Consider adding factory method to UsernamePasswordAuthenticationToken #10790
Description
Context
UsernamePasswordAuthenticationToken has two constructors.
one creates a UsernamePasswordAuthenticationToken in the unauthenticated state, and the other creates a UsernamePasswordAuthenticationToken in the authenticated state.
constructors in Java cannot have names, so you have to look at the detailed implementation or refer to javadoc etc to get this information.
i think this part can be improved by adding a static factory method with names.
let us know what you think about this proposal. and have a nice day.
Current codes
public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
...
/**
* This constructor can be safely used by any code that wishes to create a
* <code>UsernamePasswordAuthenticationToken</code>, as the {@link #isAuthenticated()}
* will return <code>false</code>.
*
*/
public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
setAuthenticated(false);
}
/**
* This constructor should only be used by <code>AuthenticationManager</code> or
* <code>AuthenticationProvider</code> implementations that are satisfied with
* producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
* authentication token.
* @param principal
* @param credentials
* @param authorities
*/
public UsernamePasswordAuthenticationToken(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true); // must use super, as we override
}
...
}Improvement codes
public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
...
/**
* This constructor can be safely used by any code that wishes to create a
* <code>UsernamePasswordAuthenticationToken</code>, as the {@link #isAuthenticated()}
* will return <code>false</code>.
*
*/
public UsernamePasswordAuthenticationToken(Object principal, Object credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
setAuthenticated(false);
}
public UsernamePasswordAuthenticationToken unauthenticated(Object principal, Object credentials){
return new UsernamePasswordAuthenticationToken(principal, credentials);
}
/**
* This constructor should only be used by <code>AuthenticationManager</code> or
* <code>AuthenticationProvider</code> implementations that are satisfied with
* producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
* authentication token.
* @param principal
* @param credentials
* @param authorities
*/
public UsernamePasswordAuthenticationToken(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true); // must use super, as we override
}
public UsernamePasswordAuthenticationToken authenticated(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities){
return new UsernamePasswordAuthenticationToken(principal, credentials, authorities);
}
...
}