Authentication in rest jersey

Question

I have an application that built using struts, spring, hibernate. In this application, i want to built rest service. This rest service will be used for Android application. In this application, user and role was store in my database. Username and password in the user table and role in the role table. What I want to ask, how to authenticate the client who wants to access the rest service. So to access the resource at rest service, the client must login first. If user have not logged in, then the rest will always returning String "not_authenticated" for example. Usually in web application, this using the session. Do the same with the rest?

edited to add my current code and to update my question

@POST
@Path("/login")
@Produces(MediaType.APPLICATION_JSON)
public Response login(@FormParam("username") String username,
        @FormParam("password") String password){
    MessageDto messageDto = customerService.autenticate(username, password);
    if(messageDto.getResult().equals("success")){
        return Response.ok(messageDto)
            .cookie(new NewCookie("customerId", messageDto.getMessage()))
            .build();
    }else{
        return Response.ok(messageDto)
                       .build();
    }
}

MessageDto is an object which has two variable String result and String message. For example when client success in log in, the json return is like this

{"result":"success","message":"1-admin"}

When client not success in log in

{"result":"error","message":"Your username is not registered"}

Answer 1

set a user cookies(like userId,token etc...) using your Jersey Response Object with HTTPONLY proprerty when login successful,

and get that cookies using @CookieParam in your controller and verify with your database records first if match not found than redirect it to your login page otherwise go ahead.