Class TokenBasedAuthentication

  • All Implemented Interfaces:

    public class TokenBasedAuthentication
    extends Object
    implements Authentication
    Authentication implementation that compares the tokens stored with a given user node to the token present in the SimpleCredentials attributes. Authentication succeeds if the login token refers to a non-expired token node and if all other credential attributes are equal to the corresponding properties.
    • Field Detail


        public static final long TOKEN_EXPIRATION
        Default expiration time for login tokens is 2 hours.
        See Also:
        Constant Field Values

        public static final String PARAM_COMPAT
        This system parameter allows to enable backwards compatible behavior of the TokenBasedAuthentication. Note that as of OAK 1.0 this flag will no be supported.
        See Also:
        Constant Field Values
    • Method Detail

      • canHandle

        public boolean canHandle​(Credentials credentials)
        Description copied from interface: Authentication
        An Authentication may only be able to handle certain types of Credentials as the authentication process is tightly coupled to the semantics of the Credentials. E.g.: A ticket based Authentication is dependant on a Credentials implementation which allows access to this ticket.
        Specified by:
        canHandle in interface Authentication
        credentials - in questions
        true if the current Authentication handles the given Credentials
        See Also:
      • isTokenBasedLogin

        public static boolean isTokenBasedLogin​(Credentials credentials)
        Returns true if the given credentials object is an instance of TokenCredentials.
        credentials -
        true if the given credentials object is an instance of TokenCredentials; false otherwise.
      • isMandatoryAttribute

        public static boolean isMandatoryAttribute​(String attributeName)
        Returns true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.
        attributeName -
        true if the specified attributeName starts with or equals TOKEN_ATTRIBUTE.
      • doCreateToken

        public static boolean doCreateToken​(Credentials credentials)
        Returns true if the specified credentials should be used to create a new login token.
        credentials -
        true if upon successful authentication a new login token should be created; false otherwise.
      • createToken

        public static Credentials createToken​(User user,
                                              SimpleCredentials credentials,
                                              long tokenExpiration,
                                              Session session)
                                       throws RepositoryException
        Create a new token node for the specified user.
        user -
        credentials -
        tokenExpiration -
        session -
        A new instance of TokenCredentials to be used for further login actions against this Authentication implementation.
        RepositoryException - If there is no node corresponding to the specified user in the current workspace or if an error occurs while creating the token node.