问题:
I'm looking for a way to enable token-based authentication in Jersey.我正在寻找一种在泽西岛启用基于令牌的身份验证的方法。 I am trying not to use any particular framework.我尽量不使用任何特定的框架。 Is that possible?那可能吗?
My plan is: A user signs up for my web service, my web service generates a token, sends it to the client, and the client will retain it.我的计划是:一个用户注册我的 Web 服务,我的 Web 服务生成一个令牌,将其发送给客户端,客户端将保留它。 Then the client, for each request, will send the token instead of username and password.然后,对于每个请求,客户端将发送令牌而不是用户名和密码。
I was thinking of using a custom filter for each request and @PreAuthorize("hasRole('ROLE')") but I just thought that this causes a lot of requests to the database to check if the token is valid.我正在考虑为每个请求和@PreAuthorize("hasRole('ROLE')")使用自定义过滤器,但我只是认为这会导致对数据库的大量请求以检查令牌是否有效。
Or not create filter and in each request put a param token?或者不创建过滤器并在每个请求中放置一个参数令牌? So that each API first checks the token and after executes something to retrieve resource.这样每个 API 首先检查令牌,然后执行某些操作以检索资源。
解决方案:
参考一: https://en.stackoom.com/question/1oLwR参考二: https://stackoom.com/question/1oLwR