Skip to content

Commit 113e72f

Browse files
marcusdacoregiomarcusdacoregio
committed
Merge branch '6.2.x' into 6.3.x
Closes gh-15321
2 parents f91ca1b + 462ce1e commit 113e72f

File tree

2 files changed

+13
-0
lines changed

2 files changed

+13
-0
lines changed

docs/modules/ROOT/nav.adoc

+1
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
***** xref:servlet/authentication/passwords/in-memory.adoc[In Memory]
3939
***** xref:servlet/authentication/passwords/jdbc.adoc[JDBC]
4040
***** xref:servlet/authentication/passwords/user-details.adoc[UserDetails]
41+
***** xref:servlet/authentication/passwords/credentials-container.adoc[CredentialsContainer]
4142
***** xref:servlet/authentication/passwords/user-details-service.adoc[UserDetailsService]
4243
***** xref:servlet/authentication/passwords/password-encoder.adoc[PasswordEncoder]
4344
***** xref:servlet/authentication/passwords/dao-authentication-provider.adoc[DaoAuthenticationProvider]

docs/modules/ROOT/pages/servlet/authentication/passwords/credentials-container.adoc

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
[[servlet-authentication-credentialscontainer]]
2+
= CredentialsContainer
3+
4+
{security-api-url}org/springframework/security/core/CredentialsContainer.html[The `CredentialsContainer`] interface indicates that the implementing object contains sensitive data, and is used internally by Spring Security to erase the authentication credentials after a successful authentication.
5+
This interface is implemented by most of Spring Security internal domain classes, like {security-api-url}org/springframework/security/core/userdetails/User.html[User] and {security-api-url}org/springframework/security/authentication/UsernamePasswordAuthenticationToken.html[UsernamePasswordAuthenticationToken].
6+
7+
The `ProviderManager` manager checks whether the returned `Authentication` implements this interface.
8+
If so, xref:servlet/authentication/architecture.adoc#servlet-authentication-providermanager-erasing-credentials[it calls the `eraseCredentials` method] to remove the credentials from the object.
9+
10+
If you want your custom authentication objects to have their credentials erased after authentication, you should ensure that the classes implement the `CredentialsContainer` interface.
11+
12+
Users who are writing their own `AuthenticationProvider` implementations should create and return an appropriate `Authentication` object there, minus any sensitive data, rather than using this interface.

0 commit comments

Comments
 (0)