Menu
I'm writing client for my webapplication, and i signed release jar with my developer certificate, how can i verify that request to rest service was from my signed jar?
641
You cannot. Signing is for execution validation which means it is on the server side. But you want to check signature on the http/rest request on the client side. Client side has no such validation.
You can add something to the response itself and validate it on the client side but, again, nothing prevents any other server to send the same value and so pretend to be your server.
You can also add some behavior characteristics to your jar (like session cookies) but, again, nothing prevents other jars to emulate it too.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
