Interface TokenService
-
- All Known Implementing Classes:
KeyBasedPersistenceTokenService
public interface TokenService
Provides a mechanism to allocate and rebuild secure, randomised tokens.Implementations are solely concern with issuing a new
Token
on demand. The issuedToken
may contain user-specified extended information. The token also contains a cryptographically strong, byte array-based key. This permits the token to be used to identify a user session, if desired. The key can subsequently be re-presented to theTokenService
for verification and reconstruction of aToken
equal to the originalToken
.Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
- Since:
- 2.0.1
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Token
allocateToken(java.lang.String extendedInformation)
Forces the allocation of a newToken
.Token
verifyToken(java.lang.String key)
Permits verification theToken.getKey()
was issued by thisTokenService
and reconstructs the correspondingToken
.
-
-
-
Method Detail
-
allocateToken
Token allocateToken(java.lang.String extendedInformation)
Forces the allocation of a newToken
.- Parameters:
extendedInformation
- the extended information desired in the token (cannot benull
, but can be empty)- Returns:
- a new token that has not been issued previously, and is guaranteed to be
recognised by this implementation's
verifyToken(String)
at any future time.
-
verifyToken
Token verifyToken(java.lang.String key)
Permits verification theToken.getKey()
was issued by thisTokenService
and reconstructs the correspondingToken
.- Parameters:
key
- as obtained fromToken.getKey()
and created by this implementation- Returns:
- the token, or
null
if the token was not issued by thisTokenService
-
-