Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
While implementing some security aspects with Spring Security, I have noticed that both Authentication and UserDetails have duplicate methods like getAuthorities, getCredentials and so forth.
What is the objective behind this? It seems like a useless redundancy to me.
Edit: Since people are too lazy to check the signatures. Both interfaces have same methods. I am not referring to that getCredentials and getAuthorities are the same. Why the heck make people that assumption?
UserDetailsis not used for security purposes, it is just a “user info” bean. Spring Security usesAuthenticationinstances. SoAuthenticationinstance will usually have only the information needed to let users log in (usernames, credentials and roles, basically).UserDetailsis more generic, and can include anything related to user management (such as contact information, account information, photographs, whatever).Typically, you will have an
Authenticationinstance backed by aUserDetailsinstance.