public void assertCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) throws AuthenticationException { if (PropertyUtil.getBoolean("encrypt")) { super.assertCredentialsMatch(token, info); } else { if (token != null && info != null) { CaptchaUsernamePasswordToken tk = (CaptchaUsernamePasswordToken) token; if (!(String.valueOf(tk.getPassword())).equals((String) info.getCredentials())) { // not successful - throw an exception to indicate this: String msg = "Submitted credentials for token [" + tk + "] did not match the expected credentials."; throw new IncorrectCredentialsException(msg); } } else { throw new AuthenticationException( "A CredentialsMatcher must be configured in order to verify " + "credentials during authentication. If you do not wish for credentials to be examined, you " + "can configure an " + AllowAllCredentialsMatcher.class.getName() + " instance."); } } }