Authorization when calling a Servlet from a Midlet?
at first I've got to thank Tim and Terrence and of course all other helpers for the really great sessions on the mobile track on the Sun Tech Days in Frankfort.
I am developing JavaME for a few month now and NetBeans 6.0 is the best IDE I have ever used not only for JavaME! On the mobility track was shown how to build a "mobile client to web application" with NetBeans. Before i knew this possibilty i createtd a servlet on the serverside and the client on the mobile phone by hand. Now i use the automatic generation and both ways works really fine.
I must admit, that i am not really firm with authorization methods and LDAP Realms and so on.
What i am doing currently is to use a login screen on the mobile phone, encrypt the username and pasword, pass it to the servlet on the server and check it aggainst the database. That means i am storing the username and password in my database and i have to maintain it there.
My server apllication provides a number of servlet for my mobile application. Using my JavaME app on a real phone means to provide the servlets via the internet.
To ensure, that only allowed users call my servlets via internet i check username and password every time a servlet is called.
My question is, if there is another way to authorise the mobile phone user aggainst my server application? I thaught abbout using the imei as a identification number because it is unique. But I am sure, that this is not the only way.
Is there any mechanism in JavaME to authorize easily when calling a servlet? I have the opportunity to use an existing LDAD server in our netwotk and i know how to configure my servlet container with a security realm for this server. But what will my Midlet do, if the servlet is under such a security realm?
thanks a lot for all answer!