java - Implementing a token style security when doing GET requests -
i'm implementing temporary , simple token-style authentication mechanism application.
the idea simple. whenever user logs in application, token returned client, stores in sessionstorage
data structure of browser.
now, whenever request through ajax can send token request , server can verify if token associated authentication or username. if is, parses request normally, if not, error page or initial page returned or displayed.
i'm not sure if way token-style authentication , authorization implemented in real or serious applications, i've no idea how send token when doing requests clicking on link of view.
my idea intercept requests can fill them token, seems quite odd, , i've lot of links , views.
search json web tokens , implementations on java. need.
if want send user sensitive data inside jwt, use json web encryption.
you can send token on each request header or request parameter
Comments
Post a Comment