Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

generating security tokens in servlets

 
nikil shar
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,
am looking for direction on how to generate a security token from a servlet which passes this token to another servlet. The token is meant to be unique with user name and address and when it gets passed to the other servlet it is meant to expire within 15 minutes.


any ideas on how this could be done ???


thanks in advance.
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

There are number of ways you can achieve your purpose depending on you and your requirement.

I think you use user session for this and defining in web.xml you can expire session after 15 minutes.

So, session is better way to solve your problem.


 
Mohamed Inayath
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why exactly do you need tokens?
Are you going to have workflow in place for some requirement.
 
nikil shar
Ranch Hand
Posts: 116
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i need to use tokens in order to authenticate requests from users. so one servlet will generate a unique token with some user specific information and pass on to another serlvet which will "decode" it and if it passes the authentication test then this servlet displays personal information about that user.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nikil shar wrote: am looking for direction on how to generate a security token from a servlet which passes this token to another servlet. The token is meant to be unique with user name and address and when it gets passed to the other servlet it is meant to expire within 15 minutes.

Just run the information through a HMAC algorithm, and use the result as the primary key into a HashMap that is shared between servlets. You can even put the HMAC result in the session, and let the Servlet container handle managing it for you.
 
Mohamed Inayath
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nikil shar wrote:i need to use tokens in order to authenticate requests from users. so one servlet will generate a unique token with some user specific information and pass on to another serlvet which will "decode" it and if it passes the authentication test then this servlet displays personal information about that user.


Does both the servlets exist in the same domain.
If so why one will need to have to special token to communicate.

Once the user is authenticated just add the user info into request object and is available in the other servlet.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic