stackoom
  简体   繁体   中英

How to check if token expired in java?

 原文  2020-04-06 14:22:36       java/ hibernate/ jpa

Question

I have user which have: id, username,password, tokenExpires which is Date. When i generate token i generate a string, how to check if token is not expired?

3 answers

solution1
 1  2020-04-06 15:12:53

java.time

Do use java.time, the modern Java date and time API, for your date and time work.

public class User {
    private String username;
    private String password;
    private Instant tokenExpires;

    // constructor, getters, setters

    public boolean isTokenExpired() {
        return ! Instant.now().isBefore(tokenExpires);
    }

}

The modern replacement for a Date is an Instant . It's a point in time.

If you cannot change the User class and getTokenExpires() returns an old-fashioned Date object:

    Instant tokenExpires = yourUser.getTokenExpires().toInstant();
    if (Instant.now().isBefore(tokenExpires)) {
        System.out.println("Token has not expired");
    } else {
        System.out.println("Token not expired");
    }

Link: Oracle tutorial: Date Time explaining how to use java.time.

solution2
 0  2020-04-06 14:28:12

The core logic behind it will be to compare the present date with the token date. If the present date is greater than the token date then the token has expired. Here is a code example of doing the same.

  SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
  Date date1 = sdf.parse("2009-12-31");
  Date date2 = sdf.parse("2010-01-31");

  if (date1.compareTo(date2) >= 0) 
      System.out.println("Token not expired");
  else if (date1.compareTo(date2) < 0) 
      System.out.println("Token expired");

Reference Link: How to compare dates in Java

solution3
 0  2020-04-06 15:29:17

Maybe it's better to use JWT. You can define how long the token should be valid and data about the user can be stored as claims. Here is example tutorial: https://developer.okta.com/blog/2018/10/31/jwts-with-java I think it's a better solution because you don't need to implement all features. On your current implementation is a chance that some user will modify the payload. But remember that data like passwords should not be included to JWT because anyone who has the token can read all claims.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java | okhttp3 | how to test expired token how to check session has been expired in java? How to check if a JWT Token has expired without throw exceptions? How to check if memcache is expired Java how to check if ResourceBundle is valid (expired or cleared from cache) How do I generate access token for facebook (restfb) which is never expired? (java) Java - how to scan a token and check that token after it exists and is a double I am trying to check for expired token for ebay sdk with GetClientAlertsAuthTokenCall How to check if LDAP user account is expired in Java using UnboundID LDAP SDK how to check if a message has expired or not in activemq in the producer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM