A friend of mine tried registering but is having issues getting on the mailing list, so I am going to try posting for them.
--------------------------------------------------------------------------------------- Hello I am a bit confused on the paradigm on how we are supposed to work our Application when we have 2 parts, a Desktop Client, and a Web Client on the server. I have an INI set up on the server, but not sure how to go about connecting it up. I would assume I would need to send login information via HTTP (using Apache HTTPClient), but I'm not sure how I would get information about users and such. I notice that Session Data is what most applications use in order to verify the client, but the Session itself doesn't really contain much data, and I'm not 100% sure how I check to see the Sessions. When creating new users and such, we need to get the SEcurity Manager, get a Subject and create the current user from the Subject... But the issue is that all that information is on the server. Should I pass down my Factory or my Security Manager to the Desktop Application in order to get the information needed, or am I just going to contact the server each and every time to get a response (which seems a bit overkill/not-needed). I'm just not sure if any of the information should be allowed into the Desktop application, just in case. I am just curious how this will work for an Open Jar Java application that someone could maybe alter. I am assuming that even if someone altered a "user.isAuthenticated()" it wouldn't matter because there is no information they can gain from altering to a yes, because everything resides on the server. Essentially, I'm just curious what stays on the client, what goes on the server, and what information should the client receive, and how would I interact with the servlet/server? Thanks a lot, sorry if this is a basic question, but I'm a bit confused on the best practices for this sort of thing... Thank you.