I have two services. service1 generates one token and passes to client, client receives token, service2 receives toekn from client,
Now how to check token generated by service1 is same as token received by service2
Asked
Active
Viewed 72 times
0
-
what do the services do? how do they interact with the client? can they interact with each other directly? – user253751 Mar 12 '14 at 10:48
-
services can not interact directly... – MayurKode Mar 12 '14 at 10:49
-
you could add a 'verify token' method to service1, then call this directly from service2 once it receives the token from the client? – Graham Griffiths Mar 12 '14 at 10:50
-
You need that two services Know the token generated or the method to generate the token. – maiklahoz Mar 12 '14 at 10:50
-
1One possibility is to generate a random number, and a digital signature for it, and then have service2 verify the signature. IDK how to generate and verify a digital signature with Java's cryptography library. – user253751 Mar 12 '14 at 10:52
-
what is the token for, and what is the check for? Are you building a security / authentication feature? – Graham Griffiths Mar 12 '14 at 10:52
-
this could be useful (depending on your use case) : http://stackoverflow.com/questions/13992972/how-to-create-a-authentication-token-using-java – Graham Griffiths Mar 12 '14 at 10:54
2 Answers
0
Sign the token digitally using some pre-defined keypair for which the public key is known and trusted.
rustyx
- 80,671
- 25
- 200
- 267
0
If the token you describe is for authentication, you are best off using an existing library such as apache shiro or picket-link. Coding this yourself is unlikely to be secure unless you put in a lot of time and effort.
Graham Griffiths
- 2,196
- 1
- 12
- 15