org.jboss.aerogear.security.token.service
Interface TokenService

public interface TokenService

IdentityManagement allows to manage a Token.

Method Summary

void	destroy(String id) Destroys the Token.
String	generate(String email) Method to generate the Token.
boolean	isValid(String id) Checks the validity of the Token based on the identifier passed as parameter.

Method Detail

destroy

void destroy(String id)

Destroys the Token.

 try {
    Token token = em.find(Token.class, id);
    em.remove(token);
    em.flush();
 } catch (Exception e) {
    e.printStackTrace();
 }
 
 

Parameters:

id - id of the Token used to retrieve the Token.

isValid

boolean isValid(String id)

Checks the validity of the Token based on the identifier passed as parameter. Usually, an id will be passed in order to be able to retrieve the Token.

 Token token = null;

  try {
      token = em.createQuery("SELECT t FROM Token t WHERE t.id = :id", Token.class)
      .setParameter("id", id)
      .getSingleResult();

  } catch (NoResultException e) {
      //Do nothing because we don't want to give any clue to an attacker
  }
  return (token != null && !expirationTime.isExpired(token.getExpiration()));

 

Parameters:

id - is the token provided for password reset.

Returns:

generate

String generate(String email)

Method to generate the Token. Is recommended to the implementer to make use of AeroGear Crypto which already implements cryptographic algorithms for password reset. For example to generate a secure token:

 if (userExists(email)) {

    String secret = Configuration.getSecret();

    //Secret is the secret_key included into config.properties file
    Hmac hmac = new Hmac(secret);
    //Persists the temporary token
    token = save(hmac.digest());
    return token;
 }
 
 

Parameters:

email - to be checked. E-mail must be provided to validate if it exists into the database

Returns:

a String representing the token or an identifier of the Token.