Coverage Report

Coverage Report - org.apache.shiro.authc.AuthenticationToken

Classes in this File

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.authc;
 
 import java.io.Serializable;
 
 /**
  * <p>An <tt>AuthenticationToken</tt> is a consolidation of an account's principals and supporting
  * credentials submitted by a user during an authentication attempt.
  * <p/>
  * <p>The token is submitted to an {@link Authenticator Authenticator} via the
  * {@link Authenticator#authenticate(AuthenticationToken) authenticate(token)} method.  The
  * Authenticator then executes the authentication/log-in process.
  * <p/>
  * <p>Common implementations of an <tt>AuthenticationToken</tt> would have username/password
  * pairs, X.509 Certificate, PGP key, or anything else you can think of.  The token can be
  * anything needed by an {@link Authenticator} to authenticate properly.
  * <p/>
  * <p>Because applications represent user data and credentials in different ways, implementations
  * of this interface are application-specific.  You are free to acquire a user's principals and
  * credentials however you wish (e.g. web form, Swing form, fingerprint identification, etc) and
  * then submit them to the Shiro framework in the form of an implementation of this
  * interface.
  * <p/>
  * <p>If your application's authentication process is  username/password based
  * (like most), instead of implementing this interface yourself, take a look at the
  * {@link UsernamePasswordToken UsernamePasswordToken} class, as it is probably sufficient for your needs.
  * <p/>
  * <p>RememberMe services are enabled for a token if they implement a sub-interface of this one, called
  * {@link RememberMeAuthenticationToken RememberMeAuthenticationToken}.  Implement that interfac if you need
  * RememberMe services (the <tt>UsernamePasswordToken</tt> already implements this interface).
  * <p/>
  * <p>If you are familiar with JAAS, an <tt>AuthenticationToken</tt> replaces the concept of a
  * {@link javax.security.auth.callback.Callback}, and  defines meaningful behavior
  * (<tt>Callback</tt> is just a marker interface, and of little use).  We
  * also think the name <em>AuthenticationToken</em> more accurately reflects its true purpose
  * in a login framework, whereas <em>Callback</em> is less obvious.
  *
  * @see RememberMeAuthenticationToken
  * @see HostAuthenticationToken
  * @see UsernamePasswordToken
  * @since 0.1
  */
 public interface AuthenticationToken extends Serializable {
 
     /**
      * Returns the account identity submitted during the authentication process.
      * <p/>
      * <p>Most application authentications are username/password based and have this
      * object represent a username.  If this is the case for your application,
      * take a look at the {@link UsernamePasswordToken UsernamePasswordToken}, as it is probably
      * sufficient for your use.
      * <p/>
      * <p>Ultimately, the object returned is application specific and can represent
      * any account identity (user id, X.509 certificate, etc).
      *
      * @return the account identity submitted during the authentication process.
      * @see UsernamePasswordToken
      */
     Object getPrincipal();
 
     /**
      * Returns the credentials submitted by the user during the authentication process that verifies
      * the submitted {@link #getPrincipal() account identity}.
      * <p/>
      * <p>Most application authentications are username/password based and have this object
      * represent a submitted password.  If this is the case for your application,
      * take a look at the {@link UsernamePasswordToken UsernamePasswordToken}, as it is probably
      * sufficient for your use.
      * <p/>
      * <p>Ultimately, the credentials Object returned is application specific and can represent
      * any credential mechanism.
      *
      * @return the credential submitted by the user during the authentication process.
      */
     Object getCredentials();
 
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.authc;
20
21		import java.io.Serializable;
22
23		/**
24		* <p>An <tt>AuthenticationToken</tt> is a consolidation of an account's principals and supporting
25		* credentials submitted by a user during an authentication attempt.
26		* <p/>
27		* <p>The token is submitted to an {@link Authenticator Authenticator} via the
28		* {@link Authenticator#authenticate(AuthenticationToken) authenticate(token)} method. The
29		* Authenticator then executes the authentication/log-in process.
30		* <p/>
31		* <p>Common implementations of an <tt>AuthenticationToken</tt> would have username/password
32		* pairs, X.509 Certificate, PGP key, or anything else you can think of. The token can be
33		* anything needed by an {@link Authenticator} to authenticate properly.
34		* <p/>
35		* <p>Because applications represent user data and credentials in different ways, implementations
36		* of this interface are application-specific. You are free to acquire a user's principals and
37		* credentials however you wish (e.g. web form, Swing form, fingerprint identification, etc) and
38		* then submit them to the Shiro framework in the form of an implementation of this
39		* interface.
40		* <p/>
41		* <p>If your application's authentication process is username/password based
42		* (like most), instead of implementing this interface yourself, take a look at the
43		* {@link UsernamePasswordToken UsernamePasswordToken} class, as it is probably sufficient for your needs.
44		* <p/>
45		* <p>RememberMe services are enabled for a token if they implement a sub-interface of this one, called
46		* {@link RememberMeAuthenticationToken RememberMeAuthenticationToken}. Implement that interfac if you need
47		* RememberMe services (the <tt>UsernamePasswordToken</tt> already implements this interface).
48		* <p/>
49		* <p>If you are familiar with JAAS, an <tt>AuthenticationToken</tt> replaces the concept of a
50		* {@link javax.security.auth.callback.Callback}, and defines meaningful behavior
51		* (<tt>Callback</tt> is just a marker interface, and of little use). We
52		* also think the name <em>AuthenticationToken</em> more accurately reflects its true purpose
53		* in a login framework, whereas <em>Callback</em> is less obvious.
54		*
55		* @see RememberMeAuthenticationToken
56		* @see HostAuthenticationToken
57		* @see UsernamePasswordToken
58		* @since 0.1
59		*/
60		public interface AuthenticationToken extends Serializable {
61
62		/**
63		* Returns the account identity submitted during the authentication process.
64		* <p/>
65		* <p>Most application authentications are username/password based and have this
66		* object represent a username. If this is the case for your application,
67		* take a look at the {@link UsernamePasswordToken UsernamePasswordToken}, as it is probably
68		* sufficient for your use.
69		* <p/>
70		* <p>Ultimately, the object returned is application specific and can represent
71		* any account identity (user id, X.509 certificate, etc).
72		*
73		* @return the account identity submitted during the authentication process.
74		* @see UsernamePasswordToken
75		*/
76		Object getPrincipal();
77
78		/**
79		* Returns the credentials submitted by the user during the authentication process that verifies
80		* the submitted {@link #getPrincipal() account identity}.
81		* <p/>
82		* <p>Most application authentications are username/password based and have this object
83		* represent a submitted password. If this is the case for your application,
84		* take a look at the {@link UsernamePasswordToken UsernamePasswordToken}, as it is probably
85		* sufficient for your use.
86		* <p/>
87		* <p>Ultimately, the credentials Object returned is application specific and can represent
88		* any credential mechanism.
89		*
90		* @return the credential submitted by the user during the authentication process.
91		*/
92		Object getCredentials();
93
94		}