aspose file tools*
The moose likes Security and the fly likes Token generation valid for specific time. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Token generation valid for specific time." Watch "Token generation valid for specific time." New topic
Author

Token generation valid for specific time.

Naresh Chaurasia
Ranch Hand

Joined: May 18, 2005
Posts: 356
I want to create stand along application, where i generate a token. This token will be used for authentication purpose. I want to write encoding/decoding code for this token generation. The important part of this token is that it is time bound. i.e. I should have control that this token is valid for specified period of time (1 hour or 1 day). Can some one suggest what approach i can use to achieve this.


SCJP 1.4, SCWCD1.4, OCA(1Z0-007)
Carles Gasques
Ranch Hand

Joined: Apr 19, 2013
Posts: 199
    
    1
Hi,

What is the purpose of the token authorization or authentication?

If the goal is that the token serves as authorization ticket,
what about encrypt a time to life string?


Best regards,

Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

If this token is used for authentication, then encoding alone is not sufficient, you will need encryption.
My idea is to have a random string generated using the secure random number generator, then append a separator and then append the current timestamp. Encrypt this string and then encode it to get the token.

The appended timestamp will allow you to validate against any expiry value from milliseconds to years.

Hope this helps


SCJP, SCWCD.
|Asking Good Questions|
Naresh Chaurasia
Ranch Hand

Joined: May 18, 2005
Posts: 356
Amit Ghorpade wrote:If this token is used for authentication, then encoding alone is not sufficient, you will need encryption.
My idea is to have a random string generated using the secure random number generator, then append a separator and then append the current timestamp. Encrypt this string and then encode it to get the token.

The appended timestamp will allow you to validate against any expiry value from milliseconds to years.

Hope this helps


If i follow this approach, i get the following

encrypt(random string + time stamp) => token.

I have following constraint while doing this implementation. I cannot store any token related info in file or db. So how do i decrypt the token and verify that it is correct/valid token.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Token generation valid for specific time.