src/site/assets/static/1.4.2/shiro-all/jacoco-aggregate/shiro-core/org.apache.shiro.authc/UsernamePasswordToken.java.html - shiro-site - Git at Google

 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>UsernamePasswordToken.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: All (aggregate jar)</a> &gt; <a href="../index.html" class="el_bundle">shiro-core</a> &gt; <a href="index.source.html" class="el_package">org.apache.shiro.authc</a> &gt; <span class="el_source">UsernamePasswordToken.java</span></div><h1>UsernamePasswordToken.java</h1><pre class="source lang-java linenums">/*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * &quot;License&quot;); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.authc;

 /**
  * &lt;p&gt;A simple username/password authentication token to support the most widely-used authentication mechanism.  This
  * class also implements the {@link RememberMeAuthenticationToken RememberMeAuthenticationToken} interface to support
  * &amp;quot;Remember Me&amp;quot; services across user sessions as well as the
  * {@link org.apache.shiro.authc.HostAuthenticationToken HostAuthenticationToken} interface to retain the host name
  * or IP address location from where the authentication attempt is occurring.&lt;/p&gt;
  * &lt;p/&gt;
  * &lt;p&gt;&amp;quot;Remember Me&amp;quot; authentications are disabled by default, but if the application developer wishes to allow
  * it for a login attempt, all that is necessary is to call {@link #setRememberMe setRememberMe(true)}.  If the underlying
  * &lt;tt&gt;SecurityManager&lt;/tt&gt; implementation also supports &lt;tt&gt;RememberMe&lt;/tt&gt; services, the user's identity will be
  * remembered across sessions.
  * &lt;p/&gt;
  * &lt;p&gt;Note that this class stores a password as a char[] instead of a String
  * (which may seem more logical).  This is because Strings are immutable and their
  * internal value cannot be overwritten - meaning even a nulled String instance might be accessible in memory at a later
  * time (e.g. memory dump).  This is not good for sensitive information such as passwords. For more information, see the
  * &lt;a href=&quot;http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx&quot;&gt;
  * Java Cryptography Extension Reference Guide&lt;/a&gt;.&lt;/p&gt;
  * &lt;p/&gt;
  * &lt;p&gt;To avoid this possibility of later memory access, the application developer should always call
  * {@link #clear() clear()} after using the token to perform a login attempt.&lt;/p&gt;
  *
  * @since 0.1
  */
 public class UsernamePasswordToken implements HostAuthenticationToken, RememberMeAuthenticationToken {

     /*--------------------------------------------
     |             C O N S T A N T S             |
     ============================================*/

     /*--------------------------------------------
     |    I N S T A N C E   V A R I A B L E S    |
     ============================================*/
     /**
      * The username
      */
     private String username;

     /**
      * The password, in char[] format
      */
     private char[] password;

     /**
      * Whether or not 'rememberMe' should be enabled for the corresponding login attempt;
      * default is &lt;code&gt;false&lt;/code&gt;
      */
 <span class="pc" id="L68">    private boolean rememberMe = false;</span>

     /**
      * The location from where the login attempt occurs, or &lt;code&gt;null&lt;/code&gt; if not known or explicitly
      * omitted.
      */
     private String host;

     /*--------------------------------------------
     |         C O N S T R U C T O R S           |
     ============================================*/

     /**
      * JavaBeans compatible no-arg constructor.
      */
 <span class="nc" id="L83">    public UsernamePasswordToken() {</span>
 <span class="nc" id="L84">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted
      * during an authentication attempt, with a &lt;tt&gt;null&lt;/tt&gt; {@link #getHost() host} and a
      * &lt;tt&gt;rememberMe&lt;/tt&gt; default of &lt;tt&gt;false&lt;/tt&gt;.
      *
      * @param username the username submitted for authentication
      * @param password the password character array submitted for authentication
      */
     public UsernamePasswordToken(final String username, final char[] password) {
 <span class="nc" id="L95">        this(username, password, false, null);</span>
 <span class="nc" id="L96">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted
      * during an authentication attempt, with a &lt;tt&gt;null&lt;/tt&gt; {@link #getHost() host} and
      * a &lt;tt&gt;rememberMe&lt;/tt&gt; default of &lt;tt&gt;false&lt;/tt&gt;
      * &lt;p/&gt;
      * &lt;p&gt;This is a convenience constructor and maintains the password internally via a character
      * array, i.e. &lt;tt&gt;password.toCharArray();&lt;/tt&gt;.  Note that storing a password as a String
      * in your code could have possible security implications as noted in the class JavaDoc.&lt;/p&gt;
      *
      * @param username the username submitted for authentication
      * @param password the password string submitted for authentication
      */
     public UsernamePasswordToken(final String username, final String password) {
 <span class="pc bpc" id="L111" title="1 of 2 branches missed.">        this(username, password != null ? password.toCharArray() : null, false, null);</span>
 <span class="fc" id="L112">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted, the
      * inetAddress from where the attempt is occurring, and a default &lt;tt&gt;rememberMe&lt;/tt&gt; value of &lt;tt&gt;false&lt;/tt&gt;
      *
      * @param username the username submitted for authentication
      * @param password the password string submitted for authentication
      * @param host     the host name or IP string from where the attempt is occurring
      * @since 0.2
      */
     public UsernamePasswordToken(final String username, final char[] password, final String host) {
 <span class="nc" id="L124">        this(username, password, false, host);</span>
 <span class="nc" id="L125">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted, the
      * inetAddress from where the attempt is occurring, and a default &lt;tt&gt;rememberMe&lt;/tt&gt; value of &lt;tt&gt;false&lt;/tt&gt;
      * &lt;p/&gt;
      * &lt;p&gt;This is a convenience constructor and maintains the password internally via a character
      * array, i.e. &lt;tt&gt;password.toCharArray();&lt;/tt&gt;.  Note that storing a password as a String
      * in your code could have possible security implications as noted in the class JavaDoc.&lt;/p&gt;
      *
      * @param username the username submitted for authentication
      * @param password the password string submitted for authentication
      * @param host     the host name or IP string from where the attempt is occurring
      * @since 1.0
      */
     public UsernamePasswordToken(final String username, final String password, final String host) {
 <span class="pc bpc" id="L141" title="1 of 2 branches missed.">        this(username, password != null ? password.toCharArray() : null, false, host);</span>
 <span class="fc" id="L142">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user
      * wishes their identity to be remembered across sessions.
      *
      * @param username   the username submitted for authentication
      * @param password   the password string submitted for authentication
      * @param rememberMe if the user wishes their identity to be remembered across sessions
      * @since 0.9
      */
     public UsernamePasswordToken(final String username, final char[] password, final boolean rememberMe) {
 <span class="nc" id="L154">        this(username, password, rememberMe, null);</span>
 <span class="nc" id="L155">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user
      * wishes their identity to be remembered across sessions.
      * &lt;p/&gt;
      * &lt;p&gt;This is a convenience constructor and maintains the password internally via a character
      * array, i.e. &lt;tt&gt;password.toCharArray();&lt;/tt&gt;.  Note that storing a password as a String
      * in your code could have possible security implications as noted in the class JavaDoc.&lt;/p&gt;
      *
      * @param username   the username submitted for authentication
      * @param password   the password string submitted for authentication
      * @param rememberMe if the user wishes their identity to be remembered across sessions
      * @since 0.9
      */
     public UsernamePasswordToken(final String username, final String password, final boolean rememberMe) {
 <span class="nc bnc" id="L171" title="All 2 branches missed.">        this(username, password != null ? password.toCharArray() : null, rememberMe, null);</span>
 <span class="nc" id="L172">    }</span>

     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted, if the user
      * wishes their identity to be remembered across sessions, and the inetAddress from where the attempt is occurring.
      *
      * @param username   the username submitted for authentication
      * @param password   the password character array submitted for authentication
      * @param rememberMe if the user wishes their identity to be remembered across sessions
      * @param host       the host name or IP string from where the attempt is occurring
      * @since 1.0
      */
     public UsernamePasswordToken(final String username, final char[] password,
 <span class="fc" id="L185">                                 final boolean rememberMe, final String host) {</span>

 <span class="fc" id="L187">        this.username = username;</span>
 <span class="fc" id="L188">        this.password = password;</span>
 <span class="fc" id="L189">        this.rememberMe = rememberMe;</span>
 <span class="fc" id="L190">        this.host = host;</span>
 <span class="fc" id="L191">    }</span>


     /**
      * Constructs a new UsernamePasswordToken encapsulating the username and password submitted, if the user
      * wishes their identity to be remembered across sessions, and the inetAddress from where the attempt is occurring.
      * &lt;p/&gt;
      * &lt;p&gt;This is a convenience constructor and maintains the password internally via a character
      * array, i.e. &lt;tt&gt;password.toCharArray();&lt;/tt&gt;.  Note that storing a password as a String
      * in your code could have possible security implications as noted in the class JavaDoc.&lt;/p&gt;
      *
      * @param username   the username submitted for authentication
      * @param password   the password string submitted for authentication
      * @param rememberMe if the user wishes their identity to be remembered across sessions
      * @param host       the host name or IP string from where the attempt is occurring
      * @since 1.0
      */
     public UsernamePasswordToken(final String username, final String password,
                                  final boolean rememberMe, final String host) {
 <span class="pc bpc" id="L210" title="1 of 2 branches missed.">        this(username, password != null ? password.toCharArray() : null, rememberMe, host);</span>
 <span class="fc" id="L211">    }</span>

     /*--------------------------------------------
     |  A C C E S S O R S / M O D I F I E R S    |
     ============================================*/

     /**
      * Returns the username submitted during an authentication attempt.
      *
      * @return the username submitted during an authentication attempt.
      */
     public String getUsername() {
 <span class="fc" id="L223">        return username;</span>
     }

     /**
      * Sets the username for submission during an authentication attempt.
      *
      * @param username the username to be used for submission during an authentication attempt.
      */
     public void setUsername(String username) {
 <span class="nc" id="L232">        this.username = username;</span>
 <span class="nc" id="L233">    }</span>


     /**
      * Returns the password submitted during an authentication attempt as a character array.
      *
      * @return the password submitted during an authentication attempt as a character array.
      */
     public char[] getPassword() {
 <span class="fc" id="L242">        return password;</span>
     }

     /**
      * Sets the password for submission during an authentication attempt.
      *
      * @param password the password to be used for submission during an authentication attempt.
      */
     public void setPassword(char[] password) {
 <span class="nc" id="L251">        this.password = password;</span>
 <span class="nc" id="L252">    }</span>

     /**
      * Simply returns {@link #getUsername() getUsername()}.
      *
      * @return the {@link #getUsername() username}.
      * @see org.apache.shiro.authc.AuthenticationToken#getPrincipal()
      */
     public Object getPrincipal() {
 <span class="fc" id="L261">        return getUsername();</span>
     }

     /**
      * Returns the {@link #getPassword() password} char array.
      *
      * @return the {@link #getPassword() password} char array.
      * @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
      */
     public Object getCredentials() {
 <span class="fc" id="L271">        return getPassword();</span>
     }

     /**
      * Returns the host name or IP string from where the authentication attempt occurs.  May be &lt;tt&gt;null&lt;/tt&gt; if the
      * host name/IP is unknown or explicitly omitted.  It is up to the Authenticator implementation processing this
      * token if an authentication attempt without a host is valid or not.
      * &lt;p/&gt;
      * &lt;p&gt;(Shiro's default Authenticator allows &lt;tt&gt;null&lt;/tt&gt; hosts to support localhost and proxy server environments).&lt;/p&gt;
      *
      * @return the host from where the authentication attempt occurs, or &lt;tt&gt;null&lt;/tt&gt; if it is unknown or
      *         explicitly omitted.
      * @since 1.0
      */
     public String getHost() {
 <span class="fc" id="L286">        return host;</span>
     }

     /**
      * Sets the host name or IP string from where the authentication attempt occurs.  It is up to the Authenticator
      * implementation processing this token if an authentication attempt without a host is valid or not.
      * &lt;p/&gt;
      * &lt;p&gt;(Shiro's default Authenticator
      * allows &lt;tt&gt;null&lt;/tt&gt; hosts to allow localhost and proxy server environments).&lt;/p&gt;
      *
      * @param host the host name or IP string from where the attempt is occurring
      * @since 1.0
      */
     public void setHost(String host) {
 <span class="nc" id="L300">        this.host = host;</span>
 <span class="nc" id="L301">    }</span>

     /**
      * Returns &lt;tt&gt;true&lt;/tt&gt; if the submitting user wishes their identity (principal(s)) to be remembered
      * across sessions, &lt;tt&gt;false&lt;/tt&gt; otherwise.  Unless overridden, this value is &lt;tt&gt;false&lt;/tt&gt; by default.
      *
      * @return &lt;tt&gt;true&lt;/tt&gt; if the submitting user wishes their identity (principal(s)) to be remembered
      *         across sessions, &lt;tt&gt;false&lt;/tt&gt; otherwise (&lt;tt&gt;false&lt;/tt&gt; by default).
      * @since 0.9
      */
     public boolean isRememberMe() {
 <span class="fc" id="L312">        return rememberMe;</span>
     }

