Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why has Spring duplicate fields in Authentication and UserDetails?

While implementing some security aspects with Spring Security, I have noticed that both Authentication and UserDetails have duplicate methods like getAuthorities, getCredentials and so forth.

What is the objective behind this? It seems like a useless redundancy to me.

Edit: Since people are too lazy to check the signatures. Both interfaces have same methods. I am not referring to that getCredentials and getAuthorities are the same. Why the heck make people that assumption?

like image 846
Michael-O Avatar asked Mar 28 '12 08:03

Michael-O


1 Answers

UserDetails is not used for security purposes, it is just a "user info" bean. Spring Security uses Authentication instances. So Authentication instance will usually have only the information needed to let users log in (usernames, credentials and roles, basically). UserDetails is more generic, and can include anything related to user management (such as contact information, account information, photographs, whatever).

Typically, you will have an Authentication instance backed by a UserDetails instance.

like image 54
gpeche Avatar answered Oct 17 '22 17:10

gpeche