java.sql.SQLSyntaxErrorException:ORA-00972:标识符太长

时间:2016-01-19 07:05:28

标签: java oracle jwt

我试图在将数据库中的JWT令牌发送到客户端之前,为特定的user_id(列)插入JWT令牌。

public void saveTokenToDB(String email, String token) {
        try {
            String query = "Update TBL_USER set USR_TOKEN ="+token+" where email="+email+" ";
            Connection con = DBConnection.getConnection();
            PreparedStatement statement = con.prepareStatement(query);
            int result = statement.executeUpdate();
            System.out.println("result is: " + result);

        } catch (Exception ex) {
            System.out.println("Error in TokenSaverDAO class");
            ex.printStackTrace();
        }
    }

但是我收到了一个错误:

java.sql.SQLSyntaxErrorException: ORA-00972: identifier is too long

我尝试使用CLOB作为列类型但仍然得到相同的错误。

这是我的代币:

eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvcnRoLmNvbSIsInN1YiI6IlJUSCIsImV4cCI6MTQ1MzE1NDI2MywiZW1haWwiOiJraXJpdGkuazk5OUBnbWFpbC5jb20ifQ
.X13gGlAIbS3bh-2eX-SdZjglA-QSMW5Gz_IokRdGWXqmmdQDYHNgbKpuqhtf7EqSLN_I8Qx80FMKzVXn9G4O1-bhXCDkWWHkPaC
WN16RJazyJdWqzHHTVHD2AN-mF6eG7KFto5HlvFfIdvgQZszAzqS_cVGQHM1hIn-r5sCrkI4

是否有其他方法可以在DB中保存令牌,或者可以将其保存在地图中以供每个登录的用户使用。如果我使用map,那么每次用户请求资源时如何进行身份验证

现在我正在这样做:

@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter {

    @Override
    public void filter(ContainerRequestContext requestContext) throws IOException {
        // Get the HTTP Authorization header from the request
        String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);

        // Check if the HTTP Authorization header is present and formatted correctly 
        if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
            throw new NotAuthorizedException("Authorization header must be provided");
        }

        // Extract the token from the HTTP Authorization header
        String token = authorizationHeader.substring("Bearer".length()).trim();
        System.out.println("request token is: " + token);

        try {

            // Validate the token
            validateToken(token);

        } catch (Exception e) {
            requestContext.abortWith(
                    Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }

    private void validateToken(String token) throws Exception {
        // Check if the token was issued by the server that is saved in Database and if it's not expired
        // Throw an Exception if the token is invalid
    }
}

这里有两个问题:

  1. 如何修复java.sql.SQLSyntaxErrorException:ORA-00972:标识符太长
  2. 在地图或缓存中保存令牌并执行JWT身份验证 每个资源请求

1 个答案:

答案 0 :(得分:4)

这是你的问题:

String query = "Update TBL_USER set USR_TOKEN ="+token+" where email="+email+" ";

假设token包含字符串"eyJhbGciOiJSUzI1NiJ9",您最终会使用此语句

Update TBL_USER set USR_TOKEN = eyJhbGciOiJSUzI1NiJ9

引用名为eyJhbGciOiJSUzI1NiJ9的列。如果您的令牌更短,则会出现“无效标识符”错误。但令牌的极长值会使SQL解析器处于早期状态,因为标识符限制为30个字符(因此最基本的语法检查失败,Oracle甚至不会开始检查是否存在具有该名称的列)。

字符串常量需要用单引号括起来,例如'foobar',因此您的Java代码必须是:

String query = "Update TBL_USER set USR_TOKEN = '" + token + "' where email = '"+email+"' ";

但如果变量emailtoken包含单引号,则会中断。要修复 问题,最好正确使用PreparedStatement:

String query = "Update TBL_USER set USR_TOKEN = ? where email = ?";
PreparedStatement statement = con.prepareStatement(query);
statement.setString(1, token);
statement.setString(2, email);
int result = statement.executeUpdate();