UsernamePasswordAuthenticationToken xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.springframework.security.providers;
17  
18  import org.springframework.security.GrantedAuthority;
19  
20  
21  /**
22   * An {@link org.springframework.security.Authentication} implementation that is designed for simple presentation of a
23   * username and password.
24   * <p>The <code>principal</code> and <code>credentials</code> should be set with an <code>Object</code> that provides
25   * the respective property via its <code>Object.toString()</code> method. The simplest such <code>Object</code> to use
26   * is <code>String</code>.</p>
27   *
28   * @author Ben Alex
29   * @version $Id: UsernamePasswordAuthenticationToken.java 2267 2007-11-24 20:13:29Z luke_t $
30   */
31  public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
32      //~ Instance fields ================================================================================================
33  
34      private static final long serialVersionUID = 1L;
35      private Object credentials;
36      private Object principal;
37  
38      //~ Constructors ===================================================================================================
39  
40      /**
41       * This constructor can be safely used by any code that wishes to create a
42       * <code>UsernamePasswordAuthenticationToken</code>, as the {@link
43       * #isAuthenticated()} will return <code>false</code>.
44       *
45       */
46      public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
47          super(null);
48          this.principal = principal;
49          this.credentials = credentials;
50          setAuthenticated(false);
51      }
52  
53      /**
54       * This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
55       * implementations that are satisfied with producing a trusted (ie {@link #isAuthenticated()} = <code>true</code>)
56       * authentication token.
57       *
58       * @param principal
59       * @param credentials
60       * @param authorities
61       */
62      public UsernamePasswordAuthenticationToken(Object principal, Object credentials, GrantedAuthority[] authorities) {
63          super(authorities);
64          this.principal = principal;
65          this.credentials = credentials;
66          super.setAuthenticated(true); // must use super, as we override
67      }
68  
69      //~ Methods ========================================================================================================
70  
71      public Object getCredentials() {
72          return this.credentials;
73      }
74  
75      public Object getPrincipal() {
76          return this.principal;
77      }
78  
79      public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
80          if (isAuthenticated) {
81              throw new IllegalArgumentException(
82                  "Cannot set this token to trusted - use constructor containing GrantedAuthority[]s instead");
83          }
84  
85          super.setAuthenticated(false);
86      }
87  }