Chapter 10. Token Service

10.1. Implementing Token Service API
10.2. Configuring Token Services
The Token Service is used in authentication.
The token system prevents user account information being sent unencrypted within inbound requests. This increases authentication security.
The token service allows administrators to create, delete, retrieve and clean tokens as required. The service also defines a validity period of any given token. The token becomes invalid once this period expires.
Report a bug

10.1. Implementing Token Service API

All token services used in portal authentication must be implemented by subclassing an AbstractTokenService abstract class.
The following AbstractTokenService methods represents the contract between authentication runtime, and a token service implementation. 

	
public Token getToken(String id) throws PathNotFoundException, RepositoryException;
public Token deleteToken(String id) throws PathNotFoundException, RepositoryException;
public String[] getAllTokens();
public long getNumberTokens() throws Exception;
public String createToken(Credentials credentials) throws IllegalArgumentException,NullPointerException;
public Credentials validateToken(String tokenKey, boolean remove) throws NullPointerException;
Report a bug

10.2. Configuring Token Services

The token services configuration includes specifying the token validity period. The token service is configured as a portal component in the portal scope, as opposed to the root scope.
In the XML example below, CookieTokenService is a subclass of AbstractTokenService so it has a property which specifies the validity period of the token.
The token service will initialize this validity property by looking for an init-param named service.configuration.
This property must have three values. 

	
	<component>
  <key>org.exoplatform.web.security.security.CookieTokenService</key>
  <type>org.exoplatform.web.security.security.CookieTokenService</type>
  <init-params>
    <values-param>
      <name>service.configuration</name>
      <!-- Service name -->
      <value>jcr-token</value>
      <!-- Amount of time -->
      <value>7</value>
      <!-- Unit of time -->
      <value>DAY</value>
      <value>autologin</value>
    </values-param>
  </init-params>
</component>
In this case, the service name is jcr-token and the token expiration time is one week.
The portal supports the following time units:
  1. SECOND
  2. MINUTE
  3. HOUR
  4. DAY
Report a bug