Interface TokenService
- All Known Implementing Classes:
KeyBasedPersistenceTokenService
Implementations are solely concern with issuing a new Token on demand. The
issued Token may contain user-specified extended information. The token
also contains a cryptographically strong, byte array-based key. This permits the token
to be used to identify a user session, if desired. The key can subsequently be
re-presented to the TokenService for verification and reconstruction of a
Token equal to the original Token.
Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
- Since:
- 2.0.1
-
Method Summary
Modifier and TypeMethodDescriptionallocateToken(String extendedInformation) Forces the allocation of a newToken.verifyToken(String key) Permits verification theToken.getKey()was issued by thisTokenServiceand reconstructs the correspondingToken.
-
Method Details
-
allocateToken
Forces the allocation of a newToken.- Parameters:
extendedInformation- the extended information desired in the token (cannot benull, but can be empty)- Returns:
- a new token that has not been issued previously, and is guaranteed to be
recognised by this implementation's
verifyToken(String)at any future time.
-
verifyToken
Permits verification theToken.getKey()was issued by thisTokenServiceand reconstructs the correspondingToken.- Parameters:
key- as obtained fromToken.getKey()and created by this implementation- Returns:
- the token, or
nullif the token was not issued by thisTokenService
-