|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.authentication.AbstractAuthenticationToken org.springframework.security.authentication.UsernamePasswordAuthenticationToken
public class UsernamePasswordAuthenticationToken
An Authentication
implementation that is designed for simple presentation
of a username and password.
The principal
and credentials
should be set with an Object
that provides
the respective property via its Object.toString()
method. The simplest such Object
to use
is String
.
Constructor Summary | |
---|---|
UsernamePasswordAuthenticationToken(Object principal,
Object credentials)
This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken , as the AbstractAuthenticationToken.isAuthenticated() will return false . |
|
UsernamePasswordAuthenticationToken(Object principal,
Object credentials,
Collection<? extends GrantedAuthority> authorities)
This constructor should only be used by AuthenticationManager or AuthenticationProvider
implementations that are satisfied with producing a trusted (i.e. |
|
UsernamePasswordAuthenticationToken(Object principal,
Object credentials,
GrantedAuthority[] authorities)
Deprecated. use the list of authorities version |
Method Summary | |
---|---|
void |
eraseCredentials()
Checks the credentials , principal and details objects, invoking the
eraseCredentials method on any which implement CredentialsContainer . |
Object |
getCredentials()
The credentials that prove the principal is correct. |
Object |
getPrincipal()
The identity of the principal being authenticated. |
void |
setAuthenticated(boolean isAuthenticated)
See Authentication.isAuthenticated() for a full description. |
Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken |
---|
equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public UsernamePasswordAuthenticationToken(Object principal, Object credentials)
UsernamePasswordAuthenticationToken
, as the AbstractAuthenticationToken.isAuthenticated()
will return false
.
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities)
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)
AuthenticationManager
or AuthenticationProvider
implementations that are satisfied with producing a trusted (i.e. AbstractAuthenticationToken.isAuthenticated()
= true
)
authentication token.
principal
- credentials
- authorities
- Method Detail |
---|
public Object getCredentials()
Authentication
AuthenticationManager
. Callers are expected to populate the credentials.
Principal
public Object getPrincipal()
Authentication
The AuthenticationManager implementation will often return an Authentication containing
richer information as the principal for use by the application. Many of the authentication providers will
create a UserDetails
object as the principal.
Principal
being authenticated or the authenticated principal after authentication.public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException
Authentication
Authentication.isAuthenticated()
for a full description.
Implementations should always allow this method to be called with a false
parameter,
as this is used by various classes to specify the authentication token should not be trusted.
If an implementation wishes to reject an invocation with a true
parameter (which would indicate
the authentication token is trusted - a potential security risk) the implementation should throw an
IllegalArgumentException
.
setAuthenticated
in interface Authentication
setAuthenticated
in class AbstractAuthenticationToken
isAuthenticated
- true
if the token should be trusted (which may result in an exception) or
false
if the token should not be trusted
IllegalArgumentException
- if an attempt to make the authentication token trusted (by passing
true
as the argument) is rejected due to the implementation being immutable or
implementing its own alternative approach to Authentication.isAuthenticated()
public void eraseCredentials()
AbstractAuthenticationToken
credentials
, principal
and details
objects, invoking the
eraseCredentials
method on any which implement CredentialsContainer
.
eraseCredentials
in interface CredentialsContainer
eraseCredentials
in class AbstractAuthenticationToken
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |