org.springframework.security.core.token.TokenService |
Known Indirect Subclasses |
Provides a mechanism to allocate and rebuild secure, randomised tokens.
Implementations are solely concern with issuing a new Token
on demand. The
issued Token
may contain user-specified extended information. The token also
contains a cryptographically strong, byte array-based key. This permits the token to be
used to identify a user session, if desired. The key can subsequently be re-presented
to the TokenService
for verification and reconstruction of a Token
equal to the original Token
.
Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Forces the allocation of a new
Token . | |||||||||||
Permits verification the <
getKey() was issued by this TokenService and
reconstructs the corresponding Token . |
Forces the allocation of a new Token
.
extendedInformation | the extended information desired in the token
(cannot be null , but can be empty) |
---|
verifyToken(String)
at any future time.