У меня есть такой метод:
private void validateToken(String token) throws Exception {
// Check if the token was issued by the server and if it's not expired
// Throw an Exception if the token is invalid
Calendar calendar = Calendar.getInstance();
Date date = calendar.getTime();
Query q = em.createQuery("Select u from User u where u.token = :token");
q.setParameter("token", token);
User uu = (User)q.getSingleResult();
long diff = date.getTime() - uu.getTokenExpires().getTime();
long diffMinutes = TimeUnit.MILLISECONDS.toMinutes(diff);
System.out.println(diffMinutes);
if (!uu.getToken().equals(token) || diffMinutes > 2) {
System.out.println("Token is invalid");
}
}
И метод аутентификации пользователя:
public User authenticate(String username, String password) throws Exception {
// Authenticate against a database, LDAP, file or whatever
// Throw an Exception if the credentials are invalid
Query query = em.createQuery("Select u from User u WHERE u.username = :name and u.password = :password");
query.setParameter("name", username);
query.setParameter("password", password);
return (User) query.getSingleResult();
}
Этот метод используется для генерации токена:
private String issueToken(String username) {
// Issue a token (can be a random String persisted to a database or a JWT token)
// The issued token must be associated to a user
// Return the issued token
Random random = new SecureRandom();
String token = new BigInteger(130, random).toString(32);
return token;
}
Как проверить токен, как узнать, истек ли токен или нет - токен истек через две минуты?