While implementing some security aspects with Spring Security, I have noticed that both Authentication
and UserDetails
have duplicate methods like getAuthorities
, getCredentials
and so forth.
What is the objective behind this? It seems like a useless redundancy to me.
Edit: Since people are too lazy to check the signatures. Both interfaces have same methods. I am not referring to that getCredentials
and getAuthorities
are the same. Why the heck make people that assumption?
UserDetails
is not used for security purposes, it is just a "user info" bean. Spring Security uses Authentication
instances. So Authentication
instance will usually have only the information needed to let users log in (usernames, credentials and roles, basically). UserDetails
is more generic, and can include anything related to user management (such as contact information, account information, photographs, whatever).
Typically, you will have an Authentication
instance backed by a UserDetails
instance.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With