- All Superinterfaces:
public interface AuthenticationInfo extends Serializable
AuthenticationInforepresents a Subject's (aka user's) stored account information relevant to the authentication/log-in process only. It is important to understand the difference between this interface and the
AuthenticationInfoimplementations represent already-verified and stored account data, whereas an
AuthenticationTokenrepresents data submitted for any given login attempt (which may or may not successfully match the verified and stored account
AuthenticationInfo). Because the act of authentication (log-in) is orthogonal to authorization (access control), this interface is intended to represent only the account data needed by Shiro during an authentication attempt. Shiro also has a parallel
AuthorizationInfointerface for use during the authorization process that references access control data such as roles and permissions. But because many if not most
Realms store both sets of data for a Subject, it might be convenient for a
Realmimplementation to utilize an implementation of the
Accountinterface instead, which is a convenience interface that combines both
AuthorizationInfo. Whether you choose to implement these two interfaces separately or implement the one
Accountinterface for a given
Realmis entirely based on your application's needs or your preferences.
Please note: Since Shiro sometimes logs authentication operations, please ensure your AuthenticationInfo's
toString()implementation does not print out account credentials (password, etc), as these might be viewable to someone reading your logs. This is good practice anyway, and account credentials should rarely (if ever) be printed out for any reason. If you're using Shiro's default implementations of this interface, they only ever print the account
principals, so you do not need to do anything additional.
getPrincipalsReturns all principals associated with the corresponding Subject. Each principal is an identifying piece of information useful to the application such as a username, or user id, a given name, etc - anything useful to the application to identify the current
Subject. The returned PrincipalCollection should not contain any credentials used to verify principals, such as passwords, private keys, etc. Those should be instead returned by
- all principals associated with the corresponding Subject.
getCredentialsReturns the credentials associated with the corresponding Subject. A credential verifies one or more of the
principalsassociated with the Subject, such as a password or private key. Credentials are used by Shiro particularly during the authentication process to ensure that submitted credentials during a login attempt match exactly the credentials here in the
- the credentials associated with the corresponding Subject.