1

It is possible to allow only mobile devices to access REST API on my server side (Based on spring framework) ?

Vladlen Gladis
  • 1,699
  • 5
  • 19
  • 41
  • No it's not possible. Please visit this link : http://softwareengineering.stackexchange.com/questions/219028/how-to-safeguard-a-rest-api-for-only-trusted-mobile-applications. – Bhavin Dec 22 '16 at 13:35
  • @Bhavin it was 3 years ago, maybe something changed ( : – Vladlen Gladis Dec 22 '16 at 14:07

1 Answers1

0

I just found a solution, don't say that is the best way but anyway it works. For that I'm using spring-mobile library

Create a new Interceptor, to check device type and know to allow him to access API or not, code:

public class MobileDeviceInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Device d = new LiteDeviceResolver().resolveDevice(request);
        if(!d.isNormal()) {
            return true;
        }
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return false;
    }
}

In configuration class add it:

public class AppConfig extends WebMvcConfigurerAdapter {
    ...

    @Bean
    public MobileDeviceInterceptor deviceTypeInterceptor(){
        return new MobileDeviceInterceptor();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(deviceTypeInterceptor());
    }
}

Test it right now and it works.

Note You have to know if User-Agent headers was changed on non mobile platform into mobile values for example:

  • android
  • ipad
  • silk
  • ...

This interceptor will allow access.

Vladlen Gladis
  • 1,699
  • 5
  • 19
  • 41