java.lang.Object | ||
↳ | org.springframework.security.authentication.AbstractAuthenticationToken | |
↳ | org.springframework.security.authentication.UsernamePasswordAuthenticationToken |
Known Direct Subclasses |
An Authentication
implementation that is designed for simple presentation
of a username and password.
The principal
and credentials
should be set with an Object
that provides
the respective property via its Object.toString()
method. The simplest such Object
to use
is String
.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This constructor can be safely used by any code that wishes to create a
UsernamePasswordAuthenticationToken , as the isAuthenticated() will return false . | |||||||||||
This constructor should only be used by
AuthenticationManager or AuthenticationProvider
implementations that are satisfied with producing a trusted (i.e. |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Checks the
credentials , principal and details objects, invoking the
eraseCredentials method on any which implement CredentialsContainer . | |||||||||||
See
isAuthenticated() for a full description. |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
org.springframework.security.authentication.AbstractAuthenticationToken
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
java.security.Principal
| |||||||||||
From interface
org.springframework.security.core.Authentication
| |||||||||||
From interface
org.springframework.security.core.CredentialsContainer
|
This constructor can be safely used by any code that wishes to create a
UsernamePasswordAuthenticationToken
, as the isAuthenticated()
will return false
.
This constructor should only be used by AuthenticationManager
or AuthenticationProvider
implementations that are satisfied with producing a trusted (i.e. isAuthenticated()
= true
)
authentication token.
Checks the credentials
, principal
and details
objects, invoking the
eraseCredentials
method on any which implement CredentialsContainer
.
See isAuthenticated()
for a full description.
Implementations should always allow this method to be called with a false
parameter,
as this is used by various classes to specify the authentication token should not be trusted.
If an implementation wishes to reject an invocation with a true
parameter (which would indicate
the authentication token is trusted - a potential security risk) the implementation should throw an
IllegalArgumentException
.
isAuthenticated | true if the token should be trusted (which may result in an exception) or
false if the token should not be trusted |
---|
IllegalArgumentException |
---|