Search code examples
javasecurityjwtsimple-web-token

Is my method safe?

I am creating for our web application a tokensystem. What do you guys think, if is this isWebTokenAvailable() Method safe? 

/**
     * Checked if webToken is available {@link de.security.WebToken}.
     *
     * @param webToken to check if webToken is available.
     * @return true if webToken is available and if there is no available token then returns false.
     */
    public boolean isWebTokenAvailable(@NonNull String webToken) {
        return !em.createNamedQuery("validateToken").setParameter("token", webToken)
                .getResultList().isEmpty();
    }
Solution

  • As far as i have understood,if you have authentication concerns, you just need to verify the below steps:

    • While you are creating a token you need to set basic things in it
      like userRole/id according to the requirment of you app.
    • And you need to validate the user by extracting that info from the token and validating it with the info in your database.
    • Providing token from the db is just the step you are doing after authentication, that just checks the expiry.