does the PersonRestService.java can be implemented by mybatis3.x?
Closed this issue · 2 comments
i want to use this demo as the micro service architecture, does the PersonRestService.java can be implemented by mybatis3.x? and add the token expired,the token can be insert into the table as a record with a expired time column.
Hi! Yes, of course you can implement the PersonRestService with MyBatis. Please search the web how to do that in Spring in detail. You rather can implement this service in any way (or with any data source) you want. You just have to look how to integrate it in Spring.
To the second part of your question:
I'm not sure what you mean. The token has actually a field (or claim) "created". You could check if that date is too old (expired) and reject the authentication in JwtAuthenticationTokenFilter#doFilterInternal. There is a rest point under AuthenticationRestController#refreshAndGetAuthenticationToken where you could refresh an existing token. In JwtTokenUtil#refreshToken you can see that in that case a new token is generated with an updated "created" field.
I would try to avoid a blacklist table in the database with expired token hashes because this table can grow very large. But feel free to do that if you want to blacklist tokens ;)
I hope this comment answers your questions. Please give me a feedback so I can close this ticket.
Yes i want to want to blacklist tokens. but as you advoise,i should does't use it ,and use The token has actually a field (or claim) "created" instead. Thank you very much!