Package org.springframework.security.authentication

Class AuthenticationTrustResolverImpl

  • All Implemented Interfaces:
    AuthenticationTrustResolver
    public class AuthenticationTrustResolverImpl
extends java.lang.Object
implements AuthenticationTrustResolver
    Basic implementation of AuthenticationTrustResolver.

    Makes trust decisions based on whether the passed Authentication is an instance of a defined class.

    If anonymousClass or rememberMeClass is null, the corresponding method will always return false.

    • Constructor Detail

      • AuthenticationTrustResolverImpl

        public AuthenticationTrustResolverImpl()

    • Method Detail

      • isAnonymous

        public boolean isAnonymous​(Authentication authentication)
        Description copied from interface: AuthenticationTrustResolver
        Indicates whether the passed Authentication token represents an anonymous user. Typically the framework will call this method if it is trying to decide whether an AccessDeniedException should result in a final rejection (i.e. as would be the case if the principal was non-anonymous/fully authenticated) or direct the principal to attempt actual authentication (i.e. as would be the case if the Authentication was merely anonymous).
        Specified by:
        isAnonymous in interface AuthenticationTrustResolver
        Parameters:
        authentication - to test (may be null in which case the method will always return false)
        Returns:
        true the passed authentication token represented an anonymous principal, false otherwise

      • isRememberMe

        public boolean isRememberMe​(Authentication authentication)
        Description copied from interface: AuthenticationTrustResolver
        Indicates whether the passed Authentication token represents user that has been remembered (i.e. not a user that has been fully authenticated).

        The method is provided to assist with custom AccessDecisionVoters and the like that you might develop. Of course, you don't need to use this method either and can develop your own "trust level" hierarchy instead.

        Specified by:
        isRememberMe in interface AuthenticationTrustResolver
        Parameters:
        authentication - to test (may be null in which case the method will always return false)
        Returns:
        true the passed authentication token represented a principal authenticated using a remember-me token, false otherwise

      • setAnonymousClass

        public void setAnonymousClass​(java.lang.Class<? extends Authentication> anonymousClass)

      • setRememberMeClass

        public void setRememberMeClass​(java.lang.Class<? extends Authentication> rememberMeClass)