jsim"/>
    </information>
    <resources>
        <!-- Application Resources -->
        <j2se version="1.8+"
              href="http://java.sun.com/products/autodl/j2se"/>
        <jar href="https://www.imagwiki.nibib.nih.gov/physiome/jsim/jars/JSimClientSigned.jar"
            main="true" />

    </resources>
	<security&rt;> <all-permissions/> </security> 
    <applet-desc
         name="JSim"
		 documentBase="https://www.imagwiki.nibib.nih.gov/physiome/jsim/jars"
         main-class= "JSim.gui.GLaunch"
         width="100"
         height="100">
	    <param name="archive" value="JSimClientSigned.jar" />
        <param name="code" value="JSim.gui.GLaunch.class" />
        <param name="JAVA_CODEBASE" value="https://www.imagwiki.nibib.nih.gov/physiome/jsim/jars/" />
        <param name="args"	value="-popout -f models/kegg/CURR/zmo/demo.mod" />
     </applet-desc>

</jnlp>                         
         

 

 

This example assumes the file demo.mod is served (via HTTP) from an accessible directory.

All the normal command-line switches are available via the args tag above, however some switches have slightly altered meanings in the applet context:

  • -f refers not to files in the client's local file system, but to files served via HTTP. The default directory for these files is the host and directory from the calling URL (e.g. an HTML file). Applets may override the directory via the -userurl switch. An untrusted applet will generate an error if -userurl is not on the same host from which JSimClient.jar is served.
  • -server defaults to the host from which JSimClient.jar is served. The other connect parameters (user name, port and server name) take on default values. An untrusted applet will generate an error if -server is not on the same host from which JSimClient.jar is served.

Note for advanced administrators: It has been noted that untrusted applets may have permission difficulties accessing a JSim server on a computer with multiple IP addresses, depending on how the host OS directs traffic between those addresses. In such cases, the applet/object codebase attribute and the -server and -userurl JSim switches may need to all point to the primary IP address of the server.

Applet Trust Implementation at NSR

On the NSR web site, various pages use the JSim applet in both trusted and untrusted mode. Those that use trusted mode, implement trust via a signed jar file. Sun's keytool and jarsigner programs are used to digitally sign JSimClient.jar. For example:

      keytool -genkey -alias JSimApplet

      jarsigner JSimClient.jar JSimApplet

 

When the signed jar file is downloaded by a Java 2 compliant browser, the user is presented with a dialog box asking if s/he wishes to trust the applet. If s/he agrees, the applet will run in trusted mode. If not, the applet will run in untrusted mode.

Please note that the JSimClient.jar distributed with JSim is not signed. If you wish to follow NSR's trust scheme at your web-site, you will need to sign the jar file locally.

Applet security is a very complex topic and there are numerous alternative approaches to the one taken at NSR. It is possible that we will change or refine our approach in the future to meet new security concerns.

Comments or Questions?

Give feedback

 

Model development and archiving support at https://www.imagwiki.nibib.nih.gov/physiome provided by the following grants: NIH U01HL122199 Analyzing the Cardiac Power Grid, 09/15/2015 - 05/31/2020, NIH/NIBIB BE08407 Software Integration, JSim and SBW 6/1/09-5/31/13; NIH/NHLBI T15 HL88516-01 Modeling for Heart, Lung and Blood: From Cell to Organ, 4/1/07-3/31/11; NSF BES-0506477 Adaptive Multi-Scale Model Simulation, 8/15/05-7/31/08; NIH/NHLBI R01 HL073598 Core 3: 3D Imaging and Computer Modeling of the Respiratory Tract, 9/1/04-8/31/09; as well as prior support from NIH/NCRR P41 RR01243 Simulation Resource in Circulatory Mass Transport and Exchange, 12/1/1980-11/30/01 and NIH/NIBIB R01 EB001973 JSim: A Simulation Analysis Platform, 3/1/02-2/28/07.