Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

overide security behavior in j2me and avoid re-authentiaction in webservice

 
tarek helmy
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to avoid re-authentiaction in case of invoking web service from j2me mobile client?
do i need to use SSO sever to get authentiaction token like SAML token?
and which SSO server fit in this case?
i need SSO Server that does not need changing code, just need configuration
i look at JBoss Federated SSO but it need to work with JBoss Application Server
or use an authentication token of some kind that, if the client is already authenticated, is enclosed with each subsequent request.
If you are using SOAP, the token can be placed in a SOAP header block
And
How to overide security behavior in j2me mobile application to accept self signed certitficate?
i have mobile appliaction that is a client to secured web service, it connect to that web service using SSL, so security manager of j2me check for this certificate if it is well known certificate (signed by trusted CA) or not

i try to add theses certificates to trust store and success connect to that secured web service, but if my clients wants to dowload the mobile application , the client trust store does not be effected since it does not belong to the application, it is an external entity

and if there is a way to ovride security manager in j2me application , like keyStoreManager and TrustStoreManager in desktop appliaction, what is packge name and hoe to do it

and is all mobile appliaction can access SSL connection or i need to use third party libarary?


please advice.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic