4.4. Authentication token configuration

Token Service is used in authentication. The token system prevents user account information being sent in the clear text mode within inbound requests. This increases authentication security.

This token service allows administrators to create, delete, retrieve and clean tokens as required. The service also defines a validity period of any given token. The token becomes invalid once this period expires.

Implementing the Token Service API

All token services used in the GateIn 3.5 authentication must be implemented by subclassing an AbstractTokenService abstract class. The following AbstractTokenService methods represent the contract between authentication runtime, and a token service implementation.

public Token getToken(String id) throws PathNotFoundException, RepositoryException;

public Token deleteToken(String id) throws PathNotFoundException, RepositoryException;
public long getNumberTokens() throws Exception;
public String createToken(Credentials credentials) throws IllegalArgumentException,NullPointerException;
public Credentials validateToken(String tokenKey, boolean remove) throws NullPointerException;

Configuring token services

The token services configuration includes specifying the token validity period. The token service is configured as a portal component (in the portal scope, as opposed to the root scope - See the Advanced Development - Foundations chapter for more details).

In the example below, CookieTokenService is a subclass of AbstractTokenService, so it has a property which specifies the validity period of the token.

The token service will initialize this validity property by looking for an init-param named service.configuration.

This property must have three values.


<component>
  <key>org.exoplatform.web.security.security.CookieTokenService</key>
  <type>org.exoplatform.web.security.security.CookieTokenService</type>
  <init-params>
    <values-param>
(1)      <name>service.configuration</name>
(2)      <value>jcr-token</value>
(3)      <value>7</value>
      <value>DAY</value>
    </values-param>     
  </init-params>
</component>

1

Service name

2

Amount of time

3

Unit of time

In this case, the service name is jcr-token and the token expiration time is one week.

GateIn 3.5 supports four time units:

See also

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus