1

I'm developing a mobile app, the server side is REST using Spring 3 MVC.

I was trying to integrate Spring Security with it to secure resources. I've read through a lot of material to get information on how to do it. I understand the architecture, however, when it comes to implementation I am still confused.

I referred a SO question; I have the same requirements. I understand the code, however, I am confused about when the first authenticate request comes in; at that time a token will not be present as the part of the header, so the same filter won't work.

So I was wondering how should I implement it. I was thinking of implementing it as follows:

  1. A separate filter that authenticates user using username password from the request
  2. After authentication the filter sets the authentication info in the context
  3. And another filter that works with tokens for authentication for all API URLs

Is this the correct way to implement it?

Community
  • 1
  • 1
Meghana Ghanekar
  • 11
  • 2

1 Answers1

0

No need to add another filter. Whatever the authentication result, the system will try to call handler for corresponding mapping, as you have chain.doFilter() outside if(validate_token).

You must tell Spring security that your request /login MUST NOT BE AUTHENTICATED. You can configure it in xml/java config.

Ramanujan R
  • 1,601
  • 2
  • 23
  • 43