RESTTemplate and spring mvc - session attributes

I'm developing an android application that utilizes Spring RestTemplate to connect to SpringMVC based web service. In REST ideology, there shouldn't be any sessions since REST is stateless. On the other hand I want my WebService to require Android application to login and authenticate before any other REST methods are called. I'm planning to simply use session attributes on server sid开发者_开发问答e and force the mobile application to call login method with user credentials. If the user is authenticated then I will set the session attribute user name so that I have context for further REST method calls. Is it a correct approach? Isn't it against REST idioms? How to provide authentication and autorization in REST WebService?

Regards

I belive using a Session to handle the authentication is not against the REST idioms.

Anyway instead of implementing it by your own, have a look at spring security.