問題:
I'm looking for a way to enable token-based authentication in Jersey.我正在尋找一種在澤西島啓用基於令牌的身份驗證的方法。 I am trying not to use any particular framework.我儘量不使用任何特定的框架。 Is that possible?那可能嗎?
My plan is: A user signs up for my web service, my web service generates a token, sends it to the client, and the client will retain it.我的計劃是:一個用戶註冊我的 Web 服務,我的 Web 服務生成一個令牌,將其發送給客戶端,客戶端將保留它。 Then the client, for each request, will send the token instead of username and password.然後,對於每個請求,客戶端將發送令牌而不是用戶名和密碼。
I was thinking of using a custom filter for each request and @PreAuthorize("hasRole('ROLE')") but I just thought that this causes a lot of requests to the database to check if the token is valid.我正在考慮爲每個請求和@PreAuthorize("hasRole('ROLE')")使用自定義過濾器,但我只是認爲這會導致對數據庫的大量請求以檢查令牌是否有效。
Or not create filter and in each request put a param token?或者不創建過濾器並在每個請求中放置一個參數令牌? So that each API first checks the token and after executes something to retrieve resource.這樣每個 API 首先檢查令牌,然後執行某些操作以檢索資源。
解決方案:
參考一: https://en.stackoom.com/question/1oLwR參考二: https://stackoom.com/question/1oLwR