org.springframework.security.oauth2.server.resource

Class BearerTokenAuthenticationToken

java.lang.Object

org.springframework.security.authentication.AbstractAuthenticationToken

org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken

All Implemented Interfaces:

java.io.Serializable, java.security.Principal, Authentication, CredentialsContainer

public class BearerTokenAuthenticationToken
extends AbstractAuthenticationToken

An Authentication that contains a Bearer Token. Used by BearerTokenAuthenticationFilter to prepare an authentication attempt and supported by JwtAuthenticationProvider.

Since:

5.1

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
BearerTokenAuthenticationToken(java.lang.String token) Create a BearerTokenAuthenticationToken using the provided parameter(s)

Method Summary

Modifier and Type	Method and Description
java.lang.Object	getCredentials() The credentials that prove the principal is correct.
java.lang.Object	getPrincipal() The identity of the principal being authenticated.
java.lang.String	getToken() Get the Bearer Token

Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken

equals, eraseCredentials, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setAuthenticated, setDetails, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Detail

BearerTokenAuthenticationToken

public BearerTokenAuthenticationToken(java.lang.String token)

Create a BearerTokenAuthenticationToken using the provided parameter(s)

Parameters:

token - - the bearer token

Method Detail

getToken

public java.lang.String getToken()

Get the Bearer Token

Returns:

the token that proves the caller's authority to perform the HttpServletRequest

getCredentials

public java.lang.Object getCredentials()

The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to the AuthenticationManager. Callers are expected to populate the credentials.

Returns:

the credentials that prove the identity of the Principal

getPrincipal

public java.lang.Object getPrincipal()

The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.

The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a UserDetails object as the principal.

Returns:

the Principal being authenticated or the authenticated principal after authentication.