I have to make a program with the following requirements:
Build a Client/Server application based on RMI with the following characteristics: The application is structured in 3 different projects: Server, Client, Shared where Shared contains interfaces and classes common to Server and Client. Server and Client are programs, each with its own main, that should also work on different machines.
- The Server exports a remote object for the registrations.
- The clients register on the server using an appropriate method of the server that takes as parameters name and IP of the client and returns an unique identifier.
- The server mantains an updated list of all the registered clients and offers them methods for registration and for accessing in each moment the list.
Make a distributed program for simulating the registration of a random number of clients. A client is a Java program that connects to the server, registrates and then allows the visualization of the global state of the system.
Use the RMI callbacks to notificate each registered client of the new registrations.
My problems start at point 2. In all the tutorials i've seen so far the Client creates an exported object client and passes it to the registration method of the remote object exported by the Server. Here it asks me to pass only the name and the IP but in order to do the callbacks I need a reference to the client object so I thought of looking in the registry for each client that registrates but I think this idea is just a workaround as I could directly pass the client object to the method as a parameter...
After the registration I think the client should use its identifier to access the list of registered clients but what if another client, that isn't registered uses a self made identifier that matches the identifier of a registered client? in that case it would have access to that account. Is there a way to safely recognize clients and maybe keep them logged in without asking them to identify themselves for each request they make?
Optional question: How is it possible to use the registry with this kind of program? How do we know that each client is going to bind a name to its object without overwriting another name? For example, if there is an object named "client1" in the registry, there might be another client that names its object "client1" overwritting the first object; what happens in this case to the name of the first object and again how is it possible to use the registry knowing this could happen?...
I apologize for my english but it's not my main language
The server should create the token for the client. The client should pass it on all subsequent calls. Server should authenticate using it.
A GUID would be hard to spoof.
You can't prevent clients from doing so, but it will be difficult given a sufficiently complex identifier.
You can also have users supply credentials (e.g. username and password).