Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

authenticating user in Java

Posted on 2010-11-28
9
Medium Priority
?
605 Views
Last Modified: 2012-08-13
I have a java program running as a server on a remote host.  I can connect to it remotely from my local machine with my java client program.  In order to protect the server from unwanted intrusion I have a couple of options, one is set up a firewall only allowing connections from certain locations ie my local computer.  The other option is to have a username and password set up to authenticate the user.  Is it possible to authenticate through the operating system.  I so that I can use the same username and password as I would to remotely log in to the OS using the OSs password database to do the authentication instead of worrying about setting up another password file.
0
Comment
Question by:robthewolf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 16

Expert Comment

by:Valeri
ID: 34224983
>>  The other option is to have a username and password set up to authenticate the user.
I think that it's the most appropriate solution. What kind of communication you are using? http?
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34225086
>>I think that it's the most appropriate solution.
I actually plan on using both.

>>What kind of communication you are using? http?
I currently use tcp sockets through the java.net.Socket class.
I guess I should use ssl to send the passwords to avoid sending plain text.

my current system is all local so I dont bother with passwords or ssl for the moment.  Any suggestions?
0
 
LVL 16

Accepted Solution

by:
Valeri earned 1200 total points
ID: 34225503
>> I guess I should use ssl to send the passwords to avoid sending plain text.
I agree with you. Using ssl will provide the security you need
Here is an example. The client implementation is also there.
http://www.exampledepot.com/egs/javax.net.ssl/Server.html

Another option is to encript somehow your password on the client side and to compare the encripted password on the server side, if both of encriptions are the same, it will mean the user has entered the right password, otherwise the user has entered wrong password.
But I think that ssl is the better solution.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:robthewolf
ID: 34225525
i had thought of that second solution, but if someone were listening and intercepted the encrypted password then could just send that which would then pass the comparison on the server side.  I am going to check out this example and let you know how it goes.
0
 
LVL 10

Assisted Solution

by:gordon_vt02
gordon_vt02 earned 800 total points
ID: 34232389
You could also try setting up two-way SSL (client and server authentication), even if you only use user-generated certs and not completely signed certs.  You would just need to maintain a list of the authorized certs on the server side and compare the cert presented by the client.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34233407
gordon
if i understand you correctly using ssl properly the client is authenticated by the certificate and there is no need for usernames and passwords.
0
 
LVL 10

Assisted Solution

by:gordon_vt02
gordon_vt02 earned 800 total points
ID: 34233550
yep.  The client would be issued a cert identifying them, either signed by a known authority (VeriSign is one) or generated by them with keytool, then signed by a local authority you stand up.  Your server would need to have a list of authorized users, likely using the DN of the cert, and you would need to validate their cert's authenticity then ensure that the DN was on the allowed users list.
0
 
LVL 10

Expert Comment

by:gordon_vt02
ID: 34233576
If you're already using a web container, I'm pretty sure almost all of them provide support out-of-the-box for two-way authentication.  If you're rolling your own server, I'm not sure exactly how to implement it, but I think there are methods available using JSSE and possibly the base java.net libraries.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34345812
I havent had time to test the suggested solution yet.  When I do (hopefully this week) i will close the question.
sorry for the delay
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question