public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
Authentication
implementation that is designed for simple presentation of a
username and password.
The principal
and credentials
should be set with an Object
that provides
the respective property via its Object.toString()
method. The simplest such Object
to use
is String
.
Constructor and Description |
---|
UsernamePasswordAuthenticationToken(java.lang.Object principal,
java.lang.Object credentials)
This constructor can be safely used by any code that wishes to create a
UsernamePasswordAuthenticationToken , as the AbstractAuthenticationToken.isAuthenticated() will return false . |
UsernamePasswordAuthenticationToken(java.lang.Object principal,
java.lang.Object credentials,
GrantedAuthority[] authorities)
This constructor should only be used by
AuthenticationManager or AuthenticationProvider
implementations that are satisfied with producing a trusted (ie AbstractAuthenticationToken.isAuthenticated() = true )
authentication token. |
Modifier and Type | Method and Description |
---|---|
java.lang.Object |
getCredentials()
The credentials that prove the principal is correct.
|
java.lang.Object |
getPrincipal()
The identity of the principal being authenticated.
|
void |
setAuthenticated(boolean isAuthenticated)
See
Authentication.isAuthenticated() for a full description. |
equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString
public UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials)
UsernamePasswordAuthenticationToken
, as the AbstractAuthenticationToken.isAuthenticated()
will return false
.public UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials, GrantedAuthority[] authorities)
AuthenticationManager
or AuthenticationProvider
implementations that are satisfied with producing a trusted (ie AbstractAuthenticationToken.isAuthenticated()
= true
)
authentication token.principal
- credentials
- authorities
- public java.lang.Object getCredentials()
Authentication
AuthenticationManager
. Callers are expected to populate the credentials.Principal
public java.lang.Object getPrincipal()
Authentication
Principal
being authenticatedpublic void setAuthenticated(boolean isAuthenticated) throws java.lang.IllegalArgumentException
Authentication
Authentication.isAuthenticated()
for a full description.Implementations should always allow this
method to be called with a false
parameter, as this is used by various classes to specify the
authentication token should not be trusted. If an implementation wishes to reject an invocation with a
true
parameter (which would indicate the authentication token is trusted - a potential security
risk) the implementation should throw an IllegalArgumentException
.
setAuthenticated
in interface Authentication
setAuthenticated
in class AbstractAuthenticationToken
isAuthenticated
- true
if the token should be trusted (which may result in an exception) or
false
if the token should not be trustedjava.lang.IllegalArgumentException
- if an attempt to make the authentication token trusted (by passing
true
as the argument) is rejected due to the implementation being immutable or
implementing its own alternative approach to Authentication.isAuthenticated()