Question:
The new java.net.Authenticator class in JDK 1.2 seems to be the answer to generalized user-authentication. Why dogetPasswordAuthentication
andrequestPasswordAuthentication
both return PasswordAuthentication
, butrequestPasswordAuthentication
requires a security check?
Answer:
The getPasswordAuthentication
method is a protected member function. It is overridden by a subclass to implement the actual user name and password retrieval. The requestPasswordAuthentication
method is a static method that performs a SecurityManager
check before calling getPasswordAuthentication()
using the currently registered Authenticator
. Applications should use requestPasswordAuthentication
, whereas authentication implementors should subclass Authenticator
and implementgetPasswordAuthentication()
.