I’m developing an android app where it will replicate my web application. My web application has login/authentication/sessions, which is implemented using spring security frame work. Now the problem is I need to handle each and every job in android application to be done using RESTful web service securely but I’m unable to find the correct way of implementing the web service. I’m using this tutorial, which is actually not secure. He has given some tips on how to do it securely using OAUTH but it isn’t clear for me.
My questions are;
- Since, REST is state-less and android app is not a browser, we cannot do session management based on cookies but some say we can. if so how?
- I have heard about Spring Android library for handling sessions easily but did not find proper documentation. If any one has links regarding it. post them here.
- If possible provide me the links to the detailed explanation/tutorials for RESTful secured web services for spring security.
Normally for mobile clients with RESTful Web Services, I have not used sessions. Usually each method is authenticated independently, often by using https and passing the username password in as either parameters in the URL or using Basic Authentication. See for example this quesiont and answers:
Calling Restful Web Service with Android