Spring Security Framework

org.springframework.security.providers
Class AbstractAuthenticationToken

java.lang.Object
  extended by org.springframework.security.providers.AbstractAuthenticationToken
All Implemented Interfaces:
Serializable, Principal, Authentication
Direct Known Subclasses:
AbstractAdapterAuthenticationToken, AnonymousAuthenticationToken, CasAuthenticationToken, OpenIDAuthenticationToken, PreAuthenticatedAuthenticationToken, RememberMeAuthenticationToken, RunAsUserToken, UsernamePasswordAuthenticationToken, X509AuthenticationToken

public abstract class AbstractAuthenticationToken
extends Object
implements Authentication

Base class for Authentication objects.

Implementations which use this class should be immutable.

Version:
$Id$
Author:
Ben Alex, Luke Taylor
See Also:
Serialized Form

Constructor Summary
AbstractAuthenticationToken()
          Deprecated. in favour of the constructor which takes a GrantedAuthority[] argument.
AbstractAuthenticationToken(GrantedAuthority[] authorities)
          Creates a token with the supplied array of authorities.
 
Method Summary
 boolean equals(Object obj)
           
 GrantedAuthority[] getAuthorities()
          Set by an AuthenticationManager to indicate the authorities that the principal has been granted.
 Object getDetails()
          Stores additional details about the authentication request.
 String getName()
           
 int hashCode()
           
 boolean isAuthenticated()
          Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager.
 void setAuthenticated(boolean authenticated)
          See Authentication.isAuthenticated() for a full description.
 void setDetails(Object details)
           
 String toString()
           
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.springframework.security.Authentication
getCredentials, getPrincipal
 

Constructor Detail

AbstractAuthenticationToken

public AbstractAuthenticationToken()
Deprecated. in favour of the constructor which takes a GrantedAuthority[] argument.

Retained for compatibility with subclasses written before the AbstractAuthenticationToken(GrantedAuthority[]) constructor was introduced.


AbstractAuthenticationToken

public AbstractAuthenticationToken(GrantedAuthority[] authorities)
Creates a token with the supplied array of authorities.

Parameters:
authorities - the list of GrantedAuthoritys for the principal represented by this authentication object. A null value indicates that no authorities have been granted (pursuant to the interface contract specified by Authentication.getAuthorities()null should only be presented if the principal has not been authenticated).
Method Detail

equals

public boolean equals(Object obj)
Specified by:
equals in interface Principal
Overrides:
equals in class Object

getAuthorities

public GrantedAuthority[] getAuthorities()
Description copied from interface: Authentication
Set by an AuthenticationManager to indicate the authorities that the principal has been granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted AuthenticationManager.

Implementations should ensure that modifications to the returned array do not affect the state of the Authentication object (e.g. by returning an array copy).

Specified by:
getAuthorities in interface Authentication
Returns:
the authorities granted to the principal, or null if authentication has not been completed

getDetails

public Object getDetails()
Description copied from interface: Authentication
Stores additional details about the authentication request. These might be an IP address, certificate serial number etc.

Specified by:
getDetails in interface Authentication
Returns:
additional details about the authentication request, or null if not used

getName

public String getName()
Specified by:
getName in interface Principal

hashCode

public int hashCode()
Specified by:
hashCode in interface Principal
Overrides:
hashCode in class Object

isAuthenticated

public boolean isAuthenticated()
Description copied from interface: Authentication
Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager. Typically an AuthenticationManager (or, more often, one of its AuthenticationProviders) will return an immutable authentication token after successful authentication, in which case that token can safely return true to this method. Returning true will improve performance, as calling the AuthenticationManager for every request will no longer be necessary.

For security reasons, implementations of this interface should be very careful about returning true to this method unless they are either immutable, or have some way of ensuring the properties have not been changed since original creation.

Specified by:
isAuthenticated in interface Authentication
Returns:
true if the token has been authenticated and the AbstractSecurityInterceptor does not need to represent the token for re-authentication to the AuthenticationManager

setAuthenticated

public void setAuthenticated(boolean authenticated)
Description copied from interface: Authentication
See Authentication.isAuthenticated() for a full description.

Implementations should always allow this method to be called with a false parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with a true parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw an IllegalArgumentException.

Specified by:
setAuthenticated in interface Authentication
Parameters:
authenticated - true if the token should be trusted (which may result in an exception) or false if the token should not be trusted

setDetails

public void setDetails(Object details)

toString

public String toString()
Specified by:
toString in interface Principal
Overrides:
toString in class Object

Spring Security Framework

Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.