Returns the host name of the client from where the authentication attempt originates or if the Shiro environment cannot or chooses not to resolve the hostname to improve performance, this method returns the string representation of the client's IP address. <p/> When used in web environments, this value is usually the same as the {@code ServletRequest.getRemoteHost()} value.
Returns the account identity submitted during the authentication process. <p/> <p>Most application authentications are username/password based and have this object represent a username. If this is the case for your application, take a look at the {@link UsernamePasswordToken UsernamePasswordToken}, as it is probably sufficient for your use. <p/> <p>Ultimately, the object returned is application specific and can represent any account identity (user id, X.509 certificate, etc).
Returns the credentials submitted by the user during the authentication process that verifies the submitted {@link #getPrincipal() account identity}. <p/> <p>Most application authentications are username/password based and have this object represent a submitted password. If this is the case for your application, take a look at the {@link UsernamePasswordToken UsernamePasswordToken}, as it is probably sufficient for your use. <p/> <p>Ultimately, the credentials Object returned is application specific and can represent any credential mechanism.
A {@code HostAuthenticationToken} retains the host information from where an authentication attempt originates.