public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
Authenticationimplementation that is designed for simple presentation of a username and password.
credentials should be set with an
Object that provides the respective property via its
Object.toString() method. The simplest such
Object to use is
|Constructor and Description|
This constructor can be safely used by any code that wishes to create a
This constructor should only be used by
|Modifier and Type||Method and Description|
The credentials that prove the principal is correct.
The identity of the principal being authenticated.
equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString
public UsernamePasswordAuthenticationToken(Object principal, Object credentials)
UsernamePasswordAuthenticationToken, as the
public UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)
AuthenticationProviderimplementations that are satisfied with producing a trusted (i.e.
true) authentication token.
public Object getCredentials()
AuthenticationManager. Callers are expected to populate the credentials.
public Object getPrincipal()
The AuthenticationManager implementation will often return an
Authentication containing richer information as the principal for use by
the application. Many of the authentication providers will create a
UserDetails object as the principal.
Principalbeing authenticated or the authenticated principal after authentication.
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException
Authentication.isAuthenticated()for a full description.
Implementations should always allow this method to be called with a
false parameter, as this is used by various classes to specify the
authentication token should not be trusted. If an implementation wishes to reject
an invocation with a
true parameter (which would indicate the
authentication token is trusted - a potential security risk) the implementation
should throw an
trueif the token should be trusted (which may result in an exception) or
falseif the token should not be trusted
IllegalArgumentException- if an attempt to make the authentication token trusted (by passing
trueas the argument) is rejected due to the implementation being immutable or implementing its own alternative approach to
public void eraseCredentials()
detailsobjects, invoking the
eraseCredentialsmethod on any which implement