In the last section, we have covered user registration topics, such as customer, admin, and CSR. Once the user is successfully registered, they will have to log in to perform an action. So, let's create login- and session-related API and business implementations.
Before moving to login and session, we will talk about JSON Web Token, which will be used for session authentication. As we already have the createToken
method in our securityService
class, we will only talk about the subject
used in token generation.
We may need to use the JSON Web Token for session purposes. We will use our existing token generation method to keep our user details:
String subject = user.getUserid()+"="+user.getUsertype(); String token = securityService.createToken(subject, (15 * 1000 * 60)); // 15 mins expiry time
We have used user.getUserid()+"="+user.getUsertype()
as a subject. Also, we have mentioned 15
minutes as an expiry time, so the token will be valid for...