File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Sockets and Internet Protocols and the fly likes Basic HttpClient Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Basic HttpClient Authentication" Watch "Basic HttpClient Authentication" New topic

Basic HttpClient Authentication

sam wootton
Ranch Hand

Joined: Apr 16, 2011
Posts: 76

Many thanks for any help or advice.

I have an HttpClient that sits inside a Swing desktop application, that communicates to a Servlet.

I need to provide authentication for the Servlet (hosted on my machine). I read:


... but obviously its a security risk, me providing those username/pwd in the client-side code.

Am i missing something obvious? I dont want to put my servers username and password in to client / swing code.

Regards, Sam
William P O'Sullivan
Ranch Hand

Joined: Mar 28, 2012
Posts: 859

Use a property file and hash the password.

Not un-hackable but would allow password to be changed in future.

You could also obfuscate the password String inside the class so as to prevent curious eyeballs for spotting it.

sam wootton
Ranch Hand

Joined: Apr 16, 2011
Posts: 76
Hi William,

Thanks for your response.

Wouldnt a property file be even worse? This is a client-side .exe / .appl / .jar file that is distributed.

Is hard-coding the username/pwd in the client really the only way? What if the authentication details change?

Whats the best way to obfuscate / encrypt username/pwd from client -> server?

I guess i could set up a linux/server user per user who can use the client software? But that, again, is a huge security risk.

Regards, Sam
I agree. Here's the link:
subject: Basic HttpClient Authentication
It's not a secret anymore!