很明显代码已经说了认证完成移除credentials和其他某些安全数据
// Authentication is complete. Remove credentials and other secret data
// from authentication
org.springframework.security.authentication.ProviderManager.authenticate
package org.springframework.security.authentication.UsernamePasswordAuthenticationToken.eraseCredentials
org.springframework.security.authentication.AbstractAuthenticationToken.eraseCredentials
eraseSecret需要接口判断
getCredentials()就是密码