Hi Android Developers,
I try to connect to a webapplication via my android client. In the
webapplication we use spring security 3 to login. The relevant part of
the login configuration looks like this:
<security:http auto-config='true' access-denied-page="/
accessDenied.html">
<security:intercept-url pattern="/**" access="ROLE_STANDARD" />
<security:form-login login-page="/login.html"
authentication-failure-url="/login_error.html"
default-target-url="/
pages/start/start.html"
always-use-default-target="true" />
<security:remember-me key="xxx"
token-validity-seconds="30000" data-
source-ref="dataSource"/>
<security:logout logout-success-url="/login.html"
invalidate-session="false" />
<security:session-management>
<security:concurrency-control max-sessions="1" />
</security:session-management>
</security:http>
So that means, the webapp is able to remember the user. From the
android client I call a webservice:
public void onLogin(final View v) {
EditText username = (EditText)
findViewById(R.id.editusername);
EditText password = (EditText) findViewById(R.id.editpassword);
client = new DefaultHttpClient();
String getToken = "";
// Call Webservice
HttpPost loginRequest = new
HttpPost(PathContainer.baseWebservice
+"login?");
ResponseHandler<String> respstring = new BasicResponseHandler();
try {
JSONObject credentials = new JSONObject();
try {
credentials.put("name",username.getEditableText().toString());
credentials.put("password",password.getEditableText().toString());
} catch (JSONException e1) {
e1.printStackTrace();
}
StringEntity seUser = new
StringEntity(credentials.toString(),
"UTF-8");
loginRequest.setEntity(seUser);
getToken = client.execute(loginRequest,
respstring);
if (getToken != null) {
if (getToken.startsWith("token")) {
String[]t= getToken.split(":");
securtiytoken=t[1];
Cursor token=
getContentResolver().query(URI, null, null, null,
null);
if(token.getCount()==0){
insertTokenIntoDB(this,
securtiytoken,username.getEditableText().toString());
}else{
updateToken(this,
securtiytoken,username.getEditableText().toString());
}
token.close();
this.startMain();
}else{
Toast.makeText(this,"Anmeldung
fehlgeschlagen ...
",Toast.LENGTH_LONG).show();
this.loginAgain();
}
}
} catch (ClientProtocolException e1) {
e1.printStackTrace();
} catch (IOException e1) {
e1.printStackTrace();
}
}
The webservice looks like this
@POST
@Produces(MediaType.TEXT_PLAIN)
@Path("/login")
public String login(String credentials) {
JSONObject jo = null;
String name = "";
String password = "";
try {
jo = new JSONObject(credentials);
name = jo.getString("name");
password = jo.getString("password");
} catch (JSONException e) {
e.printStackTrace();
}
HttpResponse r = springSecurityCheck(name, password);
for (Header h : r.getAllHeaders()) {
System.out.println(h.getName() + " " + " " + h.getValue() +
"");
}
String s = r.getFirstHeader("Location").toString();
boolean isError = s.contains("login_error");
if (!isError) {
Header[] cookies = r.getHeaders("Set-Cookie");
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].toString().contains(
"SPRING_SECURITY_REMEMBER_ME_COOKIE")) {
String[] cookie = cookies[i].toString().split("=");
String token = cookie[1].substring(0,
cookie[1].indexOf(";"));
if (token != null) {
return "token:" + token;
}
}
}
}
System.out.println(" ----- Login from" + name
+ " failed----- ");
return "newLogin";
}
After the login, a SPRING_SECURITY_REMEMBER_ME_COOKIE is generated and
sended back to client. But how can I use this cookie in the client for
further requests to other webservice methods? While useing the
webapplication everything works fine. But in the client I havenĀ“t got
a browser, I have just the DefaultHttpClient. So how can use the
DefaultHttpClient like a browser from my android client?
Greetings
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
