Announcement Announcement Module
Collapse
No announcement yet.
using secured webservice problem Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • using secured webservice problem

    Hi there,

    I have a webbapplication using spring security. The security configuration of the applicationContext.xml looks like this:

    Code:
    <security:http auto-config='true' access-denied-page="/accessDenied.html" session-fixation-protection="newSession">
       	
       <security:intercept-url pattern="/testHTML.html*" filters='none' />
       <security:intercept-url pattern="/api/myresource/test"   access="IS_AUTHENTICATED_FULLY"/>
    
       <security:form-login login-page="/login.html"  
            authentication-failure-url="/login_error.html"
            default-target-url="/pages/start/start.html" 
            always-use-default-target="true"/>
       <security:logout logout-success-url="/login.html" invalidate-session="true"/>
             
       <security:concurrent-session-control max-sessions="1" exception- if-maximum-exceeded="false"/>
            
    </security:http>        		
    
    <security:authentication-manager alias="authenticationManager"/>
        
    <security:authentication-provider user-service-ref="userDetailsServiceImpl">
            <security:password-encoder hash="md5"/>
    
    	
    <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions" value="false" />
    		<property name="decisionVoters">
    			<list>
    				<bean class="org.springframework.security.vote.RoleVoter" />
    				<bean class="org.springframework.security.vote.AuthenticatedVoter" />
    			</list>
    		</property>
    </bean>
    
    <bean id="resourceSecurityInterceptor"
    class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager" ref="authenticationManager" />
    		<property name="accessDecisionManager" ref="accessDecisionManager" />
    		<property name="objectDefinitionSource"
    			ref="secureResourceFilterInvocationDefinitionSource" />
    		<property name="observeOncePerRequest" value="false" />
    		<security:custom-filter after="LAST" />
    </bean>
    
    <bean id="secureResourceFilterInvocationDefinitionSource"
    class="de.lyth.generic.util.SecureResourceFilterInvocationDefinitionSource" />
    The /api/myresource/test url represents a rest webservice, which should be accessable after login. This works in a browser.

    Now I have an android app, which wants to use this webservice, too. Itīs not intended to use a browser in the android app. But without login via login.html, the webservice is not accessable. (Of course not, thatīs what spring security does).

    My question is: What possibilities do I have to login and use this secured webservice via android?

    Thanks for your help
    Greetings
    Asuka

  • #2
    You might consider Spring Security OAuth

    Comment

    Working...
    X