安全连接 Java Socket
[英]Security connection Java Socket
问题描述
I have a question about a desktop application that I am creating in java, and it is in the login part.
我有一个关于我在 java 中创建的桌面应用程序的问题,它在登录部分。 It turns out that I don't know how to do the secure login, I do it through Sockets, but the question is that it is an application that will be public, so I don't know how to use SSL Socket without using a password for everyone, which would be hackable, could you help me?事实证明,我不知道如何进行安全登录,我是通过 Sockets 进行的,但问题是它是一个将公开的应用程序,所以我不知道如何使用 SSL Socket 而不使用每个人的密码,这将是可破解的,你能帮我吗? I currently have this code to see it in a simple example in a message.我目前有此代码可以在消息中的一个简单示例中查看它。
For the server对于服务器
//static ServerSocket variable
private static ServerSocket server;
//socket server port on which it will listen
private static int port = 9876;
public static void main(String args[]) throws IOException, ClassNotFoundException{
//create the socket server object
server = new ServerSocket(port);
//keep listens indefinitely until receives 'exit' call or program terminates
while(true){
System.out.println("Waiting for the client request");
//creating socket and waiting for client connection
Socket socket = server.accept();
//read from socket to ObjectInputStream object
ObjectInputStream ois = new ObjectInputStream(socket.getInputStream());
//convert ObjectInputStream object to String
String message = (String) ois.readObject();
System.out.println("Message Received: " + message);
//create ObjectOutputStream object
ObjectOutputStream oos = new ObjectOutputStream(socket.getOutputStream());
//write object to Socket
oos.writeObject("Hi Client "+message);
//close resources
ois.close();
oos.close();
socket.close();
//terminate the server if client sends exit request
if(message.equalsIgnoreCase("exit")) break;
}
System.out.println("Shutting down Socket server!!");
//close the ServerSocket object
server.close();
}
}
For the client为客户
public static void main(String[] args) throws UnknownHostException, IOException, ClassNotFoundException, InterruptedException{
//get the localhost IP address, if server is running on some other IP, you need to use that
InetAddress host = InetAddress.getLocalHost();
Socket socket = null;
ObjectOutputStream oos = null;
ObjectInputStream ois = null;
for(int i=0; i<5;i++){
//establish socket connection to server
socket = new Socket(host.getHostName(), 9876);
//write to socket using ObjectOutputStream
oos = new ObjectOutputStream(socket.getOutputStream());
System.out.println("Sending request to Socket Server");
if(i==4)oos.writeObject("exit");
else oos.writeObject(""+i);
//read the server response message
ois = new ObjectInputStream(socket.getInputStream());
String message = (String) ois.readObject();
System.out.println("Message: " + message);
//close resources
ois.close();
oos.close();
Thread.sleep(100);
}
}
}
1 个解决方案
解决方案1
1 2019-12-08 15:07:32
If you want to handle 500 clients this way - forget sockets and implementing TLS handling manually.如果您想以这种方式处理 500 个客户端 - 忘记套接字并手动实现 TLS 处理。 Go for Spring Boot or something similar.选择 Spring Boot 或类似的东西。 Make the server expose a REST endpoint to the world .使服务器向全世界公开 REST 端点。 Secure it with Spring Security to get the authentication you want .使用 Spring Security 保护它以获得您想要的身份验证。 Then deploy your own certificates to protect the communication channel . 然后部署您自己的证书以保护通信通道。 In the end use the Springs RestTemplate so the client connects in a secure manner .最后使用 Springs RestTemplate 以便客户端以安全的方式连接。
Writing ad hoc code like you did above gives you a quick entry into the web communication, but makes every next step harder along the way.像上面那样编写临时代码可以让您快速进入网络通信,但会使下一步变得更加困难。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.