Hi Vijay, This is a Java-specific list. You may not get many responses as your questions are largely language agnostic.
Regarding your questions: (1) I assume that you mean you don't want jail broken devices to access the application. Why? To do this, you will need to determine whether the device has a legitimate operating system. If the device APIs allow you to query the OS version and name, this will be helpful. Of course, jail broken devices could report 'legitimate' values. What level of assurance is required? (2) HTTP over SSL is not an authentication method. It secures the channel between the device and the server. From a quick look at the website, Jersey supports the OAuth API. Read their documentation. It will describe what the authentication protocol involves. (3) To store secret data in iOS, you should be using the Keychain API. I'm not sure about Android. Do some web based research. Regards, Ryan Schipper On 13/04/2011, at 3:47 AM, "[email protected]" <[email protected]> wrote: > Hi, > > I am working on a mobile app for iPhone and Android. I need to be able > to let users log in with username/password. I am using https. > I want to prevent jail-breaking on the mobile device.I want to store > the username/password on the mobile device. The mobile app > will talk to a stateless REST service built in Java.Jersey on the back- > end for authentication and data related calls. > > I looked at Digest authentication but I am already using https.I > looked at using a shared secret or nonce(1 time token) but i am not > sure how to proceed with that. > I do need the username/password encrypted on the mobile device and > sent to the REST service which needs to be able to decrypt it. > But this shared secret should be different across each mobile > device.Can this prevent jail-breaking ? Do I have to do a 401 return > with www-authenticate like in digest authentication to get the shared > secret/nonce the 1st time round and store it locally too on the mobile > device ? > > Can you please suggest some ways to do this ? > > TIA, > Vijay > > -- > You received this message because you are subscribed to the Google Groups > "The Java Posse" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/javaposse?hl=en. > -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
