认证来自Android客户端一个Grails服务器 [英] authenticating a grails server from android client

问题描述

您好即时通讯新的Grails和Android ....我开发一个应用程序的服务器（Grails的）提供了用户数据和客户端（安卓）认证，并获取数据。该服务器有弹簧的安全和IM试图做一个HTTP POST发送用户名和密码。 使用HTTP命令IM是的http://10.0.2.2:8080/test/j_spring_security_check?j_username=user1&j_password=pass1 而即时通讯将数据发送控制器上使用@Secured（'IS_AUTHENTICATED_FULLY） 如果没有安全的IM能够访问数据（Grails的使用适当的code在Android上显示JSON响应应用程序呈现数据作为JSON和IM）。但它失败时的页面是安全的。可以any1能请帮我这个问题，我需要亟待解决，因为它是我的最后一个学术项目

Hello im new to grails and android.... i am developing an application where the server(grails) provides user data and client(android) authenticates and gets the data. The server has spring security and im trying to do a http post to send username and password. The http command im using is http://10.0.2.2:8080/test/j_spring_security_check?j_username=user1&j_password=pass1 And im using @Secured('IS_AUTHENTICATED_FULLY') on the controller which sends data Without the security im able to access the data(grails app renders the data as Json and im using appropriate code on android to display the json response). But it fails when the page is secured. Can any1 please help me about this problem i need it to be solved urgently as it is for my final academic project

推荐答案

首先把旅游注意请求方法到您的网络appliaction。 据我所知，你应该发送POST方法请求。 第二个春天的安全检查你的cookies，尤其是参数JSESSIONID你只是把这个参数设置有效的春天已经提供凭据的安全性。 您可以通过一些网络分析仪的检查。

First of all put tour attention to request method to your web appliaction. As far as I know you should send POST method request. Second Spring security checks your cookies, especially parameter JSESSIONID you just make this parameter valid to Spring security having provided your credentials. You can check it via some network analyzer.

我计算出使用HttpCleint嵌入Android的类似的任务。这里是code这个问题上我用来实现自己的安全系统。

I worked out similar task using HttpCleint embedded in Android. Here is code listing I used to implement my own security system.

DefaultHttpClient httpclient = new DefaultHttpClient();
        try {
            HttpGet httpget = new HttpGet("https://yourwebbapp");

            HttpResponse response = httpclient.execute(httpget);
            HttpEntity entity = response.getEntity();

            System.out.println("Login form get: " + response.getStatusLine());
            EntityUtils.consume(entity);

            System.out.println("Initial set of cookies:");
            List<Cookie> cookies = httpclient.getCookieStore().getCookies();
            if (cookies.isEmpty()) {
                System.out.println("None");
            } else {
                for (int i = 0; i < cookies.size(); i++) {
                    System.out.println("- " + cookies.get(i).toString());
                }
            }

            HttpPost httpost = new HttpPost("https://yourwebbapp");

            List <NameValuePair> nvps = new ArrayList <NameValuePair>();
            nvps.add(new BasicNameValuePair("IDToken1", "username"));
            nvps.add(new BasicNameValuePair("IDToken2", "password"));

            httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

            response = httpclient.execute(httpost);
            entity = response.getEntity();

            System.out.println("Login form get: " + response.getStatusLine());
            EntityUtils.consume(entity);

            System.out.println("Post logon cookies:");
            cookies = httpclient.getCookieStore().getCookies();
            if (cookies.isEmpty()) {
                System.out.println("None");
            } else {
                for (int i = 0; i < cookies.size(); i++) {
                    System.out.println("- " + cookies.get(i).toString());
                }
            }

        } finally {
            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
        } 

这篇关于认证来自Android客户端一个Grails服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！