public abstract class AbstractAuthenticationToken extends Object implements Authentication, CredentialsContainer
Authentication
objects.
Implementations which use this class should be immutable.
Constructor and Description |
---|
AbstractAuthenticationToken(Collection<? extends GrantedAuthority> authorities)
Creates a token with the supplied array of authorities.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object obj) |
void |
eraseCredentials()
Checks the
credentials , principal and details objects,
invoking the eraseCredentials method on any which implement
CredentialsContainer . |
Collection<GrantedAuthority> |
getAuthorities()
Set by an
AuthenticationManager to indicate the authorities that the
principal has been granted. |
Object |
getDetails()
Stores additional details about the authentication request.
|
String |
getName() |
int |
hashCode() |
boolean |
isAuthenticated()
Used to indicate to
AbstractSecurityInterceptor whether it should present
the authentication token to the AuthenticationManager . |
void |
setAuthenticated(boolean authenticated)
See
Authentication.isAuthenticated() for a full description. |
void |
setDetails(Object details) |
String |
toString() |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
getCredentials, getPrincipal
public AbstractAuthenticationToken(Collection<? extends GrantedAuthority> authorities)
authorities
- the collection of GrantedAuthoritys for the principal
represented by this authentication object.public Collection<GrantedAuthority> getAuthorities()
Authentication
AuthenticationManager
to indicate the authorities that the
principal has been granted. Note that classes should not rely on this value as
being valid unless it has been set by a trusted AuthenticationManager
.
Implementations should ensure that modifications to the returned collection array do not affect the state of the Authentication object, or use an unmodifiable instance.
getAuthorities
in interface Authentication
public boolean isAuthenticated()
Authentication
AbstractSecurityInterceptor
whether it should present
the authentication token to the AuthenticationManager
. Typically an
AuthenticationManager
(or, more often, one of its
AuthenticationProvider
s) will return an immutable authentication token
after successful authentication, in which case that token can safely return
true
to this method. Returning true
will improve
performance, as calling the AuthenticationManager
for every request
will no longer be necessary.
For security reasons, implementations of this interface should be very careful
about returning true
from this method unless they are either
immutable, or have some way of ensuring the properties have not been changed since
original creation.
isAuthenticated
in interface Authentication
AbstractSecurityInterceptor
does not need to present the token to the
AuthenticationManager
again for re-authentication.public void setAuthenticated(boolean authenticated)
Authentication
Authentication.isAuthenticated()
for a full description.
Implementations should always allow this method to be called with a
false
parameter, as this is used by various classes to specify the
authentication token should not be trusted. If an implementation wishes to reject
an invocation with a true
parameter (which would indicate the
authentication token is trusted - a potential security risk) the implementation
should throw an IllegalArgumentException
.
setAuthenticated
in interface Authentication
authenticated
- true
if the token should be trusted (which may
result in an exception) or false
if the token should not be trustedpublic Object getDetails()
Authentication
getDetails
in interface Authentication
null
if not usedpublic void setDetails(Object details)
public void eraseCredentials()
credentials
, principal
and details
objects,
invoking the eraseCredentials
method on any which implement
CredentialsContainer
.eraseCredentials
in interface CredentialsContainer
public boolean equals(Object obj)
public int hashCode()