0

I want to know how the token based authentication is done in Java. I want that if I hit my application then the system should redirect it to the login page and once the user enters the credentials, the user shall be validated and authenticated. Once authenticated a token should be generated which shall be handled across client and server. My concern is if the token is generated, how it is being passed to the client and how the client sends it back to the server on every request processing. I know that it has to be set in header. But my question is how exactly. I know we have spring and all but I want to know how it is being done using jsp and servlets.

I went across few websites but unfortunately could not find the expected result. A small demonstration shall be very helpful. Thanks in advance.

Pratyush Kumar Das
  • 13
  • 3
  • 2
    Possible duplicate of [The definitive guide to form-based website authentication](http://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication) – worpet Sep 14 '16 at 16:41

1 Answers1

1

There is no such authentication token. There is a session token defined in J2EE Web Application server standard (https://docs.oracle.com/cd/E19644-01/817-5451/dwsessn.html). Once the JSessionId is established between server and client it is used to manage the user.

For example if you build you own authentication system you can bind the jsessionid with user login attempts, and keep a list of jsessionids which has logged in successfully. This is basically what authentication frameworks do.

Also, you can check this Under what conditions is a JSESSIONID created? and this: Spring security FAQ

Community
  • 1
  • 1
Ricardo Vila
  • 1,626
  • 1
  • 18
  • 34