Posted by casjen
on December 7, 2007 at 1:50 AM PST
at first I've got to thank Tim and Terrence and of course all other helpers for the really great sessions on the mobile track on the Sun Tech Days in Frankfort.
I am developing JavaME for a few month now and NetBeans 6.0 is the best IDE I have ever used not only for JavaME! On the mobility track was shown how to build a "mobile client to web application" with NetBeans. Before i knew this possibilty i createtd a servlet on the serverside and the client on the mobile phone by hand. Now i use the automatic generation and both ways works really fine.
I must admit, that i am not really firm with authorization methods and LDAP Realms and so on.
What i am doing currently is to use a login screen on the mobile phone, encrypt the username and pasword, pass it to the servlet on the server and check it aggainst the database. That means i am storing the username and password in my database and i have to maintain it there.
My server apllication provides a number of servlet for my mobile application. Using my JavaME app on a real phone means to provide the servlets via the internet.
To ensure, that only allowed users call my servlets via internet i check username and password every time a servlet is called.
My question is, if there is another way to authorise the mobile phone user aggainst my server application? I thaught abbout using the imei as a identification number because it is unique. But I am sure, that this is not the only way.
Is there any mechanism in JavaME to authorize easily when calling a servlet? I have the opportunity to use an existing LDAD server in our netwotk and i know how to configure my servlet container with a security realm for this server. But what will my Midlet do, if the servlet is under such a security realm?
thanks a lot for all answer!