Solved

authenticating user in Java

Posted on 2010-11-28
9
589 Views
Last Modified: 2012-08-13
I have a java program running as a server on a remote host.  I can connect to it remotely from my local machine with my java client program.  In order to protect the server from unwanted intrusion I have a couple of options, one is set up a firewall only allowing connections from certain locations ie my local computer.  The other option is to have a username and password set up to authenticate the user.  Is it possible to authenticate through the operating system.  I so that I can use the same username and password as I would to remotely log in to the OS using the OSs password database to do the authentication instead of worrying about setting up another password file.
0
Comment
Question by:robthewolf
  • 4
  • 3
  • 2
9 Comments
 
LVL 16

Expert Comment

by:Valeri
ID: 34224983
>>  The other option is to have a username and password set up to authenticate the user.
I think that it's the most appropriate solution. What kind of communication you are using? http?
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34225086
>>I think that it's the most appropriate solution.
I actually plan on using both.

>>What kind of communication you are using? http?
I currently use tcp sockets through the java.net.Socket class.
I guess I should use ssl to send the passwords to avoid sending plain text.

my current system is all local so I dont bother with passwords or ssl for the moment.  Any suggestions?
0
 
LVL 16

Accepted Solution

by:
Valeri earned 300 total points
ID: 34225503
>> I guess I should use ssl to send the passwords to avoid sending plain text.
I agree with you. Using ssl will provide the security you need
Here is an example. The client implementation is also there.
http://www.exampledepot.com/egs/javax.net.ssl/Server.html

Another option is to encript somehow your password on the client side and to compare the encripted password on the server side, if both of encriptions are the same, it will mean the user has entered the right password, otherwise the user has entered wrong password.
But I think that ssl is the better solution.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34225525
i had thought of that second solution, but if someone were listening and intercepted the encrypted password then could just send that which would then pass the comparison on the server side.  I am going to check out this example and let you know how it goes.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 10

Assisted Solution

by:gordon_vt02
gordon_vt02 earned 200 total points
ID: 34232389
You could also try setting up two-way SSL (client and server authentication), even if you only use user-generated certs and not completely signed certs.  You would just need to maintain a list of the authorized certs on the server side and compare the cert presented by the client.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34233407
gordon
if i understand you correctly using ssl properly the client is authenticated by the certificate and there is no need for usernames and passwords.
0
 
LVL 10

Assisted Solution

by:gordon_vt02
gordon_vt02 earned 200 total points
ID: 34233550
yep.  The client would be issued a cert identifying them, either signed by a known authority (VeriSign is one) or generated by them with keytool, then signed by a local authority you stand up.  Your server would need to have a list of authorized users, likely using the DN of the cert, and you would need to validate their cert's authenticity then ensure that the DN was on the allowed users list.
0
 
LVL 10

Expert Comment

by:gordon_vt02
ID: 34233576
If you're already using a web container, I'm pretty sure almost all of them provide support out-of-the-box for two-way authentication.  If you're rolling your own server, I'm not sure exactly how to implement it, but I think there are methods available using JSSE and possibly the base java.net libraries.
0
 
LVL 8

Author Comment

by:robthewolf
ID: 34345812
I havent had time to test the suggested solution yet.  When I do (hopefully this week) i will close the question.
sorry for the delay
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
OfficeMate Freezes on login or does not load after login credentials are input.
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now