An
Account is a convenience interface that extends both
AuthenticationInfo and
AuthorizationInfo and represents authentication and authorization for a
single account in a
single Realm.
This interface can be useful when a Realm implementation finds it more convenient to use a single object to encapsulate both the authentication and authorization information used by both authc and authz operations.
Please Note: Since Shiro sometimes logs account operations, please ensure your Account's
toString() implementation does
not print out account credentials (password, etc), as these might be viewable to someone reading your logs. This is good practice anyway, and account principals should rarely (if ever) be printed out for any reason. If you're using Shiro's default implementations of this interface, they only ever print the account
principals, so you do not need to do anything additional.