public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
Authenticationimplementation that is designed for simple presentation of a username and password.
credentials should be set with an
Object that provides
the respective property via its
Object.toString() method. The simplest such
Object to use
|Constructor and Description|
This constructor can be safely used by any code that wishes to create a
This constructor should only be used by
|Modifier and Type||Method and Description|
The credentials that prove the principal is correct.
The identity of the principal being authenticated.
equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString
UsernamePasswordAuthenticationToken, as the
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)
AuthenticationProviderimplementations that are satisfied with producing a trusted (i.e.
true) authentication token.
public Object getCredentials()
AuthenticationManager. Callers are expected to populate the credentials.
public Object getPrincipal()
The AuthenticationManager implementation will often return an Authentication containing
richer information as the principal for use by the application. Many of the authentication providers will
UserDetails object as the principal.
Principalbeing authenticated or the authenticated principal after authentication.
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException
Authentication.isAuthenticated()for a full description.
Implementations should always allow this method to be called with a
as this is used by various classes to specify the authentication token should not be trusted.
If an implementation wishes to reject an invocation with a
true parameter (which would indicate
the authentication token is trusted - a potential security risk) the implementation should throw an
trueif the token should be trusted (which may result in an exception) or
falseif the token should not be trusted
IllegalArgumentException- if an attempt to make the authentication token trusted (by passing
trueas the argument) is rejected due to the implementation being immutable or implementing its own alternative approach to
public void eraseCredentials()
detailsobjects, invoking the
eraseCredentialsmethod on any which implement