All Examples  This Package

Class examples.security.snoopproof.Client

java.lang.Object
   |
   +----examples.security.snoopproof.Client

public class Client

extends Object

See Package-examples.security.snoopproof.html for instructions on building and running this example.

The authentication in this example is snoop-proof even though the client has the password in clear text. The UserInfo implementation serializes the password as the MD5 of it and the current time. On the server, the corresponding realm checks the user info by comparing MD5 digests for the current and previous time period. As protection against replay, there can be only one successful authentication per time period.

This example contains several print statements for illustration and debugging.

• The SnoopProofProxy constructor prints out the observed difference between the local time and the time on the machine hosting the realm. Determining the time difference helps us use the current time on the server machine as part of the digest no matter how different the client machine's clock is from the server's. SnoopProofProxy instances are created on the server as well as the client.

• The server prints out the digest it receives in lieu of the password. This is the information a snooper would see.

• Finally, the client informs us of a successful ping or a raised exception.

Author:

Copyright (c) 1997-1999 by BEA Systems. All Rights Reserved.

Client()

main(String[])

Creates a T3Client with snoop-proof authentication and performs a trivial ping on it.

 public Client()

 public static void main(String args[])

Creates a T3Client with snoop-proof authentication and performs a trivial ping on it.

Takes as optional arguments the username, password, and WebLogic server URL. They default to "system," "gumby999," and "t3://localhost:7001."

All Examples  This Package