I know this may be a duplicate question, but I could not find an answer that satisfies my need. If someone can link me to this URL or can help me with the guide, it would be really nice.
We have an outdated JSP web application, and now we are trying to install its version for Android. I developed the Jersey REST service to get data from the server to my Android app. Now I need to implement the security of this server and the Android client. my everything will be installed on clients' mobile devices (and not in the application market) and may contain critical information.
My questions:
1) What is the most convenient, simple, but powerful way to set up authentication and authorization on my REST provider in Jersey? currently my service is on Jetty, but later it will work on websphere. my database can be either sql server or oracle.
2), which makes my REST server security in such a way that my Android client security is good, and now to implement Android security. Sample code is not required, but a guide is useful to me.
I read about the security of spring, Shiro, Oite and others, but did not find a full explanation of how to provide a Jersey web service. There are some in Oauth, but it seems ab overhead to me. token based and SSL are also a good idea.
If someone can guide me step-by-step TO-Do, it will really be useful for me.
thanks.
source share