我想我应该在更新完成后刷新令牌并将刷新的令牌发送回客户端。
@RequestMapping(value = "/account", method = RequestMethod.POST)
public ResponseEntity<?> updateAccount(@RequestBody UserDetailsBean userDetailsBean, HttpServletRequest request,
HttpServletResponse response)
{
try
{
UserAccessDetails accessDetails = getLoggedInUser();
UserDetailsBean updatedUserBean = userService.updateAccount(userDetailsBean, accessDetails);
// send updated jwt incase of mobile number update by user
response.addHeader(SecurityConstants.HEADER_STRING,
SecurityConstants.TOKEN_PREFIX + refreshJWT(updatedUserBean.getMobileNumber()));
return buildResponse(updatedUserBean);
}
catch(DataException e)
{
return buildError(e);
}
}
private String refreshJWT(String subject)
{
return Jwts.builder().setSubject((subject))
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(SignatureAlgorithm.HS512, SecurityConstants.SECRET).compact();
}
这是行得通的。如果有人有清洁和行业标准的方法,请注明。
现在,每当用户更新我创建一个新的'JWT'任何字段,它包含最新的'userName'在其可变'sub'场。 –