Token
| org.springframework.security.core.token.Token |
 Known Indirect Subclasses
|
Class Overview
A token issued by TokenService.
It is important that the keys assigned to tokens are sufficiently randomised and secured that
they can serve as identifying a unique user session. Implementations of TokenService
are free to use encryption or encoding strategies of their choice. It is strongly recommended that
keys are of sufficient length to balance safety against persistence cost. In relation to persistence
cost, it is strongly recommended that returned keys are small enough for encoding in a cookie.
Summary
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Obtains the extended information associated within the token, which was presented when the token
was first created.
| |||||||||||
Obtains the randomised, secure key assigned to this token.
| |||||||||||
The time the token key was initially created is available from this method.
| |||||||||||
Public Methods
public abstract String getExtendedInformation ()
Obtains the extended information associated within the token, which was presented when the token was first created.
Returns
- the user-specified extended information, if any
public abstract String getKey ()
Obtains the randomised, secure key assigned to this token. Presentation of this token to
TokenService will always return a Token that is equal to the original
Token issued for that key.
Returns
- a key with appropriate randomness and security.
public abstract long getKeyCreationTime ()
The time the token key was initially created is available from this method. Note that a given
token must never have this creation time changed. If necessary, a new token can be
requested from the TokenService to replace the original token.
Returns
- the time this token key was created, in the same format as specified by
getTime().