What is the best way to save user settings in java application?

java

Solution 1:

The Preferences API is a nice way to store user and system preferences. If you want to store passwords, you'll have to encrypt them. Here is a nice article that can get you started.

Encrypted Preferences in Java

Solution 2:

I usually store in user data directory, with sub directories of application name followed by application version.

public static String getUserDataDirectory() {
    return System.getProperty("user.home") + File.separator + ".jstock" + File.separator + getApplicationVersionString() + File.separator;
}

I had been using the following code for 3 years. This method works quite well either in Windows, Linux or Mac.

Please note that, in Windows, never store it in Program Files, as UAC in Windows Vista or newer may give you a lot of trouble.

Remember put a dot in-front of your application name, so that it will become a hidden folder in Linux.

Good thing by using this methology is that, you are not limited your self in storing primitive value only. Instead, you may save the entire object state to the disk by using xstream

For example :

public static boolean toXML(Object object, File file) {
    XStream xStream = new XStream();
    OutputStream outputStream = null;
    Writer writer = null;

    try {
        outputStream = new FileOutputStream(file);
        writer = new OutputStreamWriter(outputStream, Charset.forName("UTF-8"));
        xStream.toXML(object, writer);
    }
    catch (Exception exp) {
        log.error(null, exp);
        return false;
    }
    finally {
        close(writer);
        close(outputStream);
    }

    return true;
}

Solution 3:

Storing a single password securely is quite difficult. Suppose you encrypt the password using some secret key. Then when your applciation starts again it needs that secret key, where does it get that from?

If it asks the user then he might as well just enter the ftp password which you stored in the first place. If it reads the secret key from somewhere then you need to secure the secret key, and we're back where we started.

If you are keeping several passwords then asking the user for a single password to some "vault" may be much friendlier, but you then get into all the hassle of dealing with expired passwords.

There are products available to deal with this wort of stuff, if you have a serious need then you probably need to investigate them.

Related

How to determine which html page element has focus? [duplicate]
How does ?#iefix solve web fonts loading in IE6-IE8?
Eloquent eager load Order by
How to set order of repositories in Maven settings.xml
Entity framework PostgreSQL
Question mark and colon in statement. What does it mean?
sudo: How to allow only one argument to a command?
What options are there for out of band management in desktops?
Symmetric NAT and UDP Hole Punching
Can I use the worker MPM with mod_php?
Mysterious error with php5-fpm
NTP local query always times out