public interface TokenService
Implementations are solely concern with issuing a new Token on demand. The
issued Token may contain user-specified extended information. The token
also contains a cryptographically strong, byte array-based key. This permits the token
to be used to identify a user session, if desired. The key can subsequently be
re-presented to the TokenService for verification and reconstruction of a
Token equal to the original Token.
Given the tightly-focused behaviour provided by this interface, it can serve as a building block for more sophisticated token-based solutions. For example, authentication systems that depend on stateless session keys. These could, for instance, place the username inside the user-specified extended information associated with the key). It is important to recognise that we do not intend for this interface to be expanded to provide such capabilities directly.
| 限定符和类型 | 方法和说明 |
|---|---|
org.springframework.security.core.token.Token |
allocateToken(LoginUser loginUser,
Long timeToLive)
Forces the allocation of a new
Token. |
org.springframework.security.core.token.Token |
verifyToken(String key)
Permits verification the
Token.getKey() was issued by this
TokenService and reconstructs the corresponding Token. |
org.springframework.security.core.token.Token allocateToken(LoginUser loginUser, Long timeToLive)
Token.loginUser - the extended information desired in the token (cannot be
null, but can be empty)timeToLive - time to live in secondsverifyToken(String) at any future
time.org.springframework.security.core.token.Token verifyToken(String key)
Token.getKey() was issued by this
TokenService and reconstructs the corresponding Token.key - as obtained from Token.getKey() and created by this
implementationnull if the token was not issued by this
TokenServiceCopyright © 2020. All rights reserved.