Solved

authenticating user in Java

Posted on 2010-11-28
9
591 Views
Last Modified: 2012-08-13
I have a java program running as a server on a remote host.  I can connect to it remotely from my local machine with my java client program.  In order to protect the server from unwanted intrusion I have a couple of options, one is set up a firewall only allowing connections from certain locations ie my local computer.  The other option is to have a username and password set up to authenticate the user.  Is it possible to authenticate through the operating system.  I so that I can use the same username and password as I would to remotely log in to the OS using the OSs password database to do the authentication instead of worrying about setting up another password file.
0
Comment
Question by:robthewolf
  • 4
  • 3
  • 2
9 Comments
 
LVL 16

Expert Comment

by:Valeri
ID: 34224983
>>  The other option is to have a username and password set up to authenticate the user.
I think that it's the most appropriate solution. What kind of communication you are using? http?
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34225086
>>I think that it's the most appropriate solution.
I actually plan on using both.

>>What kind of communication you are using? http?
I currently use tcp sockets through the java.net.Socket class.
I guess I should use ssl to send the passwords to avoid sending plain text.

my current system is all local so I dont bother with passwords or ssl for the moment.  Any suggestions?
0
 
LVL 16

Accepted Solution

by:
Valeri earned 300 total points
ID: 34225503
>> I guess I should use ssl to send the passwords to avoid sending plain text.
I agree with you. Using ssl will provide the security you need
Here is an example. The client implementation is also there.
http://www.exampledepot.com/egs/javax.net.ssl/Server.html

Another option is to encript somehow your password on the client side and to compare the encripted password on the server side, if both of encriptions are the same, it will mean the user has entered the right password, otherwise the user has entered wrong password.
But I think that ssl is the better solution.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 8

Author Comment

by:robthewolf
ID: 34225525
i had thought of that second solution, but if someone were listening and intercepted the encrypted password then could just send that which would then pass the comparison on the server side.  I am going to check out this example and let you know how it goes.
0
 
LVL 10

Assisted Solution

by:gordon_vt02
gordon_vt02 earned 200 total points
ID: 34232389
You could also try setting up two-way SSL (client and server authentication), even if you only use user-generated certs and not completely signed certs.  You would just need to maintain a list of the authorized certs on the server side and compare the cert presented by the client.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34233407
gordon
if i understand you correctly using ssl properly the client is authenticated by the certificate and there is no need for usernames and passwords.
0
 
LVL 10

Assisted Solution

by:gordon_vt02
gordon_vt02 earned 200 total points
ID: 34233550
yep.  The client would be issued a cert identifying them, either signed by a known authority (VeriSign is one) or generated by them with keytool, then signed by a local authority you stand up.  Your server would need to have a list of authorized users, likely using the DN of the cert, and you would need to validate their cert's authenticity then ensure that the DN was on the allowed users list.
0
 
LVL 10

Expert Comment

by:gordon_vt02
ID: 34233576
If you're already using a web container, I'm pretty sure almost all of them provide support out-of-the-box for two-way authentication.  If you're rolling your own server, I'm not sure exactly how to implement it, but I think there are methods available using JSSE and possibly the base java.net libraries.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34345812
I havent had time to test the suggested solution yet.  When I do (hopefully this week) i will close the question.
sorry for the delay
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
map related example 6 48
RNC Hacking Question 6 41
Extra security implementation for 2017 9 50
Why my table column Id is not passed to java object? 4 39
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question