Class CmsTokenValidator


  • public class CmsTokenValidator
    extends java.lang.Object
    Helper class for dealing with authorization tokens for the 'forgot password' functionality.

    When a user requests a link to change his password, an authorization token is generated and also stored in the user's additional info (in a slightly different form). When the user opens the 'change password' link sent to him, the authentication token is validated by comparing it to the token in the user's additional info. Additionally, the system checks whether the age of the token stored in the additional infos is older than the maximum age, which can also be configured.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ADDINFO_KEY
      Additional info key to store the authorization data.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static void clearToken​(CmsObject cms, CmsUser user)
      Removes an authorization token from the user's additional information.
      static java.lang.String createToken​(CmsObject cms, CmsUser user, long currentTime)
      Creates a new token for the given user and stores it in the user's additional info.
      CmsUser getUser()
      Gets the user.
      java.lang.String validateToken​(CmsObject cms, java.lang.String token, long maxAgeMillis)
      Validates the authentication token against the token stored in the user's additional info.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • clearToken

        public static void clearToken​(CmsObject cms,
                                      CmsUser user)
                               throws CmsException
        Removes an authorization token from the user's additional information.

        Parameters:
        cms - the CMS context
        user - the user
        Throws:
        CmsException - if something goes wrong
      • createToken

        public static java.lang.String createToken​(CmsObject cms,
                                                   CmsUser user,
                                                   long currentTime)
                                            throws CmsException
        Creates a new token for the given user and stores it in the user's additional info.

        Parameters:
        cms - the CMS context
        user - the user
        currentTime - the current time
        Returns:
        the authorization token
        Throws:
        CmsException - if something goes wrong
      • validateToken

        public java.lang.String validateToken​(CmsObject cms,
                                              java.lang.String token,
                                              long maxAgeMillis)
                                       throws CmsException
        Validates the authentication token against the token stored in the user's additional info.

        Parameters:
        cms - the CMS context
        token - the authentication token
        maxAgeMillis - the maximum token age in milliseconds
        Returns:
        null if the validation is succesfull, or a string containing the error message if not
        Throws:
        CmsException - if something goes wrong