2020-02-20 14:54:24 -06:00
|
|
|
[[servlet-authentication-authentication]]
|
|
|
|
|
= Authentication
|
|
|
|
|
|
|
|
|
|
The {security-api-url}org/springframework/security/core/Authentication.html[`Authentication`] serves two main purposes within Spring Security:
|
|
|
|
|
|
2020-03-02 22:45:45 -06:00
|
|
|
* An input to <<servlet-authentication-authenticationmanager,`AuthenticationManager`>> to provide the credentials a user has provided to authenticate.
|
2020-02-20 14:54:24 -06:00
|
|
|
When used in this scenario, `isAuthenticated()` returns `false`.
|
|
|
|
|
* Represents the currently authenticated user.
|
|
|
|
|
The current `Authentication` can be obtained from the <<servlet-authentication-securitycontext>>.
|
|
|
|
|
|
|
|
|
|
The `Authentication` contains:
|
|
|
|
|
|
|
|
|
|
* `principal` - identifies the user.
|
2020-03-02 22:45:45 -06:00
|
|
|
When authenticating with a username/password this is often an instance of <<servlet-authentication-userdetails,`UserDetails`>>.
|
2021-09-15 13:37:26 +04:00
|
|
|
* `credentials` - often a password.
|
2020-02-20 14:54:24 -06:00
|
|
|
In many cases this will be cleared after the user is authenticated to ensure it is not leaked.
|
|
|
|
|
* `authorities` - the <<servlet-authentication-granted-authority,``GrantedAuthority``s>> are high level permissions the user is granted.
|
|
|
|
|
A few examples are roles or scopes.
|
