Package org.opencms.ui.login
Class CmsTokenValidator
- java.lang.Object
-
- org.opencms.ui.login.CmsTokenValidator
-
public class CmsTokenValidator extends java.lang.Object
Helper class for dealing with authorization tokens for the 'forgot password' functionality.When a user requests a link to change his password, an authorization token is generated and also stored in the user's additional info (in a slightly different form). When the user opens the 'change password' link sent to him, the authentication token is validated by comparing it to the token in the user's additional info. Additionally, the system checks whether the age of the token stored in the additional infos is older than the maximum age, which can also be configured.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ADDINFO_KEY
Additional info key to store the authorization data.
-
Constructor Summary
Constructors Constructor Description CmsTokenValidator()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static void
clearToken(CmsObject cms, CmsUser user)
Removes an authorization token from the user's additional information.static java.lang.String
createToken(CmsObject cms, CmsUser user, long currentTime)
Creates a new token for the given user and stores it in the user's additional info.CmsUser
getUser()
Gets the user.java.lang.String
validateToken(CmsObject cms, java.lang.String token, long maxAgeMillis)
Validates the authentication token against the token stored in the user's additional info.
-
-
-
Field Detail
-
ADDINFO_KEY
public static final java.lang.String ADDINFO_KEY
Additional info key to store the authorization data.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CmsTokenValidator
public CmsTokenValidator()
-
-
Method Detail
-
clearToken
public static void clearToken(CmsObject cms, CmsUser user) throws CmsException
Removes an authorization token from the user's additional information.- Parameters:
cms
- the CMS contextuser
- the user- Throws:
CmsException
- if something goes wrong
-
createToken
public static java.lang.String createToken(CmsObject cms, CmsUser user, long currentTime) throws CmsException
Creates a new token for the given user and stores it in the user's additional info.- Parameters:
cms
- the CMS contextuser
- the usercurrentTime
- the current time- Returns:
- the authorization token
- Throws:
CmsException
- if something goes wrong
-
validateToken
public java.lang.String validateToken(CmsObject cms, java.lang.String token, long maxAgeMillis) throws CmsException
Validates the authentication token against the token stored in the user's additional info.- Parameters:
cms
- the CMS contexttoken
- the authentication tokenmaxAgeMillis
- the maximum token age in milliseconds- Returns:
- null if the validation is succesfull, or a string containing the error message if not
- Throws:
CmsException
- if something goes wrong
-
-