Package org.opencms.security
Class CmsPersistentLoginTokenHandler
- java.lang.Object
-
- org.opencms.security.CmsPersistentLoginTokenHandler
-
public class CmsPersistentLoginTokenHandler extends java.lang.Object
Creates and validates persisten login tokens for users.When a token is created for a user, a special additional info item is stored on the user, such that the token uniquely identifies that info item. The value of the info item is the expiration date of the token. A token is validated by looking up the additional info item for the user and checking whether the token is still valid according to the stored expiration date.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CmsPersistentLoginTokenHandler.Token
Bean representing the data encoded in a login token (user name and key).
-
Field Summary
Fields Modifier and Type Field Description static long
DEFAULT_LIFETIME
Default token lifetime.static java.lang.String
KEY_PREFIX
Prefix used for the keys for the additional infos this class creates.
-
Constructor Summary
Constructors Constructor Description CmsPersistentLoginTokenHandler()
Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
createToken(CmsObject cms)
Generates a new login token for a given user and registers the token in the user's additional info.void
invalidateToken(CmsUser user, java.lang.String token)
Invalidates all tokens for the given user.void
removeExpiredTokens(CmsUser user, long now)
Removes expired tokens from the user's additional infos.static void
setAdminCms(CmsObject adminCms)
Static method used to give this class access to an admin cms context.void
setTokenLifetime(long duration)
Sets the token lifetime.CmsUser
validateToken(java.lang.String tokenString)
Validates a token and returns the matching user for which the token is valid.
-
-
-
Field Detail
-
DEFAULT_LIFETIME
public static final long DEFAULT_LIFETIME
Default token lifetime.- See Also:
- Constant Field Values
-
KEY_PREFIX
public static final java.lang.String KEY_PREFIX
Prefix used for the keys for the additional infos this class creates.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CmsPersistentLoginTokenHandler
public CmsPersistentLoginTokenHandler()
Creates a new instance.
-
-
Method Detail
-
setAdminCms
public static void setAdminCms(CmsObject adminCms)
Static method used to give this class access to an admin cms context.- Parameters:
adminCms
- the admin cms context to set
-
createToken
public java.lang.String createToken(CmsObject cms) throws CmsException
Generates a new login token for a given user and registers the token in the user's additional info.- Parameters:
cms
- the CMS context for which to create a new token- Returns:
- the generated token
- Throws:
CmsException
- if something goes wrong
-
invalidateToken
public void invalidateToken(CmsUser user, java.lang.String token) throws CmsException
Invalidates all tokens for the given user.- Parameters:
user
- the usertoken
- the token string- Throws:
CmsException
- if something goes wrong
-
removeExpiredTokens
public void removeExpiredTokens(CmsUser user, long now)
Removes expired tokens from the user's additional infos.This method does not write the user back to the database.
- Parameters:
user
- the user for which to remove the additional infosnow
- the current time
-
setTokenLifetime
public void setTokenLifetime(long duration)
Sets the token lifetime.- Parameters:
duration
- the number of milliseconds for which the token should be valid
-
validateToken
public CmsUser validateToken(java.lang.String tokenString)
Validates a token and returns the matching user for which the token is valid.Returns null if no user matching the token is found, or if the token for the user is expired
- Parameters:
tokenString
- the token for which to find the matching user- Returns:
- the matching user for the token, or null if no matching user was found or the token is expired
-
-