如何在Java中验证令牌

huangapple
未分类评论47阅读模式
英文:

How to validate a token in java

问题

以下是您提供的代码的翻译部分:

我有一个类似这样的方法:

private void validateToken(String token) throws Exception {
    // 检查令牌是否由服务器发行,并且是否未过期
    // 如果令牌无效,则抛出异常

    Calendar calendar = Calendar.getInstance();
    Date date =  calendar.getTime();
    Query q = em.createQuery("Select u from User u where u.token = :token");
    q.setParameter("token", token);

    User uu = (User)q.getSingleResult();
    long diff = date.getTime() - uu.getTokenExpires().getTime();
    long diffMinutes = TimeUnit.MILLISECONDS.toMinutes(diff);
    System.out.println(diffMinutes);

    if (!uu.getToken().equals(token) || diffMinutes > 2) {
        System.out.println("令牌无效");
    }
}

还有一个用于认证用户的方法:

public User authenticate(String username, String password) throws Exception {
    // 与数据库、LDAP、文件或其他方式进行认证
    // 如果凭据无效,则抛出异常

    Query query = em.createQuery("Select u from User u WHERE u.username = :name and u.password = :password");
    query.setParameter("name", username);
    query.setParameter("password", password);
    return (User) query.getSingleResult();
}

这是用于生成令牌的方法:

private String issueToken(String username) {
    // 发行令牌(可以是随机字符串持久化到数据库或JWT令牌)
    // 发行的令牌必须与用户关联
    // 返回发行的令牌

    Random random = new SecureRandom();
    String token = new BigInteger(130, random).toString(32);
    return token;
}

如何验证令牌,如何判断令牌是否过期 - 令牌在两分钟后过期。

英文:

I have a method like this:

private void validateToken(String token) throws Exception {
        // Check if the token was issued by the server and if it's not expired
        // Throw an Exception if the token is invalid
    	
    	Calendar calendar = Calendar.getInstance();
    	Date date =  calendar.getTime();
    	Query q = em.createQuery("Select u from User u where u.token = :token");
    	q.setParameter("token", token);
    
    	User uu = (User)q.getSingleResult();
    	long diff = date.getTime() - uu.getTokenExpires().getTime();
    	long diffMinutes = TimeUnit.MILLISECONDS.toMinutes(diff);
    	System.out.println(diffMinutes);
    	
    	if (!uu.getToken().equals(token) || diffMinutes > 2) {
    		System.out.println("Token is invalid");
    	}
    }

And a method that authenticate a user:

public User authenticate(String username, String password) throws Exception {
		// Authenticate against a database, LDAP, file or whatever
		// Throw an Exception if the credentials are invalid
		
		Query query = em.createQuery("Select u from User u WHERE u.username = :name and u.password = :password");
		query.setParameter("name", username);
		query.setParameter("password", password);
		return (User) query.getSingleResult();		
	}

This is the method used to generate the token:

private String issueToken(String username) {
	// Issue a token (can be a random String persisted to a database or a JWT token)
	// The issued token must be associated to a user
	// Return the issued token
	Random random = new SecureRandom();
	String token = new BigInteger(130, random).toString(32);
	return token;
}

How to validate a token, how to know if a token is expired or not - a token is expired after two minutes?

huangapple
  • 本文由 发表于 2020年4月7日 21:28:23
  • 转载请务必保留本文链接:https://java.coder-hub.com/61081148.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定