Android的身份验证身份验证、Android
我试图创建和Android应用程序,需要进行身份验证用户(通过REST Web服务)。该应用程序有多个活动,以及所有需要用户先登录,在登录的用户可以在网站上添加和编辑帖子时屏幕。
我已阅读,使用的ConnectionManager单内AndroidHttp客户端会做到这一点的最好办法。不过,我会去哪里有关存储用户的详细信息(用户名,密码),这会不会在单身?我应该每次用户尝试的编辑验证/添加的东西?
我应该有一个类是这样的:
公共类的ConnectionManager { 私有静态的ConnectionManager实例= NULL; 私人AndroidHttpClient客户端; 私人的ConnectionManager(){ 客户端= AndroidHttpClient.newInstance(Android的连接管理器); } 公共静态的ConnectionManager的getInstance(){ 如果(例如== NULL){ 例如=新的ConnectionManager(); } 返回实例; } 公共无效身份验证(用户名字符串,字符串密码){ //检查验证这里 }} 和调用下面code每次用户做一些事情:
私有静态的ConnectionManager康恩= ConnectionManager.getInstance();conn.authenticate(); 或
我要存储用户的细节在单身
公共类的ConnectionManager { 私有静态的ConnectionManager实例= NULL; 私人AndroidHttpClient客户端; 私人APPUSER mLoggedInUser; 私人布尔mAuthenticated; 私人的ConnectionManager(){ 客户端= AndroidHttpClient.newInstance(Android的连接管理器); } 公共静态的ConnectionManager的getInstance(){ 如果(例如== NULL){ 例如=新的ConnectionManager(); } 返回实例; } 公共无效InitialiseUser(字符串用户名,字符串密码){ //不要登录检查这里,那么如果登录返回true mAuthenticated = TRUE; } 公共布尔isAuthenticated(){ 返回mAuthenticated; }} 
解决方案
如果您有REST服务的控制权,你可以验证初始连接上使用的用户名\\密码,然后返回一个令牌,以您的应用程序,如果认证成功。
您的应用程序可能再此令牌添加到所有未来的请求的HTTP标头和您的服务可以检查它在继续之前是有效的。
这是我做到了,效果很好。
I am trying to create and Android app that requires the user to be authenticated (through a REST web service). The app has multiple activities and screens that all require the user to be logged in, when logged in the user can add and edit posts on a website.
I have read that using a AndroidHttp Client within a "ConnectionManager" singleton would be the best way to do it. However where would I go about storing the users details (username, password), would this be in the singleton? Should I authenticate each time the user try's to edit/add something?
Should I have a class like this:
public class ConnectionManager {
private static ConnectionManager instance = null;
private AndroidHttpClient client;
private ConnectionManager() {
client = AndroidHttpClient.newInstance("Android-Connection-Manager");
}
public static ConnectionManager getInstance() {
if( instance == null ) {
instance = new ConnectionManager();
}
return instance;
}
public void authenticate(String username, String password) {
//Check for authentication here
}
}
and call the below code every time the user does something:
private static ConnectionManager conn = ConnectionManager.getInstance();
conn.authenticate();
OR
should I store the users details in the singleton
public class ConnectionManager {
private static ConnectionManager instance = null;
private AndroidHttpClient client;
private AppUser mLoggedInUser;
private boolean mAuthenticated;
private ConnectionManager() {
client = AndroidHttpClient.newInstance("Android-Connection-Manager");
}
public static ConnectionManager getInstance() {
if( instance == null ) {
instance = new ConnectionManager();
}
return instance;
}
public void InitialiseUser(String username, String password) {
//Do login checks here then return true if logged in
mAuthenticated = true;
}
public boolean isAuthenticated() {
return mAuthenticated;
}
}
解决方案
If you have control of the Rest Service, you could authenticate using the username\password on the initial connection and then return a "token" to your app if authentication succeeds.
Your app could then add this token to the http headers of all future requests and your service could check that it is valid before proceeding.
That is how I did it and it works well.
