UsernamePasswordAuthenticationToken

extends AbstractAuthenticationToken

java.lang.Object
↳	org.springframework.security.authentication.AbstractAuthenticationToken
	↳	org.springframework.security.authentication.UsernamePasswordAuthenticationToken

Known Direct Subclasses

JaasAuthenticationToken

Class Overview

An Authentication implementation that is designed for simple presentation of a username and password.

The principal and credentials should be set with an Object that provides the respective property via its Object.toString() method. The simplest such Object to use is String.

Summary

Public Constructors
	UsernamePasswordAuthenticationToken(Object principal, Object credentials) This constructor can be safely used by any code that wishes to create a `UsernamePasswordAuthenticationToken`, as the `isAuthenticated()` will return `false`.
	UsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) This constructor should only be used by `AuthenticationManager` or `AuthenticationProvider` implementations that are satisfied with producing a trusted (i.e.

Public Methods
void	eraseCredentials() Checks the `credentials`, `principal` and `details` objects, invoking the `eraseCredentials` method on any which implement `CredentialsContainer`.
Object	getCredentials()
Object	getPrincipal()
void	setAuthenticated(boolean isAuthenticated) See `isAuthenticated()` for a full description.

[Expand]

Inherited Methods

From class org.springframework.security.authentication.AbstractAuthenticationToken

From class java.lang.Object

From interface java.security.Principal

From interface org.springframework.security.core.Authentication

From interface org.springframework.security.core.CredentialsContainer

Public Constructors

public UsernamePasswordAuthenticationToken (Object principal, Object credentials)

This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the isAuthenticated() will return false.

public UsernamePasswordAuthenticationToken (Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities)

This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e. isAuthenticated() = true) authentication token.

Public Methods

public void eraseCredentials ()

Checks the credentials, principal and details objects, invoking the eraseCredentials method on any which implement CredentialsContainer.

public Object getCredentials ()

public Object getPrincipal ()

public void setAuthenticated (boolean isAuthenticated)

See isAuthenticated() for a full description.

Implementations should always allow this method to be called with a false parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with a true parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw an IllegalArgumentException.

Parameters

isAuthenticated	`true` if the token should be trusted (which may result in an exception) or `false` if the token should not be trusted

Throws

IllegalArgumentException

Interfaces

Classes

Exceptions