Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Implementing two-factor authentication into a Java web app

Tags:

java

security

authentication

I have an existing Java web application running through IBM WebSphere (I'm unsure of the version, but could find out if it helps) that I am looking to implement two factor authentication with.

The system has a decent user base, and I wanted to distribute hardware tokens to the admin users of the system to ensure strong authentication.

Minimal impact to the end user is desirable, but I'd like to avoid having the admins need to go through a VPN connection.

Does anyone know of any products that provide Java APIs that could be directly integrated into the existing application or other products that will provide a minimal impact? I've already spoken with RSA SecurID, but their system wouldn't integrate directly and would require an infrastructure change. Any other ideas/experience is greatly appreciated.

like image 924
BRR Avatar asked Sep 13 '10 16:09

BRR

1 Answers

For posterity, I've just posted my simple Java two factor authentication utility class to Github. With it, you can do something like the following:

TwoFactorAuthUtil twoFactorAuthUtil = new TwoFactorAuthUtil();

// To generate a secret use:
// String base32Secret = generateBase32Secret();
String base32Secret = "NY4A5CPJZ46LXZCP";
// now we can store this in the database associated with the account

// this is the name of the key which can be displayed by the authenticator program
String keyId = "[email protected]";
System.out.println("Image url = " + twoFactorAuthUtil.qrImageUrl(keyId, base32Secret));
// we can display this image to the user to let them load it into their auth program

// we can use the code here and compare it against user input
String code = twoFactorAuthUtil.generateCurrentNumber(base32Secret);

// this little loop is here to show how the number changes over time
while (true) {
    long diff = TwoFactorAuthUtil.TIME_STEP_SECONDS
        - ((System.currentTimeMillis() / 1000) % TwoFactorAuthUtil.TIME_STEP_SECONDS);
    code = twoFactorAuthUtil.generateCurrentNumber(base32Secret);
    System.out.println("Secret code = " + code + ", change in " + diff + " seconds");
    Thread.sleep(1000);
}
like image 151
Gray Avatar answered Sep 28 '22 22:09

Gray
Sign in to Comment

Related questions

How do I sign a HTTP request with a X.509 certificate in Java?
~1s latency control app: is this suitable for Java?
Do java.security.Key.getEncoded() return data in DER encoded format?
How to reference another project in Eclipse with Google appengine project?
JSTL - Using forEach to iterate over a user-defined class [duplicate]
static java bytecode optimizer (like proguard) with escape analysis?
strange messages in log file @^@^@^@^@^@^@^@^@^@^@^@^@^@^@^
Implementing a filtering class loader
Java and SEO friendly URLs: ©reate ╨ a valid http URL from a string composed by special caracters
Spring Distributed Transaction Involving RMI calls possible?
What is a good ratio of Java threads to CPUs on Solaris?
Java Message Service and Haskell
Is there any way to load an application context using a custom BeanWrapper implementation
GRASP's Controllers and MVC's Controllers question
Does the placement of a try-catch block affect performance?
OData Provider in Ruby/Java [closed]
Looking for a Java based forum engine easy to integrate with existing user tables [closed]
What's the approach to add javascript to a Tapestry application?
JMagick Error when trying to load a file - UnsatisfiedLink
Hibernate date conversion

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!