<p>A simple username/password authentication token to support the most widely-used authentication mechanism. This class also : the {@link RememberMeAuthenticationToken RememberMeAuthenticationToken} interface to support "Remember Me" services across user sessions as well as the {@link hunt.shiro.authc.HostAuthenticationToken HostAuthenticationToken} interface to retain the host name or IP address location from where the authentication attempt is occurring.</p> <p/> <p>"Remember Me" authentications are disabled by default, but if the application developer wishes to allow it for a login attempt, all that is necessary is to call {@link #setRememberMe setRememberMe(true)}. If the underlying <tt>SecurityManager</tt> implementation also supports <tt>RememberMe</tt> services, the user's identity will be remembered across sessions. <p/> <p>Note that this class stores a password as[] a char instead of a string (which may seem more logical). This is because Strings are immutable and their internal value cannot be overwritten - meaning even a nulled string instance might be accessible in memory at a later time (e.g. memory dump). This is not good for sensitive information such as passwords. For more information, see the <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx"> Java Cryptography Extension Reference Guide</a>.</p> <p/> <p>To avoid this possibility of later memory access, the application developer should always call {@link #clear() clear()} after using the token to perform a login attempt.</p>