Package org.nuxeo.ecm.tokenauth.service

Interface TokenAuthenticationService

  • All Superinterfaces:
    Serializable
    All Known Implementing Classes:
    TokenAuthenticationServiceImpl
    public interface TokenAuthenticationService
extends Serializable
    Service to manage generation and storage of authentication tokens. Each token must be unique and persisted in the back-end with the user information it is bound to: user name, application name, device name, device description, permission.

    Typically, the service is called by the TokenAuthenticationServlet to get a token from the user information passed as request parameters, and it allows the TokenAuthenticator to check for a valid identity given a token passed as a request header.

    Since:
    5.7
    Author:
    Antoine Taillefer (ataillefer@nuxeo.com)

    • Method Detail

      • acquireToken

        String acquireToken​(String userName,
                    String applicationName,
                    String deviceId,
                    String deviceDescription,
                    String permission)
             throws TokenAuthenticationException
        Acquires a unique token for the specified user, application, and device.

        If such a token exist in the back-end for the specified (userName, applicationName, deviceId) triplet, just returns it, else generates it and stores it in the back-end with the triplet attributes, the specified device description and permission.

        Throws:
        TokenAuthenticationException - if one of the required parameters is null or empty (all parameters are required except for the device description)
        NuxeoException - if multiple tokens are found for the same triplet

      • acquireToken

        String acquireToken​(javax.servlet.http.HttpServletRequest request)
             throws TokenAuthenticationException
        Acquires a unique token for the specified request.

        Parameters needed (applicationName, deviceId, deviceDescription, permission) to acquire the token are extracted from the request itself.

        If such a token exist in the back-end for the specified (userName, applicationName, deviceId) triplet, just returns it, else generates it and stores it in the back-end with the triplet attributes, the specified device description and permission.

        Returns:
        a token or null for no principal or for anonymous principal unless 'allowAnonymous' parameter is explicitly set to true in the authentication plugin configuration.
        Throws:
        TokenAuthenticationException - if one of the required parameters is null or empty (all parameters are required except for the device description)
        NuxeoException - if multiple tokens are found for the same triplet
        Since:
        8.3

      • getUserName

        String getUserName​(String token)
        Gets the user name bound to the specified token.
        Returns:
        The user name bound to the specified token, or null if the token does not exist in the back-end.

      • revokeToken

        void revokeToken​(String token)
        Removes the token from the back-end.