I have Spring REST webserivce Now from a mobile client webservice is getting called. First, login method is called for log in succes or failure based on sent value userid and p
You don't need to create session manually - this is done by servlet container.
You can obtain session from HttpServletRequest
HttpSession session = request.getSession();
or just add it as a method parameter, and Spring MVC will inject it for you:
public @ResponseBody List getLogIn(@RequestBody LogIn person , HttpServletRequest request, HttpSession httpSession)
You then can save user details in session via setAttribute()
/getAttribute()
.
However, you are much better off using Spring Security, which is intended just for the task - see @Pumpkins's answer for references. SecurityContext
contains info about currently logged in principal, which you can obtain from SecurityContextHolder