java.lang.Object | |
↳ | org.springframework.security.authentication.AbstractAuthenticationToken |
Known Direct Subclasses |
Known Indirect Subclasses |
Base class for Authentication
objects.
Implementations which use this class should be immutable.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Creates a token with the supplied array of authorities.
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Checks the
credentials , principal and details objects, invoking the
eraseCredentials method on any which implement CredentialsContainer . | |||||||||||
Set by an
AuthenticationManager to indicate the authorities that the principal has been
granted. | |||||||||||
Stores additional details about the authentication request.
| |||||||||||
Used to indicate to
AbstractSecurityInterceptor whether it should present the
authentication token to the AuthenticationManager . | |||||||||||
See
isAuthenticated() for a full description. | |||||||||||
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
java.security.Principal
| |||||||||||
From interface
org.springframework.security.core.Authentication
| |||||||||||
From interface
org.springframework.security.core.CredentialsContainer
|
Creates a token with the supplied array of authorities.
authorities | the collection of GrantedAuthoritys for the principal represented by this authentication object. |
---|
Checks the credentials
, principal
and details
objects, invoking the
eraseCredentials
method on any which implement CredentialsContainer
.
Set by an AuthenticationManager
to indicate the authorities that the principal has been
granted. Note that classes should not rely on this value as being valid unless it has been set by a trusted
AuthenticationManager
.
Implementations should ensure that modifications to the returned collection array do not affect the state of the Authentication object, or use an unmodifiable instance.
Stores additional details about the authentication request. These might be an IP address, certificate serial number etc.
null
if not used
Used to indicate to AbstractSecurityInterceptor
whether it should present the
authentication token to the AuthenticationManager
. Typically an AuthenticationManager
(or, more often, one of its AuthenticationProvider
s) will return an immutable authentication token
after successful authentication, in which case that token can safely return true
to this method.
Returning true
will improve performance, as calling the AuthenticationManager
for
every request will no longer be necessary.
For security reasons, implementations of this interface should be very careful about returning
true
from this method unless they are either immutable, or have some way of ensuring the properties
have not been changed since original creation.
AbstractSecurityInterceptor
does not need
to present the token to the AuthenticationManager
again for re-authentication.
See isAuthenticated()
for a full description.
Implementations should always allow this method to be called with a false
parameter,
as this is used by various classes to specify the authentication token should not be trusted.
If an implementation wishes to reject an invocation with a true
parameter (which would indicate
the authentication token is trusted - a potential security risk) the implementation should throw an
IllegalArgumentException
.
authenticated | true if the token should be trusted (which may result in an exception) or
false if the token should not be trusted |
---|