org.springframework.security.core.token
Interface TokenService

All Known Implementing Classes:
KeyBasedPersistenceTokenService

public interface TokenService

Provides a mechanism to allocate and rebuild secure, randomised tokens.

Implementations are solely concern with issuing a new Token on demand. The issued Token may contain user-specified extended information. The token also contains a cryptographically strong, byte array-based key. This permits the token to be used to identify a user session, if desired. The key can subsequently be re-presented to the TokenService for verification and reconstruction of a Token equal to the original Token.

Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.

Since:
2.0.1
Author:
Ben Alex

Method Summary
 Token allocateToken(String extendedInformation)
          Forces the allocation of a new Token.
 Token verifyToken(String key)
          Permits verification the <Token.getKey() was issued by this TokenService and reconstructs the corresponding Token.
 

Method Detail

allocateToken

Token allocateToken(String extendedInformation)
Forces the allocation of a new Token.

Parameters:
the - extended information desired in the token (cannot be null, but can be empty)
Returns:
a new token that has not been issued previously, and is guaranteed to be recognised by this implementation's verifyToken(String) at any future time.

verifyToken

Token verifyToken(String key)
Permits verification the <Token.getKey() was issued by this TokenService and reconstructs the corresponding Token.

Parameters:
key - as obtained from Token.getKey() and created by this implementation
Returns:
the token, or null if the token was not issued by this TokenService


Copyright © 2004-2009 SpringSource, Inc. All Rights Reserved.