AbstractAuthenticationToken (spring-security-docs-manual 5.4.2 API)

java.lang.Object
- org.springframework.security.authentication.AbstractAuthenticationToken

All Implemented Interfaces:

java.io.Serializable, java.security.Principal, Authentication, CredentialsContainer

Direct Known Subclasses:

AbstractOAuth2TokenAuthenticationToken, AnonymousAuthenticationToken, BearerTokenAuthenticationToken, CasAssertionAuthenticationToken, CasAuthenticationToken, OAuth2AuthenticationToken, OAuth2AuthorizationCodeAuthenticationToken, OAuth2LoginAuthenticationToken, OpenIDAuthenticationToken, PreAuthenticatedAuthenticationToken, RememberMeAuthenticationToken, RunAsUserToken, Saml2Authentication, Saml2AuthenticationToken, TestingAuthenticationToken, UsernamePasswordAuthenticationToken
```
public abstract class AbstractAuthenticationToken
extends java.lang.Object
implements Authentication, CredentialsContainer
```
Base class for Authentication objects.
Implementations which use this class should be immutable.

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description

AbstractAuthenticationToken(java.util.Collection<? extends GrantedAuthority> authorities)
Creates a token with the supplied array of authorities.

Constructors
Constructor and Description
`AbstractAuthenticationToken(java.util.Collection<? extends GrantedAuthority> authorities)` Creates a token with the supplied array of authorities.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`equals(java.lang.Object obj)`
`void`	`eraseCredentials()` Checks the `credentials`, `principal` and `details` objects, invoking the `eraseCredentials` method on any which implement `CredentialsContainer`.
`java.util.Collection<GrantedAuthority>`	`getAuthorities()` Set by an `AuthenticationManager` to indicate the authorities that the principal has been granted.
`java.lang.Object`	`getDetails()` Stores additional details about the authentication request.
`java.lang.String`	`getName()`
`int`	`hashCode()`
`boolean`	`isAuthenticated()` Used to indicate to `AbstractSecurityInterceptor` whether it should present the authentication token to the `AuthenticationManager`.
`void`	`setAuthenticated(boolean authenticated)` See `Authentication.isAuthenticated()` for a full description.
`void`	`setDetails(java.lang.Object details)`
`java.lang.String`	`toString()`

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.springframework.security.core.Authentication
getCredentials, getPrincipal

Methods inherited from interface java.security.Principal
implies

- Constructor Detail
  - AbstractAuthenticationToken
```
public AbstractAuthenticationToken(java.util.Collection<? extends GrantedAuthority> authorities)
```
    Creates a token with the supplied array of authorities.
    
    Parameters:
    
    authorities - the collection of GrantedAuthoritys for the principal represented by this authentication object.
- Method Detail
  - getAuthorities
```
public java.util.Collection<GrantedAuthority> getAuthorities()
```
    Description copied from interface: Authentication
    
    Set by an AuthenticationManager to indicate the authorities that the principal has been granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted AuthenticationManager.
    Implementations should ensure that modifications to the returned collection array do not affect the state of the Authentication object, or use an unmodifiable instance.
    
    Specified by:
    
    getAuthorities in interface Authentication
    
    Returns:
    
    the authorities granted to the principal, or an empty collection if the token has not been authenticated. Never null.
  - getName
```
public java.lang.String getName()
```
    Specified by:
    
    getName in interface java.security.Principal
  - isAuthenticated
```
public boolean isAuthenticated()
```
    Description copied from interface: Authentication
    
    Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager. Typically an AuthenticationManager (or, more often, one of its AuthenticationProviders) will return an immutable authentication token after successful authentication, in which case that token can safely return true to this method. Returning true will improve performance, as calling the AuthenticationManager for every request will no longer be necessary.
    For security reasons, implementations of this interface should be very careful about returning true from this method unless they are either immutable, or have some way of ensuring the properties have not been changed since original creation.
    
    Specified by:
    
    isAuthenticated in interface Authentication
    
    Returns:
    
    true if the token has been authenticated and the AbstractSecurityInterceptor does not need to present the token to the AuthenticationManager again for re-authentication.
  - setAuthenticated
```
public void setAuthenticated(boolean authenticated)
```
    Description copied from interface: Authentication
    
    See Authentication.isAuthenticated() for a full description.
    Implementations should always allow this method to be called with a false parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with a true parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw an IllegalArgumentException.
    
    Specified by:
    
    setAuthenticated in interface Authentication
    
    Parameters:
    
    authenticated - true if the token should be trusted (which may result in an exception) or false if the token should not be trusted
  - getDetails
```
public java.lang.Object getDetails()
```
    Description copied from interface: Authentication
    
    Stores additional details about the authentication request. These might be an IP address, certificate serial number etc.
    
    Specified by:
    
    getDetails in interface Authentication
    
    Returns:
    
    additional details about the authentication request, or null if not used
  - setDetails
```
public void setDetails(java.lang.Object details)
```
  - eraseCredentials
```
public void eraseCredentials()
```
    Checks the credentials, principal and details objects, invoking the eraseCredentials method on any which implement CredentialsContainer.
    
    Specified by:
    
    eraseCredentials in interface CredentialsContainer
  - equals
```
public boolean equals(java.lang.Object obj)
```
    Specified by:
    
    equals in interface java.security.Principal
    
    Overrides:
    
    equals in class java.lang.Object
  - hashCode
```
public int hashCode()
```
    Specified by:
    
    hashCode in interface java.security.Principal
    
    Overrides:
    
    hashCode in class java.lang.Object
  - toString
```
public java.lang.String toString()
```
    Specified by:
    
    toString in interface java.security.Principal
    
    Overrides:
    
    toString in class java.lang.Object

Class AbstractAuthenticationToken

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.springframework.security.core.Authentication

Methods inherited from interface java.security.Principal

Constructor Detail

AbstractAuthenticationToken

Method Detail

getAuthorities

getName

isAuthenticated

setAuthenticated

getDetails

setDetails

eraseCredentials

equals

hashCode

toString