On my Java EE6, REST service, I want to use authentication tokens for login from mobile devices, User will send their username, password and server will send back a token, which will be used to authorize the user on their further requests for a given time.
Can I simply create a token myself like this?(I guess I do not need to encrypt this since I will use HTTPS.)
String token = UUID.randomUUID().toString().toUpperCase()
+ "|" + "userid" + "|"
+ cal.getTimeInMillis();
Or there is a more standart way to create my tokens? maybe it exists in one of API's
解决方案
The scheme you are proposing effectively allows a client unlimited access to your service. After an initial login, the UID and 'userid' will be made available to the client, which can be simply combined with an always valid timestamp.
If you need a service with 'login' and a session token, then why not just use an HttpSession?
扫一扫
688
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
