Package org.apache.shiro.authc

Class BearerToken

java.lang.Object

org.apache.shiro.authc.BearerToken

All Implemented Interfaces:

Serializable, AuthenticationToken, HostAuthenticationToken

public class BearerToken
extends Object
implements HostAuthenticationToken

A AuthenticationToken that contains an a Bearer token or API key, typically received via an HTTP Authorization header. This class also implements the HostAuthenticationToken interface to retain the host name or IP address location from where the authentication attempt is occurring.

Since:

1.5

See Also:

RFC 2617, OAuth2 Authorization Request Header Field, Serialized Form

Constructor Summary

Constructors

Constructor	Description
BearerToken(String token)
BearerToken(String token, String host)

Method Summary

Modifier and Type	Method	Description
Object	getCredentials()	Returns the credentials submitted by the user during the authentication process that verifies the submitted account identity.
String	getHost()	Returns the host name of the client from where the authentication attempt originates or if the Shiro environment cannot or chooses not to resolve the hostname to improve performance, this method returns the String representation of the client's IP address.
Object	getPrincipal()	Returns the account identity submitted during the authentication process.
String	getToken()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BearerToken

public BearerToken(String token)

BearerToken

public BearerToken(String token,
                   String host)

Method Detail

getHost

public String getHost()

Description copied from interface: HostAuthenticationToken

Returns the host name of the client from where the authentication attempt originates or if the Shiro environment cannot or chooses not to resolve the hostname to improve performance, this method returns the String representation of the client's IP address.

When used in web environments, this value is usually the same as the ServletRequest.getRemoteHost() value.

Specified by:

getHost in interface HostAuthenticationToken

Returns:

the fully qualified name of the client from where the authentication attempt originates or the String representation of the client's IP address is hostname resolution is not available or disabled.

getPrincipal

public Object getPrincipal()

Description copied from interface: AuthenticationToken

Returns the account identity submitted during the authentication process.

Most application authentications are username/password based and have this object represent a username. If this is the case for your application, take a look at the UsernamePasswordToken, as it is probably sufficient for your use.

Ultimately, the object returned is application specific and can represent any account identity (user id, X.509 certificate, etc).

Specified by:

getPrincipal in interface AuthenticationToken

Returns:

the account identity submitted during the authentication process.

See Also:

UsernamePasswordToken

getCredentials

public Object getCredentials()

Description copied from interface: AuthenticationToken

Returns the credentials submitted by the user during the authentication process that verifies the submitted account identity.

Most application authentications are username/password based and have this object represent a submitted password. If this is the case for your application, take a look at the UsernamePasswordToken, as it is probably sufficient for your use.

Ultimately, the credentials Object returned is application specific and can represent any credential mechanism.

Specified by:

getCredentials in interface AuthenticationToken

Returns:

the credential submitted by the user during the authentication process.

getToken

public String getToken()