I am working on a set of services, and a client JAR file which is intended to be the sole means of calling these services. The client JAR will be used by multiple applications (all internal). However, we would like some services to be allowed for some client applications and not others.

I’m playing around with different approaches for meeting this goal, but one approach is to give each application a “context” value to pass at run-time. This value would represent the list of services allowed to that client application, and a service would be able to quickly calculate whether or not it is on that list.

Each service would have its own ID value, probably hard-coded into the Java class as a static final variable. For each client application, I would put together a list of allowed services, probably using a Groovy script or very basic web app. A bit of Reflection-based code would collect all of those ID values, and generate a hash representing them all.

I would give this “context” hash to client application owners along with the client JAR, and they would pass it back at run-time when calling a service. The service would use the same (or a related) hashing algorithm, to quickly check whether or not its ID is contained within the hash. If so, the service proceeds. If not, it throws an exception. This approach obviously would not protect against deliberate abuse, but these are all internal services and we only need to block negligent misuse.

I’m not sure which hashing algorithm to use (or if “hashing” is even the right word for it). I could just collect all of the allowed ID’s as a String, and later check to see whether a given ID is contained within that string. However, the “context” value would then be huge and unwieldy. I’m sure that there are standard mathematical approaches for hashing a list of values, and later checking whether a given raw value is in that list. Probably some that are already neatly packaged and exposed in the Java world. Any suggestions are appreciated!