Class UsernamePasswordToken
- java.lang.Object
-
- com.jgcomptech.tools.authc.UsernamePasswordToken
-
public class UsernamePasswordToken extends java.lang.Object
A simple username/password authentication token to support the most widely-used authentication mechanism."Remember Me" authentications are disabled by default, but if the application developer wishes to allow it for a login attempt, all that is necessary is to call
setRememberMe(true)
. If the underlyingSecurityManager
implementation also supportsRememberMe
services, the user's identity will be remembered across sessions.Note that this class stores a password as a char[] instead of a String (which may seem more logical). This is because Strings are immutable and their internal value cannot be overwritten - meaning even a nulled String instance might be accessible in memory at a later time (e.g. memory dump). This is not good for sensitive information such as passwords. For more information, see the Java Cryptography Extension Reference Guide.
To avoid this possibility of later memory access, the application developer should always call
clear()
after using the token to perform a login attempt.- Since:
- 1.5.0
-
-
Constructor Summary
Constructors Constructor Description UsernamePasswordToken()
JavaBeans compatible no-arg constructor.UsernamePasswordToken(java.lang.String username, char[] password)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted during an authentication attempt, with arememberMe
default offalse
.UsernamePasswordToken(java.lang.String username, char[] password, boolean rememberMe)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user wishes their identity to be remembered across sessions.UsernamePasswordToken(java.lang.String username, java.lang.String password)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted during an authentication attempt, with arememberMe
default offalse
UsernamePasswordToken(java.lang.String username, java.lang.String password, boolean rememberMe)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user wishes their identity to be remembered across sessions.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
clear()
Clears out (nulls) the username, password, rememberMe.java.lang.Object
getCredentials()
Returns thepassword
char array.char[]
getPassword()
Returns the password submitted during an authentication attempt as a character array.java.lang.Object
getPrincipal()
Simply returnsgetUsername()
.java.lang.String
getUsername()
Returns the username submitted during an authentication attempt.boolean
isRememberMe()
Returnstrue
if the submitting user wishes their identity (principal(s)) to be remembered across sessions,false
otherwise.void
setPassword(char[] password)
Sets the password for submission during an authentication attempt.void
setRememberMe(boolean rememberMe)
Sets if the submitting user wishes their identity (principal(s)) to be remembered across sessions.void
setUsername(java.lang.String username)
Sets the username for submission during an authentication attempt.java.lang.String
toString()
Returns the String representation.
-
-
-
Constructor Detail
-
UsernamePasswordToken
public UsernamePasswordToken()
JavaBeans compatible no-arg constructor.
-
UsernamePasswordToken
public UsernamePasswordToken(java.lang.String username, char[] password)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted during an authentication attempt, with arememberMe
default offalse
.- Parameters:
username
- the username submitted for authenticationpassword
- the password character array submitted for authentication
-
UsernamePasswordToken
public UsernamePasswordToken(java.lang.String username, java.lang.String password)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted during an authentication attempt, with arememberMe
default offalse
This is a convenience constructor and maintains the password internally via a character array, i.e.
password.toCharArray();
. Note that storing a password as a String in your code could have possible security implications as noted in the class JavaDoc.- Parameters:
username
- the username submitted for authenticationpassword
- the password string submitted for authentication
-
UsernamePasswordToken
public UsernamePasswordToken(java.lang.String username, char[] password, boolean rememberMe)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user wishes their identity to be remembered across sessions.- Parameters:
username
- the username submitted for authenticationpassword
- the password string submitted for authenticationrememberMe
- if the user wishes their identity to be remembered across sessions
-
UsernamePasswordToken
public UsernamePasswordToken(java.lang.String username, java.lang.String password, boolean rememberMe)
Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user wishes their identity to be remembered across sessions.This is a convenience constructor and maintains the password internally via a character array, i.e.
password.toCharArray();
. Note that storing a password as a String in your code could have possible security implications as noted in the class JavaDoc.- Parameters:
username
- the username submitted for authenticationpassword
- the password string submitted for authenticationrememberMe
- if the user wishes their identity to be remembered across sessions
-
-
Method Detail
-
getUsername
public java.lang.String getUsername()
Returns the username submitted during an authentication attempt.- Returns:
- the username submitted during an authentication attempt.
-
setUsername
public void setUsername(java.lang.String username)
Sets the username for submission during an authentication attempt.- Parameters:
username
- the username to be used for submission during an authentication attempt.
-
getPassword
public char[] getPassword()
Returns the password submitted during an authentication attempt as a character array.- Returns:
- the password submitted during an authentication attempt as a character array.
-
setPassword
public void setPassword(char[] password)
Sets the password for submission during an authentication attempt.- Parameters:
password
- the password to be used for submission during an authentication attempt.
-
getPrincipal
public java.lang.Object getPrincipal()
Simply returnsgetUsername()
.- Returns:
- the
username
-
getCredentials
public java.lang.Object getCredentials()
Returns thepassword
char array.- Returns:
- the
password
char array
-
isRememberMe
public boolean isRememberMe()
Returnstrue
if the submitting user wishes their identity (principal(s)) to be remembered across sessions,false
otherwise. Unless overridden, this value isfalse
by default.- Returns:
true
if the submitting user wishes their identity (principal(s)) to be remembered across sessions,false
otherwise (false
by default).
-
setRememberMe
public void setRememberMe(boolean rememberMe)
Sets if the submitting user wishes their identity (principal(s)) to be remembered across sessions. Unless overridden, the default value isfalse
, indicating not to be remembered across sessions.- Parameters:
rememberMe
- value indicating if the user wishes their identity (principal(s)) to be remembered across sessions.
-
clear
public void clear()
Clears out (nulls) the username, password, rememberMe. The password bytes are explicitly set to0x00
before nulling to eliminate the possibility of memory access at a later time.
-
toString
public java.lang.String toString()
Returns the String representation. It does not include the password in the resulting string for security reasons to prevent accidentally printing out a password that might be widely viewable).- Overrides:
toString
in classjava.lang.Object
- Returns:
- the String representation of the
UsernamePasswordToken
, omitting the password.
-
-