using secured webservice problem

[Asuka]

Hi there,

I have a webbapplication using spring security. The security configuration of the applicationContext.xml looks like this:

Code:

<security:http auto-config='true' access-denied-page="/accessDenied.html" session-fixation-protection="newSession">
   	
   <security:intercept-url pattern="/testHTML.html*" filters='none' />
   <security:intercept-url pattern="/api/myresource/test"   access="IS_AUTHENTICATED_FULLY"/>

   <security:form-login login-page="/login.html"  
        authentication-failure-url="/login_error.html"
        default-target-url="/pages/start/start.html" 
        always-use-default-target="true"/>
   <security:logout logout-success-url="/login.html" invalidate-session="true"/>
         
   <security:concurrent-session-control max-sessions="1" exception- if-maximum-exceeded="false"/>
        
</security:http>        		

<security:authentication-manager alias="authenticationManager"/>
    
<security:authentication-provider user-service-ref="userDetailsServiceImpl">
        <security:password-encoder hash="md5"/>

	
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions" value="false" />
		<property name="decisionVoters">
			<list>
				<bean class="org.springframework.security.vote.RoleVoter" />
				<bean class="org.springframework.security.vote.AuthenticatedVoter" />
			</list>
		</property>
</bean>

<bean id="resourceSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager" ref="authenticationManager" />
		<property name="accessDecisionManager" ref="accessDecisionManager" />
		<property name="objectDefinitionSource"
			ref="secureResourceFilterInvocationDefinitionSource" />
		<property name="observeOncePerRequest" value="false" />
		<security:custom-filter after="LAST" />
</bean>

<bean id="secureResourceFilterInvocationDefinitionSource"
class="de.lyth.generic.util.SecureResourceFilterInvocationDefinitionSource" />

The /api/myresource/test url represents a rest webservice, which should be accessable after login. This works in a browser.

Now I have an android app, which wants to use this webservice, too. It´s not intended to use a browser in the android app. But without login via login.html, the webservice is not accessable. (Of course not, that´s what spring security does).

My question is: What possibilities do I have to login and use this secured webservice via android?

Thanks for your help
Greetings
Asuka

[Rob Winch]

You might consider Spring Security OAuth