[cap-talk] web services authorization for java web start. How?
John Carlson
john.carlson3 at sbcglobal.net
Mon Feb 2 10:53:43 EST 2009
We have an existing java web start swing client that uses JAAS for
authentication, and our own home brew authorization package that I
think may work with JAAS as well. I believe that it may still be the
case that if someone is authenticated, then authorization doesn't work
properly for the java web start swing client--essentially no
authorization (eclipse, webapps and installed java work fine with the
same authorization framework). So, what is the best approach for
designing/implementing authorization for a java swing client w/ java
web start? Assume we have web services for updating the database (no
direct database connection).
Here are some initial ideas:
1. Provide authorization by sending a webkey through encrypted mail.
We could put parameters on the end of the jnlp URL for authorization.
I'm not sure we like the communicability of this.
2. Use some kind of SAML. How do people get their initial
authorization for this?
John
More information about the cap-talk
mailing list