     /**
      * Sets if the submitting user wishes their identity (principal(s)) to be remembered across sessions.  Unless
      * overridden, the default value is &lt;tt&gt;false&lt;/tt&gt;, indicating &lt;em&gt;not&lt;/em&gt; to be remembered across sessions.
      *
      * @param rememberMe value indicating if the user wishes their identity (principal(s)) to be remembered across
      *                   sessions.
      * @since 0.9
      */
     public void setRememberMe(boolean rememberMe) {
 <span class="fc" id="L324">        this.rememberMe = rememberMe;</span>
 <span class="fc" id="L325">    }</span>

     /*--------------------------------------------
     |               M E T H O D S               |
     ============================================*/

     /**
      * Clears out (nulls) the username, password, rememberMe, and inetAddress.  The password bytes are explicitly set to
      * &lt;tt&gt;0x00&lt;/tt&gt; before nulling to eliminate the possibility of memory access at a later time.
      */
     public void clear() {
 <span class="nc" id="L336">        this.username = null;</span>
 <span class="nc" id="L337">        this.host = null;</span>
 <span class="nc" id="L338">        this.rememberMe = false;</span>

 <span class="nc bnc" id="L340" title="All 2 branches missed.">        if (this.password != null) {</span>
 <span class="nc bnc" id="L341" title="All 2 branches missed.">            for (int i = 0; i &lt; password.length; i++) {</span>
 <span class="nc" id="L342">                this.password[i] = 0x00;</span>
             }
 <span class="nc" id="L344">            this.password = null;</span>
         }

 <span class="nc" id="L347">    }</span>

     /**
      * Returns the String representation.  It does not include the password in the resulting
      * string for security reasons to prevent accidentally printing out a password
      * that might be widely viewable).
      *
      * @return the String representation of the &lt;tt&gt;UsernamePasswordToken&lt;/tt&gt;, omitting
      *         the password.
      */
     public String toString() {
 <span class="fc" id="L358">        StringBuilder sb = new StringBuilder();</span>
 <span class="fc" id="L359">        sb.append(getClass().getName());</span>
 <span class="fc" id="L360">        sb.append(&quot; - &quot;);</span>
 <span class="fc" id="L361">        sb.append(username);</span>
 <span class="fc" id="L362">        sb.append(&quot;, rememberMe=&quot;).append(rememberMe);</span>
 <span class="fc bfc" id="L363" title="All 2 branches covered.">        if (host != null) {</span>
 <span class="fc" id="L364">            sb.append(&quot; (&quot;).append(host).append(&quot;)&quot;);</span>
         }
 <span class="fc" id="L366">        return sb.toString();</span>
     }

 }
 </pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.3.201901230119</span></div></body></html>
	<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>UsernamePasswordToken.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: All (aggregate jar)</a> > <a href="../index.html" class="el_bundle">shiro-core</a> > <a href="index.source.html" class="el_package">org.apache.shiro.authc</a> > <span class="el_source">UsernamePasswordToken.java</span></div><h1>UsernamePasswordToken.java</h1><pre class="source lang-java linenums">/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.shiro.authc;

	/**
	* <p>A simple username/password authentication token to support the most widely-used authentication mechanism. This
	* class also implements the {@link RememberMeAuthenticationToken RememberMeAuthenticationToken} interface to support
	* &quot;Remember Me&quot; services across user sessions as well as the
	* {@link org.apache.shiro.authc.HostAuthenticationToken HostAuthenticationToken} interface to retain the host name
	* or IP address location from where the authentication attempt is occurring.</p>
	* <p/>
	* <p>&quot;Remember Me&quot; authentications are disabled by default, but if the application developer wishes to allow
	* it for a login attempt, all that is necessary is to call {@link #setRememberMe setRememberMe(true)}. If the underlying
	* <tt>SecurityManager</tt> implementation also supports <tt>RememberMe</tt> services, the user's identity will be
	* remembered across sessions.
	* <p/>
	* <p>Note that this class stores a password as a char[] instead of a String
	* (which may seem more logical). This is because Strings are immutable and their
	* internal value cannot be overwritten - meaning even a nulled String instance might be accessible in memory at a later
	* time (e.g. memory dump). This is not good for sensitive information such as passwords. For more information, see the
	* <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx">
	* Java Cryptography Extension Reference Guide</a>.</p>
	* <p/>
	* <p>To avoid this possibility of later memory access, the application developer should always call
	* {@link #clear() clear()} after using the token to perform a login attempt.</p>
	*
	* @since 0.1
	*/
	public class UsernamePasswordToken implements HostAuthenticationToken, RememberMeAuthenticationToken {

