Runtime tools : Channels components : Java Client/Server Messaging APIs : Tasks : Establishing a secured session based on a proxy security server : Executing the application in the secured session : Using a Java application client
  
Using a Java application client
To execute an application that uses a Java application for its client, you need to set up the application to avoid the HTTP 401 Security Errors. To do this:
1 Have the application provide the user ID and password for the proxy security infrastructure.
You can do this in the following ways:
Specify the ID and password in the client dsesrvce.xml file:
<CSClient id="realCSClient"
serverCredentials="userId:password"
...
</CSClient>
Specify the ID and password in the code
((CSClientService)CSClient.getCSClient("realCSClient")).setServerCredentials("userId:password");
This information enables the proxy security infrastructure to generate the security cookie to identify the user. The CSClient service performs the base64 encode internally.
2 Establish the session as usual but expect an HTTP error code 401 security error.
try{
if (!createNewSession){

((CSClientService)CSClient.getCSClient("realCSClient")).establishSession(false);
}
else
((CSClientService)CSClient.getCSClient("realCSClient")).establishSession();
}catch (DSECSException exc){
String httpError = exc.getHttpErrorCode();
if(httpError.equals("401")){
//Security Challenge
//Do it here or in the dse.ini client configuration file.

((CSClientService)CSClient.getCSClient("realCSClient")).setServerCredentials("userID:password");
if ((!createNewSession){

((CSClientService)CSClient.getCSClient("realCSClient")).establishSession(false);
}
else
((CSClientService)CSClient.getCSClient("realCSClient")).establishSession();
}
}
If the user ID or password are not valid or the use did not provide them, the security proxy sends HTTP 401 Security Error. The application should catch the exception again and set the right user and password values using the setServerCredentials() method as shown in step 1. The application should then try to re-establish the session. A possible implementation is to loop the reconnections a number of times before aborting.
3 Reset the data provided in the step 1 to prevent the user ID and password from appearing in the request headers of all the client requests:
((CSClientService)CSClient.getCSClient("realCSClient")).setServerCredentials(null);
Go up to
Executing the application in the secured session