Class UsernamePasswordAuthenticationToken
- java.lang.Object
-
- org.springframework.security.authentication.AbstractAuthenticationToken
-
- org.springframework.security.authentication.UsernamePasswordAuthenticationToken
-
- All Implemented Interfaces:
java.io.Serializable
,java.security.Principal
,Authentication
,CredentialsContainer
- Direct Known Subclasses:
JaasAuthenticationToken
public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
AnAuthentication
implementation that is designed for simple presentation of a username and password.The
principal
andcredentials
should be set with anObject
that provides the respective property via itsObject.toString()
method. The simplest suchObject
to use isString
.- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials)
This constructor can be safely used by any code that wishes to create aUsernamePasswordAuthenticationToken
, as theAbstractAuthenticationToken.isAuthenticated()
will returnfalse
.UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials, java.util.Collection<? extends GrantedAuthority> authorities)
This constructor should only be used byAuthenticationManager
orAuthenticationProvider
implementations that are satisfied with producing a trusted (i.e.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static UsernamePasswordAuthenticationToken
authenticated(java.lang.Object principal, java.lang.Object credentials, java.util.Collection<? extends GrantedAuthority> authorities)
This factory method can be safely used by any code that wishes to create a authenticatedUsernamePasswordAuthenticationToken
.void
eraseCredentials()
Checks thecredentials
,principal
anddetails
objects, invoking theeraseCredentials
method on any which implementCredentialsContainer
.java.lang.Object
getCredentials()
The credentials that prove the principal is correct.java.lang.Object
getPrincipal()
The identity of the principal being authenticated.void
setAuthenticated(boolean isAuthenticated)
SeeAuthentication.isAuthenticated()
for a full description.static UsernamePasswordAuthenticationToken
unauthenticated(java.lang.Object principal, java.lang.Object credentials)
This factory method can be safely used by any code that wishes to create a unauthenticatedUsernamePasswordAuthenticationToken
.-
Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken
equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString
-
-
-
-
Constructor Detail
-
UsernamePasswordAuthenticationToken
public UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials)
This constructor can be safely used by any code that wishes to create aUsernamePasswordAuthenticationToken
, as theAbstractAuthenticationToken.isAuthenticated()
will returnfalse
.
-
UsernamePasswordAuthenticationToken
public UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials, java.util.Collection<? extends GrantedAuthority> authorities)
This constructor should only be used byAuthenticationManager
orAuthenticationProvider
implementations that are satisfied with producing a trusted (i.e.AbstractAuthenticationToken.isAuthenticated()
=true
) authentication token.- Parameters:
principal
-credentials
-authorities
-
-
-
Method Detail
-
unauthenticated
public static UsernamePasswordAuthenticationToken unauthenticated(java.lang.Object principal, java.lang.Object credentials)
This factory method can be safely used by any code that wishes to create a unauthenticatedUsernamePasswordAuthenticationToken
.- Parameters:
principal
-credentials
-- Returns:
- UsernamePasswordAuthenticationToken with false isAuthenticated() result
- Since:
- 5.7
-
authenticated
public static UsernamePasswordAuthenticationToken authenticated(java.lang.Object principal, java.lang.Object credentials, java.util.Collection<? extends GrantedAuthority> authorities)
This factory method can be safely used by any code that wishes to create a authenticatedUsernamePasswordAuthenticationToken
.- Parameters:
principal
-credentials
-- Returns:
- UsernamePasswordAuthenticationToken with true isAuthenticated() result
- Since:
- 5.7
-
getCredentials
public java.lang.Object getCredentials()
Description copied from interface:Authentication
The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to theAuthenticationManager
. Callers are expected to populate the credentials.- Returns:
- the credentials that prove the identity of the
Principal
-
getPrincipal
public java.lang.Object getPrincipal()
Description copied from interface:Authentication
The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a
UserDetails
object as the principal.- Returns:
- the
Principal
being authenticated or the authenticated principal after authentication.
-
setAuthenticated
public void setAuthenticated(boolean isAuthenticated) throws java.lang.IllegalArgumentException
Description copied from interface:Authentication
SeeAuthentication.isAuthenticated()
for a full description.Implementations should always allow this method to be called with a
false
parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with atrue
parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw anIllegalArgumentException
.- Specified by:
setAuthenticated
in interfaceAuthentication
- Overrides:
setAuthenticated
in classAbstractAuthenticationToken
- Parameters:
isAuthenticated
-true
if the token should be trusted (which may result in an exception) orfalse
if the token should not be trusted- Throws:
java.lang.IllegalArgumentException
- if an attempt to make the authentication token trusted (by passingtrue
as the argument) is rejected due to the implementation being immutable or implementing its own alternative approach toAuthentication.isAuthenticated()
-
eraseCredentials
public void eraseCredentials()
Description copied from class:AbstractAuthenticationToken
Checks thecredentials
,principal
anddetails
objects, invoking theeraseCredentials
method on any which implementCredentialsContainer
.- Specified by:
eraseCredentials
in interfaceCredentialsContainer
- Overrides:
eraseCredentials
in classAbstractAuthenticationToken
-
-