I'am develop a desktop application using java swings.
I want the authentication to be as secure as possible so please suggest the measures i should be taking to do so
also i want to implement role based authorization such that people with specific roles have access to specific modules of softwares
I've looked for various frameworks like JAAS,Springs, apache shiro but i'am not able to map the idea to a desktop application since most of the tutorials and source available are for web application.
Related
I have a java application running on tomcat server which uses JAAS authentication to configure the app among three users (superadmin, admin, customer).
Now, I have to integrate the app with SAML just for the end-user (customer).
I've gone through a lot of blogs and videos related to it. But everything involves a build tool within.
Whereas this app has been built manually through console (without IDE). It would be very helpful if you could provide me with an example to refer to meeting my requirements.
I am currently building an android application for my final year degree project but at the moment I have very basic login functionality.
At the moment it is just a username and password stored in a MySQL server, the program fires off a request which runs some PHP to check to see if the username exists in the table and the password is correct. This won't be anywhere near secure enough, I just wanted a placeholder while I got on with other parts of the app.
I've been looking at existing frameworks which can provide secure authentication/authorization as well as session management so the user doesn't have to constantly log on whenever they re-open the app. Apache Shiro (https://shiro.apache.org/) sounds like a potential solution but I've had a good search on Google but haven't found any examples in which it is used for Android projects.
Does anyone know if it is possible to use it for Android Apps? Or if there are any decent alternatives?
Thanks,
Mike
A security service is deployed in a "remote" machine (the server). Your Android app (the client), when a user tries to login, sends a POST to a "/login" endpoint exposed by the server. If successful it will reply with a cookie that the client will use in the further request to identify its session. It is not difficult with a maven project Spring and Shiro libraries, but you need to implement at least a simple WebApp (expose /login, use shiro to verify the credential) deployed in a separate server. If you are ready to write two java app Shiro is a good choice.
I have already design a web site using Spring MVC. Now I want to develop an android application that able to get the client details of my web site and the interface is completely different from my web site and also has additional functions. The changes made through android application should be updated in my web site also. What is he best way to do it? Can I make my database common for both applications or I want to move into REST web services.
We would like to implement following logon mechanism to authenticate users against AD between Java and .NET applications hosted in different application containers.
Our server setup is
One linux web server with Tomcat on it - this is where our java apps resides
One windows web server with IIS on it - this is where the legacy .net apps resides. [authentication can be done via windows integrated authentication - we don't want to change this - unless no other way]
One domain controller - win 2008
Our aim is to implement authentication mechanism where any user can login through a form via AD [Active Directory] credentials to our login page which is hosted either on .NET or Java. After authentication is completed successfully,user should browse pages without
his/her credentials being asked again.
Reason we need it is we have couple .Net apps which design to use integrated authentication with IIS - and we are designing new Java interfaces where we would like to centralize authentication with a login form where user can login agains AD and switch between .NET and Java apps where the authentication is still valid until it expires or etc.
I heard about SPNEGO project but not sure what kind of setup we need to implement above scenario.
It would be nice if we need no modification to .NET site setup since we don't want to maintain those apps anymore. All helps are welcome and greatly appreciated.
Thanks in advance,
ED
I am developing a java/j2ee based web app where I am provide a feature to my web app users, where they will be able to get contacts from the different email providers like yahoo gmail and msn and many other services. Since I am building it on java, I found a open source library which is struts 1.2 based application here is the link http://code.google.com/p/socialauth/
here I have to mention that I am using Amazon web services simple emailing service to send out emails using there java api's.
I am novice or I dont knw much about the struts, I am trying to figure out how this struts1.2 based app can be integrated with my servlets or aws, sms java api.
Help me out in this regard
The best API is Smack API. Click Here