@Override protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication) throws IOException, ServletException{

    User user = (User) authentication.getPrincipal();
    log.info("User {} is Login Success",user.getUsername());
    Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());

    String accessToken = JWT.create()
            // 사용자에 대해 식별할수 있는것 unique
            .withSubject(user.getUsername())
            .withExpiresAt(new Date(System.currentTimeMillis()   10 * 60 * 1000 ))
            .withIssuer(request.getRequestURL().toString())
            .withClaim("roles",user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
            .sign(algorithm);

    String refreshToken = JWT.create()
            // 사용자에 대해 식별할수 있는것 unique
            .withSubject(user.getUsername())
            .withExpiresAt(new Date(System.currentTimeMillis()   60 * 60 * 1000 ))
            .withIssuer(request.getRequestURL().toString())
            .sign(algorithm);

// response.setHeader("accessToken", accessToken); // response.setHeader("refreshToken", refreshToken);

    Map<String, String> tokens = new HashMap<>();
    tokens.put("accessToken", accessToken);
    tokens.put("refreshToken", refreshToken);


    response.setContentType(APPLICATION_JSON_VALUE);
    new ObjectMapper().writeValue(response.getOutputStream(), tokens);

}

successfulAuthentication is creating a JWT token

I want to store the refresh token in the DB,

How should I approach it?

CodePudding user response：

I think you shouldnt store them into db. Instead of it, you can use local storage packages such as, SharedPreferences. This stores your identification information into local storage. This is more useful.