	/*--------------------------------------------
	\| C O N S T A N T S \|
	============================================*/

	/*--------------------------------------------
	\| I N S T A N C E V A R I A B L E S \|
	============================================*/
	/**
	* The username
	*/
	private String username;

	/**
	* The password, in char[] format
	*/
	private char[] password;

	/**
	* Whether or not 'rememberMe' should be enabled for the corresponding login attempt;
	* default is <code>false</code>
	*/
	<span class="pc" id="L68"> private boolean rememberMe = false;</span>

	/**
	* The location from where the login attempt occurs, or <code>null</code> if not known or explicitly
	* omitted.
	*/
	private String host;

	/*--------------------------------------------
	\| C O N S T R U C T O R S \|
	============================================*/

	/**
	* JavaBeans compatible no-arg constructor.
	*/
	<span class="nc" id="L83"> public UsernamePasswordToken() {</span>
	<span class="nc" id="L84"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted
	* during an authentication attempt, with a <tt>null</tt> {@link #getHost() host} and a
	* <tt>rememberMe</tt> default of <tt>false</tt>.
	*
	* @param username the username submitted for authentication
	* @param password the password character array submitted for authentication
	*/
	public UsernamePasswordToken(final String username, final char[] password) {
	<span class="nc" id="L95"> this(username, password, false, null);</span>
	<span class="nc" id="L96"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted
	* during an authentication attempt, with a <tt>null</tt> {@link #getHost() host} and
	* a <tt>rememberMe</tt> default of <tt>false</tt>
	* <p/>
	* <p>This is a convenience constructor and maintains the password internally via a character
	* array, i.e. <tt>password.toCharArray();</tt>. Note that storing a password as a String
	* in your code could have possible security implications as noted in the class JavaDoc.</p>
	*
	* @param username the username submitted for authentication
	* @param password the password string submitted for authentication
	*/
	public UsernamePasswordToken(final String username, final String password) {
	<span class="pc bpc" id="L111" title="1 of 2 branches missed."> this(username, password != null ? password.toCharArray() : null, false, null);</span>
	<span class="fc" id="L112"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted, the
	* inetAddress from where the attempt is occurring, and a default <tt>rememberMe</tt> value of <tt>false</tt>
	*
	* @param username the username submitted for authentication
	* @param password the password string submitted for authentication
	* @param host the host name or IP string from where the attempt is occurring
	* @since 0.2
	*/
	public UsernamePasswordToken(final String username, final char[] password, final String host) {
	<span class="nc" id="L124"> this(username, password, false, host);</span>
	<span class="nc" id="L125"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted, the
	* inetAddress from where the attempt is occurring, and a default <tt>rememberMe</tt> value of <tt>false</tt>
	* <p/>
	* <p>This is a convenience constructor and maintains the password internally via a character
	* array, i.e. <tt>password.toCharArray();</tt>. Note that storing a password as a String
	* in your code could have possible security implications as noted in the class JavaDoc.</p>
	*
	* @param username the username submitted for authentication
	* @param password the password string submitted for authentication
	* @param host the host name or IP string from where the attempt is occurring
	* @since 1.0
	*/
	public UsernamePasswordToken(final String username, final String password, final String host) {
	<span class="pc bpc" id="L141" title="1 of 2 branches missed."> this(username, password != null ? password.toCharArray() : null, false, host);</span>
	<span class="fc" id="L142"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user
	* wishes their identity to be remembered across sessions.
	*
	* @param username the username submitted for authentication
	* @param password the password string submitted for authentication
	* @param rememberMe if the user wishes their identity to be remembered across sessions
	* @since 0.9
	*/
	public UsernamePasswordToken(final String username, final char[] password, final boolean rememberMe) {
	<span class="nc" id="L154"> this(username, password, rememberMe, null);</span>
	<span class="nc" id="L155"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted, as well as if the user
	* wishes their identity to be remembered across sessions.
	* <p/>
	* <p>This is a convenience constructor and maintains the password internally via a character
	* array, i.e. <tt>password.toCharArray();</tt>. Note that storing a password as a String
	* in your code could have possible security implications as noted in the class JavaDoc.</p>
	*
	* @param username the username submitted for authentication
	* @param password the password string submitted for authentication
	* @param rememberMe if the user wishes their identity to be remembered across sessions
	* @since 0.9
	*/
	public UsernamePasswordToken(final String username, final String password, final boolean rememberMe) {
	<span class="nc bnc" id="L171" title="All 2 branches missed."> this(username, password != null ? password.toCharArray() : null, rememberMe, null);</span>
	<span class="nc" id="L172"> }</span>

	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted, if the user
	* wishes their identity to be remembered across sessions, and the inetAddress from where the attempt is occurring.
	*
	* @param username the username submitted for authentication
	* @param password the password character array submitted for authentication
	* @param rememberMe if the user wishes their identity to be remembered across sessions
	* @param host the host name or IP string from where the attempt is occurring
	* @since 1.0
	*/
	public UsernamePasswordToken(final String username, final char[] password,
	<span class="fc" id="L185"> final boolean rememberMe, final String host) {</span>

	<span class="fc" id="L187"> this.username = username;</span>
	<span class="fc" id="L188"> this.password = password;</span>
	<span class="fc" id="L189"> this.rememberMe = rememberMe;</span>
	<span class="fc" id="L190"> this.host = host;</span>
	<span class="fc" id="L191"> }</span>


	/**
	* Constructs a new UsernamePasswordToken encapsulating the username and password submitted, if the user
	* wishes their identity to be remembered across sessions, and the inetAddress from where the attempt is occurring.
	* <p/>
	* <p>This is a convenience constructor and maintains the password internally via a character
	* array, i.e. <tt>password.toCharArray();</tt>. Note that storing a password as a String
	* in your code could have possible security implications as noted in the class JavaDoc.</p>
	*
	* @param username the username submitted for authentication
	* @param password the password string submitted for authentication
	* @param rememberMe if the user wishes their identity to be remembered across sessions
	* @param host the host name or IP string from where the attempt is occurring
	* @since 1.0
	*/
	public UsernamePasswordToken(final String username, final String password,
	final boolean rememberMe, final String host) {
	<span class="pc bpc" id="L210" title="1 of 2 branches missed."> this(username, password != null ? password.toCharArray() : null, rememberMe, host);</span>
	<span class="fc" id="L211"> }</span>

	/*--------------------------------------------
	\| A C C E S S O R S / M O D I F I E R S \|
	============================================*/

	/**
	* Returns the username submitted during an authentication attempt.
	*
	* @return the username submitted during an authentication attempt.
	*/
	public String getUsername() {
	<span class="fc" id="L223"> return username;</span>
	}

	/**
	* Sets the username for submission during an authentication attempt.
	*
	* @param username the username to be used for submission during an authentication attempt.
	*/
	public void setUsername(String username) {
	<span class="nc" id="L232"> this.username = username;</span>
	<span class="nc" id="L233"> }</span>


	/**
	* Returns the password submitted during an authentication attempt as a character array.
	*
	* @return the password submitted during an authentication attempt as a character array.
	*/
	public char[] getPassword() {
	<span class="fc" id="L242"> return password;</span>
	}

	/**
	* Sets the password for submission during an authentication attempt.
	*
	* @param password the password to be used for submission during an authentication attempt.
	*/
	public void setPassword(char[] password) {
	<span class="nc" id="L251"> this.password = password;</span>
	<span class="nc" id="L252"> }</span>

	/**
	* Simply returns {@link #getUsername() getUsername()}.
	*
	* @return the {@link #getUsername() username}.
	* @see org.apache.shiro.authc.AuthenticationToken#getPrincipal()
	*/
	public Object getPrincipal() {
	<span class="fc" id="L261"> return getUsername();</span>
	}

	/**
	* Returns the {@link #getPassword() password} char array.
	*
	* @return the {@link #getPassword() password} char array.
	* @see org.apache.shiro.authc.AuthenticationToken#getCredentials()
	*/
	public Object getCredentials() {
	<span class="fc" id="L271"> return getPassword();</span>
	}

	/**
	* Returns the host name or IP string from where the authentication attempt occurs. May be <tt>null</tt> if the
	* host name/IP is unknown or explicitly omitted. It is up to the Authenticator implementation processing this
	* token if an authentication attempt without a host is valid or not.
	* <p/>
	* <p>(Shiro's default Authenticator allows <tt>null</tt> hosts to support localhost and proxy server environments).</p>
	*
	* @return the host from where the authentication attempt occurs, or <tt>null</tt> if it is unknown or
	* explicitly omitted.
	* @since 1.0
	*/
	public String getHost() {
	<span class="fc" id="L286"> return host;</span>
	}

	/**
	* Sets the host name or IP string from where the authentication attempt occurs. It is up to the Authenticator
	* implementation processing this token if an authentication attempt without a host is valid or not.
	* <p/>
	* <p>(Shiro's default Authenticator
	* allows <tt>null</tt> hosts to allow localhost and proxy server environments).</p>
	*
	* @param host the host name or IP string from where the attempt is occurring
	* @since 1.0
	*/
	public void setHost(String host) {
	<span class="nc" id="L300"> this.host = host;</span>
	<span class="nc" id="L301"> }</span>

	/**
	* Returns <tt>true</tt> if the submitting user wishes their identity (principal(s)) to be remembered
	* across sessions, <tt>false</tt> otherwise. Unless overridden, this value is <tt>false</tt> by default.
	*
	* @return <tt>true</tt> if the submitting user wishes their identity (principal(s)) to be remembered
	* across sessions, <tt>false</tt> otherwise (<tt>false</tt> by default).
	* @since 0.9
	*/
	public boolean isRememberMe() {
	<span class="fc" id="L312"> return rememberMe;</span>
	}

	/**
	* Sets if the submitting user wishes their identity (principal(s)) to be remembered across sessions. Unless
	* overridden, the default value is <tt>false</tt>, indicating <em>not</em> to be remembered across sessions.
	*
	* @param rememberMe value indicating if the user wishes their identity (principal(s)) to be remembered across
	* sessions.
	* @since 0.9
	*/
	public void setRememberMe(boolean rememberMe) {
	<span class="fc" id="L324"> this.rememberMe = rememberMe;</span>
	<span class="fc" id="L325"> }</span>

	/*--------------------------------------------
	\| M E T H O D S \|
	============================================*/

	/**
	* Clears out (nulls) the username, password, rememberMe, and inetAddress. The password bytes are explicitly set to
	* <tt>0x00</tt> before nulling to eliminate the possibility of memory access at a later time.
	*/
	public void clear() {
	<span class="nc" id="L336"> this.username = null;</span>
	<span class="nc" id="L337"> this.host = null;</span>
	<span class="nc" id="L338"> this.rememberMe = false;</span>

	<span class="nc bnc" id="L340" title="All 2 branches missed."> if (this.password != null) {</span>
	<span class="nc bnc" id="L341" title="All 2 branches missed."> for (int i = 0; i < password.length; i++) {</span>
	<span class="nc" id="L342"> this.password[i] = 0x00;</span>
	}
	<span class="nc" id="L344"> this.password = null;</span>
	}

	<span class="nc" id="L347"> }</span>

	/**
	* Returns the String representation. It does not include the password in the resulting
	* string for security reasons to prevent accidentally printing out a password
	* that might be widely viewable).
	*
	* @return the String representation of the <tt>UsernamePasswordToken</tt>, omitting
	* the password.
	*/
	public String toString() {
	<span class="fc" id="L358"> StringBuilder sb = new StringBuilder();</span>
	<span class="fc" id="L359"> sb.append(getClass().getName());</span>
	<span class="fc" id="L360"> sb.append(" - ");</span>
	<span class="fc" id="L361"> sb.append(username);</span>
	<span class="fc" id="L362"> sb.append(", rememberMe=").append(rememberMe);</span>
	<span class="fc bfc" id="L363" title="All 2 branches covered."> if (host != null) {</span>
	<span class="fc" id="L364"> sb.append(" (").append(host).append(")");</span>
	}
	<span class="fc" id="L366"> return sb.toString();</span>
	}

	}
	</pre><div class="footer"><span class="right">Created with <a href="http://www.jacoco.org/jacoco">JaCoCo</a> 0.8.3.201901230119</span></div></body></html>