1

On REST service which i am writing for mobile application, Rest Client application will send user id and password for the first time to login service request and it will return the login (access-token) token to client. Then other subsequent call should made with access Token which they have obtain from login service. Where I will decrypt the accessToken and validate decrypted content to ensuring request and access-token is valid for subsequent call.

I want to use authentication tokens for login from mobile devices, User will send their username, password and server will send back a token, which will be used to authorize the user on their further requests for a given time.

Can I simply create a token myself like this below?

public  String getAccessToken(String deviceId,String userId ){
final String TRANSFORMATION = "RSA/ECB/PKCS1Padding";
final String ALGORITHM="RSA";
protected final String CHARCTER_ENCODING = "UTF-8";

String timeStamp=String.valueOf(new java.util.Date().getTime());
String accessTokenToEncript=userId +":##"+beanInput.getPassword()+":##"+deviceId+":##"+timeStamp;
acccessToken=FAR_CIPHER.encrypt(inputMessage);

X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(PUBLIC_KEY_FILE_PATH)));
Cipher cipher = Cipher.getInstance(TRANSFORMATION);
cipher.init(Cipher.ENCRYPT_MODE, KeyFactory.getInstance(ALGORITHM).generatePublic(x509EncodedKeySpec));
return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes(CHARCTER_ENCODING)));

}

Following is the decryption logic what i am using

public String decrypt(String cipherText)throws Exception {
   final String TRANSFORMATION = "RSA/ECB/PKCS1Padding";
   final String ALGORITHM="RSA";
   final String CHARCTER_ENCODING = "UTF-8";
   PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new KCS8EncodedKeySpec(IOUtils.toByteArray(new      FileInputStream(PRIVATE_KEY_FILE_PATH)));
   Cipher cipher = Cipher.getInstance(TRANSFORMATION);   cipher.init(Cipher.DECRYPT_MODE,KeyFactory.getInstance(ALGORITHM).generatePrivate(pkcs8EncodedKeySpec));
   return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), CHARCTER_ENCODING);
}

Or is there is any other standard way to create tokens? maybe it exists in one of API's Can you please provide me suggestion.

Gautam
  • 3,707
  • 5
  • 36
  • 57
  • I have gone through below link. http://stackoverflow.com/questions/319530/restful-authentication?rq=1 But i am new on this so I am finding hard to understand and implement in my way. – Gautam Aug 21 '14 at 04:35
  • though i am new on this REST service creation,I am working on Jersey api, – Gautam Aug 21 '14 at 04:39

0 Answers0