Examples of us.carrclan.david.authc4j.api.Password

• us.carrclan.david.authc4j.api.Password
  A holder for password data.

  Generally, it is thought to be good security practice to store passwords in character arrays rather than Strings, under the assumption that by clearing the character array when you're done with it, you can eliminate all instances of the password in memory (and since Strings are immutable, you can't clear the password out of them). However, the JVM doesn't give any guarantees that there is only one copy of an array in memory, so this practice may not provide as much protection as one might hope.

  Regardless, some security frameworks support only character arrays, some support only strings, and some support both. This class accepts and provides both to maximize compatibility. Internally, the password is stored as a character array, with a {@link #clear()} method provided to erase its contents.

        if (!(authToken instanceof UsernamePasswordToken)) {
            return null;
        }
        UsernamePasswordToken token = (UsernamePasswordToken) authToken;
        String username = token.getUsername();
        Password password = new Password(token.getPassword());
        log.debug("Attempting login for user {}", username);
        UserInformation userInformation = userInformationSource.authenticate(username, password);
        if (userInformation == null) {
            log.debug("Failed login for user {}", username);
        } else {