6

I am currently playing with java to create an authentication server for a desktop app and so far I have been able to make both the client and server communicate like a chat server/client for a start.

I do realise I only got a small portion of it working and there are many things to come and to learn but right now at this stage I am wondering how the authentication is done.

For example, this is the server code:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;

public class LoginServer
{
    public static void main(String[] args) throws Exception {
        int port = 7000;
        int id = 1;

        ServerSocket loginserver = null;
        try
        {
            loginserver = new ServerSocket(port);
            System.out.println("LoginServer started...");
        }
        catch (IOException e) {
            System.out.println("Could not listen on port: " + port);
            System.exit(-1);
        }

        while (true)
        {
            Socket clientSocket = loginserver.accept();
            ClientServiceThread cliThread = new ClientServiceThread(clientSocket, id++);
            cliThread.start();
        }
    }
}

class ClientServiceThread extends Thread
{
    Socket clientSocket;
    int clientID = -1;
    boolean running = true;

    ClientServiceThread(Socket s, int i)
    {
        clientSocket = s;
        clientID = i;
    }

    public void run()
    {
        System.out.println("Accepted Client : ID - " + clientID + " : Address - " + clientSocket.getInetAddress().getHostName());
        try
        {
            BufferedReader   in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream()));
            PrintWriter   out = new PrintWriter(new OutputStreamWriter(clientSocket.getOutputStream()));
            while (running)
            {
                String clientCommand = in.readLine();
                System.out.println("Client Says :" + clientCommand);
                if (clientCommand.equalsIgnoreCase("quit"))
                {
                    running = false;
                    System.out.print("Stopping client thread for client : " + clientID);
                }
                else
                {
                    out.println(clientCommand);
                    out.flush();
                }
            }
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }
}

As you can see, I do read what the client sends and output it to the console as well as checking if the client has sent a quit or not command.

  • What I am wondering is how would I do so that the client can only connect to it if the user and password was sent ?

  • Or should I always receive the initial connection and from there receive the authentication information and if the client has not sent it in let's say 3 seconds disconnect them ?

  • What is the correct way of receiving the new connections and authenticate the users with it ?

Guapo
  • 3,446
  • 9
  • 36
  • 63

1 Answers1

12

You've got the right idea, but you need to think of it more as a state machine.

A client connects, then it would need to go into the Login state, where you expect it to send authentication information. If incorrect or timeout, disconnect.

If correct, move on to the Command Processing state. If you receive a quit command, either move to a Cleanup state, or simply disconnect.

Here's a general outline:

String line;
while ((line = in.readLine()) != null) {
    switch (state) {
        case login:
            processLogin(line);
            break;
        case command:
            processCommand(line);
            break;
    }
}

Your processLogin function could look like this:

void processLogin(String line) {
    if (user == null) {
        user = line;
    }
    else if (password == null) {
        password = line;
    }
    else {
        if (validUser(user, password)) {
            state = command;
        }
        else {
            socket.close();
        }
    }
}

And your processCommand function:

void processCommand(String line) {
    if (line.equals(...)) {
        // Process each command like this
    }
    else if (line.equals("quit")) {
        socket.close();
    }
    else {
        System.err.println("Unrecognized command: " + line);
    }
}

The state instance variable would likely be an enum. You can see that using this model will give you some pretty simple extensibility. For example, a command could drop you into a different state to process specific sub-commands.

Jonathan
  • 13,354
  • 4
  • 36
  • 32
  • thanks for your answer I am glad I was not too off, I also tried looking around for any source or examples more direct to an authentication socket system but couldnt find any as an example and help me on this, would you happen to be able to give me a short code sample perhaps direct me to any links that might be worth checking in regards the state machine for a login system or similar that could help em out ? thanks you once again – Guapo Mar 16 '11 at 20:55
  • really appreciate for taking the time this really helps me out ;) – Guapo Mar 17 '11 at 19:52