This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills and have John Sonmez on-line!
See this thread for details.
The moose likes Web Services and the fly likes Question about designing a web-service security mechanism used with desktop client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Question about designing a web-service security mechanism used with desktop client" Watch "Question about designing a web-service security mechanism used with desktop client" New topic
Author

Question about designing a web-service security mechanism used with desktop client

Justin Rao
Greenhorn

Joined: Apr 24, 2006
Posts: 1
Hi,

I am currently working on a Java desktop client to interact with a .Net web-service. The web-service is exposing some functions that already exist in the company's web application. The company would like to use the desktop client to replace some of the functions in the web due to some business requirement.

The web page requires username / password login and uses http session and cookie to store user related information. The username and password are stored within database.

The desktop client also requires username / password login.
My question is how should I implement the web-service security mechanism in this case, since all communication are open text if use pure http.

Some options I have in my mind
(1) use web-service over https to encrypt all messages
(2) use the login method to get a server side session id and every time making the call use the same session id. the server side will need to persist it and check it everytime the client calls
or just directly use the http session id

Please give me some suggestions

Thanks very much!!
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
Have you had a look at Spring Security?
Among the features are:
- It integrates with existing database.
- Provides integration with WS-Security.
- Your application code does not have to contain any security-related code, it is isolated.
For more, see: http://static.springsource.org/spring-security/site/features.html
Best wishes!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Question about designing a web-service security mechanism used with desktop client