What is the best way to save user settings in java application?
Solution 1:
The Preferences API is a nice way to store user and system preferences. If you want to store passwords, you'll have to encrypt them. Here is a nice article that can get you started.
Encrypted Preferences in Java
Solution 2:
I usually store in user data directory, with sub directories of application name followed by application version.
public static String getUserDataDirectory() {
return System.getProperty("user.home") + File.separator + ".jstock" + File.separator + getApplicationVersionString() + File.separator;
}
I had been using the following code for 3 years. This method works quite well either in Windows, Linux or Mac.
Please note that, in Windows, never store it in Program Files
, as UAC in Windows Vista or newer may give you a lot of trouble.
Remember put a dot in-front of your application name, so that it will become a hidden folder in Linux.
Good thing by using this methology is that, you are not limited your self in storing primitive value only. Instead, you may save the entire object state to the disk by using xstream
For example :
public static boolean toXML(Object object, File file) {
XStream xStream = new XStream();
OutputStream outputStream = null;
Writer writer = null;
try {
outputStream = new FileOutputStream(file);
writer = new OutputStreamWriter(outputStream, Charset.forName("UTF-8"));
xStream.toXML(object, writer);
}
catch (Exception exp) {
log.error(null, exp);
return false;
}
finally {
close(writer);
close(outputStream);
}
return true;
}
Solution 3:
Storing a single password securely is quite difficult. Suppose you encrypt the password using some secret key. Then when your applciation starts again it needs that secret key, where does it get that from?
If it asks the user then he might as well just enter the ftp password which you stored in the first place. If it reads the secret key from somewhere then you need to secure the secret key, and we're back where we started.
If you are keeping several passwords then asking the user for a single password to some "vault" may be much friendlier, but you then get into all the hassle of dealing with expired passwords.
There are products available to deal with this wort of stuff, if you have a serious need then you probably need to investigate them.