We help IT Professionals succeed at work.

Developing challenge Response server in Java

mdoland asked
I'm going to create a Java based server that will receive authentication requests and produce challenges. Later on, requests will come in with response to the challenges.

The interacting client is another server. There will be a moderately high transaction pressure from the clients.

My idea is to use a Tomcat-server with a REST interface for both request types.

Also I would like to create some type of inqueue to both keep track of the transaction pressure over time (number of ongoing transactions at a certain time) as well as to be able to set maximum number allowed to handle the QoS. Are there any existing opensource solutions to queue handling?

Does Spring have anythingt useable API?
Watch Question

Top Expert 2015

If you dont state purpose of your server it does not sound reasonable.
there is no standard "challenge response" server.
mccarlIT Business Systems Analyst / Software Developer
Top Expert 2015
Does Spring have anythingt useable API?
Spring has features to enable building REST interfaces relatively easy, so on that front yes.

As for your thoughts about an "inqueue", I think actually storing the requests in a queue may end up adding more overhead than the task that it is actually doing. You could still manage what you mentioned above with simpler tools, ie. just keep a count (in something like an AtomicLong) of the currently active request processing, increment the counter when you start processing a request, decrement when you finish. Also, managing the maximum number of concurrent requests can easily be handled by setting the number of threads Tomcat can use to process incoming requests.


Thanks alot.

The purpose with the solution is to confirm that no-one has tampered with different kinds of payment requests and similair. The system will send out a verification code to the mobile phone of the subject. Later on the subject will send in the response to the challenge through the web.

I have earlier used plain servlets many times. What would the benefit be by using REST? What would the difference be from using a plain servet?
Top Expert 2015
I think you dont need the server. It is more like application that generates random codes, and then approves them
If payment was somehow entered your server can carry the burden of sending SMS and doing extra check against list of SMS-es sent out recently...
API can be JSON, websocket,RESTful, only thing you need to elaborate more is proper model of internal processing that you can prove integrity and security...