如何将令牌保存在数据库中

huangapple
未分类评论43阅读模式
英文:

How to save token in database

问题

我有一个名为User的类,其中包含:

int id;
String username;
String password;
String token;
Date tokenExpires;

还有一个类似这样的方法:

private EntityManager em;
private User authenticate(String username, String password) throws Exception {
    // 对数据库、LDAP、文件或其他方式进行身份验证
    // 如果凭证无效,则抛出异常
    
    Query query = em.createQuery("Select u from User u WHERE u.username = :name and u.password = :password");
    query.setParameter("name", username);
    query.setParameter("password", password);
    return (User) query.getSingleResult();
}

还有一个生成令牌的方法:

private String issueToken(String username) {
    Random random = new SecureRandom();
    String token = new BigInteger(130, random).toString(32);
    return token;
}

如何在用户每次登录时将此令牌保存到数据库中?这样,当用户再次登录时,应该生成一个新的令牌。

英文:

I have a class User with:

int id;
String username;
String password; 
String token; 
Date tokenExpires;

And i have a method like this:

private EntityManager em;
	private User authenticate(String username, String password) throws Exception {
		// Authenticate against a database, LDAP, file or whatever
		// Throw an Exception if the credentials are invalid
		
		Query query = em.createQuery("Select u from User u WHERE u.username = :name and u.password = :password");
		query.setParameter("name", username);
		query.setParameter("password", password);
		return (User) query.getSingleResult();		
	}

and a method to generate a token:

	private String issueToken(String username) {
		Random random = new SecureRandom();
		String token = new BigInteger(130, random).toString(32);
		return token;
}

how to save this token to db, everytime user log in? so when user log in should generate a token, if user log in again it should generate a new token

答案1

得分: 0

用户登录时,只需从数据库中获取用户,然后设置提及的字段,令牌及其过期日期:

public User updateUser(String username, String password) {
    User user = getUserBy(username, password);
    String token = issueToken();
    // 令牌有效期为30分钟;
    Date tokenExpires = new Date(System.currentTimeMillis() + 1800000);
    user.setToken(token);
    user.setTokenExpires(tokenExpires);
    entityManager.getTransaction().begin();
    entityManager.merge(user);
    entityManager.getTransaction().commit();
}

考虑到您正在使用Hibernate,那么User模型也必须进行注解:

@Entity
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private int id;
    private String username;
    private String password;
    private String token;
    
    @Temporal(TemporalType.TIMESTAMP)
    private Date tokenExpires;

    // 获取器和设置器,请确保它们存在
}
英文:

When a user logs in, simply fetch the user from the database, then set the mentioned fields, the token and its' expiration date:

public User updateUser(String username, String password) {
    User user = getUserBy(username, password);
    String token = issueToken();
    // token expires in 30 mins;
    Date tokenExpires = new Date(System.currentTimeMillis() + 1800000);
    user.setToken(token);
    user.setTokenExpires(tokenExpires);
    entityManager.getTransaction().begin();
    entityManager.merge(user);
    entityManager.getTransaction().commit();
}

Considering you are using Hibernate, then, the User model has to be annotated as well:

@Entity
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private int id;
    private String username;
    private String password;
    private String token;
    
    @Temporal(TemporalType.TIMESTAMP)
    private Date tokenExpires;

    // getters and setters, make sure they are present
}

答案2

得分: -1

如果您使用Spring,可以尝试使用这个指南,例如:https://javadeveloperzone.com/spring-boot/spring-boot-oauth2-jdbc-token-store-example/

英文:

if you use spring, try this guide, for example: https://javadeveloperzone.com/spring-boot/spring-boot-oauth2-jdbc-token-store-example/

huangapple
  • 本文由 发表于 2020年4月7日 00:37:33
  • 转载请务必保留本文链接:https://java.coder-hub.com/61064632.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定