• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Question about designing a web-service security mechanism used with desktop client

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am currently working on a Java desktop client to interact with a .Net web-service. The web-service is exposing some functions that already exist in the company's web application. The company would like to use the desktop client to replace some of the functions in the web due to some business requirement.

The web page requires username / password login and uses http session and cookie to store user related information. The username and password are stored within database.

The desktop client also requires username / password login.
My question is how should I implement the web-service security mechanism in this case, since all communication are open text if use pure http.

Some options I have in my mind
(1) use web-service over https to encrypt all messages
(2) use the login method to get a server side session id and every time making the call use the same session id. the server side will need to persist it and check it everytime the client calls
or just directly use the http session id

Please give me some suggestions

Thanks very much!!
 
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
Have you had a look at Spring Security?
Among the features are:
- It integrates with existing database.
- Provides integration with WS-Security.
- Your application code does not have to contain any security-related code, it is isolated.
For more, see: http://static.springsource.org/spring-security/site/features.html
Best wishes!
 
Anything worth doing well is worth doing poorly first. Just look at this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic