A friend of mine tried registering but is having issues getting on the mailing 
list, so I am going to try posting for them.



I am a bit confused on the paradigm on how we are supposed to work our 
Application when we have 2 parts, a Desktop Client, and a Web Client on the 
server.   I have an INI set up on the server, but not sure how to go about 
connecting it up.

I would assume I would need to send login information via HTTP (using Apache 
HTTPClient), but I'm not sure how I would get information about users and such.

I notice that Session Data is what most applications use in order to verify the 
client, but the Session itself doesn't really contain much data, and I'm not 
100% sure how I check to see the Sessions.

When creating new users and such, we need to get the SEcurity Manager, get a 
Subject and create the current user from the Subject... But the issue is that 
all that information is on the server.

Should I pass down my Factory or my Security Manager to the Desktop Application 
in order to get the information needed, or am I just going to contact the 
server each and every time to get a response (which seems a bit 
overkill/not-needed).  I'm just not sure if any of the information should be 
allowed into the Desktop application, just in case.

I am just curious how this will work for an Open Jar Java application that 
someone could maybe alter.  I am assuming that even if someone altered a 
"user.isAuthenticated()" it wouldn't matter because there is no information 
they can gain from altering to a yes, because everything resides on the server.

Essentially, I'm just curious what stays on the client, what goes on the 
server, and what information should the client receive, and how would I 
interact with the servlet/server?

Thanks a lot, sorry if this is a basic question, but I'm a bit confused on the 
best practices for this sort of thing...

Thank you.

Reply via email to