Class AbstractAuthenticationToken
- All Implemented Interfaces:
- Serializable,- Principal,- Authentication,- CredentialsContainer
- Direct Known Subclasses:
- AbstractOAuth2TokenAuthenticationToken,- AnonymousAuthenticationToken,- BearerTokenAuthenticationToken,- CasAssertionAuthenticationToken,- CasAuthenticationToken,- CasServiceTicketAuthenticationToken,- DPoPAuthenticationToken,- KerberosServiceRequestToken,- OAuth2AccessTokenAuthenticationToken,- OAuth2AuthenticationToken,- OAuth2AuthorizationCodeAuthenticationToken,- OAuth2AuthorizationCodeRequestAuthenticationToken,- OAuth2AuthorizationConsentAuthenticationToken,- OAuth2AuthorizationGrantAuthenticationToken,- OAuth2ClientAuthenticationToken,- OAuth2ClientRegistrationAuthenticationToken,- OAuth2DeviceAuthorizationRequestAuthenticationToken,- OAuth2DeviceVerificationAuthenticationToken,- OAuth2LoginAuthenticationToken,- OAuth2PushedAuthorizationRequestAuthenticationToken,- OAuth2TokenExchangeCompositeAuthenticationToken,- OAuth2TokenIntrospectionAuthenticationToken,- OAuth2TokenRevocationAuthenticationToken,- OidcClientRegistrationAuthenticationToken,- OidcLogoutAuthenticationToken,- OidcUserInfoAuthenticationToken,- OneTimeTokenAuthentication,- OneTimeTokenAuthenticationToken,- PreAuthenticatedAuthenticationToken,- RememberMeAuthenticationToken,- RunAsUserToken,- Saml2Authentication,- Saml2AuthenticationToken,- TestingAuthenticationToken,- UsernamePasswordAuthenticationToken,- WebAuthnAuthentication,- WebAuthnAuthenticationRequestToken
Authentication objects.
 Implementations which use this class should be immutable.
- See Also:
- 
Nested Class SummaryNested ClassesModifier and TypeClassDescriptionprotected static classAbstractAuthenticationToken.AbstractAuthenticationBuilder<B extends AbstractAuthenticationToken.AbstractAuthenticationBuilder<B>>A common abstract implementation ofAuthentication.Builder.Nested classes/interfaces inherited from interface org.springframework.security.core.AuthenticationAuthentication.Builder<B extends Authentication.Builder<B>>
- 
Constructor SummaryConstructorsModifierConstructorDescriptionAbstractAuthenticationToken(@Nullable Collection<? extends GrantedAuthority> authorities) Creates a token with the supplied array of authorities.protected
- 
Method SummaryModifier and TypeMethodDescriptionbooleanvoidChecks thecredentials,principalanddetailsobjects, invoking theeraseCredentialsmethod on any which implementCredentialsContainer.Set by anAuthenticationManagerto indicate the authorities that the principal has been granted.@Nullable ObjectStores additional details about the authentication request.getName()inthashCode()booleanUsed to indicate toAbstractSecurityInterceptorwhether it should present the authentication token to theAuthenticationManager.voidsetAuthenticated(boolean authenticated) SeeAuthentication.isAuthenticated()for a full description.voidsetDetails(@Nullable Object details) toString()Methods inherited from class java.lang.Objectclone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.springframework.security.core.AuthenticationgetCredentials, getPrincipal, toBuilder
- 
Constructor Details- 
AbstractAuthenticationTokenCreates a token with the supplied array of authorities.- Parameters:
- authorities- the collection of GrantedAuthoritys for the principal represented by this authentication object.
 
- 
AbstractAuthenticationTokenprotected AbstractAuthenticationToken(AbstractAuthenticationToken.AbstractAuthenticationBuilder<?> builder) 
 
- 
- 
Method Details- 
getAuthoritiesDescription copied from interface:AuthenticationSet by anAuthenticationManagerto indicate the authorities that the principal has been granted. Note that classes should not rely on this value as being valid unless it has been set by a trustedAuthenticationManager.Implementations should ensure that modifications to the returned collection array do not affect the state of the Authentication object, or use an unmodifiable instance. - Specified by:
- getAuthoritiesin interface- Authentication
- Returns:
- the authorities granted to the principal, or an empty collection if the token has not been authenticated. Never null.
 
- 
getName
- 
isAuthenticatedpublic boolean isAuthenticated()Description copied from interface:AuthenticationUsed to indicate toAbstractSecurityInterceptorwhether it should present the authentication token to theAuthenticationManager. Typically anAuthenticationManager(or, more often, one of itsAuthenticationProviders) will return an immutable authentication token after successful authentication, in which case that token can safely returntrueto this method. Returningtruewill improve performance, as calling theAuthenticationManagerfor every request will no longer be necessary.For security reasons, implementations of this interface should be very careful about returning truefrom this method unless they are either immutable, or have some way of ensuring the properties have not been changed since original creation.- Specified by:
- isAuthenticatedin interface- Authentication
- Returns:
- true if the token has been authenticated and the
 AbstractSecurityInterceptordoes not need to present the token to theAuthenticationManageragain for re-authentication.
 
- 
setAuthenticatedpublic void setAuthenticated(boolean authenticated) Description copied from interface:AuthenticationSeeAuthentication.isAuthenticated()for a full description.Implementations should always allow this method to be called with a falseparameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with atrueparameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw anIllegalArgumentException.- Specified by:
- setAuthenticatedin interface- Authentication
- Parameters:
- authenticated-- trueif the token should be trusted (which may result in an exception) or- falseif the token should not be trusted
 
- 
getDetailsDescription copied from interface:AuthenticationStores additional details about the authentication request. These might be an IP address, certificate serial number etc.- Specified by:
- getDetailsin interface- Authentication
- Returns:
- additional details about the authentication request, or nullif not used
 
- 
setDetails
- 
eraseCredentialspublic void eraseCredentials()Checks thecredentials,principalanddetailsobjects, invoking theeraseCredentialsmethod on any which implementCredentialsContainer.- Specified by:
- eraseCredentialsin interface- CredentialsContainer
 
- 
equals
- 
hashCodepublic int hashCode()
- 
toString
 
-