This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Question about designing a web-service security mechanism used with desktop client  RSS feed

Justin Rao
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am currently working on a Java desktop client to interact with a .Net web-service. The web-service is exposing some functions that already exist in the company's web application. The company would like to use the desktop client to replace some of the functions in the web due to some business requirement.

The web page requires username / password login and uses http session and cookie to store user related information. The username and password are stored within database.

The desktop client also requires username / password login.
My question is how should I implement the web-service security mechanism in this case, since all communication are open text if use pure http.

Some options I have in my mind
(1) use web-service over https to encrypt all messages
(2) use the login method to get a server side session id and every time making the call use the same session id. the server side will need to persist it and check it everytime the client calls
or just directly use the http session id

Please give me some suggestions

Thanks very much!!
Ivan Krizsan
Ranch Hand
Posts: 2198
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you had a look at Spring Security?
Among the features are:
- It integrates with existing database.
- Provides integration with WS-Security.
- Your application code does not have to contain any security-related code, it is isolated.
For more, see:
Best wishes!
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!