Developing challenge Response server in Java

I'm going to create a Java based server that will receive authentication requests and produce challenges. Later on, requests will come in with response to the challenges.

The interacting client is another server. There will be a moderately high transaction pressure from the clients.

My idea is to use a Tomcat-server with a REST interface for both request types.

Also I would like to create some type of inqueue to both keep track of the transaction pressure over time (number of ongoing transactions at a certain time) as well as to be able to set maximum number allowed to handle the QoS. Are there any existing opensource solutions to queue handling?

Does Spring have anythingt useable API?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you dont state purpose of your server it does not sound reasonable.
there is no standard "challenge response" server.
mccarlIT Business Systems Analyst / Software DeveloperCommented:
Does Spring have anythingt useable API?
Spring has features to enable building REST interfaces relatively easy, so on that front yes.

As for your thoughts about an "inqueue", I think actually storing the requests in a queue may end up adding more overhead than the task that it is actually doing. You could still manage what you mentioned above with simpler tools, ie. just keep a count (in something like an AtomicLong) of the currently active request processing, increment the counter when you start processing a request, decrement when you finish. Also, managing the maximum number of concurrent requests can easily be handled by setting the number of threads Tomcat can use to process incoming requests.
mdolandAuthor Commented:
Thanks alot.

The purpose with the solution is to confirm that no-one has tampered with different kinds of payment requests and similair. The system will send out a verification code to the mobile phone of the subject. Later on the subject will send in the response to the challenge through the web.

I have earlier used plain servlets many times. What would the benefit be by using REST? What would the difference be from using a plain servet?
I think you dont need the server. It is more like application that generates random codes, and then approves them
If payment was somehow entered your server can carry the burden of sending SMS and doing extra check against list of SMS-es sent out recently...
API can be JSON, websocket,RESTful, only thing you need to elaborate more is proper model of internal processing that you can prove integrity and security...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.