Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Question about designing a web-service security mechanism used with desktop client  RSS feed

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am currently working on a Java desktop client to interact with a .Net web-service. The web-service is exposing some functions that already exist in the company's web application. The company would like to use the desktop client to replace some of the functions in the web due to some business requirement.

The web page requires username / password login and uses http session and cookie to store user related information. The username and password are stored within database.

The desktop client also requires username / password login.
My question is how should I implement the web-service security mechanism in this case, since all communication are open text if use pure http.

Some options I have in my mind
(1) use web-service over https to encrypt all messages
(2) use the login method to get a server side session id and every time making the call use the same session id. the server side will need to persist it and check it everytime the client calls
or just directly use the http session id

Please give me some suggestions

Thanks very much!!
Ranch Hand
Posts: 2198
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you had a look at Spring Security?
Among the features are:
- It integrates with existing database.
- Provides integration with WS-Security.
- Your application code does not have to contain any security-related code, it is isolated.
For more, see:
Best wishes!
Did Steve tell you that? Fuh - Steve. Just look at this tiny ad:
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!