我是Java Web编程的新手,我正在尝试编写一种方法来验证用户,将令牌存储在cookie中,然后将它们传递到下一页。我已经知道了身份验证的返回类型应该是什么。它应该直接返回Cookie对象作为authenticateUser()的返回值吗?
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response authenticateUser(@FormParam("username") String username,
@FormParam("password") String password) {
try {
// Authenticate the user using the credentials provided
authenticate(username, password);
// Issue a token for the user
_logger.log(Level.INFO, "----ABOUT TO LOG TOKEN TO WILDFLY");
String token = issueToken(username,"http://example.com","userToken",msInHour); //returns JWT token
_logger.log(Level.INFO, "----LOGGING TOKEN TO WILDFLY: ",token);
// Return the token on the response
//return Response.ok(token).build();
Response.createCookie(createCookie(token,username)).build();
} catch (Exception e) {
_logger.log(Level.INFO, "----ERROR in AuthService:",e);
return Response.status(Response.Status.FORBIDDEN).build();
}
}
private Cookie createCookie(String token,String uname){
//https://stackoverflow.com/questions/8889679/how-to-create-a-cookie-and-add-to-http-response-from-inside-my-service-layer
final Boolean useSecureCookie = true;
final int expiryTime = 60 * 60 * 24; // 24h in seconds
final String cookiePath = "/";
Cookie cookie = new Cookie("example.com", uname+"_"+token);
cookie.setSecure(useSecureCookie); // determines whether the cookie should only be sent using a secure protocol, such as HTTPS or SSL
cookie.setMaxAge(expiryTime); // A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.
cookie.setHttpOnly(true);
cookie.setPath(cookiePath); // The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories
return cookie;
}
答案 0 :(得分:0)
您似乎使用Jersey作为后端框架,因此您需要查看其文档以了解设置Cookie的工作原理。不,你可能不会返回普通的cookie,因为浏览器不会理解它,特别是因为你正在“生成”JSON。
从接受的答案中可以看出,Response对象应该有一个单独的方法来设置cookie,恰当地命名为cookie()。