public interface AuthenticationInfo extends Serializable
AuthenticationInfo
represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.
It is important to understand the difference between this interface and the
AuthenticationToken
interface. AuthenticationInfo
implementations
represent already-verified and stored account data, whereas an AuthenticationToken
represents data
submitted for any given login attempt (which may or may not successfully match the verified and stored account
AuthenticationInfo
).
Because the act of authentication (log-in) is orthogonal to authorization (access control), this interface is
intended to represent only the account data needed by Shiro during an authentication attempt. Shiro also
has a parallel AuthorizationInfo
interface for use during the
authorization process that references access control data such as roles and permissions.
But because many if not most Realm
s store both sets of data for a Subject, it might be
convenient for a Realm
implementation to utilize an implementation of the Account
interface instead, which is a convenience interface that combines both AuthenticationInfo
and
AuthorizationInfo
. Whether you choose to implement these two interfaces separately or implement the one
Account
interface for a given Realm
is entirely based on your application's needs or your
preferences.
Pleae note: Since Shiro sometimes logs authentication operations, please ensure your AuthenticationInfo's
toString()
implementation does not print out account credentials (password, etc), as these might be viewable to
someone reading your logs. This is good practice anyway, and account credentials should rarely (if ever) be printed
out for any reason. If you're using Shiro's default implementations of this interface, they only ever print the
account principals
, so you do not need to do anything additional.
AuthorizationInfo
,
Account
Modifier and Type | Method and Description |
---|---|
Object |
getCredentials()
Returns the credentials associated with the corresponding Subject.
|
PrincipalCollection |
getPrincipals()
Returns all principals associated with the corresponding Subject.
|
PrincipalCollection getPrincipals()
Subject
.
The returned PrincipalCollection should not contain any credentials used to verify principals, such
as passwords, private keys, etc. Those should be instead returned by getCredentials()
.Object getCredentials()
principals
associated with the Subject, such as a password or private key. Credentials
are used by Shiro particularly during the authentication process to ensure that submitted credentials
during a login attempt match exactly the credentials here in the AuthenticationInfo
instance.Copyright © 2004-2016 The Apache Software Foundation. All Rights Reserved.