org.springframework.security.token
Interface Token

All Known Implementing Classes:

DefaultToken

public interface Token

A token issued by TokenService.

It is important that the keys assigned to tokens are sufficiently randomised and secured that they can serve as identifying a unique user session. Implementations of TokenService are free to use encryption or encoding strategies of their choice. It is strongly recommended that keys are of sufficient length to balance safety against persistence cost. In relation to persistence cost, it is strongly recommended that returned keys are small enough for encoding in a cookie.

Since:

2.0.1

Author:

Ben Alex

Method Summary

String	getExtendedInformation() Obtains the extended information associated within the token, which was presented when the token was first created.
String	getKey() Obtains the randomised, secure key assigned to this token.
long	getKeyCreationTime() The time the token key was initially created is available from this method.

Method Detail

getKey

String getKey()

Obtains the randomised, secure key assigned to this token. Presentation of this token to TokenService will always return a Token that is equal to the original Token issued for that key.

Returns:

a key with appropriate randomness and security.

getKeyCreationTime

long getKeyCreationTime()

The time the token key was initially created is available from this method. Note that a given token must never have this creation time changed. If necessary, a new token can be requested from the TokenService to replace the original token.

Returns:

the time this token key was created, in the same format as specified by {@link Date#getTime()).

getExtendedInformation

String getExtendedInformation()

Obtains the extended information associated within the token, which was presented when the token was first created.

Returns:

the user-specified extended information, if any