I know that this may be a duplicate question,but I could not find any answer that satisfies my need. If anyone can link me to that URL or can help me by guideline it would be very nice.

We have a legacy JSP web application and now we are trying to have a android version of it. I have developed a Jersey REST service to get data from server to my android application. Now I need to implement the security of this server and android client. my all will be installed on clients mobile (not in app market) and it can contain critical informations.

My questions are:

1) what is the most convenient,easy but powerful way to put authentication and authorization on my Jersey REST provider? currently my service is on Jetty but later on production it will be on websphere. my database can be either sql server or oracle.

2) making my REST server security in such a way that my android clients security is good and now to implement the android security. Sample code is not required but a guideline is helpful for me.

I have read about spring security,Shiro,OAuth and others but did not find a full explanation of how to secure a Jersey web service. There are some in Oauth but it seems ab overhead to me. token based and SSL seems a good idea too.

If someone can guide me to step by step TO-Do it would really be helpful for me.

thanks.