org.seedstack.seed.security

Class UsernamePasswordToken

java.lang.Object

org.seedstack.seed.security.UsernamePasswordToken

All Implemented Interfaces:

Serializable, AuthenticationToken

public class UsernamePasswordToken
extends Object
implements AuthenticationToken

The authentication token is based on a username/password couple.
The host of the user is added if it exists.

Note that this class stores a password as a char[] instead of a String (which may seem more logical). This is because Strings are immutable and their internal value cannot be overwritten - meaning even a nulled String instance might be accessible in memory at a later time (e.g. memory dump). This is not good for sensitive information such as passwords. For more information, see the Java Cryptography Extension Reference Guide.

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
UsernamePasswordToken(String username, char[] password) Constructor
UsernamePasswordToken(String username, char[] password, String host) Constructor
UsernamePasswordToken(String username, String password) Constructor

Method Summary

Modifier and Type	Method and Description
Object	getCredentials() Returns the credentials submitted by the user during the authentication process that verifies the submitted account identity.
String	getHost()
char[]	getPassword()
Object	getPrincipal() Returns the account identity submitted during the authentication process.
String	getUsername()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UsernamePasswordToken

public UsernamePasswordToken(String username,
                             char[] password)

Constructor

Parameters:

username - username

password - password

UsernamePasswordToken

public UsernamePasswordToken(String username,
                             String password)

Constructor

Parameters:

username - username

password - password

UsernamePasswordToken

public UsernamePasswordToken(String username,
                             char[] password,
                             String host)

Constructor

Parameters:

username - username

password - password

host - host

Method Detail

getUsername

public String getUsername()

Returns:

the username

getPassword

public char[] getPassword()

Returns:

the password

getHost

public String getHost()

Returns:

the host

getPrincipal

public Object getPrincipal()

Description copied from interface: AuthenticationToken

Returns the account identity submitted during the authentication process.

Most application authentications are username/password based and have this object represent a username. If this is the case for your application, take a look at the UsernamePasswordToken, as it is probably sufficient for your use.

Ultimately, the object returned is application specific and can represent any account identity.

Specified by:

getPrincipal in interface AuthenticationToken

Returns:

the account identity submitted during the authentication process.

See Also:

UsernamePasswordToken

getCredentials

public Object getCredentials()

Description copied from interface: AuthenticationToken

Returns the credentials submitted by the user during the authentication process that verifies the submitted account identity.

Most application authentications are username/password based and have this object represent a submitted password. If this is the case for your application, take a look at the UsernamePasswordToken, as it is probably sufficient for your use.

Ultimately, the credentials Object returned is application specific and can represent any credential mechanism.

Specified by:

getCredentials in interface AuthenticationToken

Returns:

the credential submitted by the user during the authentication process.