How to create and destroy session in Spring REST Webservice called from Mobile client

Question

I have Spring REST webserivce Now from a mobile client webservice is getting called. First, login method is called for log in succes or failure based on sent value userid and p

Answer 1

You don't need to create session manually - this is done by servlet container.

You can obtain session from HttpServletRequest

HttpSession session = request.getSession();

or just add it as a method parameter, and Spring MVC will inject it for you:

public @ResponseBody List<LogInStatus> getLogIn(@RequestBody LogIn person , HttpServletRequest request, HttpSession httpSession) 

You then can save user details in session via setAttribute()/getAttribute().

However, you are much better off using Spring Security, which is intended just for the task - see @Pumpkins's answer for references. SecurityContext contains info about currently logged in principal, which you can obtain from SecurityContextHolder

Answer 2

You need to integrate spring security in your project and make your rest calls via authentication verifier tokens.

You may refer to the documentation :

http://projects.spring.io/spring-security/

Or this nice tutorial can jumpstart your implementation :

http://www.networkedassets.com/configuring-spring-security-for-a-restful-web-services/