Why does Spring duplicate fields in Authentication and UserDetails?

Question

Why does Spring duplicate fields in Authentication and UserDetails?

When implementing some security aspects with Spring Security, I noticed that Authentication and UserDetails have duplicate methods like getAuthorities , getCredentials , etc.

What is the purpose of this? This seems like useless redundancy to me.

Edit: because people are too lazy to check signatures. Both interfaces have the same methods. I do not mean that getCredentials and getAuthorities same. Why the hell do people make this assumption?

+4

spring authentication spring-security

Michael-o Mar 28 '12 at 8:50

source share

2 answers

 getAuthorities

Used for role-based security. This is often useful in SpringSecurity.

 getCredentials

Used to obtain a password or hashed password to determine if it is correct. A safe method is also needed.

If you are sure you do not need these functions, you can override these methods empty.

-1

vacuum Mar 28 '12 at 9:17

source share

gpeche · Accepted Answer · 2012-04-01T19:03:22+0000

UserDetails not used for security purposes, it is just a "user information" bean. Spring Security uses instances of Authentication . Thus, an Authentication instance usually has only the information necessary for logging in (usernames, credentials and roles in the main). UserDetails is more general and may include everything related to user management (for example, contact information, account information, photos, etc.).

Typically, you will have an Authentication instance supported by the UserDetails instance.

Why does Spring duplicate fields in Authentication and UserDetails?

More articles: