使用的认证令牌的Java REST服务 [英] Java REST service using authentication token
问题描述
在使用Java EE 6,我要公开我的一些作为JSON REST服务功能,我的web应用程序。我想使用的登录身份验证令牌,用户将发送自己的用户名,密码,服务器会发送回一个令牌,该令牌将被用来授权他们还要求用户在给定时间。
On my web app using Java EE 6. I want to expose some of my functionality as a Json Rest Service. I want to use authentication tokens for login, User will send their username, password and server will send back a token, which will be used to authorize the user on their further requests for a given time..
的几个问题困扰着我为止;
A few questions bothering me so far;
-
在服务器创建令牌并发送至客户端,服务器应该将它保存在一个数据库或一个Bean使用像一个哈希表的用户ID令牌对?
When the server creates the token and sends to client, should server save it in a DB OR in a Bean using something like a hashtable as userid-token pairs?
我可以使用任何Java EE特定的API一些帮助或这必须所有自定义code?
Can I get some help using any Java EE specific API or this has to be all custom code?
推荐答案
我的继承人输入:
-
我会保存DB令牌,如果你需要重新启动你不想失去所有的用户令牌服务器。你可能把它保存在内存中,以及加快请求,只能看着它在DB如果在内存中找不到。
I would save the token in DB, in case you need to restart the server you don't want to lose all your user's tokens. You could potentially save it in memory as well to speed up requests and only look it up in DB if it is not found in memory.
我会接受标头中的令牌。我会把剩下的服务上HTTPS因此请求被加密,那么你并不需要担心在请求手动加密令牌
I would accept the token in the header. I would put the rest service on HTTPS so the request is encrypted and then you don't need to worry about encrypting the token manually in the request
我可能会看JAX-RS,看看哪些功能它提供了
I would probably look at JAX-RS and see what features it offers
这篇关于使用的认证令牌的Java REST服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
