org.springframework.security.providers

Class UsernamePasswordAuthenticationToken

java.lang.Object

org.springframework.security.providers.AbstractAuthenticationToken

org.springframework.security.providers.UsernamePasswordAuthenticationToken

All Implemented Interfaces:

java.io.Serializable, java.security.Principal, Authentication

Direct Known Subclasses:

JaasAuthenticationToken, NtlmUsernamePasswordAuthenticationToken

public class UsernamePasswordAuthenticationToken
extends AbstractAuthenticationToken

An Authentication implementation that is designed for simple presentation of a username and password.

The principal and credentials should be set with an Object that provides the respective property via its Object.toString() method. The simplest such Object to use is String.

Version:

$Id$

Author:

Ben Alex

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials) This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.
UsernamePasswordAuthenticationToken(java.lang.Object principal, java.lang.Object credentials, GrantedAuthority[] authorities) This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (ie AbstractAuthenticationToken.isAuthenticated() = true) authentication token.

Method Summary

Methods

Modifier and Type	Method and Description
java.lang.Object	getCredentials() The credentials that prove the principal is correct.
java.lang.Object	getPrincipal() The identity of the principal being authenticated.
void	setAuthenticated(boolean isAuthenticated) See Authentication.isAuthenticated() for a full description.

Methods inherited from class org.springframework.security.providers.AbstractAuthenticationToken

equals, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setDetails, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

UsernamePasswordAuthenticationToken

public UsernamePasswordAuthenticationToken(java.lang.Object principal,
                                   java.lang.Object credentials)

This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.

UsernamePasswordAuthenticationToken

public UsernamePasswordAuthenticationToken(java.lang.Object principal,
                                   java.lang.Object credentials,
                                   GrantedAuthority[] authorities)

This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (ie AbstractAuthenticationToken.isAuthenticated() = true) authentication token.

Parameters:

principal -

credentials -

authorities -

Method Detail

getCredentials

public java.lang.Object getCredentials()

Description copied from interface: Authentication

The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to the AuthenticationManager. Callers are expected to populate the credentials.

Returns:

the credentials that prove the identity of the Principal

getPrincipal

public java.lang.Object getPrincipal()

Description copied from interface: Authentication

The identity of the principal being authenticated. This is usually a username. Callers are expected to populate the principal.

Returns:

the Principal being authenticated

setAuthenticated

public void setAuthenticated(boolean isAuthenticated)
                      throws java.lang.IllegalArgumentException

Description copied from interface: Authentication

See Authentication.isAuthenticated() for a full description.

Implementations should always allow this method to be called with a false parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with a true parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw an IllegalArgumentException.

Specified by:

setAuthenticated in interface Authentication

Overrides:

setAuthenticated in class AbstractAuthenticationToken

Parameters:

isAuthenticated - true if the token should be trusted (which may result in an exception) or false if the token should not be trusted

Throws:

java.lang.IllegalArgumentException - if an attempt to make the authentication token trusted (by passing true as the argument) is rejected due to the implementation being immutable or implementing its own alternative approach to Authentication.isAuthenticated()