What is the best approach to implement token based authentication

Question

I have a Spring Boot application which acts as a client of a server. It requests data from the server after being authenticated. The server uses token based authentication and changes the token every 15 minutes. What would be the most efficient and cleaner way for my client application to acquire new token? By default I use multithreading and in the background of my main application I request new token every 15 minutes, but it is not efficient. So are there other approaches like reactive programming or etc to do this? please note that my application needs to send a large number of requests to the server at a time so I cant check the time of acquiring the token every time I send a request.

Answer 1

I would use @Retryable with RetryOperationsInterceptor or ExceptionClassifierRetryPolicy.

Here's how it goes:

We have a @Component singleton to hold authentication token:

@Component
public class AuthenticationHolder {

    private String token;

    public String getToken() {
        return token;
    }

    public void setToken(String token) {
         this.token = token;
    }
}

Make the @Component that actually requests data from the server not aware of authentication process. It only has a reference to your AuthenticationHolder singleton, and in the method it tries to request data (obviously annotated with @Retryable, it retrieves the token and makes the request. If it fails with a bad response code from the server, make it throw an exception, and it will retry. In between the retries, make your RetryOperationsInterceptor renew the authentication token.