Menu
While implementing some security aspects with Spring Security, I have noticed that both Authentication and UserDetails have duplicate methods like getAuthorities, getCredentials and so forth.
What is the objective behind this? It seems like a useless redundancy to me.
Edit: Since people are too lazy to check the signatures. Both interfaces have same methods. I am not referring to that getCredentials and getAuthorities are the same. Why the heck make people that assumption?
846
UserDetails is not used for security purposes, it is just a "user info" bean. Spring Security uses Authentication instances. So Authentication instance will usually have only the information needed to let users log in (usernames, credentials and roles, basically). UserDetails is more generic, and can include anything related to user management (such as contact information, account information, photographs, whatever).
Typically, you will have an Authentication instance backed by a UserDetails instance.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
