public interface TokenService
Implementations are solely concern with issuing a new Token on demand. The
issued Token may contain user-specified extended information. The token also
contains a cryptographically strong, byte array-based key. This permits the token to be
used to identify a user session, if desired. The key can subsequently be re-presented
to the TokenService for verification and reconstruction of a Token
equal to the original Token.
Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
| Modifier and Type | Method and Description |
|---|---|
Token |
allocateToken(java.lang.String extendedInformation)
Forces the allocation of a new
Token. |
Token |
verifyToken(java.lang.String key)
Permits verification the <
Token.getKey() was issued by this TokenService and
reconstructs the corresponding Token. |
Token allocateToken(java.lang.String extendedInformation)
Token.the - extended information desired in the token (cannot be null, but can be empty)verifyToken(String) at any future time.Token verifyToken(java.lang.String key)
Token.getKey() was issued by this TokenService and
reconstructs the corresponding Token.key - as obtained from Token.getKey() and created by this implementationnull if the token was not issued by this TokenService