I have a Java Web Start Application which communicates against my server via a web service (over https). I want to restrict the usage of the webservice to my app only, so that 3rd party apps don't work.
What strategies to I have? This question is somewhat broad, but running in JWS disables some options, like doing a checksum over all jars (at least I don't know a way of doing this in a JWS environment).
I can always implement my own auth scheme, but since the client code is on the client-side, one can always disassemble the class files and crack the auth mechanism.