How to make a request from an android app that can enter a Spring Security secured webservice method
Posted
by johnrock
on Stack Overflow
See other posts from Stack Overflow
or by johnrock
Published on 2010-02-13T21:21:33Z
Indexed on
2010/05/08
4:48 UTC
Read the original article
Hit count: 295
I have a Spring Security (form based authentication) web app running CXF JAX-RS webservices and I am trying to connect to this webservice from an Android app that can be authenticated on a per user basis. Currently, when I add an @Secured annotation to my webservice method all requests to this method are denied. I have tried to pass in credentials of a valid user/password (that currently exists in the Spring Security based web app and can log in to the web app successfully) from the android call but the request still fails to enter this method when the @Secured annotation is present. The SecurityContext parameter returns null when calling getUserPrincipal().
How can I make a request from an android app that can enter a Spring Security secured webservice method?
Here is the code I am working with at the moment:
Android call:
httpclient.getCredentialsProvider().setCredentials(
//new AuthScope("192.168.1.101", 80),
new AuthScope(null, -1),
new UsernamePasswordCredentials("joeuser", "mypassword"));
String userAgent = "Android/" + getVersion();
HttpGet httpget = new HttpGet(MY_URI);
httpget.setHeader("User-Agent", userAgent);
httpget.setHeader("Content-Type", "application/xml");
HttpResponse response;
try {
response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
... parse xml
Webservice Method:
@GET
@Path("/payload")
@Produces("application/XML")
@Secured({"ROLE_USER","ROLE_ADMIN","ROLE_GUEST"})
public Response makePayload(@Context Request request, @Context SecurityContext securityContext){
Payload payload = new Payload();
payload.setUsersOnline(new Long(200));
if (payload == null) {
return Response.noContent().build();
}
else{
return Response.ok().entity(payload).build();
}
}
© Stack Overflow or respective owner