What to use for user authorization/authentication on the backend?

L

LoliDeveloper2021-08-07 10:22:11

Java

LoliDeveloper, 2021-08-07 10:22:11

I am writing a backend in java . The application itself is in kotlin.
Let's admit I through POST I receive login and the password. Then I find a match in the database and I need to give the person an authorization / authentication token. How to generate this token? Maybe there are some libraries or use something built into the jvm?
And do I think and do everything right?
I write with servlets in Tomcat.
Well, that is, with javax.servlet and the like.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

L

LoliDeveloper, 2021-08-07
@LoliDeveloper

The guys made a great library for Java with a bunch of documentation https://github.com/jwtk/jjwt

T

tormozillo, 2021-08-07
@tormozillo

I haven’t written for Tomcat for 15 years, but I remember that I didn’t generate anything like that, Tomcat itself creates a session id and tracks it either through a URL or through cookies. It was enough to write a fairly simple class for authorization to write 10 lines, just like you have in order to check in the database. And then for authorization by name and password there was already a ready-made class, but I had to add authorization by certificate, then it was not

O

Orkhan, 2021-08-08
Hasanly @azerphoenix

Good afternoon!
Why don't you use Spring Boot + Spring Security? And add the library there, which they themselves indicated - jjwt. It will be much faster and easier. But you can do without Spring.