For the latest stable version, please use Spring Security 6.3.4!

CredentialsContainer

The CredentialsContainer interface indicates that the implementing object contains sensitive data, and is used internally by Spring Security to erase the authentication credentials after a successful authentication. This interface is implemented by most of Spring Security internal domain classes, like User and UsernamePasswordAuthenticationToken.

The ProviderManager manager checks whether the returned Authentication implements this interface. If so, it calls the eraseCredentials method to remove the credentials from the object.

If you want your custom authentication objects to have their credentials erased after authentication, you should ensure that the classes implement the CredentialsContainer interface.

Users who are writing their own AuthenticationProvider implementations should create and return an appropriate Authentication object there, minus any sensitive data, rather than using this interface.