public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
Authentication
implementation that is
designed for simple presentation of a username and password.
The principal
and credentials
should be set with an
Object
that provides the respective property via its
Object.toString()
method. The simplest such Object
to use is
String
.
Constructor and Description |
---|
UsernamePasswordAuthenticationToken(Object principal,
Object credentials)
This constructor can be safely used by any code that wishes to create a
UsernamePasswordAuthenticationToken , as the AbstractAuthenticationToken.isAuthenticated()
will return false . |
UsernamePasswordAuthenticationToken(Object principal,
Object credentials,
Collection<? extends GrantedAuthority> authorities)
This constructor should only be used by
AuthenticationManager or
AuthenticationProvider implementations that are satisfied with
producing a trusted (i.e. |
Modifier and Type | Method and Description |
---|---|
void |
eraseCredentials()
Checks the
credentials , principal and details objects,
invoking the eraseCredentials method on any which implement
CredentialsContainer . |
Object |
getCredentials()
The credentials that prove the principal is correct.
|
Object |
getPrincipal()
The identity of the principal being authenticated.
|
void |
setAuthenticated(boolean isAuthenticated)
See
Authentication.isAuthenticated() for a full description. |
equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString
public UsernamePasswordAuthenticationToken(Object principal, Object credentials)
UsernamePasswordAuthenticationToken
, as the AbstractAuthenticationToken.isAuthenticated()
will return false
.public UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)
AuthenticationManager
or
AuthenticationProvider
implementations that are satisfied with
producing a trusted (i.e. AbstractAuthenticationToken.isAuthenticated()
= true
)
authentication token.principal
- credentials
- authorities
- public Object getCredentials()
Authentication
AuthenticationManager
. Callers
are expected to populate the credentials.Principal
public Object getPrincipal()
Authentication
The AuthenticationManager implementation will often return an
Authentication containing richer information as the principal for use by
the application. Many of the authentication providers will create a
UserDetails
object as the principal.
Principal
being authenticated or the authenticated
principal after authentication.public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException
Authentication
Authentication.isAuthenticated()
for a full description.
Implementations should always allow this method to be called with a
false
parameter, as this is used by various classes to specify the
authentication token should not be trusted. If an implementation wishes to reject
an invocation with a true
parameter (which would indicate the
authentication token is trusted - a potential security risk) the implementation
should throw an IllegalArgumentException
.
setAuthenticated
in interface Authentication
setAuthenticated
in class AbstractAuthenticationToken
isAuthenticated
- true
if the token should be trusted (which may
result in an exception) or false
if the token should not be trustedIllegalArgumentException
- if an attempt to make the authentication token
trusted (by passing true
as the argument) is rejected due to the
implementation being immutable or implementing its own alternative approach to
Authentication.isAuthenticated()
public void eraseCredentials()
AbstractAuthenticationToken
credentials
, principal
and details
objects,
invoking the eraseCredentials
method on any which implement
CredentialsContainer
.eraseCredentials
in interface CredentialsContainer
eraseCredentials
in class AbstractAuthenticationToken