org.jsecurity.authc
Class SimpleAccount

java.lang.Object
  org.jsecurity.authc.SimpleAccount

All Implemented Interfaces:

Serializable, Account

Direct Known Subclasses:

SimpleAuthorizingAccount

public class SimpleAccount
extends Object
implements Account, Serializable

Simple implementation of the Account interface that contains principal and credential information as instance variables and exposes them via getters and setters using standard JavaBean notation.

Realm implementations can use this for simple principal/credential accounts, but note:

This class cannot perform its own authorization checks for roles and permissions. It is therefore not sufficient to use to back a Realm's Authorizer method implementations. If you need an Account object to perform role and permission checks itself, you might want to use instaces of SimpleAuthorizingAccount instead of this class.

But note that a SimpleAuthorizingAccount object caches its roles and permission definitions and will not persist any changes to these definitions back to the source Realm. If you need dynamic runtime modification of Roles and/or Permissions for any given account, your Realm implementation will need to perform the authorization checks directly since instances of this class are primarily used for caching and could represent stale data.

Since:

0.1

Author:

Jeremy Haile, Les Hazlewood

See Also:

SimpleAuthorizingAccount, Serialized Form

Field Summary

protected Log

logger

Constructor Summary

SimpleAccount()

SimpleAccount(Object principal, Object credentials)

SimpleAccount(Object principal, Object credentials, boolean locked, boolean credentialsExpired)

Method Summary

boolean	equals(Object o)
Object	getCredentials() The account's credentials as stored in the system associated with the account identifier, such as a password or private key.
Object	getPrincipal() Returns the account's identifying principal, such as a user id or username.
int	hashCode()
boolean	isCredentialsExpired() Determines if the user's credentials (e.g. password) have expired and must be changed before login is allowed.
boolean	isLocked() Determines if the account is locked, meaning that the user is not allowed to log in due to a manual or automatic lockout.
void	merge(Account otherAccount) Merges (adds) the specified Account data into this instance.
void	setCredentials(Object credentials)
void	setCredentialsExpired(boolean credentialsExpired)
void	setLocked(boolean locked)
void	setPrincipal(Object principal)
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

logger

protected final transient Log logger

Constructor Detail

SimpleAccount

public SimpleAccount()

SimpleAccount

public SimpleAccount(Object principal,
                     Object credentials)

SimpleAccount

public SimpleAccount(Object principal,
                     Object credentials,
                     boolean locked,
                     boolean credentialsExpired)

Method Detail

getPrincipal

public Object getPrincipal()

Description copied from interface: Account

Returns the account's identifying principal, such as a user id or username.

In a multi-realm configuration, the object returned from this method might be an implementation-specific object representing multiple principals. This might be an instance of java.util.Collection, but it does not have to be - it is up to the Authenticator's modular authentication strategy as to exactly what is returned.

Specified by:

getPrincipal in interface Account

Returns:

the account's primary principal, such as a user id or username, or in a multi-realm configuration, maybe more than one principal encapsulated by an implementation-specific instance.

setPrincipal

public void setPrincipal(Object principal)

getCredentials

public Object getCredentials()

Description copied from interface: Account

The account's credentials as stored in the system associated with the account identifier, such as a password or private key.

It could be encrypted in which case an Realm must be aware of the fact (e.g. via configuration) in order to interpret and compare the credentials value.

Specified by:

getCredentials in interface Account

Returns:

the account's credentials verifying the identifier

setCredentials

public void setCredentials(Object credentials)

isLocked

public boolean isLocked()

Description copied from interface: Account

Determines if the account is locked, meaning that the user is not allowed to log in due to a manual or automatic lockout.

Specified by:

isLocked in interface Account

Returns:

true if the account is locked and the user should be denied authentication, false otherwise.

setLocked

public void setLocked(boolean locked)

isCredentialsExpired

public boolean isCredentialsExpired()

Description copied from interface: Account

Determines if the user's credentials (e.g. password) have expired and must be changed before login is allowed.

Specified by:

isCredentialsExpired in interface Account

Returns:

true if the user's credentials are expired and the user should be denied authentication, false otherwise.

setCredentialsExpired

public void setCredentialsExpired(boolean credentialsExpired)

merge

public void merge(Account otherAccount)

Merges (adds) the specified Account data into this instance. This allows an instance of this class to be an aggregation, or composition of account data from across multiple Realms Realms, not just one realm.

This is useful in a multi-realm authentication configuration - the individual Account objects obtained from each realm can be merged into this object. This single object can then be returned at the end of the authentication process, giving the impression of a single underlying realm/data source.

Parameters:

otherAccount - the account whos data will be merged (added) into this instance.

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

toString

public String toString()

Overrides:

toString in class Object