android - Authorization headers with Retrofit + Robospice + Jackson -
i creating app consumes rest api. api has ability login/logout in order access private data. creating consumer(client android app) retrofit + robospice + jackson.
okey, authorization part came play.
need provide token , other credentials in request authorization header
.
can done using requestinterceptor
. here complete tutorial how use basic authentication.
basic authentication retrofit .
clear how implement this. in case have resources can accessed without credentials.
here part of api declared retrofit annotations
public interface maliburestapi { //doesn't need credentials @get("/store/categories") category.list categorylist(); //doesn't need credentials @get("/store/categories/{id}/products") product.list productlist(@path("id")int categoryid); // needs credentials @post("/store/users/{id}/logout") // needs credentials user logout(@path("id") int id,@body credentials usercredentials); // needs credentials !!!!!!!!!!!!!!!!!!!! @post("/store/users/{id}/orders/") void makeanorder(@path("id") int userid,@body order order,callback<void> callback); }
please have on makeanorder
method. uses post body pass details order. combining credentials , order seems horrible , not efficient, , won't use under no circumstances.
it possible use interceptor.
builder.setrequestinterceptor(new requestinterceptor() { @override public void intercept(requestfacade request) { if string token = .... // getting token. request.addheader("accept", "application/json"); request.addheader("authorization",token); } });
i can filter requests , add auth headers need them according request url, ......
according discussion here. @jakewharton
the relative url not exposed in request interceptor because may not resolved yet. request interceptor has ability perform path replacements , append query parameter
there 1 possible workaround.
@powerje
i'm not sure how access relative url in requestinterceptor solution used in similar situation check usermanager (a global manages logged in user) see if user logged in, if add auth header, otherwise don't.
i have similar class session manager created in custom application class, assume live until application(linux dalvik/art process) destroyed.
possible this.
builder.setrequestinterceptor(new requestinterceptor() { @override public void intercept(requestfacade request) { sessionmanager =(sessionprovider) getapplicationcontext().getsessionmanager(); if(sessionmanager.userloggedin) { string token = .... // getting token. request.addheader("accept", "application/json"); request.addheader("authorization",token); } }
i haven't tested yet, pretends work.
in case redundant headers passed public resource requests, don't require them.
so maybe can sort of solution not question, need advice other ways (maybe not better) solve problem.
i grateful help.
Comments
Post a Comment