|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.AbstractAuthenticationToken
public abstract class AbstractAuthenticationToken
Base class for Authentication
objects.
Implementations which use this class should be immutable.
Constructor Summary | |
---|---|
AbstractAuthenticationToken(java.util.Collection<? extends GrantedAuthority> authorities)
Creates a token with the supplied array of authorities. |
Method Summary | |
---|---|
boolean |
equals(java.lang.Object obj)
|
void |
eraseCredentials()
Checks the credentials , principal and details objects, invoking the
eraseCredentials method on any which implement CredentialsContainer . |
java.util.Collection<GrantedAuthority> |
getAuthorities()
Set by an AuthenticationManager to indicate the authorities that the principal has been
granted. |
java.lang.Object |
getDetails()
Stores additional details about the authentication request. |
java.lang.String |
getName()
|
int |
hashCode()
|
boolean |
isAuthenticated()
Used to indicate to AbstractSecurityInterceptor whether it should present the
authentication token to the AuthenticationManager . |
void |
setAuthenticated(boolean authenticated)
See Authentication.isAuthenticated() for a full description. |
void |
setDetails(java.lang.Object details)
|
java.lang.String |
toString()
|
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Methods inherited from interface org.springframework.security.core.Authentication |
---|
getCredentials, getPrincipal |
Constructor Detail |
---|
public AbstractAuthenticationToken(java.util.Collection<? extends GrantedAuthority> authorities)
authorities
- the collection of GrantedAuthoritys for the
principal represented by this authentication object.Method Detail |
---|
public java.util.Collection<GrantedAuthority> getAuthorities()
Authentication
AuthenticationManager
to indicate the authorities that the principal has been
granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted
AuthenticationManager
.
Implementations should ensure that modifications to the returned collection array do not affect the state of the Authentication object, or use an unmodifiable instance.
getAuthorities
in interface Authentication
public java.lang.String getName()
getName
in interface java.security.Principal
public boolean isAuthenticated()
Authentication
AbstractSecurityInterceptor
whether it should present the
authentication token to the AuthenticationManager
. Typically an AuthenticationManager
(or, more often, one of its AuthenticationProvider
s) will return an immutable authentication token
after successful authentication, in which case that token can safely return true
to this method.
Returning true
will improve performance, as calling the AuthenticationManager
for
every request will no longer be necessary.
For security reasons, implementations of this interface should be very careful about returning
true
from this method unless they are either immutable, or have some way of ensuring the properties
have not been changed since original creation.
isAuthenticated
in interface Authentication
AbstractSecurityInterceptor
does not need
to present the token to the AuthenticationManager
again for re-authentication.public void setAuthenticated(boolean authenticated)
Authentication
Authentication.isAuthenticated()
for a full description.
Implementations should always allow this method to be called with a false
parameter,
as this is used by various classes to specify the authentication token should not be trusted.
If an implementation wishes to reject an invocation with a true
parameter (which would indicate
the authentication token is trusted - a potential security risk) the implementation should throw an
IllegalArgumentException
.
setAuthenticated
in interface Authentication
authenticated
- true
if the token should be trusted (which may result in an exception) or
false
if the token should not be trustedpublic java.lang.Object getDetails()
Authentication
getDetails
in interface Authentication
null
if not usedpublic void setDetails(java.lang.Object details)
public void eraseCredentials()
credentials
, principal
and details
objects, invoking the
eraseCredentials
method on any which implement CredentialsContainer
.
eraseCredentials
in interface CredentialsContainer
public boolean equals(java.lang.Object obj)
equals
in interface java.security.Principal
equals
in class java.lang.Object
public int hashCode()
hashCode
in interface java.security.Principal
hashCode
in class java.lang.Object
public java.lang.String toString()
toString
in interface java.security.Principal
toString
in class java.lang.Object
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |