|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface TokenService
Provides a mechanism to allocate and rebuild secure, randomised tokens.
Implementations are solely concern with issuing a new Token
on demand. The
issued Token
may contain user-specified extended information. The token also
contains a cryptographically strong, byte array-based key. This permits the token to be
used to identify a user session, if desired. The key can subsequently be re-presented
to the TokenService
for verification and reconstruction of a Token
equal to the original Token
.
Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
Method Summary | |
---|---|
Token |
allocateToken(String extendedInformation)
Forces the allocation of a new Token . |
Token |
verifyToken(String key)
Permits verification the < Token.getKey() was issued by this TokenService and
reconstructs the corresponding Token . |
Method Detail |
---|
Token allocateToken(String extendedInformation)
Token
.
the
- extended information desired in the token (cannot be null
, but can be empty)
verifyToken(String)
at any future time.Token verifyToken(String key)
Token.getKey()
was issued by this TokenService
and
reconstructs the corresponding Token
.
key
- as obtained from Token.getKey()
and created by this implementation
null
if the token was not issued by this TokenService
|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |