Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.authc.credential;
020
021import org.apache.shiro.authc.AuthenticationInfo;
022import org.apache.shiro.authc.AuthenticationToken;
023
024/**
025 * Interface implemented by classes that can determine if an AuthenticationToken's provided
026 * credentials matches a corresponding account's credentials stored in the system.
027 *
028 * <p>Simple direct comparisons are handled well by the
029 * {@link SimpleCredentialsMatcher SimpleCredentialsMatcher}.  If you
030 * hash user's credentials before storing them in a realm (a common practice), look at the
031 * {@link HashedCredentialsMatcher HashedCredentialsMatcher} implementations,
032 * as they support this scenario.
033 *
034 * @see SimpleCredentialsMatcher
035 * @see AllowAllCredentialsMatcher
036 * @see Md5CredentialsMatcher
037 * @see Sha1CredentialsMatcher
038 * @since 0.1
039 */
040public interface CredentialsMatcher {
041
042    /**
043     * Returns {@code true} if the provided token credentials match the stored account credentials,
044     * {@code false} otherwise.
045     *
046     * @param token the {@code AuthenticationToken} submitted during the authentication attempt
047     * @param info  the {@code AuthenticationInfo} stored in the system.
048     * @return {@code true} if the provided token credentials match the stored account credentials,
049     * {@code false} otherwise.
050     */
051    boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info);
052
053}