Hi Arthur,
if all you need is to authenticate the client, why don't you just re-use
an existing authentication mechanism? HTTP Basic/Digest authentication,
OAuth or something else? Do you have any specific reason?
As Pavel pointed out, even the MAC address could be forged,
so you probably do not want to rely on that.
~Jakub
On 03/31/2011 06:15 PM, Arthur Yeo wrote:
> What's the best way to generate a token that the frontend can use after
> a successful initial authentication?
>
> On Thu, Mar 31, 2011 at 8:49 AM, Pavel Bucek <pavel.bucek_at_oracle.com
> <mailto:pavel.bucek_at_oracle.com>> wrote:
>
> Can you share what you really want to do? Count some statistics?
>
> Identifying client can be done via credentials as you already know,
> but clients machine? That is probably impossible without some
> client-side code involved.. (and it still can't be 100%, MAC addr
> can be modified, ..)
>
> Pavel
>
>
> On 3/31/11 5:41 PM, Arthur Yeo wrote:
>> Thanks, Pavel. I will keep that in mind.
>>
>> The only problem is that by doing that, the user now know that MAC
>> addr is formally passed in as a param.
>>
>> I am looking for things that are std in all incoming HTTP requests
>> which can uniquely identify the client machine. Even the IP addr
>> could be "misplaced" by a proxy.
>>
>>
>> On Thu, Mar 31, 2011 at 8:32 AM, Pavel Bucek
>> <pavel.bucek_at_oracle.com <mailto:pavel.bucek_at_oracle.com>> wrote:
>>
>> Hi Arthur,
>>
>> you can't get senders MAC address, it is not even present in
>> incoming packet/datagram. All you can get is MAC address of
>> last switch/router on the way and the MAC of interface on app
>> server side, which is kind of useless for you I guess (seems
>> like you want to use this info as an ID).
>>
>> ONLY way how to do this is include this info in the request
>> send by clients.
>>
>> Pavel
>>
>>
>> On 3/31/11 4:45 PM, Arthur Yeo wrote:
>>> Petr,
>>> Thanks!
>>> How would you hook this up to serving a call in Jersey?
>>> --
>>> Arthur
>>>
>>> On Wed, Mar 30, 2011 at 10:51 PM, Petr Jurák
>>> <petr.jurak_at_gmail.com <mailto:petr.jurak_at_gmail.com>> wrote:
>>>
>>> Hi,
>>> If you really want MAC, you can use
>>> java.net.NetworkInterface and
>>> method getHardwareAddress() (see
>>> http://download.oracle.com/javase/6/docs/api/java/net/NetworkInterface.html#getHardwareAddress()
>>> <http://download.oracle.com/javase/6/docs/api/java/net/NetworkInterface.html#getHardwareAddress%28%29>).
>>>
>>> Regards,
>>> Petr
>>>
>>> 2011/3/31 Jakub Podlesak <jakub.podlesak_at_oracle.com
>>> <mailto:jakub.podlesak_at_oracle.com>>:
>>> > I do not think so. It is a bit too low level, i am afraid.
>>> > And i am even not sure how to get this inforamtion
>>> > for the local interfaces in Java...
>>> >
>>> > ~Jakub
>>> >
>>> > P.S. Please also note, that for the IP address itself,
>>> > Jersey relies on the underlying container.
>>> >
>>> > On 03/30/2011 02:04 PM, Arthur Yeo wrote:
>>> >>
>>> >> Thanks, Jakub, I saw getRemoteAddr() and that helps.
>>> >>
>>> >> Is there anything for the remote MAC address?
>>> >>
>>> >> On Wed, Mar 30, 2011 at 1:51 PM, Jakub Podlesak
>>> >> <jakub.podlesak_at_oracle.com
>>> <mailto:jakub.podlesak_at_oracle.com>
>>> <mailto:jakub.podlesak_at_oracle.com
>>> <mailto:jakub.podlesak_at_oracle.com>>> wrote:
>>> >>
>>> >> On the Servlet container, you should be able to get
>>> >> the HttpServletRequest injected:
>>> >>
>>> >> @Context HttpServletRequest req;
>>> >>
>>> >> and get the address from there.
>>> >>
>>> >> Does it help you?
>>> >>
>>> >> ~Jakub
>>> >>
>>> >>
>>> >> On 03/30/2011 01:19 PM, Arthur Yeo wrote:
>>> >>
>>> >> All,
>>> >> When servicing a request in Jersey, is there a
>>> fast way to
>>> >> obtain the IP-addr of the client?
>>> >>
>>> >> --
>>> >> Arthur Y.
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Arthur Y.
>>> >
>>> >
>>>
>>>
>>>
>>>
>>> --
>>> Arthur Y.
>>
>>
>>
>>
>> --
>> Arthur Y.
>
>
>
>
> --
> Arthur Y.