1 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 package org.springframework.security.providers;
17
18 import org.springframework.security.GrantedAuthority;
19
20
21 /**
22 * An {@link org.springframework.security.Authentication} implementation that is designed for simple presentation of a
23 * username and password.
24 * <p>The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
25 * the respective property via its <code>Object.toString()</code> method. The simplest such <code>Object</code> to use
26 * is <code>String</code>.</p>
27 *
28 * @author Ben Alex
29 * @version $Id: UsernamePasswordAuthenticationToken.java 2267 2007-11-24 20:13:29Z luke_t $
30 */
31 public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
32 //~ Instance fields ================================================================================================
33
34 private static final long serialVersionUID = 1L;
35 private Object credentials;
36 private Object principal;
37
38 //~ Constructors ===================================================================================================
39
40 /**
41 * This constructor can be safely used by any code that wishes to create a
42 * <code>UsernamePasswordAuthenticationToken</code>, as the {@link
43 * #isAuthenticated()} will return <code>false</code>.
44 *
45 */
46 public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
47 super(null);
48 this.principal = principal;
49 this.credentials = credentials;
50 setAuthenticated(false);
51 }
52
53 /**
54 * This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
55 * implementations that are satisfied with producing a trusted (ie {@link #isAuthenticated()} = <code>true</code>)
56 * authentication token.
57 *
58 * @param principal
59 * @param credentials
60 * @param authorities
61 */
62 public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) {
63 super(authorities);
64 this.principal = principal;
65 this.credentials = credentials;
66 super.setAuthenticated(true); // must use super, as we override
67 }
68
69 //~ Methods ========================================================================================================
70
71 public Object getCredentials() {
72 return this.credentials;
73 }
74
75 public Object getPrincipal() {
76 return this.principal;
77 }
78
79 public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
80 if (isAuthenticated) {
81 throw new IllegalArgumentException(
82 "Cannot set this token to trusted - use constructor containing GrantedAuthority[]s instead");
83 }
84
85 super.setAuthenticated(false);
86 }
87 }