Khi một thực thể trình xác thực, nó phải cung cấp các thông tin (thông tin rằng hệ thống bảo mật có thể sử dụng để xác minh thực thể). Ví dụ, một người sử dụng đăng nhập vào một hệ thống phải cung cấp một tên người dùng và mật phương pháp toString trả về một chuỗi đại diện của hiệu trưởng này: | Chapter 13 Java Security The toString method returns a string representation of this principal String toString The hashCode method returns a hash code for this principal int hashCode The getName method returns the name of this principal String getName When an entity submits itself to authentication it must provide credentials information that the security system can use to verify the entity . For example a user logging in to a system must provide a username and password. Credentials Credentials can be of any type and no requirements are placed on what interfaces a credential class must implement. However JAAS provides two interfaces that bestow behavior on a credential class that might prove useful. These interfaces are Refreshable and Destroyable. The is useful for a credential that requires a refresh of its state perhaps the credential is valid only for a specific length of time . Four methods are defined on this interface. The isCurrent method should return true if the credential is current or return false if it has expired or needs a refresh of its state boolean isCurrent The refresh method refreshes the current state of the credential making it valid again. The interface gives a credential semantics for destroying its contents void refresh throws RefreshFailedException The isDestroyed method returns true if the credential s contents have been destroyed and returns false otherwise boolean isDestroyed The destroy method destroys the contents of the credential void destroy throws DestroyFailedException Methods that require contents to be valid should throw the IllegalStateException after destroy is called. 669 Part II A Broad Understanding of Java APIs Tools and Techniques Authenticating a Subject The basic manner in which a subject is authenticated is through a Logincontext object. A Logincontext then consults another class for the specific authentication services. The sequence of steps that occurs