TokenService (Spring Security 2.0.6.RELEASE API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Spring Security Framework

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.token
Interface TokenService

All Known Implementing Classes:: KeyBasedPersistenceTokenService

public interface TokenService

Provides a mechanism to allocate and rebuild secure, randomised tokens.

Implementations are solely concern with issuing a new Token on demand. The issued Token may contain user-specified extended information. The token also contains a cryptographically strong, byte array-based key. This permits the token to be used to identify a user session, if desired. The key can subsequently be re-presented to the TokenService for verification and reconstruction of a Token equal to the original Token.

Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.

Since:: 2.0.1
Author:: Ben Alex

Method Summary
`Token`	`allocateToken(String extendedInformation)` Forces the allocation of a new `Token`.
`Token`	`verifyToken(String key)` Permits verification the <`Token.getKey()` was issued by this `TokenService` and reconstructs the corresponding `Token`.

Method Detail

allocateToken

Token allocateToken(String extendedInformation)

Forces the allocation of a new Token.

Parameters:: the - extended information desired in the token (cannot be null, but can be empty)
Returns:: a new token that has not been issued previously, and is guaranteed to be recognised by this implementation's verifyToken(String) at any future time.

verifyToken

Token verifyToken(String key)

Permits verification the <Token.getKey() was issued by this TokenService and reconstructs the corresponding Token.

Parameters:: key - as obtained from Token.getKey() and created by this implementation
Returns:: the token, or null if the token was not issued by this TokenService