aspose file tools*
The moose likes Servlets and the fly likes generating security tokens in servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "generating security tokens in servlets" Watch "generating security tokens in servlets" New topic
Author

generating security tokens in servlets

nikil shar
Ranch Hand

Joined: May 25, 2008
Posts: 116
hi all,
am looking for direction on how to generate a security token from a servlet which passes this token to another servlet. The token is meant to be unique with user name and address and when it gets passed to the other servlet it is meant to expire within 15 minutes.


any ideas on how this could be done ???


thanks in advance.
Nishan Patel
Ranch Hand

Joined: Sep 07, 2008
Posts: 687


Hi,

There are number of ways you can achieve your purpose depending on you and your requirement.

I think you use user session for this and defining in web.xml you can expire session after 15 minutes.

So, session is better way to solve your problem.




Thanks, Nishan Patel
SCJP 1.5, SCWCD 1.5, OCPJWSD Java Developer,My Blog
Mohamed Inayath
Ranch Hand

Joined: Nov 22, 2004
Posts: 124
Why exactly do you need tokens?
Are you going to have workflow in place for some requirement.
nikil shar
Ranch Hand

Joined: May 25, 2008
Posts: 116
i need to use tokens in order to authenticate requests from users. so one servlet will generate a unique token with some user specific information and pass on to another serlvet which will "decode" it and if it passes the authentication test then this servlet displays personal information about that user.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4658
    
    5

nikil shar wrote: am looking for direction on how to generate a security token from a servlet which passes this token to another servlet. The token is meant to be unique with user name and address and when it gets passed to the other servlet it is meant to expire within 15 minutes.

Just run the information through a HMAC algorithm, and use the result as the primary key into a HashMap that is shared between servlets. You can even put the HMAC result in the session, and let the Servlet container handle managing it for you.
Mohamed Inayath
Ranch Hand

Joined: Nov 22, 2004
Posts: 124
nikil shar wrote:i need to use tokens in order to authenticate requests from users. so one servlet will generate a unique token with some user specific information and pass on to another serlvet which will "decode" it and if it passes the authentication test then this servlet displays personal information about that user.


Does both the servlets exist in the same domain.
If so why one will need to have to special token to communicate.

Once the user is authenticated just add the user info into request object and is available in the other servlet.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: generating security tokens in servlets