简体繁体 English

JavaEE应用程序使用java.util.UUID创建唯一键

[英]JavaEE application create a unique key using java.util.UUID

原文 2015-06-01 23:09:24 9 2 java/ java-ee/ key

I want to make a javaEE application when users can register and confirm their email when receiving a email with a link after inserting their data in registration form (name, mail...) 当用户在注册表格（姓名，邮件...）中插入他们的数据后，当用户收到带有链接的电子邮件时可以注册并确认电子邮件时，我想创建一个javaEE应用程序

To do that I am going to generate a long and unique key with java.util.UUID, store in a database and then send an email to the user with that key being part of the URL (Example: www.mysite.com/account.xhtml?id=KEY). 为此，我将使用java.util.UUID生成一个长而唯一的密钥，将其存储在数据库中，然后向用户发送电子邮件，并将该密钥作为URL的一部分（例如：www.mysite.com/account .xhtml？ID = KEY）。 Then the user will click the link, I extract the key from the URL and check if that key is stored in the DB. 然后用户将单击链接，我从URL中提取密钥，并检查该密钥是否存储在数据库中。 If it is, the user registration will be completed. 如果是，则将完成用户注册。

My question is, when creating that key with java.util.UUID, how can I know that it is a unique key? 我的问题是，当使用java.util.UUID创建该键时，我怎么知道它是唯一键？ Should I check if there is another equal key in the DB and if so create a new one until the created key is unique? 我是否应该检查数据库中是否还有另一个相等的密钥，如果是，则创建一个新的密钥，直到创建的密钥是唯一的？

2 个解决方案

What's the chance that a randomly-generated 128-bit integer will be equal to another randomly-generated integer? 随机生成的128位整数等于另一个随机生成的整数的机会是什么？

If you just need peace of mind, use a primary key and if the insert fails due to a key collision, re-create a new UUID and retry the insert. 如果只需要省心，请使用主键，并且如果插入由于键冲突而失败，请重新创建新的UUID并重试插入。

There are couple of ways you can do UUID in Java. 您可以通过两种方法在Java中执行UUID。

Java 5 onwards better practice is using java.util.UUID It is size of the string 36 characters. Java 5及更高版本的最佳实践是使用java.util.UUID它是字符串大小36个字符。 This link gives you simple example . 该链接为您提供了简单的示例。

This discussion will give you answer to your question . 讨论将给您答案。 It is very strong. 很结实。 I have never came across someone is complaining about its uniqueness. 我从未见过有人在抱怨它的独特性。

But if you adding into DB or using in storage or using through network, size may be matters. 但是，如果您添加到数据库或在存储中使用或通过网络使用，则大小可能很重要。 So converting to other formats - Bases is good solution (Base64, Base85 etc). 因此，转换为其他格式-Base是一个很好的解决方案（Base64，Base85等）。 Please check this discussion here . 请在此处查看此讨论。 You can use apache library org.apache.commons.codec.binary.Base64 . 您可以使用apache库org.apache.commons.codec.binary.Base64 。 Base85 is not safe for URLs. Base85对于URL不安全。

My recommendation is, if you have may application/session beans/web services (many interconnections other applications and data transfers etc) are creating UUIDs, I prefer to do unique application name padding too. 我的建议是，如果您可能有应用程序/会话Bean / Web服务（许多其他应用程序和数据传输等互连）正在创建UUID，我也希望进行唯一的应用程序名称填充。 Like APP1, APP2 etc and then decode to other bases. 像APP1，APP2等，然后解码为其他基准。 If UUID is 6fcb514b-b878-4c9d-95b7-8dc3a7ce6fd8, then APP1-6fcb514b-b878-4c9d-95b7-8dc3a7ce6fd8 like that... 如果UUID是6fcb514b-b878-4c9d-95b7-8dc3a7ce6fd8，则像这样的APP1-6fcb514b-b878-4c9d-95b7-8dc3a7ce6fd8 ...

Though it is off the topic here, BUT When you use a URL like this www.mysite.com/account.xhtml?id=KEY , beware about SQL injection hacking attacks. 尽管这里没有主题，但是当您使用类似www.mysite.com/account.xhtml?id=KEY的URL时，请注意SQL注入黑客攻击。