Class User
- java.lang.Object
-
- org.springframework.security.core.userdetails.User
-
- All Implemented Interfaces:
java.io.Serializable
,CredentialsContainer
,UserDetails
public class User extends java.lang.Object implements UserDetails, CredentialsContainer
Models core user information retrieved by aUserDetailsService
.Developers may use this class directly, subclass it, or write their own
UserDetails
implementation from scratch.equals
andhashcode
implementations are based on theusername
property only, as the intention is that lookups of the same user principal object (in a user registry, for example) will match where the objects represent the same user, not just when all the properties (authorities, password for example) are the same.Note that this implementation is not immutable. It implements the
CredentialsContainer
interface, in order to allow the password to be erased after authentication. This may cause side-effects if you are storing instances in-memory and reusing them. If so, make sure you return a copy from yourUserDetailsService
each time it is invoked.- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
User.UserBuilder
Builds the user to be added.
-
Constructor Summary
Constructors Constructor Description User(java.lang.String username, java.lang.String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, java.util.Collection<? extends GrantedAuthority> authorities)
Construct theUser
with the details required byDaoAuthenticationProvider
.User(java.lang.String username, java.lang.String password, java.util.Collection<? extends GrantedAuthority> authorities)
Calls the more complex constructor with all boolean arguments set totrue
.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static User.UserBuilder
builder()
Creates a UserBuilderboolean
equals(java.lang.Object obj)
Returnstrue
if the supplied object is aUser
instance with the sameusername
value.void
eraseCredentials()
java.util.Collection<GrantedAuthority>
getAuthorities()
Returns the authorities granted to the user.java.lang.String
getPassword()
Returns the password used to authenticate the user.java.lang.String
getUsername()
Returns the username used to authenticate the user.int
hashCode()
Returns the hashcode of theusername
.boolean
isAccountNonExpired()
Indicates whether the user's account has expired.boolean
isAccountNonLocked()
Indicates whether the user is locked or unlocked.boolean
isCredentialsNonExpired()
Indicates whether the user's credentials (password) has expired.boolean
isEnabled()
Indicates whether the user is enabled or disabled.java.lang.String
toString()
static User.UserBuilder
withDefaultPasswordEncoder()
Deprecated.Using this method is not considered safe for production, but is acceptable for demos and getting started.static User.UserBuilder
withUserDetails(UserDetails userDetails)
static User.UserBuilder
withUsername(java.lang.String username)
Creates a UserBuilder with a specified user name
-
-
-
Constructor Detail
-
User
public User(java.lang.String username, java.lang.String password, java.util.Collection<? extends GrantedAuthority> authorities)
Calls the more complex constructor with all boolean arguments set totrue
.
-
User
public User(java.lang.String username, java.lang.String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, java.util.Collection<? extends GrantedAuthority> authorities)
Construct theUser
with the details required byDaoAuthenticationProvider
.- Parameters:
username
- the username presented to theDaoAuthenticationProvider
password
- the password that should be presented to theDaoAuthenticationProvider
enabled
- set totrue
if the user is enabledaccountNonExpired
- set totrue
if the account has not expiredcredentialsNonExpired
- set totrue
if the credentials have not expiredaccountNonLocked
- set totrue
if the account is not lockedauthorities
- the authorities that should be granted to the caller if they presented the correct username and password and the user is enabled. Not null.- Throws:
java.lang.IllegalArgumentException
- if anull
value was passed either as a parameter or as an element in theGrantedAuthority
collection
-
-
Method Detail
-
getAuthorities
public java.util.Collection<GrantedAuthority> getAuthorities()
Description copied from interface:UserDetails
Returns the authorities granted to the user. Cannot returnnull
.- Specified by:
getAuthorities
in interfaceUserDetails
- Returns:
- the authorities, sorted by natural key (never
null
)
-
getPassword
public java.lang.String getPassword()
Description copied from interface:UserDetails
Returns the password used to authenticate the user.- Specified by:
getPassword
in interfaceUserDetails
- Returns:
- the password
-
getUsername
public java.lang.String getUsername()
Description copied from interface:UserDetails
Returns the username used to authenticate the user. Cannot returnnull
.- Specified by:
getUsername
in interfaceUserDetails
- Returns:
- the username (never
null
)
-
isEnabled
public boolean isEnabled()
Description copied from interface:UserDetails
Indicates whether the user is enabled or disabled. A disabled user cannot be authenticated.- Specified by:
isEnabled
in interfaceUserDetails
- Returns:
true
if the user is enabled,false
otherwise
-
isAccountNonExpired
public boolean isAccountNonExpired()
Description copied from interface:UserDetails
Indicates whether the user's account has expired. An expired account cannot be authenticated.- Specified by:
isAccountNonExpired
in interfaceUserDetails
- Returns:
true
if the user's account is valid (ie non-expired),false
if no longer valid (ie expired)
-
isAccountNonLocked
public boolean isAccountNonLocked()
Description copied from interface:UserDetails
Indicates whether the user is locked or unlocked. A locked user cannot be authenticated.- Specified by:
isAccountNonLocked
in interfaceUserDetails
- Returns:
true
if the user is not locked,false
otherwise
-
isCredentialsNonExpired
public boolean isCredentialsNonExpired()
Description copied from interface:UserDetails
Indicates whether the user's credentials (password) has expired. Expired credentials prevent authentication.- Specified by:
isCredentialsNonExpired
in interfaceUserDetails
- Returns:
true
if the user's credentials are valid (ie non-expired),false
if no longer valid (ie expired)
-
eraseCredentials
public void eraseCredentials()
- Specified by:
eraseCredentials
in interfaceCredentialsContainer
-
equals
public boolean equals(java.lang.Object obj)
Returnstrue
if the supplied object is aUser
instance with the sameusername
value.In other words, the objects are equal if they have the same username, representing the same principal.
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
Returns the hashcode of theusername
.- Overrides:
hashCode
in classjava.lang.Object
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
withUsername
public static User.UserBuilder withUsername(java.lang.String username)
Creates a UserBuilder with a specified user name- Parameters:
username
- the username to use- Returns:
- the UserBuilder
-
builder
public static User.UserBuilder builder()
Creates a UserBuilder- Returns:
- the UserBuilder
-
withDefaultPasswordEncoder
@Deprecated public static User.UserBuilder withDefaultPasswordEncoder()
Deprecated.Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.WARNING: This method is considered unsafe for production and is only intended for sample applications.
Creates a user and automatically encodes the provided password using
PasswordEncoderFactories.createDelegatingPasswordEncoder()
. For example:UserDetails user = User.withDefaultPasswordEncoder() .username("user") .password("password") .roles("USER") .build(); // outputs {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG System.out.println(user.getPassword());
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); // outputs {bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG // remember the password that is printed out and use in the next step System.out.println(encoder.encode("password"));
UserDetails user = User.withUsername("user") .password("{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG") .roles("USER") .build();
- Returns:
- a UserBuilder that automatically encodes the password with the default PasswordEncoder
-
withUserDetails
public static User.UserBuilder withUserDetails(UserDetails userDetails)
-
-