Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

How to avoid re-authentiaction in case of invoking web service from j2me mobile client

 
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How to avoid re-authentication in case of invoking web service from j2me mobile client ?
 
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
Use an authentication token of some kind that, if the client is already authenticated, is enclosed with each subsequent request.
If you are using SOAP, the token can be placed in a SOAP header block.
Best wishes!
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Another way to do it would be to pass it in a request header. I have never invoked web services via a mobile client before. Good luck and let us know how it goes
 
tarek helmy
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
do i need to use SSO sever to get authentiaction token like SAML token?
and which SSO server fit in this case?
i need SSO Server that does not need changing code, just need configuration
i look at JBoss Federated SSO but it need to work with JBoss Application Server

please advise
 
Deepak Bala
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
SSO is an overkill if you do not plan to actually use a single sign on feature. You can maintain a hash map of session tokens on the web service. When a user authenticates, send that token in the response, the first time. For subsequent calls, the client will send this token to you and you can validate against the hash map.
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
A word of caution regarding authentication tokens: Be aware that it is possible for 3rd party to listen to the traffic of a client and make a copy of a token. It is preferable if the token cannot be used by a 3rd party to access the service.
Personally, I would choose an existing security implementation that is known to be able to avert attacks such as stealing tokens.
Best wishes!
 
WHAT is your favorite color? Blue, no yellow, ahhhhhhh! Tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic