[英]How should I go about authenticating an application via HTTP?
I'm making an application that requires it to be authenticated on startup with a "secret key" as defined in a configuration file. 我正在制作一个要求启动时使用配置文件中定义的“秘密密钥”对它进行身份验证的应用程序。 I can't have the app call to a database so I'm thinking I need to do a HTTP request, however I am not sure how I should go about doing this and how it can't be exploited. 我无法通过应用程序调用数据库,因此我认为我需要执行HTTP请求,但是我不确定应该如何去做以及如何利用它。
I just need somewhere to start, thanks! 我只需要从某个地方开始,谢谢!
You can use SSL. 您可以使用SSL。 Then to manage trusted certs, you can implement your own javax.net.ssl.X509TrustManager
. 然后,要管理受信任的证书,可以实现自己的javax.net.ssl.X509TrustManager
。 You can use the javax.net.ssl.X509TrustManager
to manage your .keystore file via standard Java mechanisms. 您可以使用javax.net.ssl.X509TrustManager
通过标准Java机制来管理.keystore文件。 The keystore will contain private keys. 密钥库将包含私钥。
From JavaDoc: 从JavaDoc:
Instance of this interface manage which X509 certificates may be used to authenticate the >remote side of a secure socket. 该接口的实例管理可以使用哪些X509证书来验证安全套接字的>远程侧。 Decisions may be based on trusted certificate authorities, >certificate revocation lists, online status checking or other means. 决策可以基于受信任的证书颁发机构,证书撤销列表,在线状态检查或其他方式。
Also note that: 另请注意:
TrustManagers are responsible for managing the trust material that is used when making trust TrustManager负责管理进行信任时使用的信任材料
decisions, and for deciding whether credentials presented by a peer should be accepted. 决策,以及确定是否应接受对等方提供的凭据。
If you extend the X509TrustManager
, you can read in certificates your private .keystore file as well as certificates trusted by Java. 如果扩展X509TrustManager
,则可以读取私有.keystore文件的证书以及Java信任的证书。 Those live in JAVA_HOME\\lib\\security\\cacerts
那些生活在JAVA_HOME\\lib\\security\\cacerts
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.