Package org.nuxeo.ecm.tokenauth.service

Interface TokenAuthenticationService

All Superinterfaces:
Serializable
All Known Implementing Classes:
TokenAuthenticationServiceImpl
public interface TokenAuthenticationService extends Serializable
Service to manage generation and storage of authentication tokens. Each token must be unique and persisted in the back-end with the user information it is bound to: user name, application name, device name, device description, permission.

Typically, the service is called by the TokenAuthenticationServlet to get a token from the user information passed as request parameters, and it allows the TokenAuthenticator to check for a valid identity given a token passed as a request header.

Since:
5.7
Author:
Antoine Taillefer ([email protected])

  • Method Details

    • acquireToken

      String acquireToken(String userName, String applicationName, String deviceId, String deviceDescription, String permission) throws TokenAuthenticationException
      Acquires a unique token for the specified user, application, and device.

      If such a token exist in the back-end for the specified (userName, applicationName, deviceId) triplet, just returns it, else generates it and stores it in the back-end with the triplet attributes, the specified device description and permission.

      Throws:
      TokenAuthenticationException - if one of the required parameters is null or empty (all parameters are required except for the device description)
      NuxeoException - if multiple tokens are found for the same triplet

    • acquireToken

      String acquireToken(javax.servlet.http.HttpServletRequest request) throws TokenAuthenticationException
      Acquires a unique token for the specified request.

      Parameters needed (applicationName, deviceId, deviceDescription, permission) to acquire the token are extracted from the request itself.

      If such a token exist in the back-end for the specified (userName, applicationName, deviceId) triplet, just returns it, else generates it and stores it in the back-end with the triplet attributes, the specified device description and permission.

      Returns:
      a token or null for no principal or for anonymous principal unless 'allowAnonymous' parameter is explicitly set to true in the authentication plugin configuration.
      Throws:
      TokenAuthenticationException - if one of the required parameters is null or empty (all parameters are required except for the device description)
      NuxeoException - if multiple tokens are found for the same triplet
      Since:
      8.3

    • getToken

      String getToken(String userName, String applicationName, String deviceId) throws TokenAuthenticationException
      Gets the token for the specified user, application, and device.
      Returns:
      null if such a token doesn't exist
      Throws:
      TokenAuthenticationException - if one of the required parameters is null or empty (all parameters are required except for the device description)
      NuxeoException - if multiple tokens are found for the same (userName, applicationName, deviceId) triplet

    • getUserName

      String getUserName(String token)
      Gets the user name bound to the specified token.
      Returns:
      The user name bound to the specified token, or null if the token does not exist in the back-end.

    • revokeToken

      void revokeToken(String token)
      Removes the token from the back-end.

    • getTokenBindings

      DocumentModelList getTokenBindings(String userName)
      Gets the token bindings for the specified user.

    • getTokenBindings

      DocumentModelList getTokenBindings(String userName, String applicationName)
      Gets the token bindings for the specified user and application.
      Since:
      8.3