File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Sockets and Internet Protocols
Basic HttpClient Authentication
Joined: Apr 16, 2011
Jun 21, 2012 09:16:08
Many thanks for any help or advice.
I have an HttpClient that sits inside a Swing desktop application, that communicates to a
I need to provide authentication for the Servlet (hosted on my machine). I read:
Credentials defaultcreds = new UsernamePasswordCredentials("username", "password"); client.getState().setCredentials(new AuthScope("myhost", 80, AuthScope.ANY_REALM), defaultcreds);
... but obviously its a security risk, me providing those username/pwd in the client-side code.
Am i missing something obvious? I dont want to put my servers username and password in to client / swing code.
William P O'Sullivan
Joined: Mar 28, 2012
Jun 21, 2012 09:20:11
Use a property file and hash the password.
Not un-hackable but would allow password to be changed in future.
You could also obfuscate the password
inside the class so as to prevent curious eyeballs for spotting it.
Joined: Apr 16, 2011
Jun 21, 2012 09:26:47
Thanks for your response.
Wouldnt a property file be even worse? This is a client-side .exe / .appl / .jar file that is distributed.
Is hard-coding the username/pwd in the client really the only way? What if the authentication details change?
Whats the best way to obfuscate / encrypt username/pwd from client -> server?
I guess i could set up a linux/server user per user who can use the client software? But that, again, is a huge security risk.
I agree. Here's the link:
subject: Basic HttpClient Authentication
Connecting to https urls from Java
how to send user credentials to a protected restful webservice
Httpclient - Getting http error 403 forbidden
How to upload a file from applet to the webserver ?
proxy settings in servlet
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2015