Package org.opencms.security
Class CmsPersistentLoginTokenHandler
- java.lang.Object
-
- org.opencms.security.CmsPersistentLoginTokenHandler
-
public class CmsPersistentLoginTokenHandler extends java.lang.Object
Creates and validates persisten login tokens for users.When a token is created for a user, a special additional info item is stored on the user, such that the token uniquely identifies that info item. The value of the info item is the expiration date of the token. A token is validated by looking up the additional info item for the user and checking whether the token is still valid according to the stored expiration date.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classCmsPersistentLoginTokenHandler.TokenBean representing the data encoded in a login token (user name and key).
-
Field Summary
Fields Modifier and Type Field Description static longDEFAULT_LIFETIMEDefault token lifetime.static java.lang.StringKEY_PREFIXPrefix used for the keys for the additional infos this class creates.
-
Constructor Summary
Constructors Constructor Description CmsPersistentLoginTokenHandler()Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringcreateToken(CmsObject cms)Generates a new login token for a given user and registers the token in the user's additional info.voidinvalidateToken(CmsUser user, java.lang.String token)Invalidates all tokens for the given user.voidremoveExpiredTokens(CmsUser user, long now)Removes expired tokens from the user's additional infos.static voidsetAdminCms(CmsObject adminCms)Static method used to give this class access to an admin cms context.voidsetTokenLifetime(long duration)Sets the token lifetime.CmsUservalidateToken(java.lang.String tokenString)Validates a token and returns the matching user for which the token is valid.
-
-
-
Field Detail
-
DEFAULT_LIFETIME
public static final long DEFAULT_LIFETIME
Default token lifetime.- See Also:
- Constant Field Values
-
KEY_PREFIX
public static final java.lang.String KEY_PREFIX
Prefix used for the keys for the additional infos this class creates.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CmsPersistentLoginTokenHandler
public CmsPersistentLoginTokenHandler()
Creates a new instance.
-
-
Method Detail
-
setAdminCms
public static void setAdminCms(CmsObject adminCms)
Static method used to give this class access to an admin cms context.- Parameters:
adminCms- the admin cms context to set
-
createToken
public java.lang.String createToken(CmsObject cms) throws CmsException
Generates a new login token for a given user and registers the token in the user's additional info.- Parameters:
cms- the CMS context for which to create a new token- Returns:
- the generated token
- Throws:
CmsException- if something goes wrong
-
invalidateToken
public void invalidateToken(CmsUser user, java.lang.String token) throws CmsException
Invalidates all tokens for the given user.- Parameters:
user- the usertoken- the token string- Throws:
CmsException- if something goes wrong
-
removeExpiredTokens
public void removeExpiredTokens(CmsUser user, long now)
Removes expired tokens from the user's additional infos.This method does not write the user back to the database.
- Parameters:
user- the user for which to remove the additional infosnow- the current time
-
setTokenLifetime
public void setTokenLifetime(long duration)
Sets the token lifetime.- Parameters:
duration- the number of milliseconds for which the token should be valid
-
validateToken
public CmsUser validateToken(java.lang.String tokenString)
Validates a token and returns the matching user for which the token is valid.Returns null if no user matching the token is found, or if the token for the user is expired
- Parameters:
tokenString- the token for which to find the matching user- Returns:
- the matching user for the token, or null if no matching user was found or the token is expired
-
-