File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Sockets and Internet Protocols and the fly likes Basic HttpClient Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Basic HttpClient Authentication" Watch "Basic HttpClient Authentication" New topic
Author

Basic HttpClient Authentication

sam wootton
Ranch Hand

Joined: Apr 16, 2011
Posts: 68
    
    1
Hi,

Many thanks for any help or advice.

I have an HttpClient that sits inside a Swing desktop application, that communicates to a Servlet.

I need to provide authentication for the Servlet (hosted on my machine). I read:

http://hc.apache.org/httpclient-3.x/authentication.html

and


http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#d5e858



... but obviously its a security risk, me providing those username/pwd in the client-side code.

Am i missing something obvious? I dont want to put my servers username and password in to client / swing code.

Regards, Sam
William P O'Sullivan
Ranch Hand

Joined: Mar 28, 2012
Posts: 860

Use a property file and hash the password.

Not un-hackable but would allow password to be changed in future.

You could also obfuscate the password String inside the class so as to prevent curious eyeballs for spotting it.

WP
sam wootton
Ranch Hand

Joined: Apr 16, 2011
Posts: 68
    
    1
Hi William,

Thanks for your response.

Wouldnt a property file be even worse? This is a client-side .exe / .appl / .jar file that is distributed.

Is hard-coding the username/pwd in the client really the only way? What if the authentication details change?

Whats the best way to obfuscate / encrypt username/pwd from client -> server?

I guess i could set up a linux/server user per user who can use the client software? But that, again, is a huge security risk.

Regards, Sam
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Basic HttpClient Authentication
 
Similar Threads
How to upload a file from applet to the webserver ?
Httpclient - Getting http error 403 forbidden
Connecting to https urls from Java
how to send user credentials to a protected restful webservice
proxy settings in servlet