aspose file tools*
The moose likes Web Services and the fly likes How to avoid re-authentiaction in case of invoking web service from j2me mobile client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "How to avoid re-authentiaction in case of invoking web service from j2me mobile client" Watch "How to avoid re-authentiaction in case of invoking web service from j2me mobile client" New topic
Author

How to avoid re-authentiaction in case of invoking web service from j2me mobile client

tarek helmy
Ranch Hand

Joined: Nov 14, 2008
Posts: 42
How to avoid re-authentication in case of invoking web service from j2me mobile client ?
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Use an authentication token of some kind that, if the client is already authenticated, is enclosed with each subsequent request.
If you are using SOAP, the token can be placed in a SOAP header block.
Best wishes!
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6657
    
    5

Another way to do it would be to pass it in a request header. I have never invoked web services via a mobile client before. Good luck and let us know how it goes


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
tarek helmy
Ranch Hand

Joined: Nov 14, 2008
Posts: 42
do i need to use SSO sever to get authentiaction token like SAML token?
and which SSO server fit in this case?
i need SSO Server that does not need changing code, just need configuration
i look at JBoss Federated SSO but it need to work with JBoss Application Server

please advise
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6657
    
    5

SSO is an overkill if you do not plan to actually use a single sign on feature. You can maintain a hash map of session tokens on the web service. When a user authenticates, send that token in the response, the first time. For subsequent calls, the client will send this token to you and you can validate against the hash map.
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
A word of caution regarding authentication tokens: Be aware that it is possible for 3rd party to listen to the traffic of a client and make a copy of a token. It is preferable if the token cannot be used by a 3rd party to access the service.
Personally, I would choose an existing security implementation that is known to be able to avert attacks such as stealing tokens.
Best wishes!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to avoid re-authentiaction in case of invoking web service from j2me mobile client
 
Similar Threads
RMI and j2me
Invoking webservice from another webservice - Axis2
How to overide security behavior in j2me mobile application to accept self signed certitficate?
how to send free sms from servlet to mobile
overide security behavior in j2me and avoid re-authentiaction in webservice