An Authentication
object is not considered authenticated until it is processed by an {@link AuthenticationManager}.
Stored in a request {@link org.acegisecurity.context.SecurityContext}.
@author Ben Alex @version $Id: Authentication.java 1784 2007-02-24 21:00:24Z luke_t $Authentication
interface defines methods to validate {@link javax.jcr.Credentials Credentials} upon authentication. The validationdependants on the authentication mechanism used, i.e. Allows to expose the id of the currently authenticated user and his groups to the process engine.
The current authentication is managed using a Thread Local. The value can be set using {@link #setCurrentAuthentication(String,List)}, retrieved using {@link #getCurrentAuthentication()} and cleared using {@link #clearCurrentAuthentication()}.
Users typically do not use this class directly but rather use the corresponding Service API methods:
The Authentication state can be one of several sub-types that reflects where the request is in the many different authentication cycles. Authentication might not yet be checked or it might be checked and failed, checked and deferred or succeeded.
The Authentication object represents a successful authentication request. It contains the principal that the authentication request was made for as well as the additional meta information such as the authenticated date and a map of attributes.
An Authentication object must be serializable to permit persistance and clustering.
Implementing classes must take care to ensure that the Map returned by getAttributes is serializable by using a Serializable map such as HashMap.
@author Dmitriy Kopylenko @author Scott Battaglia @version $Revision: 14064 $ $Date: 2007-06-10 09:17:55 -0400 (Sun, 10 Jun 2007) $ @since 3.0This is a published and supported CAS Server 3 API.
Authentication
represents an authentication request and contains authentication information if the request was successful
Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurityContext managed by the {@link SecurityContextHolder} by the authentication mechanism which isbeing used. An explicit authentication can be achieved, without using one of Spring Security's authentication mechanisms, by creating an Authentication instance and using the code:
SecurityContextHolder.getContext().setAuthentication(anAuthentication);Note that unless the Authentication has the authenticated property set to true, it will still be authenticated by any security interceptor (for method or web invocations) which encounters it.
In most cases, the framework transparently takes care of managing the security context and authentication objects for you. @author Ben Alex
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|