Announcement Announcement Module
Collapse
No announcement yet.
Generating Tokens for an android Client - a few questions in general Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Generating Tokens for an android Client - a few questions in general

    Hi spring community,


    iīm developing an android app which gets some data from our social network platform. the client gets the information via jersey spring. now i would like to realize the following thing. when the user submits his username and password, he should get a token, that is valid for a specific time. so the user does not have to login again for this time.

    our server application is a jee application which uses spring security for authentication. the configuration looks like this:

    Code:
    	<security:http auto-config='true' access-denied-page="/accessDenied.html" session-fixation-protection="migrateSession">
       		<security:intercept-url pattern="/testHTML.html*" filters='none' />
       	<!-- ... list of all pages, which are accessible before login .. -->
    		<security:form-login login-page="/login.html"  
                    authentication-failure-url="/login_error.html"
                    default-target-url="/pages/start/start.html" 
                    always-use-default-target="true"/>
           
            <security:logout logout-success-url="/login.html" invalidate-session="true"/>
            <security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false"/>
            
        </security:http>
        
        <security:authentication-manager alias="authenticationManager"/>
        
       	<security:authentication-provider user-service-ref="userDetailsServiceImpl">
            <security:password-encoder hash="md5"/>
    
    	</security:authentication-provider>
    
    	<security:global-method-security
    		secured-annotations="enabled">
    		<!--
    			AspectJ pointcut expression that locates our "post" method and
    			applies security that way <protect-pointcut expression="execution(*
    			bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
    		-->
    		<!--
    			security:protect-pointcut expression="execution(*
    			de.lyth.taunusConnection.handler.subProfileSearchSmallHandler.searchMember())"
    			access="ROLE_A" /
    		-->
    	</security:global-method-security>
    
    	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions" value="false" />
    		<property name="decisionVoters">
    			<list>
    				<bean class="org.springframework.security.vote.RoleVoter" />
    				<bean class="org.springframework.security.vote.AuthenticatedVoter" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="resourceSecurityInterceptor"
    		class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager" ref="authenticationManager" />
    		<property name="accessDecisionManager" ref="accessDecisionManager" />
    		<property name="objectDefinitionSource"
    			ref="secureResourceFilterInvocationDefinitionSource" />
    		<property name="observeOncePerRequest" value="false" />
    		<security:custom-filter after="LAST" />
    	</bean>
    
    	<bean id="secureResourceFilterInvocationDefinitionSource"
    		class="de.lyth.generic.util.SecureResourceFilterInvocationDefinitionSource" />
    So, at the moment i really donīt know how to realize this. How do I have to configure the applicationcontext.xml. What do I have to use to generate tokens? Iīm sorry about these questions, but I donīt know that much about spring security. Advices or may an example/tutorial would be appreciated.

    Thanks and greetings
    Asuka

  • #2
    Hi.

    I'm not sure what to tell you beyond what's described in the user guide:

    http://static.springsource.org/sprin...userguide.html

    If you've got suggestions for how to improve the docs, we'd love to hear them. Of course, you're also welcome to inqure about commercial support if you'd like some help with your specific situation.

    Comment


    • #3
      Hi,

      I'm building a mobile API that needs to hand out tokens, after initial login.
      Were you able to come up with a solution using OAUTH?

      I'm using acegi to provide authorization and authentication, so need to confirm if they can be used in tandem with OAuth.

      Thanks,
      Gavin

      Comment

      Working...
      X