• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Using JSON Web Token in the Controller

 
Ranch Hand
Posts: 33
Python Angular Framework Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
I am building a quiz application using Java Spring and Angular.

On some of my server endpoints, I need to return the data according to which user has sent the request.

For example,

I have a GET request that retrieves a quiz object by id.
and I need to add some additional information on that object for the specific user that requested it (information like: the user's answer).

I am thinking of three ways to do this:
1. To send the user id from the client.
2. To exctract the user id from the token (I am not sure how exactly this can be done)
3. To retrieve the additional information in a separate request.


What do you think the most elegant way to perform this?


Thanks in advance.

 
Master Rancher
Posts: 451
6
IntelliJ IDE Spring Fedora
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should just have one request that the client needs to make.  If the data comes from different places then you should make another endpoint that aggregates the data.
 
Saloon Keeper
Posts: 10308
217
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How are you keeping track what user is logged in, and where and how do you store what answer a user has given to a particular question?
 
Redan Hassoun
Ranch Hand
Posts: 33
Python Angular Framework Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Al Hobbs wrote:You should just have one request that the client needs to make.  If the data comes from different places then you should make another endpoint that aggregates the data.



I am using JWT for authenticating users, I tried to take the user id from the token that exists on the request header, and return the  data according to the user.

A user requests a quiz and gets the quiz resource back along with his answer for that quiz.

But I am wondering if this is a good practice or should I split the request into two requests:    first get the quiz , then get the answer by user.


You think splitting the request is a better approach ?

 
Redan Hassoun
Ranch Hand
Posts: 33
Python Angular Framework Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:How are you keeping track what user is logged in, and where and how do you store what answer a user has given to a particular question?



I am keeping track of the login using a Json Web Token. I have an authentication filter in the server that makes sure the token is valid before the request reaches the Controller.

And regarding storing the data,

I hava a "user_answer" table that stores:    quiz_id  ,   user_id  and quiz_answer_id.


On my current impelementation I have and endpoint that adds an answer to the table and another endpoint that retrieves a quiz.
Both of them take the user id from the token,


But I am wondering if this is a good practice or should I split the request into two requests

(at least the one that retrieves a quiz) :
first get the quiz , then get the answer by user.

 
Ranch Hand
Posts: 125
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JSON web token serves two purposes: to authenticate user, and to store user session related information. So, yes, user-id, their last question, are all fair bets, for adding to JWT.
About splitting of APIs, ideally, you should not mix adding data (POST) with getting data (GET). So, you should keep them separate.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!