javaauthenticationsslmutual-authenticationsslsocketfactory

Adding client authentication in SSL handshake without certificate


I want to implement client - server application which require client authentication using some other data than certificates (for example using password). Everywhere I looked for something like that, I found only 2-way (mutual) SSL authentication with client and server certificates, which I don't want.

Is there some APIs for customizing ssl handshake and adding client authentication? Is it possible to build application like this using JSSE package or some other Java technologies?

Any kind of advice or guidelines about this would be very helpful becouse I'm new in this topic.


Solution

  • You can use HTTP Basic Authentication. So you set up your server just under HTTP and authenticate via password/username. To write your own protocol....there has to be done to much....