我想我應該在更新完成後刷新令牌並將刷新的令牌發送回客戶端。
@RequestMapping(value = "/account", method = RequestMethod.POST)
public ResponseEntity<?> updateAccount(@RequestBody UserDetailsBean userDetailsBean, HttpServletRequest request,
HttpServletResponse response)
{
try
{
UserAccessDetails accessDetails = getLoggedInUser();
UserDetailsBean updatedUserBean = userService.updateAccount(userDetailsBean, accessDetails);
// send updated jwt incase of mobile number update by user
response.addHeader(SecurityConstants.HEADER_STRING,
SecurityConstants.TOKEN_PREFIX + refreshJWT(updatedUserBean.getMobileNumber()));
return buildResponse(updatedUserBean);
}
catch(DataException e)
{
return buildError(e);
}
}
private String refreshJWT(String subject)
{
return Jwts.builder().setSubject((subject))
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(SignatureAlgorithm.HS512, SecurityConstants.SECRET).compact();
}
這是行得通的。如果有人有清潔和行業標準的方法,請註明。
現在,每當用戶更新我創建一個新的'JWT'任何字段,它包含最新的'userName'在其可變'sub'場。 –