堆栈内存溢出
  简体   繁体   English

如何确定哪个用户正在从Android应用程序发出Rest请求?

[英]How to determine which user is making Rest requests from android application?

 原文  2014-08-24 20:12:11       java/ android/ json/ scala/ rest

问题描述

I am trying to build a Spray REST Web server for my mobile application on android (Eventually Iphones too). 我正在尝试为android(最终也是iPhone)上的移动应用程序构建Spray REST Web服务器。 Currently, I am wondering how to determine from the server side which user is making REST Method requests. 当前,我想知道如何从服务器端确定哪个用户正在发出REST方法请求。 After some research I am understanding that android's SharedPreferences or an OAuth protocol can be utilized to handle user authentication. 经过一些研究,我了解到可以使用android的SharedPreferences或OAuth协议来处理用户身份验证。 Still I am unsure how to create the entire picture of "This user is requesting some information". 我仍然不确定如何创建“此用户正在请求某些信息”的整个图片。 The message responses will be in JSON text, should the request's be in JSON as well? 消息响应将采用JSON文本格式,请求的响应也应采用JSON格式吗?

I greatly appreciate all of your help, eagerly awaiting responses. 我非常感谢您的所有帮助,并期待着您的回复。

2 个解决方案

解决方案1
 1 已采纳  2014-08-28 15:20:33

Currently, I am wondering how to determine from the server side which user is making REST Method requests. 当前,我想知道如何从服务器端确定哪个用户正在发出REST方法请求。

The most adequate way to do this is to add auth layer to your server. 最合适的方法是向服务器添加身份验证层。 There are many ways of how exactly you can do this, depending on security concerns you have to deal with. 有多种方法可以精确地做到这一点,这取决于您必须处理的安全问题。

Here is the list of auth schemes I would be looking into first of all: 这是我首先要考虑的身份验证方案的列表:

  • Http basic auth (most simple one, stick with it if you can) Http基本身份验证 (最简单的一种,如果可以,请坚持使用)
  • OpenID or OAuth (harder to implement, solves some problems that are out of scope of simply authenticating user. Note: OAuth is about authorization but can also be used to do authentication) OpenID或OAuth (难以实现,解决了一些简单验证用户身份范围之外的问题。注意:OAuth与授权有关,但也可以用于进行验证)
  • home-gown auth (may be implemented on different network layers, lots of options here. Do not recommend going here unless you really need to). 本地身份验证 (可能在不同的网络层上实现,这里有很多选择。除非确实需要,否则建议不要在这里进行)。

解决方案2
 1  2014-08-28 16:10:14

You can send more info from client side when user send request, you include unique info (Android ID, Ads ID for example) 您可以在用户发送请求时从客户端发送更多信息,其中包括唯一信息(例如,Android ID,Ads ID) 

server.address/request?command=abc&uid=UID...

. Another way is read IP address of the user and manage it by session. 另一种方法是读取用户的IP地址并通过会话对其进行管理。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何确定用户正在使用的应用程序(在android中)? - How to determine that an application in being used by the user (in android)? 如何确定应用程序中使用的JAR - How to Determine which JARs are Used in an Application 如何确定 shiro 用户拥有哪些权限 - How to determine which permissions a shiro user has 如何确定哪个变量包括用户输入 - how to determine at which variable includes a user input 如何确定在Android中单击了哪个动态按钮? - How to determine which dynamic button was clicked in android? 如何通过查看项目来确定哪种类型的 Web 服务(soap 或 rest) - How to determine which type of web service(soap or rest) by looking project 如何在一个应用程序中处理多个同时出现的用户请求 - how to handle multiple simultaneous user requests in an application 如何确定用户是否发送了从Java代码生成的MS Outlook消息? - How to determine whether or not user sent MS Outlook message which was built from Java code? 在Android应用程序中使用“请求” Facebook对话框 - using 'requests' Facebook dialog from an Android application 发出休息请求而无需使用HttpClient或DefaultHttpClient - making rest requests without using HttpClient or DefaultHttpClient
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM