I developed a Java web application with Rest full service and I have integrated Apache Shiro for session management and it's working fine for the web. And now I developed an android application and I am able to communicate with the rest full services. When I login with my android application Apache Shiro provides me a session but after which for any other rest full calls I make SecurityUtils.getSubject().isAuthenticated() return false. As I am new I do not know how to authenticate an android application using Apache Shiro
1
votes
1 Answers
1
votes
(I just copied my response from another post on the topic to this)
You can send back a token (session-id) from your REST Server, post successful login. Your iOS/Android application will then need to store this, and send this with every REST request it makes. Here is sample of what your post login REST response can be:
session-start-timestamp: 1394683755389,
session-timeout: 1800000,
session-id: "068C8E0E289788A7ABC5FE47B2CC0D28"
The session-id will be maintained by your REST Server, and its TTL will be reset every time a new request with this id comes in.
On browsers, this id gets sent automatically. For your case, you would want to send it explicitly with each HTTP request (which is what REST request is) - since you are not sending this token back to Shiro/REST Server, Shiro thinks you are a new unauthenticated user, and therefore, the isAuthenticated check fails.
Hope this helps
