Currently, I am working on client authentication. Is there way to encrypt the password before sending it to the server. I am currently using JBoss 3.2.1 and also using callBackHandler to pass username and password to the JBoss server. The username and the password is still sending as clear text, and I am conern about the security vulnerability....any examples or documentation will be helpful if there is any.... thanks in advance.
Use SSL. If this is an internal app, you can generate your own root CA, or public-private key combos, using keytool and/or openssl, if not you've to go for Verisign, Geotrust (some versions of JVM and browsers still don't honor this).