Interface AuthenticationToken
-
- All Superinterfaces:
Serializable
- All Known Subinterfaces:
HostAuthenticationToken
,RememberMeAuthenticationToken
- All Known Implementing Classes:
BearerToken
,UsernamePasswordToken
public interface AuthenticationToken extends Serializable
An AuthenticationToken is a consolidation of an account's principals and supporting credentials submitted by a user during an authentication attempt.
The token is submitted to an
Authenticator
via theauthenticate(token)
method. The Authenticator then executes the authentication/log-in process.Common implementations of an AuthenticationToken would have username/password pairs, X.509 Certificate, PGP key, or anything else you can think of. The token can be anything needed by an
Authenticator
to authenticate properly.Because applications represent user data and credentials in different ways, implementations of this interface are application-specific. You are free to acquire a user's principals and credentials however you wish (e.g. web form, Swing form, fingerprint identification, etc) and then submit them to the Shiro framework in the form of an implementation of this interface.
If your application's authentication process is username/password based (like most), instead of implementing this interface yourself, take a look at the
UsernamePasswordToken
class, as it is probably sufficient for your needs.RememberMe services are enabled for a token if they implement a sub-interface of this one, called
RememberMeAuthenticationToken
. Implement that interface if you need RememberMe services (the UsernamePasswordToken already implements this interface).If you are familiar with JAAS, an AuthenticationToken replaces the concept of a
Callback
, and defines meaningful behavior (Callback is just a marker interface, and of little use). We also think the name AuthenticationToken more accurately reflects its true purpose in a login framework, whereas Callback is less obvious.- Since:
- 0.1
- See Also:
RememberMeAuthenticationToken
,HostAuthenticationToken
,UsernamePasswordToken
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Object
getCredentials()
Returns the credentials submitted by the user during the authentication process that verifies the submittedaccount identity
.Object
getPrincipal()
Returns the account identity submitted during the authentication process.
-
-
-
Method Detail
-
getPrincipal
Object getPrincipal()
Returns the account identity submitted during the authentication process.Most application authentications are username/password based and have this object represent a username. If this is the case for your application, take a look at the
UsernamePasswordToken
, as it is probably sufficient for your use.Ultimately, the object returned is application specific and can represent any account identity (user id, X.509 certificate, etc).
- Returns:
- the account identity submitted during the authentication process.
- See Also:
UsernamePasswordToken
-
getCredentials
Object getCredentials()
Returns the credentials submitted by the user during the authentication process that verifies the submittedaccount identity
.Most application authentications are username/password based and have this object represent a submitted password. If this is the case for your application, take a look at the
UsernamePasswordToken
, as it is probably sufficient for your use.Ultimately, the credentials Object returned is application specific and can represent any credential mechanism.
- Returns:
- the credential submitted by the user during the authentication process.
-
-