DEV Community

unhurried
unhurried

Posted on

6 2

A Token Management Implementation for Web API Authentication in Java

#java

This article studies an implementation of a synchronized process in Java that enables multiple threads to share same timed tokens, assuming access tokens in OAuth2, for Web API authentication.

Specification of Token Management

I assume the following specification for this token management system.

  • Multiple threads call Web APIs with the same token.
  • When a token expires, a thread that detects the expiration first will update the token.
  • During the update process, token retrievals from other threads needs to wait the completion of the update.

An Implementation in Java

The following is an implementation of the token management system described above.

public class TokenManager {

  // Singleton Pattern
  private static TokenManager instance = new TokenManager();
  private TokenManager() {}
  public static TokenManager getInstance() {
    return instance;
  }

  /* Set "volatile" to variables for token and update time so that any
     threads can retrieve the up-to-date state of the variables. */
  // Timed token
  private volatile String token = null;
  // Update time calcurated from TTL of the token
  private volatile long refreshAt = 0L;

  // getToken doesn't need "synchronized" as any threads can retrieve
  //  the up-to-date token with the aid of "volatile" keyword.
  public String getToken() {
    if (System.currentTimeMillis() >= refreshAt) {
      syncUpdateToken();
    }
    return this.token;
  }

  // Make the method "synchronized" so that only one thread can
  // execute it in time.
  private synchronized void syncUpdateToken() {
    // Prevent subsequents threads that call getToken method during
    // the token update from updating the token again.
    if (System.currentTimeMillis() < refreshAt) {
      return;
    }

    // Token Update Process
    // Update "token" before "refreshAt" as "refreshAt" is used
    // first in getToken method to check the token expiration.
    this.token = ...
    this.refreshAt = ...
  }
}
Enter fullscreen mode Exit fullscreen mode

By making instance variables (token and refreshAt) "volatile", getToken method doesn't need "synchronized", which enables parallel execution of token retrievals while the token is valid.

Note that results in subsequent threads invoking updateToken method, thus token expiration check is also needed in updateToken to prevent unnecessary token updates.

profile
Heroku
 Promoted

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

jordankeurope profile image

How Can Module Testing Improve the Overall Quality Of Software Products?

Jordan Knightin -

ahmad_tibibi profile image

TS1317: A parameter property cannot be declared using a rest parameter

Ahmad Tibibi -

turingvangisms profile image

TS1320: Type of 'await' operand must either be a valid promise or must not contain a callable 'then' member

Turing -

ahmad_tibibi profile image

TS1315: Global module exports may only appear in declaration files

Ahmad Tibibi -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay