Index
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form
$
- $2A - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
- $2B - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
- $2Y - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
A
- abort() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Abort the authentication process by forgetting the Spring Security
Authentication
. - AbstractAccessDecisionManager - Class in org.springframework.security.access.vote
-
Deprecated.
- AbstractAccessDecisionManager(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- AbstractAclProvider - Class in org.springframework.security.acls.afterinvocation
-
Abstract
AfterInvocationProvider
which provides commonly-used ACL-related services. - AbstractAclProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- AbstractAclVoter - Class in org.springframework.security.access.vote
-
Deprecated.Now used by only-deprecated classes. Generally speaking, in-memory ACL is no longer advised, so no replacement is planned at this point.
- AbstractAclVoter() - Constructor for class org.springframework.security.access.vote.AbstractAclVoter
-
Deprecated.
- AbstractAuthenticationEvent - Class in org.springframework.security.authentication.event
-
Represents an application authentication event.
- AbstractAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationEvent
- AbstractAuthenticationFailureEvent - Class in org.springframework.security.authentication.event
-
Abstract application event which indicates authentication failure for some reason.
- AbstractAuthenticationFailureEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent
- AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
T extends AbstractAuthenticationFilterConfigurer<B, T, F>, F extends AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers -
Base class for configuring
AbstractAuthenticationFilterConfigurer
. - AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Creates a new instance with minimal defaults
- AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Creates a new instance
- AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication
-
Abstract processor of browser-based HTTP-based authentication requests.
- AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance with a default filterProcessesUrl and an
AuthenticationManager
- AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance
- AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance with a
RequestMatcher
and anAuthenticationManager
- AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication
-
Base class containing the logic used by strategies which handle redirection to a URL and are passed an
Authentication
object as part of the contract. - AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- AbstractAuthenticationToken - Class in org.springframework.security.authentication
-
Base class for
Authentication
objects. - AbstractAuthenticationToken(Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AbstractAuthenticationToken
-
Creates a token with the supplied array of authorities.
- AbstractAuthorizationEvent - Class in org.springframework.security.access.event
-
Deprecated.Authorization events have moved. Consider
AuthorizationGrantedEvent
andAuthorizationDeniedEvent
- AbstractAuthorizationEvent(Object) - Constructor for class org.springframework.security.access.event.AbstractAuthorizationEvent
-
Deprecated.Construct the event, passing in the secure object being intercepted.
- AbstractAuthorizeTag - Class in org.springframework.security.taglibs.authz
-
A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets).
- AbstractAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- AbstractCasAssertionUserDetailsService - Class in org.springframework.security.cas.userdetails
-
Abstract class for using the provided CAS assertion to construct a new User object.
- AbstractCasAssertionUserDetailsService() - Constructor for class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
- AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers
-
A base class for registering
RequestMatcher
's. - AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
- AbstractConfiguredSecurityBuilder<O,
B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation -
A base
SecurityBuilder
that allowsSecurityConfigurer
to be applied to it. - AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Deprecated, for removal: This API element is subject to removal in a future version.
- AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Deprecated, for removal: This API element is subject to removal in a future version.
- AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Creates a new instance with the provided
ObjectPostProcessor
. - AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Creates a new instance with the provided
ObjectPostProcessor
. - AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,
C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails -
Allows configuring a
DaoAuthenticationProvider
- AbstractFallbackMethodSecurityMetadataSource - Class in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - AbstractFallbackMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
-
Deprecated.
- AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,
B>, B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers -
Adds a convenient base class for
SecurityConfigurer
instances that operate onHttpSecurity
. - AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
- AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,
H>, H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers -
Deprecated.Use
AuthorizeHttpRequestsConfigurer
instead - AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,
H>.AbstractInterceptUrlRegistry<R, T>, T> - Class in org.springframework.security.config.annotation.web.configurers -
Deprecated.
- AbstractJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
-
An
AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration. - AbstractJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- AbstractLdapAuthenticationManagerFactory<T extends AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap
-
Creates an
AuthenticationManager
that can perform LDAP authentication. - AbstractLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication
-
Base class for the standard
LdapAuthenticationProvider
and theActiveDirectoryLdapAuthenticationProvider
. - AbstractLdapAuthenticationProvider() - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- AbstractLdapAuthenticator - Class in org.springframework.security.ldap.authentication
-
Base class for the authenticator implementations.
- AbstractLdapAuthenticator(ContextSource) - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
-
Create an initialized instance with the
ContextSource
provided. - AbstractMessageMatcherComposite<T> - Class in org.springframework.security.messaging.util.matcher
-
Abstract
MessageMatcher
containing multipleMessageMatcher
- AbstractMethodSecurityMetadataSource - Class in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - AbstractMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
-
Deprecated.
- AbstractOAuth2AuthorizationGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
Base implementation of an OAuth 2.0 Authorization Grant request that holds an authorization grant credential and is used when initiating a request to the Authorization Server's Token Endpoint.
- AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
-
Sub-class constructor.
- AbstractOAuth2Token - Class in org.springframework.security.oauth2.core
-
Base class for OAuth 2.0 Token implementations.
- AbstractOAuth2Token(String) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Sub-class constructor.
- AbstractOAuth2Token(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Sub-class constructor.
- AbstractOAuth2TokenAuthenticationToken<T extends OAuth2Token> - Class in org.springframework.security.oauth2.server.resource.authentication
-
Base class for
AbstractAuthenticationToken
implementations that expose common attributes between different OAuth 2.0 Access Token Formats. - AbstractOAuth2TokenAuthenticationToken(T) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
-
Sub-class constructor.
- AbstractOAuth2TokenAuthenticationToken(T, Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
- AbstractOAuth2TokenAuthenticationToken(T, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
-
Sub-class constructor.
- AbstractPasswordEncoder - Class in org.springframework.security.crypto.password
-
Abstract base class for password encoders
- AbstractPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.AbstractPasswordEncoder
- AbstractPermission - Class in org.springframework.security.acls.domain
-
Provides an abstract superclass for
Permission
implementations. - AbstractPermission(int) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
-
Sets the permission mask and uses the '*' character to represent active bits when represented as a bit pattern string.
- AbstractPermission(int, char) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
-
Sets the permission mask and uses the specified character for active bits.
- AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth
-
Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.
- AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
Base class for RememberMeServices implementations.
- AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web
-
A base class for registering
RequestMatcher
's. - AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
- AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- AbstractRestClientOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
Abstract base class for
RestClient
-based implementations ofOAuth2AccessTokenResponseClient
that communicate to the Authorization Server's Token Endpoint. - AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel
- AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- AbstractSaml2AuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
-
Data holder for
AuthNRequest
parameters to be sent using either theSaml2MessageBinding.POST
orSaml2MessageBinding.REDIRECT
binding. - AbstractSaml2AuthenticationRequest.Builder<T extends AbstractSaml2AuthenticationRequest.Builder<T>> - Class in org.springframework.security.saml2.provider.service.authentication
-
A builder for
AbstractSaml2AuthenticationRequest
and its subclasses. - AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation
-
A base
SecurityBuilder
that ensures the object being built is only built one time. - AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder
- AbstractSecurityExpressionHandler<T> - Class in org.springframework.security.access.expression
-
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
- AbstractSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- AbstractSecurityInterceptor - Class in org.springframework.security.access.intercept
-
Deprecated.Use
AuthorizationFilter
instead for filter security,AuthorizationChannelInterceptor
for messaging security, orAuthorizationManagerBeforeMethodInterceptor
andAuthorizationManagerAfterMethodInterceptor
for method security. - AbstractSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context
-
Registers the
DelegatingFilterProxy
to use the springSecurityFilterChain before any other registeredFilter
. - AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.
- AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Creates a new instance that will instantiate the
ContextLoaderListener
with the specified classes. - AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket
-
Deprecated.Use
EnableWebSocketSecurity
instead - AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server
- AbstractSessionEvent - Class in org.springframework.security.core.session
-
Abstract superclass for all session related events.
- AbstractSessionEvent(Object) - Constructor for class org.springframework.security.core.session.AbstractSessionEvent
- AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
-
A base class for performing session fixation protection.
- AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session
- AbstractUserDetailsAuthenticationProvider - Class in org.springframework.security.authentication.dao
-
A base
AuthenticationProvider
that allows subclasses to override and work withUserDetails
objects. - AbstractUserDetailsAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- AbstractUserDetailsReactiveAuthenticationManager - Class in org.springframework.security.authentication
-
A base
ReactiveAuthenticationManager
that allows subclasses to override and work withUserDetails
objects. - AbstractUserDetailsReactiveAuthenticationManager() - Constructor for class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
- AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
Abstract base class for all of the
WebClientReactive*TokenResponseClient
s that communicate to the Authorization Server's Token Endpoint. - acceptMediaType(MediaType) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
Specify a media type to set as the Accept header in the request.
- access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Allows specifying that URLs are secured by an arbitrary expression
- access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Allows specifying that Messages are secured by an arbitrary expression
- access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies that the user must have the specified
ConfigAttribute
's - access(AuthorizationManager<MessageAuthorizationContext<?>>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Allows specifying that Messages are secured by an arbitrary expression
- access(AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Allows specifying a custom
AuthorizationManager
. - access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Allows plugging in a custom authorization strategy
- Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
- ACCESS_ABSTAIN - Static variable in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.
- ACCESS_DENIED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.
- ACCESS_DENIED - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
access_denied
- The resource owner or authorization server denied the request. - ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes
-
Used to cache an
AccessDeniedException
in the request for rendering. - ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements
- ACCESS_GRANTED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.
- ACCESS_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
access_token
- used in Authorization Response and Access Token Response. - AccessControlEntry - Interface in org.springframework.security.acls.model
-
Represents an individual permission assignment within an
Acl
. - AccessControlEntryImpl - Class in org.springframework.security.acls.domain
-
An immutable default implementation of
AccessControlEntry
. - AccessControlEntryImpl(Serializable, Acl, Sid, Permission, boolean, boolean, boolean) - Constructor for class org.springframework.security.acls.domain.AccessControlEntryImpl
- AccessControlListTag - Class in org.springframework.security.taglibs.authz
-
An implementation of
Tag
that allows its body through if all authorizations are granted to the request's principal. - AccessControlListTag() - Constructor for class org.springframework.security.taglibs.authz.AccessControlListTag
- accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Allows subclasses to provide a custom
AccessDecisionManager
. - accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
-
Deprecated.Allows setting the
AccessDecisionManager
. - AccessDecisionManager - Interface in org.springframework.security.access
-
Deprecated.Use
AuthorizationManager
instead - AccessDecisionVoter<S> - Interface in org.springframework.security.access
-
Deprecated.Use
AuthorizationManager
instead - AccessDeniedException - Exception in org.springframework.security.access
-
Thrown if an
Authentication
object does not hold a required authority. - AccessDeniedException(String) - Constructor for exception org.springframework.security.access.AccessDeniedException
-
Constructs an
AccessDeniedException
with the specified message. - AccessDeniedException(String, Throwable) - Constructor for exception org.springframework.security.access.AccessDeniedException
-
Constructs an
AccessDeniedException
with the specified message and root cause. - accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Specifies the
AccessDeniedHandler
to be used - accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Configures the
ServerAccessDeniedHandler
used when a CSRF token is invalid. - accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
-
Configures what to do when an authenticated user does not hold a required authority
- accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ServerAccessDeniedHandler
to use for requests authenticating with Bearer Tokens. - AccessDeniedHandler - Interface in org.springframework.security.web.access
-
Used by
ExceptionTranslationFilter
to handle anAccessDeniedException
. - AccessDeniedHandlerImpl - Class in org.springframework.security.web.access
-
Base implementation of
AccessDeniedHandler
. - AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl
- accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Shortcut to specify the
AccessDeniedHandler
to be used is a specific error page - accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this
OAuth2AccessToken
- accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this
OAuth2AccessToken
- accessTokenHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this access token hash in the resulting
OidcIdToken
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the client used for requesting the access token credential from the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
-
Sets the client used for requesting the access token credential from the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- ACCOUNT_LOCKED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Defines if the account is expired or not.
- accountExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Defines if the account is expired or not.
- accountExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- AccountExpiredException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the account has expired.
- AccountExpiredException(String) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
-
Constructs a
AccountExpiredException
with the specified message. - AccountExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
-
Constructs a
AccountExpiredException
with the specified message and root cause. - accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Defines if the account is locked or not.
- accountLocked(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Defines if the account is locked or not.
- accountLocked(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- AccountStatusException - Exception in org.springframework.security.authentication
-
Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).
- AccountStatusException(String) - Constructor for exception org.springframework.security.authentication.AccountStatusException
- AccountStatusException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountStatusException
- AccountStatusUserDetailsChecker - Class in org.springframework.security.authentication
- AccountStatusUserDetailsChecker() - Constructor for class org.springframework.security.authentication.AccountStatusUserDetailsChecker
- Acl - Interface in org.springframework.security.acls.model
-
Represents an access control list (ACL) for a domain object.
- AclAuthorizationStrategy - Interface in org.springframework.security.acls.domain
-
Strategy used by
AclImpl
to determine whether a principal is permitted to call adminstrative methods on theAclImpl
. - AclAuthorizationStrategyImpl - Class in org.springframework.security.acls.domain
-
Default implementation of
AclAuthorizationStrategy
. - AclAuthorizationStrategyImpl(GrantedAuthority...) - Constructor for class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
-
Constructor.
- AclCache - Interface in org.springframework.security.acls.model
-
A caching layer for
JdbcAclService
. - AclDataAccessException - Exception in org.springframework.security.acls.model
-
Abstract base class for Acl data operations.
- AclDataAccessException(String) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
-
Constructs an
AclDataAccessException
with the specified message and no root cause. - AclDataAccessException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
-
Constructs an
AclDataAccessException
with the specified message and root cause. - AclEntryAfterInvocationCollectionFilteringProvider - Class in org.springframework.security.acls.afterinvocation
-
Given a
Collection
of domain object instances returned from a secure object invocation, remove anyCollection
elements the principal does not have appropriate permission to access as defined by theAclService
. - AclEntryAfterInvocationCollectionFilteringProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
- AclEntryAfterInvocationProvider - Class in org.springframework.security.acls.afterinvocation
-
Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the
AclService
. - AclEntryAfterInvocationProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- AclEntryAfterInvocationProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- AclEntryVoter - Class in org.springframework.security.acls
-
Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the
AclService
. - AclEntryVoter(AclService, String, Permission[]) - Constructor for class org.springframework.security.acls.AclEntryVoter
- AclFormattingUtils - Class in org.springframework.security.acls.domain
-
Utility methods for displaying ACL information.
- AclFormattingUtils() - Constructor for class org.springframework.security.acls.domain.AclFormattingUtils
- AclImpl - Class in org.springframework.security.acls.domain
-
Base implementation of
Acl
. - AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.domain.AclImpl
-
Minimal constructor, which should be used
MutableAclService.createAcl(ObjectIdentity)
. - AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, PermissionGrantingStrategy, Acl, List<Sid>, boolean, Sid) - Constructor for class org.springframework.security.acls.domain.AclImpl
-
Full constructor, which should be used by persistence tools that do not provide field-level access features.
- AclPermissionCacheOptimizer - Class in org.springframework.security.acls
-
Batch loads ACLs for collections of objects to allow optimised filtering.
- AclPermissionCacheOptimizer(AclService) - Constructor for class org.springframework.security.acls.AclPermissionCacheOptimizer
- AclPermissionEvaluator - Class in org.springframework.security.acls
-
Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module.
- AclPermissionEvaluator(AclService) - Constructor for class org.springframework.security.acls.AclPermissionEvaluator
- aclService - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- AclService - Interface in org.springframework.security.acls.model
-
Provides retrieval of
Acl
instances. - ACR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
acr
- the Authentication Context Class Reference - ACTIVE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
active
- Indicator whether or not the token is currently active - ActiveDirectoryAuthenticationException - Exception in org.springframework.security.ldap.authentication.ad
-
Thrown as a translation of an
AuthenticationException
when attempting to authenticate against Active Directory usingActiveDirectoryLdapAuthenticationProvider
. - ActiveDirectoryLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication.ad
-
Specialized LDAP authentication provider which uses Active Directory configuration conventions.
- ActiveDirectoryLdapAuthenticationProvider(String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
- ActiveDirectoryLdapAuthenticationProvider(String, String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
- ACTOR_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
actor_token
- used in Token Exchange Access Token Request. - ACTOR_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
actor_token_type
- used in Token Exchange Access Token Request. - add(PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
- add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
- add(ServerWebExchangeMatcher, ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder
-
Maps a
ServerWebExchangeMatcher
to anReactiveAuthenticationManager
. - add(RequestMatcher, AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder
-
Maps a
RequestMatcher
to anAuthorizationManager
. - add(RequestMatcher, AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Maps a
RequestMatcher
to anAuthorizationManager
. - addAdvisor(AuthorizationAdvisor) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Add an advisor that should be included to each proxy created.
- addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
-
Deprecated.
- addAuthorities(LdapName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- addAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Deprecated.
- addAuthority(GrantedAuthority) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- addAuthority(GrantedAuthority) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
-
Adds the authority to the list, unless it is already there, in which case it is ignored
- addCn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- addConverters(ConverterRegistry) - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService
-
Adds the converters that provide type conversion for claim values to the provided
ConverterRegistry
. - addCustomAuthorities(String, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Allows subclasses to add their own granted authorities to the list to be returned in the UserDetails.
- addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Adds a
Filter
that must be an instance of or extend one of the Filters provided within the Security framework. - addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding a
Filter
after one of the knownFilter
classes. - addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Adds a
WebFilter
after specific position. - addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds the Filter at the location of the specified Filter class.
- addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Adds a
WebFilter
at a specific position. - addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding a
Filter
before one of the knownFilter
classes. - addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Adds a
WebFilter
before specific position. - addGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager
-
Assigns a new authority to a group.
- addGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- addHeadersConverter(Converter<TokenExchangeGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
-
Add (compose) the provided
headersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
-
Add (compose) the provided
headersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Add (compose) the provided
headersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Adds a
HeaderWriter
instance - additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
Allows subclasses to perform any additional checks of a returned (or cached)
UserDetails
for a given authentication request. - additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- additionalParameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Consumer
to be provided access to the additional parameter(s) allowing the ability to add, replace, or remove. - additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Sets the additional parameters returned in the response.
- additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the additional parameter(s) used in the request.
- additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
-
Sets the additional parameters returned in the response.
- addListener(SmartApplicationListener) - Method in class org.springframework.security.context.DelegatingApplicationListener
-
Adds a new SmartApplicationListener to use.
- addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Adds a
LogoutHandler
. - addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Deprecated, for removal: This API element is subject to removal in a future version.
- addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Adds an
ObjectPostProcessor
to be used for thisSecurityConfigurerAdapter
. - addParametersConverter(Converter<TokenExchangeGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
-
Add (compose) the provided
parametersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
of the parameters used in the OAuth 2.0 Access Token Request body. - addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
-
Add (compose) the provided
parametersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
used in the OAuth 2.0 Access Token Request body. - addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Add (compose) the provided
parametersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
used in the OAuth 2.0 Access Token Request body. - addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
-
Adds a
PayloadInterceptor
to be used. - address(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this address in the resulting
OidcUserInfo
- ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
-
The
address
scope requests access to theaddress
claim. - ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
address
- the user's preferred postal address - AddressStandardClaim - Interface in org.springframework.security.oauth2.core.oidc
-
The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.
- addSecureMethod(Class<?>, Method, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Adds configuration attributes for a specific method, for example where the method has been matched using a pointcut expression.
- addSecureMethod(Class<?>, String, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Add configuration attributes for a secure method.
- addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Adds builders to create
SecurityFilterChain
instances. - addSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Adds an additional
SessionAuthenticationStrategy
to be used within theCompositeSessionAuthenticationStrategy
. - addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
- addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
- addUserToGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Makes a user a member of a particular group.
- addUserToGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- admin - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- ADMINISTRATION - Static variable in class org.springframework.security.acls.domain.BasePermission
- AesBytesEncryptor - Class in org.springframework.security.crypto.encrypt
-
Encryptor that uses AES encryption.
- AesBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor(String, CharSequence, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor(SecretKey, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor.CipherAlgorithm - Enum Class in org.springframework.security.crypto.encrypt
- AffirmativeBased - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorizationManager
instead - AffirmativeBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AffirmativeBased
-
Deprecated.
- after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
-
Deprecated.
- after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in interface org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice
-
Deprecated.
- AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- afterHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Exception) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
- afterInvocation(InterceptorStatusToken, Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
- afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provide a custom
AfterInvocationManager
for the default implementation ofGlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource)
. - AfterInvocationManager - Interface in org.springframework.security.access.intercept
-
Deprecated.Use delegation with
AuthorizationManager
- AfterInvocationProvider - Interface in org.springframework.security.access
-
Deprecated.Use delegation with
AuthorizationManager
- AfterInvocationProviderManager - Class in org.springframework.security.access.intercept
-
Deprecated.Use delegation with
AuthorizationManager
- AfterInvocationProviderManager() - Constructor for class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Validates the required properties are set.
- afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
- afterPropertiesSet() - Method in class org.springframework.security.authentication.ProviderManager
- afterPropertiesSet() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.cas.ServiceProperties
- afterPropertiesSet() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
-
Check whether all properties have been set to correct values.
- afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
- afterPropertiesSet() - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- afterPropertiesSet() - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- afterPropertiesSet() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Check that all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
-
Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy
- afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- afterReceiveCompletion(Message<?>, MessageChannel, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.
- afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Invoked after the springSecurityFilterChain is added.
- afterTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- afterTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
Clears out the
TestSecurityContextHolder
and theSecurityContextHolder
after each test method. - ALG - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
alg
- the algorithm header identifies the cryptographic algorithm used to secure a JWS or JWE - algorithm(JwaAlgorithm) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the
JWA algorithm
used to digitally sign the JWS or encrypt the JWE. - ALL - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- ALL - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- allocateToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- allocateToken(String) - Method in interface org.springframework.security.core.token.TokenService
-
Forces the allocation of a new
Token
. - allOf(AuthorizationDecision, AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that grants access if allAuthorizationManager
s granted, ifmanagers
are empty or abstained, a defaultAuthorizationDecision
is returned. - allOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that grants access if allAuthorizationManager
s granted or abstained, ifmanagers
are empty then granted decision is returned. - allOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers
-
Creates a
RequestMatcher
that matches if all the givenRequestMatcher
s match, ifmatchers
are empty then the returned matcher always matches. - ALLOW_FROM - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Allows subclasses to customise behaviour when too many sessions are detected.
- allowCredentials(List<PublicKeyCredentialDescriptor>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Sets the
PublicKeyCredentialRequestOptions.getAllowCredentials()
property - allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
-
Deprecated.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
-
Deprecated.
- ALLOWED_HEADER_NAMES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
- ALLOWED_HEADER_NAMES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- ALLOWED_HEADER_VALUES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
- ALLOWED_HEADER_VALUES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- ALLOWED_PARAMETER_NAMES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
- ALLOWED_PARAMETER_NAMES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- ALLOWED_PARAMETER_VALUES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
- ALLOWED_PARAMETER_VALUES - Static variable in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- allowedOrigins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
-
Convenience method for
WebAuthnConfigurer.allowedOrigins(Set)
- allowedOrigins(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
-
Sets the allowed origins.
- AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- AlreadyBuiltException - Exception in org.springframework.security.config.annotation
-
Thrown when
AbstractSecurityBuilder.build()
is two or more times. - AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException
- AlreadyExistsException - Exception in org.springframework.security.acls.model
-
Thrown if an
Acl
entry already exists for the object. - AlreadyExistsException(String) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
-
Constructs an
AlreadyExistsException
with the specified message. - AlreadyExistsException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
-
Constructs an
AlreadyExistsException
with the specified message and root cause. - ALWAYS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Always create an
HttpSession
- alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Whether the cookie should always be created even if the remember-me parameter is not set.
- AMR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
amr
- the Authentication Methods References - and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
Gets the
LdapAuthenticationProviderConfigurer
for further customizations - and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
-
Allows obtaining a reference to the
LdapAuthenticationProviderConfigurer
for further customizations - and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Returns the
UserDetailsManagerConfigurer
for method chaining (i.e. - and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use the lambda based configuration instead.
- and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.Use the lambda based configuration instead. For example:
@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .securityMatchers((matchers) -> matchers .requestMatchers("/api/**") ) .authorizeHttpRequests((authorize) -> authorize .anyRequest().hasRole("USER") ) .httpBasic(Customizer.withDefaults()); return http.build(); } }
- and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
-
Returns the
WebSecurity
to be returned for chaining. - and() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use the lambda based configuration instead.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.requiresChannel(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.cacheControl(Customizer)
orcacheControl(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.contentSecurityPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.contentTypeOptions(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.crossOriginEmbedderPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.crossOriginOpenerPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.crossOriginResourcePolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig
-
Allows completing configuration of Feature Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Allows completing configuration of Public Key Pinning and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.httpStrictTransportSecurity(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.permissionsPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2ClientConfigurer.authorizationCodeGrant(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.authorizationEndpoint(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.redirectionEndpoint(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.tokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.userInfoEndpoint(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2ResourceServerConfigurer.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
Saml2LogoutConfigurer.logoutRequest(Customizer)
orlogoutRequest(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
Saml2LogoutConfigurer.logoutResponse(Customizer)
orlogoutResponse(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
- and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
SessionManagementConfigurer.sessionConcurrency(Customizer)
instead - and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.authorizeExchange(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.exceptionHandling(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
#featurePolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.hsts(Customizer)
orhsts(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.oauth2ResourceServer(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.passwordManagement(Customizer)
instead - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - AndMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher
-
MessageMatcher
that will return true if all of the passed inMessageMatcher
instances match. - AndMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
-
Creates a new instance
- AndMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
-
Creates a new instance
- AndRequestMatcher - Class in org.springframework.security.web.util.matcher
-
RequestMatcher
that will return true if all of the passed inRequestMatcher
instances match. - AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Creates a new instance
- AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Creates a new instance
- AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if all the provided
ServerWebExchangeMatcher
match - AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- AnnotationMetadataExtractor<A extends Annotation> - Interface in org.springframework.security.access.annotation
-
Deprecated.Used only by now-deprecated classes. Consider
SecuredAuthorizationManager
for `@Secured` methods. - AnnotationParameterNameDiscoverer - Class in org.springframework.security.core.parameters
-
Allows finding parameter names using the value attribute of any number of
Annotation
instances. - AnnotationParameterNameDiscoverer(String...) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
- AnnotationParameterNameDiscoverer(Set<String>) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
- AnnotationTemplateExpressionDefaults - Class in org.springframework.security.core.annotation
-
A component for configuring the expression attribute template of the parsed Spring Security annotation
- AnnotationTemplateExpressionDefaults() - Constructor for class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults
- anonymous() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance of
AuthenticatedAuthorizationManager
that determines if theAuthentication
is anonymous. - anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by anonymous users.
- anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by anonymous users.
- anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies that an anonymous user is allowed access
- anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by anonymous users.
- anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.anonymous(Customizer)
oranonymous(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - anonymous() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by anonymous users.
- anonymous() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that uses anAnonymousAuthenticationToken
. - anonymous() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specify that URLs are allowed by anonymous users.
- anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring how an anonymous user is represented.
- anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Enables and Configures anonymous authentication.
- ANONYMOUS - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where anonymous authentication is placed.
- ANONYMOUS - Static variable in class org.springframework.security.config.Elements
- ANONYMOUS_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
Instance of AnonymousAuthenticationWebFilter
- AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication
-
Detects if there is no
Authentication
object in theSecurityContextHolder
, and populates it with one if needed. - AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- AnonymousAuthenticationProvider - Class in org.springframework.security.authentication
-
An
AuthenticationProvider
implementation that validatesAnonymousAuthenticationToken
s. - AnonymousAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationProvider
- AnonymousAuthenticationToken - Class in org.springframework.security.authentication
-
Represents an anonymous
Authentication
. - AnonymousAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationToken
-
Constructor.
- AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
-
Detects if there is no
Authentication
object in theReactiveSecurityContextHolder
, and populates it with one if needed. - AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Configures Anonymous authentication (i.e.
- AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Creates a new instance
- AnonymousPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
-
If
ReactiveSecurityContextHolder
is empty populates anAnonymousAuthenticationToken
- AnonymousPayloadInterceptor(String) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousPayloadInterceptor(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
- ant - Enum constant in enum class org.springframework.security.config.http.MatcherType
- antMatcher(String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the specific pattern which will match all HTTP methods in a case-sensitive manner.
- antMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher that will match all request with the supplied HTTP method in a case-sensitive manner.
- antMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern and HTTP method in a case-sensitive manner.
- AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Matcher which compares a pre-defined ant-style pattern against the URL (
servletPath + pathInfo
) of anHttpServletRequest
. - AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.
- AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.
- AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern which will match the specified Http method
- AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern which will match the specified Http method
- ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- ANY_MESSAGE - Static variable in interface org.springframework.security.messaging.util.matcher.MessageMatcher
-
Matches every
Message
- anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
-
Always matches
- anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Maps any request.
- anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
-
Disables authorization.
- anyExchange() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
- anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Matches any exchange
- anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Maps any
Message
to a security expression. - anyMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
Maps any
Message
to a security expression. - anyOf(AuthorizationDecision, AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that grants access if at least oneAuthorizationManager
granted, ifmanagers
are empty or abstained, a defaultAuthorizationDecision
is returned. - anyOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that grants access if at least oneAuthorizationManager
granted or abstained, ifmanagers
are empty then denied decision is returned. - anyOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers
-
Creates a
RequestMatcher
that matches if at least one of the givenRequestMatcher
s matches, ifmatchers
are empty then the returned matcher never matches. - anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
-
Matches if
PayloadExchangeType.isRequest()
is true, else not a match - anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Maps any request.
- anyRequest() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
- anyRequest() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Maps any request.
- AnyRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Matches any supplied request.
- ApacheDSContainer - Class in org.springframework.security.ldap.server
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
UnboundIdContainer
instead because ApacheDS 1.x is no longer supported with no GA version to replace it. - ApacheDSContainer(String, String) - Constructor for class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Inserts the provided
Filter
s after existingFilter
s using default generated names,AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes()
, andAbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported()
. - apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer)
instead. - apply(Row, RowMetadata) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
- apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor
- apply(JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
- apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.
- apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- Argon2PasswordEncoder - Class in org.springframework.security.crypto.argon2
-
Implementation of PasswordEncoder that uses the Argon2 hashing function.
- Argon2PasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
-
Constructs an Argon2 password encoder with the provided parameters.
- asHeader() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
- AspectJCallback - Interface in org.springframework.security.access.intercept.aspectj
-
Deprecated.This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.
- AspectJMethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aspectj
-
Deprecated.This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.
- AspectJMethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
-
Deprecated.
- assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Deprecated, for removal: This API element is subject to removal in a future version.
- assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Apply this
Consumer
to further configure the Asserting Party metadata - AssertingPartyMetadata - Interface in org.springframework.security.saml2.provider.service.registration
-
An interface representing SAML 2.0 Asserting Party metadata
- AssertingPartyMetadata.Builder<B extends AssertingPartyMetadata.Builder<B>> - Interface in org.springframework.security.saml2.provider.service.registration
- AssertingPartyMetadataRepository - Interface in org.springframework.security.saml2.provider.service.registration
-
A repository for retrieving SAML 2.0 Asserting Party Metadata
- ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
assertion
- used in Access Token Request. - assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the AssertionConsumerService Binding.
- assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the AssertionConsumerService Location.
- AT_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
at_hash
- the Access Token hash value - ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser
- ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
-
Optionally defines an ldif resource to be loaded.
- ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
-
Defines the port the LDAP_PROVIDER server should run on
- ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
-
sets the configuration suffix (default is "dc=springframework,dc=org").
- ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Performs actual authentication.
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter
- attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Attempt to exit from an already switched user.
- attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Attempt to switch to another user.
- attestation(AttestationConveyancePreference) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getAttestation()
property. - attestationClientDataJSON(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- AttestationConveyancePreference - Class in org.springframework.security.web.webauthn.api
-
WebAuthn Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation conveyance during credential generation.
- attestationObject(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder
-
Set the
AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder.attestationObject
property - attestationObject(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder
-
Sets the
AuthenticatorAttestationResponse.getAttestationObject()
property. - attestationObject(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Sets an attribute associated to the context.
- attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Sets an attribute associated to the request.
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Provides a
Consumer
access to the attributes associated to the context. - attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Provides a
Consumer
access to the attributes associated to the request. - attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Consumer
to be provided access to the attribute(s) allowing the ability to add, replace, or remove. - attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Mutate the attributes using the given
Consumer
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Mutate the attributes using the given
Consumer
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Mutate the attributes using the given
Consumer
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Mutate the attributes using the given
Consumer
- attributes(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the attributes associated to the request.
- Attributes2GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping
-
Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security
GrantedAuthority
s. - AUD - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
aud
- the Audience(s) that the ID Token is intended for - AUD - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
aud
- The intended audience for the token - AUD - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
aud
- the Audience(s) that the ID Token is intended for - AUD - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
aud
- the Audience claim identifies the recipient(s) that the JWT is intended for - audience(Collection<String>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this audience in the resulting
OidcLogoutToken
- audience(Collection<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this audience in the resulting
OidcIdToken
- audience(Collection<String>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this audience in the resulting
Jwt
- audience(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the audience
(aud)
claim, which identifies the recipient(s) that the JWT is intended for. - AUDIENCE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
audience
- used in Token Exchange Access Token Request. - AuditableAccessControlEntry - Interface in org.springframework.security.acls.model
-
Represents an ACE that provides auditing information.
- AuditableAcl - Interface in org.springframework.security.acls.model
-
A mutable ACL that provides audit capabilities.
- AuditLogger - Interface in org.springframework.security.acls.domain
-
Used by
AclImpl
to log audit events. - AUTH_TIME - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
auth_time
- the time when the End-User authentication occurred - authenticate(Authentication) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- authenticate(Authentication) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
- authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationManager
-
Attempts to authenticate the passed
Authentication
object, returning a fully populatedAuthentication
object (including granted authorities) if successful. - authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationProvider
-
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
. - authenticate(Authentication) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Attempts to login the user given the Authentication objects principal and credential
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ott.reactive.OneTimeTokenReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ProviderManager
-
Attempts to authenticate the passed
Authentication
object. - authenticate(Authentication) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManager
-
Attempts to authenticate the provided
Authentication
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
- authenticate(Authentication) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
- authenticate(Authentication) - Method in interface org.springframework.security.ldap.authentication.LdapAuthenticator
-
Authenticates as a user and obtains additional user information from the directory.
- authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
-
Decode and validate the Bearer Token.
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
-
Introspect and validate the opaque Bearer Token and then delegates
Authentication
instantiation toOpaqueTokenAuthenticationConverter
. - authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
-
Introspect and validate the opaque Bearer Token and then delegates
Authentication
instantiation toReactiveOpaqueTokenAuthenticationConverter
. - authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Authenticate the given PreAuthenticatedAuthenticationToken.
- authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider
- authenticate(RelyingPartyAuthenticationRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
- authenticate(RelyingPartyAuthenticationRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations
-
Authenticates the
RelyingPartyAuthenticationRequest
passed in - authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance of
AuthenticatedAuthorizationManager
. - authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
-
Gets an instance of
AuthenticatedReactiveAuthorizationManager
- authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by any authenticated user.
- authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by any authenticated user.
- authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by any authenticated user.
- authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require an authenticated user
- authenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by any authenticated user.
- authenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
-
ResultMatcher
that verifies that a specified user is authenticated. - authenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specify that URLs are allowed by any authenticated user.
- authenticated(Object, Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
-
This factory method can be safely used by any code that wishes to create a authenticated
UsernamePasswordAuthenticationToken
. - authenticated(Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
-
Creates an unauthenticated token
- AuthenticatedAuthorizationManager<T> - Class in org.springframework.security.authorization
-
An
AuthorizationManager
that determines if the current user is authenticated. - AuthenticatedAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance that determines if the current user is authenticated, this is the same as calling
AuthenticatedAuthorizationManager.authenticated()
factory method. - AuthenticatedPrincipal - Interface in org.springframework.security.core
-
Representation of an authenticated
Principal
once anAuthentication
request has been successfully authenticated by theAuthenticationManager.authenticate(Authentication)
method. - AuthenticatedPrincipalOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web
-
An implementation of an
OAuth2AuthorizedClientRepository
that delegates to the providedOAuth2AuthorizedClientService
if the currentPrincipal
is authenticated, otherwise, to the default (or provided)OAuth2AuthorizedClientRepository
if the current request is unauthenticated (or anonymous). - AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
-
Constructs a
AuthenticatedPrincipalOAuth2AuthorizedClientRepository
using the provided parameters. - AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server
-
An implementation of an
ServerOAuth2AuthorizedClientRepository
that delegates to the providedServerOAuth2AuthorizedClientRepository
if the currentPrincipal
is authenticated, otherwise, to the default (or provided)ServerOAuth2AuthorizedClientRepository
if the current request is unauthenticated (or anonymous). - AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
-
Creates an instance
- AuthenticatedReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
-
A
ReactiveAuthorizationManager
that determines if the current user is authenticated. - authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Specifies the
AuthenticationUserDetailsService
that is used with thePreAuthenticatedAuthenticationProvider
. - AuthenticatedVoter - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorityAuthorizationManager
instead - AuthenticatedVoter() - Constructor for class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- authentication(Authentication) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theAuthentication
used to look up and save theOAuth2AuthorizedClient
. - authentication(Authentication) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that uses the specifiedAuthentication
for theAuthentication.getPrincipal()
and a customUserDetails
. - Authentication - Interface in org.springframework.security.core
-
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the
AuthenticationManager.authenticate(Authentication)
method. - AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
A generic placeholder for other types of authentication.
- AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes
-
Used to cache an authentication-failure exception in the session.
- AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds
-
The "global" AuthenticationManager instance, registered by the <authentication-manager> element
- AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements
- AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
- AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration
-
Exports the authentication
Configuration
- AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- authenticationContextClass(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authentication context class reference in the resulting
OidcIdToken
- authenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- authenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Use this
AuthenticationConverter
when converting incoming requests to anAuthentication
. - authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Use this
AuthenticationConverter
when converting incoming requests to anAuthentication
. - authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the converter to use
- authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the converter to use
- authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Use this
ServerAuthenticationConverter
when converting incoming requests to anAuthentication
. - AuthenticationConverter - Interface in org.springframework.security.web.authentication
-
A strategy used for converting from a
HttpServletRequest
to anAuthentication
of particular type. - AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication
- AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
- AuthenticationCredentialsNotFoundEvent - Class in org.springframework.security.access.event
-
Deprecated.Authentication is now separated from authorization. Consider
AbstractAuthenticationFailureEvent
instead. - AuthenticationCredentialsNotFoundEvent(Object, Collection<ConfigAttribute>, AuthenticationCredentialsNotFoundException) - Constructor for class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
-
Deprecated.Construct the event.
- AuthenticationCredentialsNotFoundException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because there is no
Authentication
object in theSecurityContext
. - AuthenticationCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
-
Constructs an
AuthenticationCredentialsNotFoundException
with the specified message. - AuthenticationCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
-
Constructs an
AuthenticationCredentialsNotFoundException
with the specified message and root cause. - authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies a custom
AuthenticationDetailsSource
. - authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
Specifies a custom
AuthenticationDetailsSource
to use for basic authentication. - authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Specifies the
AuthenticationDetailsSource
- AuthenticationDetailsSource<C,
T> - Interface in org.springframework.security.authentication -
Provides a
Authentication.getDetails()
object for a given web request. - authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Sets the
AuthenticationEntryPoint
to be used. - authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
The
AuthenticationEntryPoint
to be populated onBasicAuthenticationFilter
in the event that authentication fails. - authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
-
Configures what to do when the application request authentication
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
How to request for authentication.
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
Allows easily setting the entry point.
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ServerAuthenticationEntryPoint
to use for requests authenticating with Bearer Tokens. - AuthenticationEntryPoint - Interface in org.springframework.security.web
-
Used by
ExceptionTranslationFilter
to commence an authentication scheme. - AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication
-
Adapts a
AuthenticationEntryPoint
into aAuthenticationFailureHandler
- AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
- authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Sets the
AuthenticationEventPublisher
- AuthenticationEventPublisher - Interface in org.springframework.security.authentication
- AuthenticationException - Exception in org.springframework.security.core
-
Abstract superclass for all exceptions related to an
Authentication
object being invalid for whatever reason. - AuthenticationException(String) - Constructor for exception org.springframework.security.core.AuthenticationException
-
Constructs an
AuthenticationException
with the specified message and no root cause. - AuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.core.AuthenticationException
-
Constructs an
AuthenticationException
with the specified message and root cause. - AuthenticationExtensionsClientInput<T> - Interface in org.springframework.security.web.webauthn.api
-
A client extension input entry in the
AuthenticationExtensionsClientInputs
. - AuthenticationExtensionsClientInputs - Interface in org.springframework.security.web.webauthn.api
-
AuthenticationExtensionsClientInputs is a dictionary containing the client extension input values for zero or more WebAuthn Extensions.
- AuthenticationExtensionsClientOutput<T> - Interface in org.springframework.security.web.webauthn.api
- AuthenticationExtensionsClientOutputs - Interface in org.springframework.security.web.webauthn.api
-
AuthenticationExtensionsClientOutputs is a dictionary containing the client extension output values for zero or more WebAuthn Extensions.
- AuthenticationFailureBadCredentialsEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to invalid credentials being presented.
- AuthenticationFailureBadCredentialsEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
- AuthenticationFailureCredentialsExpiredEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's credentials having expired.
- AuthenticationFailureCredentialsExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent
- AuthenticationFailureDisabledEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's account being disabled.
- AuthenticationFailureDisabledEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent
- AuthenticationFailureExpiredEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's account having expired.
- AuthenticationFailureExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent
- authenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Specifies the
AuthenticationFailureHandler
to use when authentication fails. - authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Configures how a failed authentication is handled.
- authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
- authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
The
ServerAuthenticationFailureHandler
used after authentication failure. - authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
- authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Specifies the
ServerAuthenticationFailureHandler
to use when authentication fails. - AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication
-
Strategy used to handle a failed authentication attempt.
- AuthenticationFailureLockedEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's account having been locked.
- AuthenticationFailureLockedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureLockedEvent
- AuthenticationFailureProviderNotFoundEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to there being no registered
AuthenticationProvider
that can process the request. - AuthenticationFailureProviderNotFoundEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent
- AuthenticationFailureProxyUntrustedEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy.
- AuthenticationFailureProxyUntrustedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent
- AuthenticationFailureServiceExceptionEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to there being a problem internal to the
AuthenticationManager
. - AuthenticationFailureServiceExceptionEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent
- authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
AnonymousAuthenticationFilter
used to populate an anonymous user. - authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the
AnonymousAuthenticationWebFilter
used to populate an anonymous user. - AuthenticationFilter - Class in org.springframework.security.web.authentication
-
A
Filter
that performs authentication of a particular request. - AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
- AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
- authenticationIsRequired(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Allows providing a custom
AuthenticationManager
. - authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configure the default
AuthenticationManager
. - authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
- authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Allows a configuration of a
AuthenticationManager
to be used during SAML 2 authentication. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configure the default authentication manager.
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
The
ReactiveAuthenticationManager
used to authenticate. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
The
ReactiveAuthenticationManager
used to authenticate. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Configures the
ReactiveAuthenticationManager
to use. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Configures the
ReactiveAuthenticationManager
to use. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
-
Configures the
ReactiveAuthenticationManager
to use - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Specifies
ReactiveAuthenticationManager
for one time tokens. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
- AuthenticationManager - Interface in org.springframework.security.authentication
-
Processes an
Authentication
request. - AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication
-
Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.
- AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
- AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication
-
Provider which doesn't provide any service.
- authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders
-
SecurityBuilder
used to create anAuthenticationManager
. - AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Deprecated, for removal: This API element is subject to removal in a future version.
- AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Creates a new instance
- AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication
-
Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.
- AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ReactiveAuthenticationManagerResolver
- AuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication
-
An interface for resolving an
AuthenticationManager
based on the provided context - authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the
matcher
used for determining if the request is an authentication request. - AuthenticationMethod - Class in org.springframework.security.oauth2.core
-
The authentication method used when sending bearer access tokens in resource requests to resource servers.
- AuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.AuthenticationMethod
-
Constructs an
AuthenticationMethod
using the provided value. - authenticationMethods(List<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use these authentication methods in the resulting
OidcIdToken
- AuthenticationObservationContext - Class in org.springframework.security.authentication
-
An
Observation.Context
used during authentications - AuthenticationObservationContext() - Constructor for class org.springframework.security.authentication.AuthenticationObservationContext
- AuthenticationObservationConvention - Class in org.springframework.security.authentication
-
An
ObservationConvention
for translating authentications intoKeyValues
. - AuthenticationObservationConvention() - Constructor for class org.springframework.security.authentication.AuthenticationObservationConvention
- AuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
-
Converts from the
PayloadExchange
for Authentication Extension. - AuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
- AuthenticationPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
-
Uses the provided
ReactiveAuthenticationManager
to authenticate a Payload. - AuthenticationPayloadInterceptor(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
-
Creates a new instance
- AuthenticationPrincipal - Annotation Interface in org.springframework.security.core.annotation
-
Annotation that is used to resolve
Authentication.getPrincipal()
to a method argument. - AuthenticationPrincipal - Annotation Interface in org.springframework.security.web.bind.annotation
-
Deprecated.Use
AuthenticationPrincipal
instead. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.context
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support
-
Deprecated.Use
AuthenticationPrincipalArgumentResolver
instead. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
-
Resolves the Authentication
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Add authentication based upon the custom
AuthenticationProvider
that is passed in. - authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder
-
Add authentication based upon the custom
AuthenticationProvider
that is passed in. - authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
AuthenticationProvider
used to validate an anonymous user. - authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Specifies the
AuthenticationProvider
to use when authenticating the user. - authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding an additional
AuthenticationProvider
to be used - AuthenticationProvider - Interface in org.springframework.security.authentication
-
Indicates a class can process a specific
Authentication
implementation. - AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication
-
Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.
- AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
- authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Use this
Saml2AuthenticationRequestResolver
for generating SAML 2.0 Authentication Requests. - authenticationRequestUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Deprecated.
- authenticationRequestUri(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Sets the
authenticationRequestUri
, a URL that will receive the AuthNRequest message - authenticationRequestUriQuery(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Customize the URL that the SAML Authentication Request will be sent to.
- AuthenticationServiceException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request could not be processed due to a system problem.
- AuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
-
Constructs an
AuthenticationServiceException
with the specified message. - AuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
-
Constructs an
AuthenticationServiceException
with the specified message and root cause. - AuthenticationSuccessEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates successful authentication.
- AuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AuthenticationSuccessEvent
- authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Allows customizing the list of
ServerAuthenticationSuccessHandler
. - authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
Allows customizing the list of
ServerAuthenticationSuccessHandler
. - authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Allows customizing the list of
ServerAuthenticationSuccessHandler
. - authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Allows customizing the list of
ServerAuthenticationSuccessHandler
. - authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Specifies the
AuthenticationSuccessHandler
to be used. - authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
- authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
The
ServerAuthenticationSuccessHandler
used after authentication success. - authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
The
ServerAuthenticationSuccessHandler
used after authentication success. - authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
The
ServerAuthenticationSuccessHandler
used after authentication success. - authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Specifies the
ServerAuthenticationSuccessHandler
- AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication
-
Strategy used to handle a successful user authentication.
- AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser
-
Application event which indicates that a user context switch.
- AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
-
Switch user context event constructor
- AuthenticationTag - Class in org.springframework.security.taglibs.authz
-
An
Tag
implementation that allows convenient access to the currentAuthentication
object. - AuthenticationTag() - Constructor for class org.springframework.security.taglibs.authz.AuthenticationTag
- AuthenticationTrustResolver - Interface in org.springframework.security.authentication
-
Evaluates
Authentication
tokens - AuthenticationTrustResolverImpl - Class in org.springframework.security.authentication
-
Basic implementation of
AuthenticationTrustResolver
. - AuthenticationTrustResolverImpl() - Constructor for class org.springframework.security.authentication.AuthenticationTrustResolverImpl
- authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Specifies the
AuthenticationUserDetailsService
to use. - AuthenticationUserDetailsService<T extends Authentication> - Interface in org.springframework.security.core.userdetails
-
Interface that allows for retrieving a UserDetails object based on an Authentication object.
- AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
-
A
WebFilter
that performs authentication of a particular request. - AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Creates an instance
- AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Creates an instance
- AuthenticatorAssertionResponse - Class in org.springframework.security.web.webauthn.api
-
The AuthenticatorAssertionResponse interface represents an authenticator's response to a client's request for generation of a new authentication assertion given the WebAuthn Relying Party's challenge and OPTIONAL list of credentials it is aware of.
- AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder - Class in org.springframework.security.web.webauthn.api
-
Builds a
AuthenticatorAssertionResponse
. - authenticatorAttachment(AuthenticatorAttachment) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder
-
Sets the
AuthenticatorSelectionCriteria.getAuthenticatorAttachment()
property. - authenticatorAttachment(AuthenticatorAttachment) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Sets the
PublicKeyCredential.getAuthenticatorAttachment()
property. - AuthenticatorAttachment - Class in org.springframework.security.web.webauthn.api
- AuthenticatorAttestationResponse - Class in org.springframework.security.web.webauthn.api
-
AuthenticatorAttestationResponse represents the authenticator's response to a client's request for the creation of a new public key credential.
- AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder - Class in org.springframework.security.web.webauthn.api
-
Builds
AuthenticatorAssertionResponse
. - authenticatorData(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder
-
Set the
AuthenticatorAssertionResponse.getAuthenticatorData()
property - AuthenticatorResponse - Class in org.springframework.security.web.webauthn.api
- authenticatorSelection(AuthenticatorSelectionCriteria) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getAuthenticatorSelection()
property. - AuthenticatorSelectionCriteria - Class in org.springframework.security.web.webauthn.api
-
AuthenticatorAttachment can be used by WebAuthn Relying Parties to specify their requirements regarding authenticator attributes.
- AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder - Class in org.springframework.security.web.webauthn.api
-
Creates a
AuthenticatorSelectionCriteria
- AuthenticatorTransport - Class in org.springframework.security.web.webauthn.api
-
AuthenticatorTransport defines hints as to how clients might communicate with a particular authenticator in order to obtain an assertion for a specific credential.
- authnRequestsSigned(Boolean) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- authnRequestsSigned(Boolean) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the AuthnRequestsSigned setting.
- authorities() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
The authorities to use.
- authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the authorities.
- authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the authorities.
- authorities(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the
GrantedAuthority
s to use. - authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the authorities.
- authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the
GrantedAuthority
s to use. - authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
-
Populates the user's
GrantedAuthority
's. - authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Use the provided authorities in the token
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Use the provided authorities in the resulting principal
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Use the provided authorities in the token
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Use the provided authorities in the resulting principal
- authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the authorities.
- authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Provides the configured
Jwt
so that custom authorities can be derived from it - authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Provides the configured
Jwt
so that custom authorities can be derived from it - authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the authorities.
- authorities(GrantedAuthority...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the authorities.
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Use the provided authorities in the token
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Use the provided authorities in the resulting principal
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the
GrantedAuthority
s to use. - authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Use the provided authorities in the token
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Use the provided authorities in the resulting principal
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
-
Populates the user's
GrantedAuthority
's. - AuthoritiesAuthorizationManager - Class in org.springframework.security.authorization
-
An
AuthorizationManager
that determines if the current user is authorized by evaluating if theAuthentication
contains any of the specified authorities. - AuthoritiesAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthoritiesAuthorizationManager
- authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
Sets the query to be used for finding a user's authorities by their username.
- authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the
GrantedAuthoritiesMapper
. - AuthorityAuthorizationDecision - Class in org.springframework.security.authorization
-
Represents an
AuthorizationDecision
based on a collection of authorities - AuthorityAuthorizationDecision(boolean, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.authorization.AuthorityAuthorizationDecision
- AuthorityAuthorizationManager<T> - Class in org.springframework.security.authorization
-
An
AuthorizationManager
that determines if the current user is authorized by evaluating if theAuthentication
contains a specified authority. - AuthorityGranter - Interface in org.springframework.security.authentication.jaas
-
The AuthorityGranter interface is used to map a given principal to role names.
- authorityListToSet(Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Converts an array of GrantedAuthority objects to a Set.
- AuthorityReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
-
A
ReactiveAuthorizationManager
that determines if the current user is authorized by evaluating if theAuthentication
contains a specified authority. - AuthorityUtils - Class in org.springframework.security.core.authority
-
Utility method for manipulating GrantedAuthority collections etc.
- AUTHORIZATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where authorization is placed.
- AUTHORIZATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- AUTHORIZATION_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- AuthorizationAdvisor - Interface in org.springframework.security.authorization.method
-
An interface that indicates method security advice
- AuthorizationAdvisorProxyFactory - Class in org.springframework.security.authorization.method
-
A proxy factory for applying authorization advice to an arbitrary object.
- AuthorizationAdvisorProxyFactory(List<AuthorizationAdvisor>) - Constructor for class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Construct an
AuthorizationAdvisorProxyFactory
with the provided advisors. - AuthorizationAdvisorProxyFactory.TargetVisitor - Interface in org.springframework.security.authorization.method
-
An interface to handle how the
AuthorizationAdvisorProxyFactory
should step through the target's object hierarchy. - AuthorizationChannelInterceptor - Class in org.springframework.security.messaging.access.intercept
-
Authorizes
Message
resources using the providedAuthorizationManager
- AuthorizationChannelInterceptor(AuthorizationManager<Message<?>>) - Constructor for class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
-
Creates a new instance
- authorizationCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
authorization_code
grant. - authorizationCode() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
authorization_code
grant. - authorizationCode() - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns a new
OAuth2AuthorizationRequest.Builder
, initialized with the authorization code grant type. - authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2ClientConfigurer.authorizationCodeGrant(Customizer)
instead - authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Configures the OAuth 2.0 Authorization Code Grant.
- authorizationCodeHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authorization code hash in the resulting
OidcIdToken
- AuthorizationCodeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for theauthorization_code
grant. - AuthorizationCodeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
- AuthorizationCodeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
for theauthorization_code
grant. - AuthorizationCodeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
- AuthorizationContext - Class in org.springframework.security.web.server.authorization
- AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
- AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
- AuthorizationDecision - Class in org.springframework.security.authorization
- AuthorizationDecision(boolean) - Constructor for class org.springframework.security.authorization.AuthorizationDecision
- AuthorizationDeniedEvent<T> - Class in org.springframework.security.authorization.event
-
An
ApplicationEvent
which indicates failed authorization. - AuthorizationDeniedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationDeniedEvent
-
Deprecated.Please use an
AuthorizationResult
constructor instead - AuthorizationDeniedEvent(Supplier<Authentication>, T, AuthorizationResult) - Constructor for class org.springframework.security.authorization.event.AuthorizationDeniedEvent
- AuthorizationDeniedException - Exception in org.springframework.security.authorization
-
An
AccessDeniedException
that contains theAuthorizationResult
- AuthorizationDeniedException(String) - Constructor for exception org.springframework.security.authorization.AuthorizationDeniedException
- AuthorizationDeniedException(String, AuthorizationResult) - Constructor for exception org.springframework.security.authorization.AuthorizationDeniedException
- authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.authorizationEndpoint(Customizer)
instead - authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Configures the Authorization Server's Authorization Endpoint.
- AuthorizationEvent - Class in org.springframework.security.authorization.event
-
A parent class for
AuthorizationGrantedEvent
andAuthorizationDeniedEvent
. - AuthorizationEvent(Supplier<Authentication>, Object, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationEvent
-
Construct an
AuthorizationEvent
- AuthorizationEvent(Supplier<Authentication>, Object, AuthorizationResult) - Constructor for class org.springframework.security.authorization.event.AuthorizationEvent
-
Construct an
AuthorizationEvent
- AuthorizationEventPublisher - Interface in org.springframework.security.authorization
-
A contract for publishing authorization events
- AuthorizationFailureEvent - Class in org.springframework.security.access.event
-
Deprecated.Use
AuthorizationDeniedEvent
instead - AuthorizationFailureEvent(Object, Collection<ConfigAttribute>, Authentication, AccessDeniedException) - Constructor for class org.springframework.security.access.event.AuthorizationFailureEvent
-
Deprecated.Construct the event.
- authorizationFailureHandler(OAuth2AuthorizedClientService) - Static method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
-
Provides an
OAuth2AuthorizationFailureHandler
that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using aOAuth2AuthorizedClientService
. - authorizationFailureHandler(OAuth2AuthorizedClientRepository) - Static method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
-
Provides an
OAuth2AuthorizationFailureHandler
that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using aOAuth2AuthorizedClientRepository
. - AuthorizationFilter - Class in org.springframework.security.web.access.intercept
-
An authorization filter that restricts access to the URL using
AuthorizationManager
. - AuthorizationFilter(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Creates an instance.
- AuthorizationGrantedEvent<T> - Class in org.springframework.security.authorization.event
-
An
ApplicationEvent
which indicates successful authorization. - AuthorizationGrantedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationGrantedEvent
-
Deprecated.please use a constructor that takes an
AuthorizationResult
- AuthorizationGrantedEvent(Supplier<Authentication>, T, AuthorizationResult) - Constructor for class org.springframework.security.authorization.event.AuthorizationGrantedEvent
- authorizationGrantType(AuthorizationGrantType) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the
authorization grant type
used for the client. - AuthorizationGrantType - Class in org.springframework.security.oauth2.core
-
An authorization grant is a credential representing the resource owner's authorization (to access it's protected resources) to the client and used by the client to obtain an access token.
- AuthorizationGrantType(String) - Constructor for class org.springframework.security.oauth2.core.AuthorizationGrantType
-
Constructs an
AuthorizationGrantType
using the provided value. - AuthorizationInterceptorsOrder - Enum Class in org.springframework.security.authorization.method
-
Ordering of Spring Security's authorization
Advisor
s - AuthorizationManager<T> - Interface in org.springframework.security.authorization
-
An Authorization manager which can determine if an
Authentication
has access to a specific object. - AuthorizationManagerAfterMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which can determine if anAuthentication
has access to the result of anMethodInvocation
using anAuthorizationManager
- AuthorizationManagerAfterMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Creates an instance.
- AuthorizationManagerAfterReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which can determine if anAuthentication
has access to the returned object from theMethodInvocation
using the configuredReactiveAuthorizationManager
. - AuthorizationManagerAfterReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
-
Creates an instance.
- AuthorizationManagerBeforeMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which uses aAuthorizationManager
to determine if anAuthentication
may invoke the givenMethodInvocation
- AuthorizationManagerBeforeMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an instance.
- AuthorizationManagerBeforeReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which can determine if anAuthentication
has access to theMethodInvocation
using the configuredReactiveAuthorizationManager
. - AuthorizationManagerBeforeReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
-
Creates an instance.
- AuthorizationManagers - Class in org.springframework.security.authorization
-
A factory class to create an
AuthorizationManager
instances. - AuthorizationManagerWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
An implementation of
WebInvocationPrivilegeEvaluator
which delegates the checks to an instance ofAuthorizationManager
- AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer - Interface in org.springframework.security.web.access
-
Used to transform the
HttpServletRequest
prior to passing it into theAuthorizationManager
. - AuthorizationObservationContext<T> - Class in org.springframework.security.authorization
-
An
Observation.Context
used during authorizations - AuthorizationObservationContext(T) - Constructor for class org.springframework.security.authorization.AuthorizationObservationContext
- AuthorizationObservationConvention - Class in org.springframework.security.authorization
-
An
ObservationConvention
for translating authorizations intoKeyValues
. - AuthorizationObservationConvention() - Constructor for class org.springframework.security.authorization.AuthorizationObservationConvention
- AuthorizationPayloadInterceptor - Class in org.springframework.security.rsocket.authorization
-
Provides authorization of the
PayloadExchange
. - AuthorizationPayloadInterceptor(ReactiveAuthorizationManager<PayloadExchange>) - Constructor for class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
- AuthorizationProxy - Interface in org.springframework.security.authorization.method
-
An interface that is typically implemented by Spring Security's AOP support to identify an instance as being proxied by Spring Security.
- AuthorizationProxyFactory - Interface in org.springframework.security.authorization
-
A factory for wrapping arbitrary objects in authorization-related advice
- authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the repository to use for storing
OAuth2AuthorizationRequest
's. - authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the repository to use for storing
OAuth2AuthorizationRequest
's. - AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web
-
Implementations of this interface are responsible for the persistence of
OAuth2AuthorizationRequest
between requests. - authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the
URI
string representation of the OAuth 2.0 Authorization Request. - authorizationRequestUri(Function<UriBuilder, URI>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Function
to be provided aUriBuilder
representation of the OAuth 2.0 Authorization Request allowing for further customizations. - AuthorizationResult - Interface in org.springframework.security.authorization
-
Represents an authorization result
- AuthorizationServiceException - Exception in org.springframework.security.access
-
Thrown if an authorization request could not be processed due to a system problem.
- AuthorizationServiceException(String) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
-
Constructs an
AuthorizationServiceException
with the specified message. - AuthorizationServiceException(String, Throwable) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
-
Constructs an
AuthorizationServiceException
with the specified message and root cause. - authorizationUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the uri for the authorization endpoint.
- authorizationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the uri for the authorization endpoint.
- AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization
- AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter
- authorize() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Make an authorization decision by considering all <authorize> tag attributes.
- authorize(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager
-
Determines if access is granted for a specific authentication and object.
- authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
-
Attempt to authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
- authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
- authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the provided context. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
-
Deprecated.Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
-
Deprecated.Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the provided context. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
-
Attempt to re-authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
-
Attempt to re-authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
- authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
- authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
-
Attempt to authorize or re-authorize (if required) the
client
identified by the providedclientRegistrationId
. - authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager
-
Attempt to authorize or re-authorize (if required) the
client
identified by the providedclientRegistrationId
. - authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
- authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
- authorize(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
-
Determines if access is granted for a specific authentication and object.
- authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Sets the repository for authorized client(s).
- authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the repository for authorized client(s).
- authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Configures the
ReactiveClientRegistrationRepository
. - authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Sets the service for authorized client(s).
- authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the service for authorized client(s).
- authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- AuthorizedClientServiceOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientManager
that is capable of operating outside of the context of aHttpServletRequest
, e.g. - AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
-
Constructs an
AuthorizedClientServiceOAuth2AuthorizedClientManager
using the provided parameters. - AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
-
The default implementation of the
contextAttributesMapper
. - AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientManager
that is capable of operating outside of the context of aServerWebExchange
, e.g. - AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
-
Constructs an
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
using the provided parameters. - AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
-
The default implementation of the
contextAttributesMapper
. - AuthorizedEvent - Class in org.springframework.security.access.event
-
Deprecated.Use
AuthorizationGrantedEvent
instead - AuthorizedEvent(Object, Collection<ConfigAttribute>, Authentication) - Constructor for class org.springframework.security.access.event.AuthorizedEvent
-
Deprecated.Construct the event.
- authorizedParty(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authorized party in the resulting
OidcIdToken
- authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.authorizeExchange(Customizer)
orauthorizeExchange(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures authorization.
- AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
- authorizeHttpRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.authorizeHttpRequests(Customizer)
instead - authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows restricting access based upon the
HttpServletRequest
usingRequestMatcher
implementations (i.e. - AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds a URL based authorization using
AuthorizationManager
. - AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
-
Creates an instance.
- AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
-
Registry for mapping a
RequestMatcher
to anAuthorizationManager
. - AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
-
An object that allows configuring the
AuthorizationManager
forRequestMatcher
s. - AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable - Class in org.springframework.security.config.annotation.web.configurers
-
An object that allows configuring
RequestMatcher
s with URI path variables - authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.authorizeHttpRequests(Customizer)
instead - authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.authorizeHttpRequests(Customizer)
instead - AuthorizeReturnObject - Annotation Interface in org.springframework.security.authorization.method
-
Wraps Spring Security method authorization advice around the return object of any method this annotation is applied to.
- AuthorizeReturnObjectCoreHintsRegistrar - Class in org.springframework.security.aot.hint
-
A
SecurityHintsRegistrar
that scans all beans for methods that useAuthorizeReturnObject
and registers those return objects asTypeHint
s. - AuthorizeReturnObjectCoreHintsRegistrar(AuthorizationProxyFactory) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectCoreHintsRegistrar
- AuthorizeReturnObjectDataHintsRegistrar - Class in org.springframework.security.data.aot.hint
-
A
SecurityHintsRegistrar
that scans all beans for implementations ofRepositoryFactoryBeanSupport
, registering the corresponding entity class as aTypeHint
should any if that repository's method useAuthorizeReturnObject
. - AuthorizeReturnObjectDataHintsRegistrar(AuthorizationProxyFactory) - Constructor for class org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar
- AuthorizeReturnObjectHintsRegistrar - Class in org.springframework.security.aot.hint
-
A
SecurityHintsRegistrar
implementation that registers only the classes provided in the constructor. - AuthorizeReturnObjectHintsRegistrar(AuthorizationProxyFactory, Class<?>...) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar
- AuthorizeReturnObjectHintsRegistrar(AuthorizationProxyFactory, List<Class<?>>) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar
-
Construct this registrar
- AuthorizeReturnObjectMethodInterceptor - Class in org.springframework.security.authorization.method
-
A method interceptor that applies the given
AuthorizationProxyFactory
to any return value annotated withAuthorizeReturnObject
- AuthorizeReturnObjectMethodInterceptor(AuthorizationProxyFactory) - Constructor for class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- authorizeUsingAccessExpression() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Make an authorization decision based on a Spring EL expression.
- authorizeUsingUrlCheck() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Make an authorization decision based on the URL and HTTP method attributes.
- authTime(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authentication
Instant
in the resultingOidcIdToken
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
This method will be called whenever the
SecurityContextHolder
does not contain anAuthentication
object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. - AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration
-
A class used to get all the
WebSecurityConfigurer
instances from the currentApplicationContext
but ignoring the parent. - awaitTermination(long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- AZP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
azp
- the Authorized party to which the ID Token was issued
B
- backChannel(Customizer<OidcLogoutConfigurer.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
-
Configure OIDC Back-Channel Logout using the provided
Consumer
- backChannel(Customizer<ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
-
Configure OIDC Back-Channel Logout using the provided
Consumer
- BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
- BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
- backupEligible(boolean) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- backupState(boolean) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- BadCredentialsException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the credentials are invalid.
- BadCredentialsException(String) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
-
Constructs a
BadCredentialsException
with the specified message. - BadCredentialsException(String, Throwable) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
-
Constructs a
BadCredentialsException
with the specified message and root cause. - BadJwtException - Exception in org.springframework.security.oauth2.jwt
-
An exception similar to
BadCredentialsException
that indicates aJwt
that is invalid in some way. - BadJwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
- BadJwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
- BadOpaqueTokenException - Exception in org.springframework.security.oauth2.server.resource.introspection
-
An exception similar to
BadCredentialsException
that indicates an opaque token that is invalid in some way. - BadOpaqueTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
- BadOpaqueTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
- Base64 - Class in org.springframework.security.crypto.codec
-
Deprecated.Use java.util.Base64
- Base64StringKeyGenerator - Class in org.springframework.security.crypto.keygen
-
A StringKeyGenerator that generates base64-encoded String keys.
- Base64StringKeyGenerator() - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with keyLength of 32 bytes and standard Base64 encoding.
- Base64StringKeyGenerator(int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with the provided key length in bytes and standard Base64 encoding.
- Base64StringKeyGenerator(Base64.Encoder) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with keyLength of 32 bytes and the provided encoder.
- Base64StringKeyGenerator(Base64.Encoder, int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with the provided key length and encoder.
- BasePermission - Class in org.springframework.security.acls.domain
-
A set of standard permissions.
- BasePermission(int) - Constructor for class org.springframework.security.acls.domain.BasePermission
- BasePermission(int, char) - Constructor for class org.springframework.security.acls.domain.BasePermission
- baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the base
URI
used for authorization requests. - baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
-
Sets the
URI
where the authorization response will be processed. - BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- BASIC_AUTH - Static variable in class org.springframework.security.config.Elements
- BASIC_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where basic authentication is placed.
- BASIC_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
-
Deprecated.Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
- basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
-
Deprecated.
- BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www
-
Converts from a HttpServletRequest to
UsernamePasswordAuthenticationToken
that can be authenticated. - BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- BasicAuthenticationDecoder - Class in org.springframework.security.rsocket.metadata
-
Deprecated.Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
- BasicAuthenticationDecoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
-
Deprecated.
- BasicAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
-
Deprecated.Basic Authentication did not evolve into a standard. use
SimpleAuthenticationEncoder
- BasicAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
-
Deprecated.
- BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
-
Used by the
ExceptionTranslationFilter
to commence authentication via theBasicAuthenticationFilter
. - BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www
-
Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder
. - BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Creates an instance which will authenticate against the supplied
AuthenticationManager
and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain. - BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Creates an instance which will authenticate against the supplied
AuthenticationManager
and use the suppliedAuthenticationEntryPoint
to handle authentication failures. - BasicAuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
-
Converts from the
PayloadExchange
to aUsernamePasswordAuthenticationToken
by extractingUsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE
from the metadata. - BasicAuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
- BasicLookupStrategy - Class in org.springframework.security.acls.jdbc
-
Performs lookups in a manner that is compatible with ANSI SQL.
- BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
Constructor accepting mandatory arguments
- BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, PermissionGrantingStrategy) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
Creates a new instance
- BCrypt - Class in org.springframework.security.crypto.bcrypt
-
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
- BCrypt() - Constructor for class org.springframework.security.crypto.bcrypt.BCrypt
- BCryptPasswordEncoder - Class in org.springframework.security.crypto.bcrypt
-
Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
- BCryptPasswordEncoder() - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder.BCryptVersion - Enum Class in org.springframework.security.crypto.bcrypt
-
Stores the default bcrypt version for use in configuration.
- BeanIds - Class in org.springframework.security.config
-
Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.
- BeanIds() - Constructor for class org.springframework.security.config.BeanIds
- BEARER - Static variable in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
- BEARER_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.BearerTokenMetadata
-
Deprecated.Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
- BearerPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
-
Converts from the
PayloadExchange
to aBearerTokenAuthenticationToken
by extractingBearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE
from the metadata. - BearerPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
- bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders
-
Sets the provided value as a Bearer token in a header with the name of
HttpHeaders.AUTHORIZATION
- BearerTokenAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access
-
Translates any
AccessDeniedException
into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate. - BearerTokenAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
- BearerTokenAuthentication - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
Authentication
token that represents a successful authentication as obtained through a bearer token. - BearerTokenAuthentication(OAuth2AuthenticatedPrincipal, OAuth2AccessToken, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
-
Constructs a
BearerTokenAuthentication
with the provided arguments - BearerTokenAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
-
Encodes Bearer Authentication.
- BearerTokenAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
- BearerTokenAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web
-
An
AuthenticationEntryPoint
implementation used to commence authentication of protected resource requests usingBearerTokenAuthenticationFilter
. - BearerTokenAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
- BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web.authentication
-
Authenticates requests that contain an OAuth 2.0 Bearer Token.
- BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web
-
Deprecated.Use
BearerTokenAuthenticationFilter
instead - BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
-
Deprecated.Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
-
Deprecated.Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
Authentication
that contains a Bearer Token. - BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource
-
Deprecated.Please use
BearerTokenAuthenticationToken
- BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
-
Create a
BearerTokenAuthenticationToken
using the provided parameter(s) - BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken
-
Deprecated.Create a
BearerTokenAuthenticationToken
using the provided parameter(s) - bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ServerAuthenticationConverter
to use for requests authenticating with Bearer Tokens. - BearerTokenError - Class in org.springframework.security.oauth2.server.resource
-
A representation of a Bearer Token Error.
- BearerTokenError(String, HttpStatus, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
-
Create a
BearerTokenError
using the provided parameters - BearerTokenError(String, HttpStatus, String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
-
Create a
BearerTokenError
using the provided parameters - BearerTokenErrorCodes - Class in org.springframework.security.oauth2.server.resource
-
Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token Usage.
- BearerTokenErrors - Class in org.springframework.security.oauth2.server.resource
-
A factory for creating
BearerTokenError
instances that correspond to the registered Bearer Token Error Codes. - BearerTokenMetadata - Class in org.springframework.security.rsocket.metadata
-
Represents a bearer token that has been encoded into a
Payload#metadata()
. - BearerTokenMetadata(String) - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenMetadata
- bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- BearerTokenResolver - Interface in org.springframework.security.oauth2.server.resource.web
-
A strategy for resolving Bearer Tokens from the
HttpServletRequest
. - BearerTokenServerAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access.server
-
Translates any
AccessDeniedException
into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate. - BearerTokenServerAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
- BearerTokenServerAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web.server
-
An
AuthenticationEntryPoint
implementation used to commence authentication of protected resource requests usingBearerTokenAuthenticationFilter
. - BearerTokenServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
- before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
-
Deprecated.
- before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in interface org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice
-
Deprecated.The "before" advice which should be executed to perform any filtering necessary and to decide whether the method call is authorised.
- beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Invoked prior to invoking each
SecurityConfigurer.configure(SecurityBuilder)
method. - beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
- beforeHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Map<String, Object>) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
- beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Invoked prior to invoking each
SecurityConfigurer.init(SecurityBuilder)
method. - beforeInvocation(Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Invoked before the springSecurityFilterChain is added.
- beforeTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
If configured before test execution sets the SecurityContext
- beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
Sets up the
SecurityContext
for each test method. - BindAuthenticator - Class in org.springframework.security.ldap.authentication
-
An authenticator which binds as a user.
- BindAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.BindAuthenticator
-
Create an initialized instance using the
BaseLdapPathContextSource
provided. - binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used
- binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used
- birthdate(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this birthdate in the resulting
OidcUserInfo
- BIRTHDATE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
birthdate
- the user's birth date - BLE - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
ble Indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).
- BouncyCastleAesCbcBytesEncryptor - Class in org.springframework.security.crypto.encrypt
-
An Encryptor equivalent to
AesBytesEncryptor
usingAesBytesEncryptor.CipherAlgorithm.CBC
that uses Bouncy Castle instead of JCE. - BouncyCastleAesCbcBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
- BouncyCastleAesCbcBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
- BouncyCastleAesGcmBytesEncryptor - Class in org.springframework.security.crypto.encrypt
-
An Encryptor equivalent to
AesBytesEncryptor
usingAesBytesEncryptor.CipherAlgorithm.GCM
that uses Bouncy Castle instead of JCE. - BouncyCastleAesGcmBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
- BouncyCastleAesGcmBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
- build() - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder
-
Builds and returns a
RoleHierarchyImpl
describing the defined role hierarchy. - build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
- build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder
-
Builds the object and returns it or null.
- build() - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
- build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Builds the
SecurityWebFilterChain
- build() - Method in class org.springframework.security.core.userdetails.User.UserBuilder
- build() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Builds a new
OAuth2AuthorizationContext
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
-
Builds an instance of
AuthorizationCodeOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Builds an instance of
DelegatingOAuth2AuthorizedClientProvider
composed of one or moreOAuth2AuthorizedClientProvider
(s). - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Builds an instance of
ClientCredentialsOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Builds an instance of
PasswordOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Builds an instance of
RefreshTokenOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Builds a new
OAuth2AuthorizeRequest
. - build() - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
- build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
-
Builds an instance of
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Builds an instance of
DelegatingReactiveOAuth2AuthorizedClientProvider
composed of one or moreReactiveOAuth2AuthorizedClientProvider
(s). - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Builds an instance of
ClientCredentialsReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Builds an instance of
PasswordReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Builds an instance of
RefreshTokenReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Builds a new
ClientRegistration
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Builds a new
OAuth2AccessTokenResponse
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Builds a new
OAuth2AuthorizationRequest
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Builds a new
OAuth2AuthorizationResponse
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
-
Builds a new
OAuth2DeviceAuthorizationResponse
. - build() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Builds a new
DefaultAddressStandardClaim
. - build() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Build the
OidcIdToken
- build() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Build the
OidcUserInfo
- build() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Builds a new
JwsHeader
. - build() - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Build the
Jwt
- build() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Builds a new
JwtClaimsSet
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Build the configured
NimbusJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
-
Build the configured
NimbusJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
-
Build the configured
NimbusJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Build the
Saml2LogoutRequest
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Build the
Saml2LogoutResponse
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.Builder
-
Constructs an immutable
Saml2PostAuthenticationRequest
object. - build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
-
Constructs an immutable
Saml2RedirectAuthenticationRequest
object. - build() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
- build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Build an
OpenSamlAssertingPartyDetails
- build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
- build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Constructs a RelyingPartyRegistration object based on the builder configurations
- build() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Creates a
RequestMatcherDelegatingAuthorizationManager
instance. - build() - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder
-
Creates a
RequestMatcherDelegatingAuthenticationManagerResolver
instance. - build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- build() - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder
-
Creates a
ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
instance. - build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
- build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- build() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder
-
Builds the
AuthenticatorAssertionResponse
- build() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder
-
Builds a
AuthenticatorAssertionResponse
. - build() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder
-
Builds a
AuthenticatorSelectionCriteria
- build() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- build() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder
-
Builds a new
PublicKeyCredentialUserEntity
- build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Creates a new
PublicKeyCredential
- build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Builds a new
PublicKeyCredentialCreationOptions
- build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder
-
Create a new
PublicKeyCredentialDescriptor
- build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Builds a new
PublicKeyCredentialRequestOptions
- build() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder
-
Creates a new
PublicKeyCredentialRpEntity
. - buildDetails(C) - Method in interface org.springframework.security.authentication.AuthenticationDetailsSource
-
Called by a class when it wishes a new authentication details instance to be created.
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Builds the authentication details object.
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
- buildDn(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
-
Deprecated.
- buildDn(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper
-
Deprecated.Use
LdapUsernameToDnMapper.buildLdapName(String)
instead - builder() - Static method in class org.springframework.security.core.userdetails.User
-
Creates a UserBuilder
- builder() - Static method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager
-
Creates a builder for
MessageMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Returns a new
OAuth2AuthorizedClientProviderBuilder
for configuring the supported authorization grant(s). - builder() - Static method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Returns a new
ReactiveOAuth2AuthorizedClientProviderBuilder
for configuring the supported authorization grant(s). - builder() - Static method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
-
Create a
OidcUserInfo.Builder
- builder() - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
-
Returns a new
JwtClaimsSet.Builder
. - builder() - Static method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
- builder() - Static method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
- builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- builder() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse
- builder() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse
-
Creates a new instance.
- builder() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria
- builder() - Static method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- builder() - Static method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity
- builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
Creates a new
PublicKeyCredential.PublicKeyCredentialBuilder
- builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
Creates a new
PublicKeyCredentialCreationOptions
- builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor
- builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
- builder() - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity
- Builder() - Constructor for class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- Builder() - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Default constructor.
- Builder() - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Deprecated.Use
Builder(RelyingPartyRegistration)
instead - Builder() - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
- Builder() - Constructor for class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
- Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- Builder(String, AssertingPartyMetadata.Builder<?>) - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
- Builder(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Constructs and initializes the address attributes using the provided
addressFields
. - Builder(RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Creates a new Builder with relying party registration
- Builder(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
-
Construct a new instance of this builder
- buildFromMask(int) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- buildFromMask(int) - Method in interface org.springframework.security.acls.domain.PermissionFactory
-
Dynamically creates a
CumulativePermission
orBasePermission
representing the active bits in the passed mask. - buildFromName(String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- buildFromName(String) - Method in interface org.springframework.security.acls.domain.PermissionFactory
- buildFromNames(List<String>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- buildFromNames(List<String>) - Method in interface org.springframework.security.acls.domain.PermissionFactory
- buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
- buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Obtains the full URL the client used to make the request.
- buildGroupDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Deprecated.
- buildGroupName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Builds a URL to redirect the supplied request to HTTPS.
- buildLdapName(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
- buildLdapName(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper
- buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
- buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
- buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
-
Obtains the web application-specific fragment of the request URL.
- buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.intercept.RunAsManager
-
Deprecated.Returns a replacement
Authentication
object for the current secure object invocation, ornull
if replacement not required. - buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- Bytes - Class in org.springframework.security.web.webauthn.api
-
An object representation of byte[].
- Bytes(byte[]) - Constructor for class org.springframework.security.web.webauthn.api.Bytes
-
Creates a new instance
- BytesEncryptor - Interface in org.springframework.security.crypto.encrypt
-
Service interface for symmetric data encryption.
- BytesKeyGenerator - Interface in org.springframework.security.crypto.keygen
-
A generator for unique byte array-based keys.
C
- C_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
c_hash
- the Authorization Code hash value - cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.cache(Customizer)
orcache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - cache(Cache) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Use the given
Cache
to store JWK Set. - cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures cache control headers
- CACHE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- CACHE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for cache control value
- cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.cacheControl(Customizer)
orcacheControl(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows customizing the
CacheControlHeadersWriter
. - CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers
-
Inserts headers to prevent caching if no cache control headers have been specified.
- CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter
-
Creates a new instance
- CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes cache control related headers.
- CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
- cachePermissionsFor(Authentication, Collection<?>) - Method in interface org.springframework.security.access.PermissionCacheOptimizer
-
Optimises the permission cache for anticipated operation on the supplied collection of objects.
- cachePermissionsFor(Authentication, Collection<?>) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
- CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- CachingRelyingPartyRegistrationRepository - Class in org.springframework.security.saml2.provider.service.registration
-
An
IterableRelyingPartyRegistrationRepository
that lazily queries and caches metadata from a backingIterableRelyingPartyRegistrationRepository
. - CachingRelyingPartyRegistrationRepository(Callable<IterableRelyingPartyRegistrationRepository>) - Constructor for class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
- CachingUserDetailsService - Class in org.springframework.security.authentication
-
Implementation of
UserDetailsService
that utilizes caching through aUserCache
- CachingUserDetailsService(UserDetailsService) - Constructor for class org.springframework.security.authentication.CachingUserDetailsService
- calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Calculates the validity period in seconds for a newly generated remember-me login.
- calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
- call() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
- cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
- canDecrypt() - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- canRead(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- canWrite(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- CAS_GATEWAY_AUTHENTICATION_ATTR - Static variable in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
- CasAssertionAuthenticationToken - Class in org.springframework.security.cas.authentication
-
Temporary authentication object needed to load the user details service.
- CasAssertionAuthenticationToken(Assertion, String) - Constructor for class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
- CasAuthenticationEntryPoint - Class in org.springframework.security.cas.web
-
Used by the
ExceptionTranslationFilter
to commence authentication via the JA-SIG Central Authentication Service (CAS). - CasAuthenticationEntryPoint() - Constructor for class org.springframework.security.cas.web.CasAuthenticationEntryPoint
- CasAuthenticationFilter - Class in org.springframework.security.cas.web
-
Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy tickets.
- CasAuthenticationFilter() - Constructor for class org.springframework.security.cas.web.CasAuthenticationFilter
- CasAuthenticationProvider - Class in org.springframework.security.cas.authentication
-
An
AuthenticationProvider
implementation that integrates with JA-SIG Central Authentication Service (CAS). - CasAuthenticationProvider() - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationProvider
- CasAuthenticationToken - Class in org.springframework.security.cas.authentication
-
Represents a successful CAS
Authentication
. - CasAuthenticationToken(String, Object, Object, Collection<? extends GrantedAuthority>, UserDetails, Assertion) - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationToken
-
Constructor.
- CasGatewayAuthenticationRedirectFilter - Class in org.springframework.security.cas.web
-
Redirects the request to the CAS server appending
gateway=true
to the URL. - CasGatewayAuthenticationRedirectFilter(String, ServiceProperties) - Constructor for class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
-
Constructs a new instance of this class
- CasGatewayResolverRequestMatcher - Class in org.springframework.security.cas.web
-
A
RequestMatcher
implementation that delegates the check to an instance ofGatewayResolver
. - CasGatewayResolverRequestMatcher(ServiceProperties) - Constructor for class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher
- CasJackson2Module - Class in org.springframework.security.cas.jackson2
-
Jackson module for spring-security-cas.
- CasJackson2Module() - Constructor for class org.springframework.security.cas.jackson2.CasJackson2Module
- CasServiceTicketAuthenticationToken - Class in org.springframework.security.cas.authentication
-
An
Authentication
implementation that is designed to process CAS service ticket. - CasServiceTicketAuthenticationToken(String, Object) - Constructor for class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
-
This constructor can be safely used by any code that wishes to create a
CasServiceTicketAuthenticationToken
, as theAbstractAuthenticationToken.isAuthenticated()
will returnfalse
. - CasServiceTicketAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
-
This constructor should only be used by
AuthenticationManager
orAuthenticationProvider
implementations that are satisfied with producing a trusted (i.e. - CBC - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Subclasses should implement this method for returning the object that is chained to the creation of the
RequestMatcher
instances. - chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
- chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
- chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
-
Marks the
RequestMatcher
's as unmapped and then callsAbstractConfigAttributeRequestMatcherRegistry.chainRequestMatchersInternal(List)
. - chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
- chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
-
Subclasses should implement this method for returning the object that is chained to the creation of the
RequestMatcher
instances. - chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
- chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated.
- chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- challenge(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getChallenge()
property. - challenge(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Sets the
PublicKeyCredentialRequestOptions.getChallenge()
property. - CHANGE_AFTER_RESET - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- CHANGE_AUDITING - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- CHANGE_GENERAL - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- CHANGE_OWNERSHIP - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- changePassword(String, String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Changes the password for the current user.
- changePassword(String, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- changePassword(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- changePassword(String, String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
-
Modify the current user's password.
- changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
-
Sets the change password page.
- changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
-
Sets the change password page.
- changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
-
Specifies that the Servlet container-provided session fixation protection should be used.
- ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Uses
HttpServletRequest.changeSessionId()
to protect against session fixation attacks. - ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
- ChannelAttributeFactory - Class in org.springframework.security.config.http
-
Used as a factory bean to create config attribute values for the requires-channel attribute.
- ChannelDecisionManager - Interface in org.springframework.security.web.access.channel
-
Decides whether a web channel provides sufficient security.
- ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel
-
Implementation of
ChannelDecisionManager
. - ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- ChannelEntryPoint - Interface in org.springframework.security.web.access.channel
-
May be used by a
ChannelProcessor
to launch a web channel. - ChannelProcessingFilter - Class in org.springframework.security.web.access.channel
-
Ensures a web request is delivered over the required channel.
- ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter
- ChannelProcessor - Interface in org.springframework.security.web.access.channel
-
Decides whether a web channel meets a specific security condition.
- channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
-
Sets the
ChannelProcessor
instances to use inChannelDecisionManagerImpl
- ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds channel security (i.e.
- ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
-
Creates a new instance
- ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
- ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
- ChannelSecurityInterceptor - Class in org.springframework.security.messaging.access.intercept
-
Deprecated.Use
AuthorizationChannelInterceptor
instead - ChannelSecurityInterceptor(MessageSecurityMetadataSource) - Constructor for class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.Creates a new instance
- check(String) - Method in interface org.springframework.security.authentication.password.CompromisedPasswordChecker
-
Check whether the password is compromised
- check(String) - Method in interface org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker
-
Check whether the password is compromised
- check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
- check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
- check(Supplier<Authentication>, HttpServletRequest) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(Supplier<Authentication>, Collection<String>) - Method in class org.springframework.security.authorization.AuthoritiesAuthorizationManager
-
Determines if the current user is authorized by evaluating if the
Authentication
contains any of specified authorities. - check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
-
Determines the access by evaluating the provided expression.
- check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
-
Determine if an
Authentication
has access to a method by evaluating an expression from thePreAuthorize
annotation that theMethodInvocation
specifies. - check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(Supplier<Authentication>, Message<?>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(Supplier<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
-
Determine if an
Authentication
has access to the returned object by evaluating thePostAuthorize
annotation that theMethodInvocation
specifies. - check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
-
Determines the access by evaluating the provided expression.
- check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.IpAddressAuthorizationManager
- check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Determines if the current user is authorized according to the given strategy.
- check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
-
Deprecated.please use
AuthorizationManager.authorize(Supplier, Object)
instead - check(UserDetails) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
- check(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserDetailsChecker
-
Examines the User
- check(Mono<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
-
Determines if an
Authentication
has access to theMethodInvocation
by evaluating an expression from thePreAuthorize
annotation. - check(Mono<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
-
Determines if an
Authentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation. - check(Mono<Authentication>, PayloadExchange) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
-
Deprecated.please use
ReactiveAuthorizationManager.authorize(Mono, Object)
instead - check(Mono<Authentication>, AuthorizationContext) - Method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager
- check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
-
Deprecated.please use
ReactiveAuthorizationManager.authorize(Mono, Object)
instead - check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
- check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
- check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
-
Deprecated.please use
ReactiveAuthorizationManager.authorize(Mono, Object)
instead - check(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
-
Deprecated.please use
ReactiveAuthorizationManager.authorize(Mono, Object)
instead - checkAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- checkpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Check that a password (as a byte array) matches a previously hashed one
- checkpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Check that a plaintext password matches a previously hashed one
- ChildAuthenticationManagerFactoryBean(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- ChildrenExistException - Exception in org.springframework.security.acls.model
-
Thrown if an
Acl
cannot be deleted because childrenAcl
s exist. - ChildrenExistException(String) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
-
Constructs an
ChildrenExistException
with the specified message. - ChildrenExistException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
-
Constructs an
ChildrenExistException
with the specified message and root cause. - ciRegex - Enum constant in enum class org.springframework.security.config.http.MatcherType
- claim(String, Object) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this claim in the resulting
OidcLogoutToken
- claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this claim in the resulting
OidcIdToken
- claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this claim in the resulting
OidcUserInfo
- claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this claim in the resulting
Jwt
- claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the claim.
- ClaimAccessor - Interface in org.springframework.security.oauth2.core
-
An "accessor" for a set of claims that may be used for assertions.
- ClaimConversionService - Class in org.springframework.security.oauth2.core.converter
-
A
ConversionService
configured with converters that provide type conversion for claim values. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Provides access to every
OidcLogoutToken.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Provides access to every
OidcIdToken.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Provides access to every
OidcUserInfo.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Provides access to every
Jwt.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
A
Consumer
to be provided access to the claims allowing the ability to add, replace, or remove. - ClaimTypeConverter - Class in org.springframework.security.oauth2.core.converter
-
A
Converter
that provides type conversion for claim values. - ClaimTypeConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
-
Constructs a
ClaimTypeConverter
using the provided parameters. - cleanupExpiredTokens() - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
- clear() - Method in class org.springframework.security.acls.domain.CumulativePermission
- clear(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission
- CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
- clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Specifies if
SecurityContextLogoutHandler
should clear theAuthentication
at the time of logout. - clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Removes temporary authentication-related data which may have been stored in the session during the authentication process.
- clearCache() - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- clearCache() - Method in interface org.springframework.security.acls.model.AclCache
- clearContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Clears the current context.
- clearContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
-
Clears the
Mono<SecurityContext>
from ReactorContext
- clearContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Explicitly clears the context value from the current thread.
- clearContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Clears the current context.
- clearContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
- clearContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Clear Site Data.
- ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
-
Creates a new instance of
ClearSiteDataHeaderWriter
with given sources. - ClearSiteDataHeaderWriter.Directive - Enum Class in org.springframework.security.web.header.writers
-
Represents the directive values expected by the
ClearSiteDataHeaderWriter
. - ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Clear-Site-Data
response header when the request is secure. - ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
-
Constructs a new instance using the given directives.
- ClearSiteDataServerHttpHeadersWriter.Directive - Enum Class in org.springframework.security.web.server.header
-
Represents the directive values expected by the
ClearSiteDataServerHttpHeadersWriter
- CLIENT_ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_assertion
- used in Access Token Request. - CLIENT_ASSERTION_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_assertion_type
- used in Access Token Request. - CLIENT_CREDENTIALS - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_id
- used in Authorization Request and Access Token Request. - CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
client_id
- The Client identifier for the token - CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
- CLIENT_SECRET - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_secret
- used in Access Token Request. - CLIENT_SECRET_BASIC - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- CLIENT_SECRET_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- CLIENT_SECRET_POST - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- clientAuthenticationMethod(ClientAuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the
authentication method
used when authenticating the client with the authorization server. - ClientAuthenticationMethod - Class in org.springframework.security.oauth2.core
-
The authentication method used when authenticating the client with the authorization server.
- ClientAuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.ClientAuthenticationMethod
-
Constructs a
ClientAuthenticationMethod
using the provided value. - ClientAuthorizationException - Exception in org.springframework.security.oauth2.client
-
This exception is thrown on the client side when an attempt to authenticate or authorize an OAuth 2.0 client fails.
- ClientAuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationException(OAuth2Error, String, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationException(OAuth2Error, String, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationRequiredException - Exception in org.springframework.security.oauth2.client
-
This exception is thrown when an OAuth 2.0 Client is required to obtain authorization from the Resource Owner.
- ClientAuthorizationRequiredException(String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationRequiredException
-
Constructs a
ClientAuthorizationRequiredException
using the provided parameters. - clientCredentials() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - clientCredentials() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - clientCredentials(Consumer<OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - clientCredentials(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - ClientCredentialsOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for theclient_credentials
grant. - ClientCredentialsOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
- ClientCredentialsReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
for theclient_credentials
grant. - ClientCredentialsReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
- clientDataJSON(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder
-
Set the
AuthenticatorResponse.getClientDataJSON()
property - clientDataJSON(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder
-
Sets the
AuthenticatorResponse.getClientDataJSON()
property. - clientExtensionResults(AuthenticationExtensionsClientOutputs) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Sets the
PublicKeyCredential.getClientExtensionResults()
property. - clientId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the client identifier.
- clientId(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the client identifier.
- clientName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the logical name of the client or registration.
- clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this
Consumer
to configure aClientRegistration
- clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this
Consumer
to configure aClientRegistration
- clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this
ClientRegistration
- clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided
ClientRegistration
as the client to authorize. - clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided
ClientRegistration
as the client to authorize. - clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this
ClientRegistration
- clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided
ClientRegistration
as the client to authorize. - clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided
ClientRegistration
as the client to authorize. - ClientRegistration - Class in org.springframework.security.oauth2.client.registration
-
A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider.
- ClientRegistration.Builder - Class in org.springframework.security.oauth2.client.registration
-
A builder for
ClientRegistration
. - ClientRegistration.ProviderDetails - Class in org.springframework.security.oauth2.client.registration
-
Details of the Provider.
- ClientRegistration.ProviderDetails.UserInfoEndpoint - Class in org.springframework.security.oauth2.client.registration
-
Details of the UserInfo Endpoint.
- clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver
-
Modifies the
attributes
to include theclientRegistrationId
to be used to look up theOAuth2AuthorizedClient
. - clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
. - clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
. - clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Sets the repository of client registrations.
- clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the repository of client registrations.
- clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
-
Sets the repository of client registrations.
- clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Configures the
ReactiveClientRegistrationRepository
. - clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
-
Configures the
ReactiveClientRegistrationRepository
. - ClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration
-
A repository for OAuth 2.0 / OpenID Connect 1.0
ClientRegistration
(s). - ClientRegistrations - Class in org.springframework.security.oauth2.client.registration
-
Allows creating a
ClientRegistration.Builder
from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer. - ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client
- ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
- clientSecret(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the client secret.
- clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- closeContext(Context) - Static method in class org.springframework.security.ldap.LdapUtils
- closeEnumeration(NamingEnumeration) - Static method in class org.springframework.security.ldap.LdapUtils
- code - Variable in class org.springframework.security.acls.domain.AbstractPermission
- code(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the authorization code.
- CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
- CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
code
- used in Authorization Response and Access Token Request. - CODE_CHALLENGE - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
-
code_challenge
- used in Authorization Request. - CODE_CHALLENGE_METHOD - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
-
code_challenge_method
- used in Authorization Request. - CODE_VERIFIER - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
-
code_verifier
- used in Token Request. - collectionFromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
-
Return a
Collection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata. - collectionFromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
-
Return a
Collection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata location. - commaSeparatedStringToAuthorityList(String) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Creates a array of GrantedAuthority objects from a comma-separated string representation (e.g.
- commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint
-
Commences a secure channel.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
-
Collect error details from the provided parameters and format according to RFC 6750, specifically
error
,error_description
,error_uri
, andscope
. - commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
-
Always returns a 403 error code to the client.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Performs the redirect (or forward) to the login form URL.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint
-
Commences an authentication scheme.
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint
-
Initiates the authentication flow
- commit() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Authenticate the
Subject
(phase two) by adding the Spring SecurityAuthentication
to theSubject
's principals. - CommonOAuth2Provider - Enum Class in org.springframework.security.config.oauth2.client
-
Common OAuth2 Providers that can be used to create
builders
pre-configured with sensible defaults for theHttpSecurity.oauth2Login()
flow. - compare(String, String, Object) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Performs an LDAP compare operation of the value of an attribute for a particular directory entry.
- CompositeAccessDeniedHandler - Class in org.springframework.security.web.access
- CompositeAccessDeniedHandler(Collection<AccessDeniedHandler>) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
- CompositeAccessDeniedHandler(AccessDeniedHandler...) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
- CompositeHeaderWriter - Class in org.springframework.security.web.header.writers
-
A
HeaderWriter
that delegates to several otherHeaderWriter
s. - CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter
-
Creates a new instance.
- CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
Performs a logout through all the
LogoutHandler
implementations. - CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- CompositeRequestRejectedHandler - Class in org.springframework.security.web.firewall
-
A
RequestRejectedHandler
that delegates to several otherRequestRejectedHandler
s. - CompositeRequestRejectedHandler(RequestRejectedHandler...) - Constructor for class org.springframework.security.web.firewall.CompositeRequestRejectedHandler
-
Creates a new instance.
- CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Combines multiple
ServerHttpHeadersWriter
instances into a single instance. - CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
A
SessionAuthenticationStrategy
that accepts multipleSessionAuthenticationStrategy
implementations to delegate to. - CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- CompromisedPasswordChecker - Interface in org.springframework.security.authentication.password
-
An API for checking if a password has been compromised.
- CompromisedPasswordDecision - Class in org.springframework.security.authentication.password
- CompromisedPasswordDecision(boolean) - Constructor for class org.springframework.security.authentication.password.CompromisedPasswordDecision
- CompromisedPasswordException - Exception in org.springframework.security.authentication.password
-
Indicates that the provided password is compromised
- CompromisedPasswordException(String) - Constructor for exception org.springframework.security.authentication.password.CompromisedPasswordException
- CompromisedPasswordException(String, Throwable) - Constructor for exception org.springframework.security.authentication.password.CompromisedPasswordException
- concat(Saml2Error) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Return a new
Saml2ResponseValidatorResult
that contains both the givenSaml2Error
and the errors from the result - concat(Saml2ResponseValidatorResult) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Return a new
Saml2ResponseValidatorResult
that contains the errors from the givenSaml2ResponseValidatorResult
as well as this result. - concatenate(byte[]...) - Static method in class org.springframework.security.crypto.util.EncodingUtils
-
Combine the individual byte arrays into one array.
- CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements
- ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Strategy which handles concurrent session-control.
- ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
- ConcurrentSessionControlServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Controls the number of sessions a user can have concurrently authenticated in an application.
- ConcurrentSessionControlServerAuthenticationSuccessHandler(ReactiveSessionRegistry, ServerMaximumSessionsExceededHandler) - Constructor for class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
- ConcurrentSessionFilter - Class in org.springframework.security.web.session
-
Filter required by concurrent session handling package.
- ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
- ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
- concurrentSessions(Customizer<ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec
-
Configures how many sessions are allowed for a given user.
- ConcurrentSessionsSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
- ConfigAttribute - Interface in org.springframework.security.access
-
Stores a security system related configuration attribute.
- configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
- configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
-
Configures the
CorsConfigurationSource
to be used - configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
- configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
-
Deprecated.
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
- configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
- configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Sub classes can override this method to register different types of authentication.
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
- configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- configureJaas(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
-
Hook method for configuring Jaas.
- ConsensusBased - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorizationManager
instead - ConsensusBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.ConsensusBased
-
Deprecated.
- ConsoleAuditLogger - Class in org.springframework.security.acls.domain
-
A basic implementation of
AuditLogger
. - ConsoleAuditLogger() - Constructor for class org.springframework.security.acls.domain.ConsoleAuditLogger
- consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
- consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
- consume(OneTimeTokenAuthenticationToken) - Method in interface org.springframework.security.authentication.ott.OneTimeTokenService
-
Consumes a one-time token based on the provided authentication token.
- consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService
- consume(OneTimeTokenAuthenticationToken) - Method in interface org.springframework.security.authentication.ott.reactive.ReactiveOneTimeTokenService
-
Consumes a one-time token based on the provided authentication token.
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
- containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Allows the repository to be queried as to whether it contains a security context for the current request.
- containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Allows determining if a mapping was added.
- CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.contentSecurityPolicy(Customizer)
instead - contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer)
instead. - contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Content Security Policy (CSP) Level 2.
- contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures
Content-Security-Policy
response header. - ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Content Security Policy (CSP) Level 2.
- ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Creates a new instance.
- ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Creates a new instance
- ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Content-Security-Policy
response header with configured policy directives. - ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- contentType(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the content type header that declares the media type of the secured content (the payload).
- contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.contentTypeOptions(Customizer)
orcontentTypeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.contentTypeOptions(Customizer)
instead - contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Configures the
XContentTypeOptionsHeaderWriter
which inserts the X-Content-Type-Options: - contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures content type response headers
- ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Adds X-Content-Type-Options: nosniff
- ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds
- CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds
- contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Allows easily configuring of a
BaseLdapPathContextSource
with defaults pointing to an embedded LDAP server that is created. - contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the
BaseLdapPathContextSource
to be used. - ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap
-
Checks for the presence of a ContextSource instance.
- conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
- convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
- convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter
- convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
- convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter
- convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter
-
Converts a successful introspection result into an authentication result.
- convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter
-
Converts a successful introspection result into an authentication result.
- convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
- convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter
- convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
- convert(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter
-
Returns the
RequestEntity
used for the UserInfo Request. - convert(OAuth2AccessTokenResponse) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
-
Extract
GrantedAuthority
s from the givenJwt
. - convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ExpressionJwtGrantedAuthoritiesConverter
-
Extract
GrantedAuthority
s from the givenJwt
. - convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
-
Extract
GrantedAuthority
s from the givenJwt
. - convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter
- convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
- convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
- convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
- convert(PayloadExchange) - Method in interface org.springframework.security.rsocket.authentication.PayloadExchangeAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ott.ServerOneTimeTokenAuthenticationConverter
- convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter
-
Converts a
ServerWebExchange
to anAuthentication
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- convert(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
- convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter
-
Populates the default headers for the token request.
- convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestParametersConverter
- convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
- convertPasswordToString(Object) - Static method in class org.springframework.security.ldap.LdapUtils
- CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies
- CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf
-
A
CsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. - CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- CookieRequestCache - Class in org.springframework.security.web.savedrequest
-
An Implementation of
RequestCache
which saves the original request URI in a cookie. - CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache
- COOKIES - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- COOKIES - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
-
A
ServerCsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. - CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest
-
An implementation of
ServerRequestCache
that saves the requested URI in a cookie. - CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme
- CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException
- copyToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- CoreJackson2Module - Class in org.springframework.security.jackson2
-
Jackson module for spring-security-core.
- CoreJackson2Module() - Constructor for class org.springframework.security.jackson2.CoreJackson2Module
- cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.cors(Customizer)
orcors(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds a
CorsFilter
to be used. - cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures CORS headers.
- CORS - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
CorsWebFilter
- CORS - Static variable in class org.springframework.security.config.Elements
- CorsBeanDefinitionParser - Class in org.springframework.security.config.http
-
Parser for the
CorsFilter
. - CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser
- CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds
CorsFilter
to the Spring Security filter chain. - CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
-
Creates a new instance
- COSEAlgorithmIdentifier - Class in org.springframework.security.web.webauthn.api
-
COSEAlgorithmIdentifier is used to identify a cryptographic algorithm.
- country(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the country.
- create - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- create(Object, String, Object...) - Static method in class org.springframework.security.util.MethodInvocationUtils
-
Generates a
MethodInvocation
for specifiedmethodName
on the passed object, using theargs
to locate the method. - create(Runnable, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
-
Factory method for creating a
DelegatingSecurityContextRunnable
. - create(Callable<V>, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
-
Creates a
DelegatingSecurityContextCallable
and with the givenCallable
andSecurityContext
, but if the securityContext is null will defaults to the currentSecurityContext
on theSecurityContextHolder
- CREATE - Static variable in class org.springframework.security.acls.domain.BasePermission
- CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Default SQL for creating the database table to store the tokens
- createAcl(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- createAcl(ObjectIdentity) - Method in interface org.springframework.security.acls.model.MutableAclService
-
Creates an empty
Acl
object in the database. - createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Returns the configured
AuthenticationManager
that can be used to perform LDAP authentication. - createAuthority(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
Creates a GrantedAuthority from a role attribute.
- createAuthorityList(String...) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Converts authorities into a List of GrantedAuthority objects.
- createAuthorityList(Collection<String>) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Converts authorities into a List of GrantedAuthority objects.
- createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory
- createCipher() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- createCredentialRequestOptions(PublicKeyCredentialRequestOptionsRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
- createCredentialRequestOptions(PublicKeyCredentialRequestOptionsRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations
-
Creates the
PublicKeyCredentialRequestOptions
used to authenticate a user. - createCurrentUser(Authentication) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
-
Creates a principal-like sid from the authentication information.
- created(Instant) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoderFactory
-
Creates a
JwtDecoder
using the supplied "contextual" type. - createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory
-
Creates a
ReactiveJwtDecoder
using the supplied "contextual" type. - createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
- createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
- createDefault() - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
-
Create a
Jwt
Validator that contains all standard validators. - createDefaultClaimTypeConverter() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
-
Returns the default
Converter
's used for type conversion of claim values for anOidcIdToken
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
-
Returns the default
Converter
's used for type conversion of claim values for anOidcIdToken
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
-
Returns the default
Converter
's used for type conversion of claim values for anOidcIdToken
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
-
Returns the default
Converter
's used for type conversion of claim values for anOidcUserInfo
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
-
Returns the default
Converter
's used for type conversion of claim values for anOidcUserInfo
. - createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Allows subclasses to supply the default
AbstractLdapAuthenticator
. - createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
- createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
- createDefaultWithIssuer(String) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
-
Create a
Jwt
Validator that contains all standard validators when an issuer is known. - createDefaultWithValidators(List<OAuth2TokenValidator<Jwt>>) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
-
Create a
Jwt
default validator with standard validators and additional validators. - createDefaultWithValidators(OAuth2TokenValidator<Jwt>...) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
-
Create a
Jwt
default validator with standard validators and additional validators. - createDelegatingPasswordEncoder() - Static method in class org.springframework.security.crypto.factory.PasswordEncoderFactories
-
Creates a
DelegatingPasswordEncoder
with default mappings. - createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
-
Subclasses can override this methode if they want to use a different EL root context
- createEmptyContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
- createEmptyContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Delegates the creation of a new, empty context to the configured strategy.
- createEmptyContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
- createEmptyContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- createEntries(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
- createEvaluationContext(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
-
Provides an evaluation context in which to evaluate security expressions for the invocation type.
- createEvaluationContext(Authentication, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- createEvaluationContext(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
-
Invokes the internal template methods to create
StandardEvaluationContext
andSecurityExpressionRoot
objects. - createEvaluationContext(Authentication, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
-
Provides an evaluation context in which to evaluate security expressions for the invocation type.
- createEvaluationContextInternal(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Uses a
MethodSecurityEvaluationContext
as the EvaluationContext implementation. - createEvaluationContextInternal(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
-
Override to create a custom instance of
StandardEvaluationContext
. - createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Allows the
EvaluationContext
to be customized for variable lookup etc. - createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provide a
MethodSecurityExpressionHandler
that is registered with theExpressionBasedPreInvocationAdvice
. - createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
-
Deprecated.Create a
MessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions. - createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>, SecurityExpressionHandler<Message<Object>>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
-
Deprecated.Create a
MessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions. - createFromClass(Class<?>, String) - Static method in class org.springframework.security.util.MethodInvocationUtils
-
Generates a
MethodInvocation
for the specifiedmethodName
on the passed class. - createFromClass(Object, Class<?>, String, Class<?>[], Object[]) - Static method in class org.springframework.security.util.MethodInvocationUtils
-
Generates a
MethodInvocation
for specifiedmethodName
on the passed class, using theargs
to locate the method. - createGroup(String, List<GrantedAuthority>) - Method in interface org.springframework.security.provisioning.GroupManager
-
Creates a new group with the specified list of authorities.
- createGroup(String, List<GrantedAuthority>) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- createList(String...) - Static method in class org.springframework.security.access.SecurityConfig
- createListFromCommaDelimitedString(String) - Static method in class org.springframework.security.access.SecurityConfig
- createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Creates the LoginContext to be used for authentication.
- createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
-
Creates a LoginContext using the Configuration that was specified in
DefaultJaasAuthenticationProvider.setConfiguration(Configuration)
. - createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Create the
RequestMatcher
given a loginProcessingUrl - createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
- createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
- createMatcher(ParserContext, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
- createMatcher(ParserContext, String, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
- createMessageMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
-
Creates a new instance with the specified pattern,
SimpMessageType.MESSAGE
, andPathMatcher
. - createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Allows subclasses to create creating a
MessageSecurityMetadataSource
. - createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Creates
MvcRequestMatcher
instances for the method and patterns passed in - createNewAuthentication(Authentication, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- createObjectIdentity(Serializable, String) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
- createObjectIdentity(Serializable, String) - Method in interface org.springframework.security.acls.model.ObjectIdentityGenerator
- createObjectIdentity(ObjectIdentity, Sid) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Creates an entry in the acl_object_identity table for the passed ObjectIdentity.
- createOrRetrieveClassPrimaryKey(String, boolean, Class) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from
acl_class
, creating a new row if needed and theallowCreate
property istrue
. - createOrRetrieveSidPrimaryKey(String, boolean, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
- createOrRetrieveSidPrimaryKey(Sid, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
- createParameters(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter
-
Deprecated.
- createParameters(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
-
Deprecated.
- createParameters(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
-
Deprecated.
- createParameters(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter
-
Deprecated.
- createParameters(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter
-
Deprecated.
- createParameters(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
-
Deprecated.
- createPasswordEncoderBeanDefinition(String) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser
- createPostInvocationAttribute(String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
-
Deprecated.
- createPostInvocationAttribute(String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory
-
Deprecated.
- createPreInvocationAttribute(String, String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
-
Deprecated.
- createPreInvocationAttribute(String, String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory
-
Deprecated.
- createPublicKeyCredentialCreationOptions(PublicKeyCredentialCreationOptionsRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
- createPublicKeyCredentialCreationOptions(PublicKeyCredentialCreationOptionsRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations
-
Creates the
PublicKeyCredentialCreationOptions
used to register new credentials. - createRedirectUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
Constructs the Url for Redirection to the CAS server.
- createSecurityContext(A) - Method in interface org.springframework.security.test.context.support.WithSecurityContextFactory
-
Create a
SecurityContext
given an Annotation. - createSecurityExpressionRoot(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Creates the root object for expression evaluation.
- createSecurityExpressionRoot(Authentication, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
- createSecurityExpressionRoot(Authentication, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- createSecurityExpressionRoot(Authentication, FilterInvocation) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
- createSecurityExpressionRoot(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
-
Implement in order to create a root object of the correct type for the supported invocation type.
- createServiceUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
Constructs a new Service Url.
- createSid(boolean, String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
Creates a particular implementation of
Sid
depending on the arguments. - createSubscribeMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
-
Creates a new instance with the specified pattern,
SimpMessageType.SUBSCRIBE
, andPathMatcher
. - createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
Creates a successful
Authentication
object. - createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- createSuccessfulAuthentication(HttpServletRequest, UserDetails) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Creates the final Authentication object returned from the autoLogin method.
- createSuccessfulAuthentication(UsernamePasswordAuthenticationToken, UserDetails) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
-
Creates the final
Authentication
object which will be returned from theauthenticate
method. - createTarget() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- createTarget() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- createTarget() - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- createUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- createUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- createUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- createUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager
-
Create a new user with the supplied details.
- createUserDetails() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- createUserDetails() - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- createUserDetails(String, UserDetails, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Can be overridden to customize the creation of the final UserDetailsObject which is returned by the loadUserByUsername method.
- createUserDetails(Authentication, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
-
Creates the final UserDetails object.
- credentialId(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- CredentialPropertiesOutput - Class in org.springframework.security.web.webauthn.api
-
CredentialPropertiesOutput is the Client extension output.
- CredentialPropertiesOutput(boolean) - Constructor for class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput
-
Creates a new instance.
- CredentialPropertiesOutput.ExtensionOutput - Class in org.springframework.security.web.webauthn.api
-
The output for
CredentialPropertiesOutput
- CredentialRecord - Interface in org.springframework.security.web.webauthn.api
-
Represents a Credential Record that is stored by the Relying Party after successful registration.
- CredentialsContainer - Interface in org.springframework.security.core
-
Indicates that the implementing object contains sensitive data, which can be erased using the
eraseCredentials
method. - credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Defines if the credentials are expired or not.
- credentialsExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Defines if the credentials are expired or not.
- credentialsExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- CredentialsExpiredException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the account's credentials have expired.
- CredentialsExpiredException(String) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException
-
Constructs a
CredentialsExpiredException
with the specified message. - CredentialsExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException
-
Constructs a
CredentialsExpiredException
with the specified message and root cause. - credentialType(PublicKeyCredentialType) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- credProps - Static variable in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput
-
https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension
- CredProtect(CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy, boolean) - Constructor for class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect
- CredProtectAuthenticationExtensionsClientInput - Class in org.springframework.security.web.webauthn.api
-
Implements Credential Protection (credProtect).
- CredProtectAuthenticationExtensionsClientInput(CredProtectAuthenticationExtensionsClientInput.CredProtect) - Constructor for class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput
- CredProtectAuthenticationExtensionsClientInput.CredProtect - Class in org.springframework.security.web.webauthn.api
- CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy - Enum Class in org.springframework.security.web.webauthn.api
- CRIT - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
crit
- the critical header indicates that extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed - criticalHeader(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the critical header that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
- CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
- CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
- CROSS_PLATFORM - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment
-
Indicates cross-platform attachment.
- crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.crossOriginEmbedderPolicy(Customizer)
instead - crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer)
instead. - crossOriginEmbedderPolicy(Customizer<HeadersConfigurer.CrossOriginEmbedderPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Cross-Origin-Embedder-Policy header.
- crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures the Cross-Origin-Embedder-Policy header.
- CrossOriginEmbedderPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
- CrossOriginEmbedderPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Inserts Cross-Origin-Embedder-Policy header.
- CrossOriginEmbedderPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
- CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.header.writers
- CrossOriginEmbedderPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Inserts Cross-Origin-Embedder-Policy headers.
- CrossOriginEmbedderPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
- CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.server.header
- crossOriginOpenerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.crossOriginOpenerPolicy(Customizer)
instead - crossOriginOpenerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer)
instead. - crossOriginOpenerPolicy(Customizer<HeadersConfigurer.CrossOriginOpenerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Cross-Origin-Opener-Policy header.
- crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures the Cross-Origin-Opener-Policy header.
- CrossOriginOpenerPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
- CrossOriginOpenerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Inserts the Cross-Origin-Opener-Policy header
- CrossOriginOpenerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
- CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.header.writers
- CrossOriginOpenerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Inserts Cross-Origin-Opener-Policy header.
- CrossOriginOpenerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
- CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.server.header
- crossOriginResourcePolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.crossOriginResourcePolicy(Customizer)
instead - crossOriginResourcePolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer)
instead. - crossOriginResourcePolicy(Customizer<HeadersConfigurer.CrossOriginResourcePolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Cross-Origin-Resource-Policy header.
- crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures the Cross-Origin-Resource-Policy header.
- CrossOriginResourcePolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
- CrossOriginResourcePolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Inserts Cross-Origin-Resource-Policy header
- CrossOriginResourcePolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
- CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.header.writers
- CrossOriginResourcePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Inserts Cross-Origin-Resource-Policy headers.
- CrossOriginResourcePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
- CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.server.header
- csrf() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - csrf() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.csrf(Customizer)
orcsrf(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - csrf() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
- csrf() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Creates a
RequestPostProcessor
that will automatically populate a validCsrfToken
in the request. - csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Enables CSRF protection.
- csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures CSRF Protection which is enabled by default.
- CSRF - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- CSRF - Static variable in class org.springframework.security.config.Elements
- CsrfAuthenticationStrategy - Class in org.springframework.security.web.csrf
-
CsrfAuthenticationStrategy
is in charge of removing theCsrfToken
upon authenticating. - CsrfAuthenticationStrategy(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
-
Creates a new instance
- CsrfBeanDefinitionParser - Class in org.springframework.security.config.http
-
Parser for the
CsrfFilter
. - CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser
- csrfChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- CsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf
-
ChannelInterceptor
that validates that a valid CSRF is included in the header of anySimpMessageType.CONNECT
message. - CsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor
- CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds CSRF protection for the methods as specified by
CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher)
. - CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Creates a new instance
- CsrfException - Exception in org.springframework.security.web.csrf
-
Thrown when an invalid or missing
CsrfToken
is found in the HttpServletRequest - CsrfException - Exception in org.springframework.security.web.server.csrf
-
Thrown when an invalid or missing
CsrfToken
is found in the HttpServletRequest - CsrfException(String) - Constructor for exception org.springframework.security.web.csrf.CsrfException
- CsrfException(String) - Constructor for exception org.springframework.security.web.server.csrf.CsrfException
- CsrfFilter - Class in org.springframework.security.web.csrf
-
Applies CSRF protection using a synchronizer token pattern.
- CsrfFilter(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfFilter
-
Creates a new instance.
- CsrfInputTag - Class in org.springframework.security.taglibs.csrf
-
A JSP tag that prints out a hidden form field for the CSRF token.
- CsrfInputTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfInputTag
- CsrfLogoutHandler - Class in org.springframework.security.web.csrf
-
CsrfLogoutHandler
is in charge of removing theCsrfToken
upon logout. - CsrfLogoutHandler(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfLogoutHandler
-
Creates a new instance
- CsrfMetaTagsTag - Class in org.springframework.security.taglibs.csrf
-
A JSP tag that prints out a meta tags holding the CSRF form field name and token value for use in JavaScrip code.
- CsrfMetaTagsTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
- CsrfRequestDataValueProcessor - Class in org.springframework.security.web.reactive.result.view
- CsrfRequestDataValueProcessor - Class in org.springframework.security.web.servlet.support.csrf
-
Integration with Spring Web MVC that automatically adds the
CsrfToken
into forms with hidden inputs when using Spring tag libraries. - CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- CsrfServerLogoutHandler - Class in org.springframework.security.web.server.csrf
-
CsrfServerLogoutHandler
is in charge of removing theCsrfToken
upon logout. - CsrfServerLogoutHandler(ServerCsrfTokenRepository) - Constructor for class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
-
Creates a new instance
- CsrfToken - Interface in org.springframework.security.web.csrf
-
Provides the information about an expected CSRF token.
- CsrfToken - Interface in org.springframework.security.web.server.csrf
- CsrfTokenArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the current
CsrfToken
. - CsrfTokenArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
- CsrfTokenHandshakeInterceptor - Class in org.springframework.security.messaging.web.socket.server
-
Loads a CsrfToken from the HttpServletRequest and HttpServletResponse to populate the WebSocket attributes.
- CsrfTokenHandshakeInterceptor() - Constructor for class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
- csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Specify the
CsrfTokenRepository
to use. - csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Configures the
ServerCsrfTokenRepository
used to persist the CSRF Token. - CsrfTokenRepository - Interface in org.springframework.security.web.csrf
-
An API to allow changing the method in which the expected
CsrfToken
is associated to theHttpServletRequest
. - CsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf
-
An implementation of the
CsrfTokenRequestHandler
interface that is capable of making theCsrfToken
available as a request attribute and resolving the token value as either a header or parameter value of the request. - CsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
- csrfTokenRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Specify a
CsrfTokenRequestHandler
to use for making theCsrfToken
available as a request attribute. - csrfTokenRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Specifies a
ServerCsrfTokenRequestHandler
that is used to make theCsrfToken
available as an exchange attribute. - CsrfTokenRequestHandler - Interface in org.springframework.security.web.csrf
-
A callback interface that is used to make the
CsrfToken
created by theCsrfTokenRepository
available as a request attribute. - CsrfTokenRequestResolver - Interface in org.springframework.security.web.csrf
-
Implementations of this interface are capable of resolving the token value of a
CsrfToken
from the providedHttpServletRequest
. - CsrfWebFilter - Class in org.springframework.security.web.server.csrf
-
Applies CSRF protection using a synchronizer token pattern.
- CsrfWebFilter() - Constructor for class org.springframework.security.web.server.csrf.CsrfWebFilter
- css() - Static method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
-
Create an instance of
DefaultResourcesFilter
serving Spring Security's default CSS stylesheet. - css() - Static method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter
-
Create an instance of
DefaultResourcesWebFilter
serving Spring Security's default CSS stylesheet. - CTY - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
cty
- the content type header is used by JWS/JWE applications to declare the media type of the secured content (the payload) - CumulativePermission - Class in org.springframework.security.acls.domain
-
Represents a
Permission
that is constructed at runtime from other permissions. - CumulativePermission() - Constructor for class org.springframework.security.acls.domain.CumulativePermission
- currentDate - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Current formatted date.
- currentDateGenerated - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Instant on which the currentDate object was generated.
- CurrentSecurityContext - Annotation Interface in org.springframework.security.core.annotation
-
Annotation that is used to resolve the
SecurityContext
as a method argument. - CurrentSecurityContextArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
-
Allows resolving the
Authentication.getPrincipal()
using theCurrentSecurityContext
annotation. - CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the
SecurityContext
using theCurrentSecurityContext
annotation. - CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
-
Resolves the
SecurityContext
- CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
- CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
- CurrentSecurityContextArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
- CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements
- customize(Consumer<PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Allows customizing the builder using the
Consumer
that is passed in. - customize(Consumer<PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Allows customizing the
PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
- customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
-
Performs the customizations on
WebSecurity
. - customize(T) - Method in interface org.springframework.security.config.Customizer
-
Performs the customizations on the input argument.
- customizeClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.Allows subclasses to customize the configuration of the
ChannelRegistration
. - Customizer<T> - Interface in org.springframework.security.config
-
Callback interface that accepts a single input argument and returns no result.
- customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provides a custom
MethodSecurityMetadataSource
that is registered with theGlobalMethodSecurityConfiguration.methodSecurityMetadataSource()
. - CycleInRoleHierarchyException - Exception in org.springframework.security.access.hierarchicalroles
-
Exception that is thrown because of a cycle in the role hierarchy definition
- CycleInRoleHierarchyException() - Constructor for exception org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException
D
- DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,
U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails -
Allows configuring a
DaoAuthenticationProvider
- DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer
-
Creates a new instance
- DaoAuthenticationProvider - Class in org.springframework.security.authentication.dao
-
An
AuthenticationProvider
implementation that retrieves user details from aUserDetailsService
. - DaoAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- DaoAuthenticationProvider(PasswordEncoder) - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider
-
Creates a new instance using the provided
PasswordEncoder
- databaseClient - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
Populates the
DataSource
to be used. - debug() - Element in annotation interface org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-
Controls debugging support for Spring Security.
- debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Controls debugging support for Spring Security.
- DEBUG - Static variable in class org.springframework.security.config.Elements
- DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds
- DebugBeanDefinitionParser - Class in org.springframework.security.config
- DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser
- DebugFilter - Class in org.springframework.security.web.debug
-
Spring Security debugging filter.
- DebugFilter(FilterChainProxy) - Constructor for class org.springframework.security.web.debug.DebugFilter
- decide(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionManager
-
Deprecated.Resolves an access control decision for the passed parameters.
- decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AffirmativeBased
-
Deprecated.This concrete implementation simply polls all configured
AccessDecisionVoter
s and grants access if anyAccessDecisionVoter
voted affirmatively. - decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.ConsensusBased
-
Deprecated.This concrete implementation simply polls all configured
AccessDecisionVoter
s and upon completion determines the consensus of granted against denied responses. - decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.UnanimousBased
-
Deprecated.This concrete implementation polls all configured
AccessDecisionVoter
s for eachConfigAttribute
and grants access if only grant (or abstain) votes were received. - decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.AfterInvocationProvider
-
Deprecated.
- decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
-
Deprecated.Given the details of a secure object invocation including its returned
Object
, make an access control decision or optionally modify the returnedObject
. - decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
-
Deprecated.
- decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
- decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
-
Decided whether the presented
FilterInvocation
provides the appropriate level of channel security based on the requested list of ConfigAttributes. - decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
-
Decided whether the presented
FilterInvocation
provides the appropriate level of channel security based on the requested list of ConfigAttributes. - decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- decode(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64
-
Deprecated.
- decode(byte[]) - Static method in class org.springframework.security.crypto.codec.Utf8
-
Decode the bytes in UTF-8 form into a String.
- decode(CharSequence) - Static method in class org.springframework.security.crypto.codec.Hex
- decode(String) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoder
-
Decodes the JWT from it's compact claims representation format and returns a
Jwt
. - decode(String) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Decode and validate the JWT from its compact claims representation format
- decode(String) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
- decode(String) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
-
Decodes the JWT from it's compact claims representation format and returns a
Jwt
. - decode(String) - Method in class org.springframework.security.oauth2.jwt.SupplierJwtDecoder
-
Decodes the JWT from it's compact claims representation format and returns a
Jwt
. - decode(String) - Method in class org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder
-
Decodes the JWT from it's compact claims representation format and returns a
Jwt
. - decode(Publisher<DataBuffer>, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
-
Deprecated.
- DECODE - Static variable in class org.springframework.security.crypto.codec.Base64
-
Deprecated.Specify decoding in first bit.
- decodeCookie(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
- decoder(JwtDecoder) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
- decodeToMono(Publisher<DataBuffer>, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
-
Deprecated.
- decorate(FilterChain) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator
-
Provide a new
FilterChain
that accounts for needed security considerations when there are no security filters. - decorate(FilterChain) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator
-
Provide a new
FilterChain
that accounts for needed security considerations when there are no security filters. - decorate(FilterChain) - Method in class org.springframework.security.web.ObservationFilterChainDecorator
- decorate(FilterChain, List<Filter>) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator
-
Provide a new
FilterChain
that accounts for the provided filters as well as the original filter chain. - decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator
-
Provide a new
FilterChain
that accounts for the provided filters as well as the original filter chain. - decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.ObservationFilterChainDecorator
- decorate(WebFilterChain) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator
- decorate(WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
-
Provide a new
WebFilterChain
that accounts for needed security considerations when there are no security filters. - decorate(WebFilterChain) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator
-
Provide a new
WebFilterChain
that accounts for needed security considerations when there are no security filters. - decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator
- decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
-
Provide a new
WebFilterChain
that accounts for the provided filters as well as the original filter chain. - decorate(WebFilterChain, List<WebFilter>) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator
-
Provide a new
WebFilterChain
that accounts for the provided filters as well as the original filter chain. - decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
- decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
- decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
- decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.AesBytesEncryptor
- decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
- decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
- decrypt(byte[]) - Method in interface org.springframework.security.crypto.encrypt.BytesEncryptor
-
Decrypt the byte array.
- decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- decrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- decrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- decrypt(String) - Method in interface org.springframework.security.crypto.encrypt.TextEncryptor
-
Decrypt the encrypted text string.
- decryption(PrivateKey, X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Create a
Saml2X509Credential
that can be used for decryption. - DECRYPTION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
- DECRYPTION_ERROR - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The system failed to decrypt an assertion or a name identifier.
- decryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- decryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Apply this
Consumer
to theCollection
ofSaml2X509Credential
s for the purposes of modifying theCollection
- DEF_AUTHORITIES_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- DEF_CHANGE_PASSWORD_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_CREATE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_GROUP_AUTHORITIES_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_GROUP_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_GROUP_MEMBER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_GROUP_MEMBERS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_USER_AUTHORITIES_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_DELETE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_FIND_GROUP_ID_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_FIND_GROUPS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_FIND_USERS_IN_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- DEF_GROUP_AUTHORITIES_QUERY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- DEF_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- DEF_INSERT_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_INSERT_GROUP_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_INSERT_GROUP_MEMBER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_INSERT_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_INSERT_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by createNewToken
- DEF_REMOVE_USER_TOKENS_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by removeUserTokens
- DEF_RENAME_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_TOKEN_BY_SERIES_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by the getTokenBySeries query
- DEF_UPDATE_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
The default SQL used by updateToken
- DEF_UPDATE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_USER_EXISTS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- DEF_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- DEF_USERS_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- DEFAULT - Enum constant in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
- DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- DEFAULT_AUTHENTICATION_REQUEST_URI - Static variable in interface org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver
- DEFAULT_AUTHORIZATION_REQUEST_BASE_URI - Static variable in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
The default base
URI
used for authorization requests. - DEFAULT_AUTHORIZATION_REQUEST_PATTERN - Static variable in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
-
The default pattern used to resolve the
ClientRegistration.getRegistrationId()
- DEFAULT_CAS_ARTIFACT_PARAMETER - Static variable in class org.springframework.security.cas.ServiceProperties
- DEFAULT_CAS_SERVICE_PARAMETER - Static variable in class org.springframework.security.cas.ServiceProperties
- DEFAULT_CSRF_ATTR_NAME - Static variable in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
-
The default request attribute to look for a
CsrfToken
. - DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.csrf.CsrfFilter
-
The default
RequestMatcher
that indicates if CSRF protection is required or not. - DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.server.csrf.CsrfWebFilter
- DEFAULT_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer
-
Default extractor for
Throwable
instances. - DEFAULT_FILTER_NAME - Static variable in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
- DEFAULT_FILTER_PROCESSES_URI - Static variable in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
The default
URI
where thisFilter
processes authentication requests. - DEFAULT_FILTER_PROCESSES_URI - Static variable in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
- DEFAULT_LOGIN_PAGE_URL - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DEFAULT_LOGOUT_SUCCESS_URL - Static variable in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
- DEFAULT_METADATA_FILE_NAME - Static variable in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
- DEFAULT_ORDER_BY_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- DEFAULT_PARAMETER - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME - Static variable in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
-
The name of the path variable that contains the
ClientRegistration.getRegistrationId()
- DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES - Static variable in class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
-
The default OAuth 2.0 error codes that will trigger removal of an
OAuth2AuthorizedClient
. - DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES - Static variable in class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
-
The default OAuth 2.0 error codes that will trigger removal of the authorized client.
- DEFAULT_REQUEST_ATTR_NAME - Static variable in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
-
The default request attribute name to use.
- DEFAULT_SAML_ARTIFACT_PARAMETER - Static variable in class org.springframework.security.cas.SamlServiceProperties
- DEFAULT_SAML_SERVICE_PARAMETER - Static variable in class org.springframework.security.cas.SamlServiceProperties
- DEFAULT_SELECT_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- DEFAULT_SERIES_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME - Static variable in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
The default session attribute name to save and load the
SecurityContext
- DEFAULT_TOKEN_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- DEFAULT_USER_SCHEMA_DDL_LOCATION - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- defaultAccessDeniedHandlerFor(AccessDeniedHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Sets a default
AccessDeniedHandler
to be used which prefers being invoked for the providedRequestMatcher
. - DefaultActiveDirectoryAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication.ad
-
The default strategy for obtaining user role information from the active directory.
- DefaultActiveDirectoryAuthoritiesPopulator() - Constructor for class org.springframework.security.ldap.authentication.ad.DefaultActiveDirectoryAuthoritiesPopulator
- DefaultAddressStandardClaim - Class in org.springframework.security.oauth2.core.oidc
-
The default implementation of an
Address Claim
. - DefaultAddressStandardClaim.Builder - Class in org.springframework.security.oauth2.core.oidc
-
A builder for
DefaultAddressStandardClaim
. - defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Sets a default
AuthenticationEntryPoint
to be used which prefers being invoked for the providedRequestMatcher
. - DefaultAuthenticationEventPublisher - Class in org.springframework.security.authentication
-
The default strategy for publishing authentication events.
- DefaultAuthenticationEventPublisher() - Constructor for class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
- DefaultAuthenticationEventPublisher(ApplicationEventPublisher) - Constructor for class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
- DefaultAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
RestClientAuthorizationCodeTokenResponseClient
instead - DefaultAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
-
Deprecated.
- DefaultBearerTokenResolver - Class in org.springframework.security.oauth2.server.resource.web
-
The default
BearerTokenResolver
implementation based on RFC 6750. - DefaultBearerTokenResolver() - Constructor for class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
- DefaultClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
RestClientClientCredentialsTokenResponseClient
instead - DefaultClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
-
Deprecated.
- DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- DefaultCsrfToken - Class in org.springframework.security.web.csrf
-
A CSRF token that is used to protect against CSRF attacks.
- DefaultCsrfToken - Class in org.springframework.security.web.server.csrf
-
A CSRF token that is used to protect against CSRF attacks.
- DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.csrf.DefaultCsrfToken
-
Creates a new instance
- DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.server.csrf.DefaultCsrfToken
-
Creates a new instance
- DefaultFilterChainValidator - Class in org.springframework.security.config.http
- DefaultFilterChainValidator() - Constructor for class org.springframework.security.config.http.DefaultFilterChainValidator
- DefaultFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.intercept
-
Default implementation of FilterInvocationDefinitionSource.
- DefaultFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
-
Sets the internal request map from the supplied map.
- DefaultHttpFirewall - Class in org.springframework.security.web.firewall
-
User's should consider using
StrictHttpFirewall
because rather than trying to sanitize a malicious URL it rejects the malicious URL providing better security guarantees. - DefaultHttpFirewall() - Constructor for class org.springframework.security.web.firewall.DefaultHttpFirewall
- DefaultHttpSecurityExpressionHandler - Class in org.springframework.security.web.access.expression
-
A
SecurityExpressionHandler
that uses aRequestAuthorizationContext
to create aWebSecurityExpressionRoot
. - DefaultHttpSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- defaultIvGenerator() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- DefaultJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
-
Creates a LoginContext using the Configuration provided to it.
- DefaultJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
- DefaultJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
RestClientJwtBearerTokenResponseClient
instead - DefaultJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
-
Deprecated.
- DefaultLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.userdetails
-
The default strategy for obtaining user role information from the directory.
- DefaultLdapAuthoritiesPopulator(ContextSource, String) - Constructor for class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Constructor for group search scenarios.
- DefaultLdapUsernameToDnMapper - Class in org.springframework.security.ldap
-
This implementation appends a name component to the userDnBase context using the usernameAttributeName property.
- DefaultLdapUsernameToDnMapper(String, String) - Constructor for class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
- DefaultLoginExceptionResolver - Class in org.springframework.security.authentication.jaas
-
This LoginExceptionResolver simply wraps the LoginException with an AuthenticationServiceException.
- DefaultLoginExceptionResolver() - Constructor for class org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver
- DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds a Filter that will generate a login page if one is not specified otherwise when using
EnableWebSecurity
. - DefaultLoginPageConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
- DefaultLoginPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
-
For internal use with namespace configuration in the case where a user doesn't configure a login page.
- DefaultLoginPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter) - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- DefaultLogoutPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
-
Generates a default log out page.
- DefaultLogoutPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
- defaultLogoutSuccessHandlerFor(LogoutSuccessHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Sets a default
LogoutSuccessHandler
to be used which prefers being invoked for the providedRequestMatcher
. - DefaultMapOAuth2AccessTokenResponseConverter - Class in org.springframework.security.oauth2.core.endpoint
-
A
Converter
that converts the provided OAuth 2.0 Access Token Response parameters to anOAuth2AccessTokenResponse
. - DefaultMapOAuth2AccessTokenResponseConverter() - Constructor for class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter
- DefaultMessageSecurityExpressionHandler<T> - Class in org.springframework.security.messaging.access.expression
-
The default implementation of
SecurityExpressionHandler
which uses aMessageSecurityExpressionRoot
. - DefaultMessageSecurityExpressionHandler() - Constructor for class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
- DefaultMessageSecurityMetadataSource - Class in org.springframework.security.messaging.access.intercept
-
Deprecated.Use
MessageMatcherDelegatingAuthorizationManager
instead - DefaultMessageSecurityMetadataSource(LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
-
Deprecated.
- DefaultMethodSecurityExpressionHandler - Class in org.springframework.security.access.expression.method
-
The standard implementation of
MethodSecurityExpressionHandler
. - DefaultMethodSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- DefaultOAuth2AccessTokenResponseMapConverter - Class in org.springframework.security.oauth2.core.endpoint
-
A
Converter
that converts the providedOAuth2AccessTokenResponse
to aMap
representation of the OAuth 2.0 Access Token Response parameters. - DefaultOAuth2AccessTokenResponseMapConverter() - Constructor for class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter
- DefaultOAuth2AuthenticatedPrincipal - Class in org.springframework.security.oauth2.core
-
A domain object that wraps the attributes of an OAuth 2.0 token.
- DefaultOAuth2AuthenticatedPrincipal(String, Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
-
Constructs an
DefaultOAuth2AuthenticatedPrincipal
using the provided parameters. - DefaultOAuth2AuthenticatedPrincipal(Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
-
Constructs an
DefaultOAuth2AuthenticatedPrincipal
using the provided parameters. - DefaultOAuth2AuthorizationRequestResolver - Class in org.springframework.security.oauth2.client.web
-
An implementation of an
OAuth2AuthorizationRequestResolver
that attempts to resolve anOAuth2AuthorizationRequest
from the providedHttpServletRequest
using the default requestURI
pattern/oauth2/authorization/{registrationId}
. - DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
-
Constructs a
DefaultOAuth2AuthorizationRequestResolver
using the provided parameters. - DefaultOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client.web
-
The default implementation of an
OAuth2AuthorizedClientManager
for use within the context of aHttpServletRequest
. - DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
-
Constructs a
DefaultOAuth2AuthorizedClientManager
using the provided parameters. - DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client.web
-
The default implementation of the
contextAttributesMapper
. - DefaultOAuth2TokenRequestHeadersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
Default
Converter
used to convert anAbstractOAuth2AuthorizationGrantRequest
to theHttpHeaders
of aRequestEntity
representation of an OAuth 2.0 Access Token Request for the specific Authorization Grant. - DefaultOAuth2TokenRequestHeadersConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter
- DefaultOAuth2TokenRequestParametersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
Default
Converter
used to convert anAbstractOAuth2AuthorizationGrantRequest
to the defaultparameters
of an OAuth 2.0 Access Token Request. - DefaultOAuth2TokenRequestParametersConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestParametersConverter
- DefaultOAuth2User - Class in org.springframework.security.oauth2.core.user
-
The default implementation of an
OAuth2User
. - DefaultOAuth2User(Collection<? extends GrantedAuthority>, Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.DefaultOAuth2User
-
Constructs a
DefaultOAuth2User
using the provided parameters. - DefaultOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo
-
An implementation of an
OAuth2UserService
that supports standard OAuth 2.0 Provider's. - DefaultOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
- DefaultOidcUser - Class in org.springframework.security.oauth2.core.oidc.user
-
The default implementation of an
OidcUser
. - DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
-
Constructs a
DefaultOidcUser
using the provided parameters. - DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
-
Constructs a
DefaultOidcUser
using the provided parameters. - DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
-
Constructs a
DefaultOidcUser
using the provided parameters. - DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
-
Constructs a
DefaultOidcUser
using the provided parameters. - DefaultOneTimeToken - Class in org.springframework.security.authentication.ott
-
A default implementation of
OneTimeToken
- DefaultOneTimeToken(String, String, Instant) - Constructor for class org.springframework.security.authentication.ott.DefaultOneTimeToken
- DefaultOneTimeTokenSubmitPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
-
Creates a default one-time token submit page.
- DefaultOneTimeTokenSubmitPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
- DefaultPasswordTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- DefaultPasswordTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
-
Deprecated.
- DefaultPayloadExchange - Class in org.springframework.security.rsocket.core
-
Default implementation of
PayloadExchange
- DefaultPayloadExchange(PayloadExchangeType, Payload, MimeType, MimeType) - Constructor for class org.springframework.security.rsocket.core.DefaultPayloadExchange
- DefaultPermissionFactory - Class in org.springframework.security.acls.domain
-
Default implementation of
PermissionFactory
. - DefaultPermissionFactory() - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory
-
Registers the Permission fields from the BasePermission class.
- DefaultPermissionFactory(Class<? extends Permission>) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory
-
Registers the Permission fields from the supplied class.
- DefaultPermissionFactory(Map<String, ? extends Permission>) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory
-
Registers a map of named Permission instances.
- DefaultPermissionGrantingStrategy - Class in org.springframework.security.acls.domain
- DefaultPermissionGrantingStrategy(AuditLogger) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy
-
Creates an instance with the logger which will be used to record granting and denial of requested permissions.
- DefaultReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client.web
-
The default implementation of a
ReactiveOAuth2AuthorizedClientManager
for use within the context of aServerWebExchange
. - DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
-
Constructs a
DefaultReactiveOAuth2AuthorizedClientManager
using the provided parameters. - DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client.web
-
The default implementation of the
contextAttributesMapper
. - DefaultReactiveOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo
-
An implementation of an
ReactiveOAuth2UserService
that supports standard OAuth 2.0 Provider's. - DefaultReactiveOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
- DefaultRedirectStrategy - Class in org.springframework.security.web
-
Simple implementation of RedirectStrategy which is the default used throughout the framework.
- DefaultRedirectStrategy() - Constructor for class org.springframework.security.web.DefaultRedirectStrategy
- DefaultRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
RestClientRefreshTokenTokenResponseClient
instead - DefaultRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
-
Deprecated.
- DefaultRelyingPartyRegistrationResolver - Class in org.springframework.security.saml2.provider.service.web
-
A
Converter
that resolves aRelyingPartyRegistration
by extracting the registration id from the request, querying aRelyingPartyRegistrationRepository
, and resolving any template values. - DefaultRelyingPartyRegistrationResolver(RelyingPartyRegistrationRepository) - Constructor for class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
- defaultRequest() - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Provides defaults for the
HttpServletRequest
and theHttpServletResponse
usingRequestContextHolder
. - DefaultRequestRejectedHandler - Class in org.springframework.security.web.firewall
-
Default implementation of
RequestRejectedHandler
that simply rethrows the exception. - DefaultRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
- DefaultResourcesFilter - Class in org.springframework.security.web.authentication.ui
-
Serve common static assets used in default UIs, such as CSS or Javascript files.
- DefaultResourcesWebFilter - Class in org.springframework.security.web.server.ui
-
Serve common static assets used in default UIs, such as CSS or Javascript files.
- defaults() - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
-
The default
AuthorizationAdvisorProxyFactory.TargetVisitor
, which will proxyClass
instances as well as instances contained in reactive types (if reactor is present), collection types, and other container types likeOptional
andSupplier
- DefaultSaml2AuthenticatedPrincipal - Class in org.springframework.security.saml2.provider.service.authentication
-
Default implementation of a
Saml2AuthenticatedPrincipal
. - DefaultSaml2AuthenticatedPrincipal(String, Map<String, List<Object>>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- DefaultSaml2AuthenticatedPrincipal(String, Map<String, List<Object>>, List<String>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- DefaultSavedRequest - Class in org.springframework.security.web.savedrequest
-
Represents central information from a
HttpServletRequest
. - DefaultSavedRequest(HttpServletRequest, PortResolver) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
- DefaultSavedRequest(HttpServletRequest, PortResolver, String) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
- DefaultSavedRequest.Builder - Class in org.springframework.security.web.savedrequest
- defaultsDisabled() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Clears all of the default headers from the response.
- DefaultSecurityFilterChain - Class in org.springframework.security.web
-
Standard implementation of
SecurityFilterChain
. - DefaultSecurityFilterChain(RequestMatcher, Filter...) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
- DefaultSecurityFilterChain(RequestMatcher, List<Filter>) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
- DefaultSecurityParameterNameDiscoverer - Class in org.springframework.security.core.parameters
-
Spring Security's default
ParameterNameDiscoverer
which tries a number ofParameterNameDiscoverer
depending on what is found on the classpath. - DefaultSecurityParameterNameDiscoverer() - Constructor for class org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer
-
Creates a new instance with only the default
ParameterNameDiscoverer
instances. - DefaultSecurityParameterNameDiscoverer(List<? extends ParameterNameDiscoverer>) - Constructor for class org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer
-
Creates a new instance that first tries the passed in
ParameterNameDiscoverer
instances. - DefaultServerOAuth2AuthorizationRequestResolver - Class in org.springframework.security.oauth2.client.web.server
-
The default implementation of
ServerOAuth2AuthorizationRequestResolver
. - DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
-
Creates a new instance
- DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository, ServerWebExchangeMatcher) - Constructor for class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
-
Creates a new instance
- DefaultServerRedirectStrategy - Class in org.springframework.security.web.server
-
The default
ServerRedirectStrategy
to use. - DefaultServerRedirectStrategy() - Constructor for class org.springframework.security.web.server.DefaultServerRedirectStrategy
- defaultsForSpringSecurity_v4_1() - Static method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
-
Deprecated.
- defaultsForSpringSecurity_v5_2() - Static method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
-
Deprecated.
- defaultsForSpringSecurity_v5_5() - Static method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-
Deprecated.
- defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
-
Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length of 32 bytes, parallelism of 1, memory cost of 1 << 14 and 2 iterations.
- defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-
Constructs a PBKDF2 password encoder with no additional secret value.
- defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
-
Constructs a SCrypt password encoder with cpu cost of 65,536, memory cost of 8, parallelization of 1, a key length of 32 and a salt length of 16 bytes.
- DefaultSpringSecurityContextSource - Class in org.springframework.security.ldap
-
ContextSource implementation which uses Spring LDAP's LdapContextSource as a base class.
- DefaultSpringSecurityContextSource(String) - Constructor for class org.springframework.security.ldap.DefaultSpringSecurityContextSource
-
Create and initialize an instance which will connect to the supplied LDAP URL.
- DefaultSpringSecurityContextSource(List<String>, String) - Constructor for class org.springframework.security.ldap.DefaultSpringSecurityContextSource
-
Create and initialize an instance which will connect of the LDAP Spring Security Context Source.
- defaultsSkipValueTypes() - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
-
The default
AuthorizationAdvisorProxyFactory.TargetVisitor
that also skips any value types (for example,String
,Integer
). - defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Sets the URL that the default submit page will be generated.
- defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Sets the URL that the default submit page will be generated.
- defaultSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.
- defaultSuccessUrl(String, boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or
alwaysUse
is true. - DefaultToken - Class in org.springframework.security.core.token
-
The default implementation of
Token
. - DefaultToken(String, long, String) - Constructor for class org.springframework.security.core.token.DefaultToken
- DefaultTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
RestClientRefreshTokenTokenResponseClient
instead - DefaultTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
-
Deprecated.
- DefaultWebAuthnRegistrationPageGeneratingFilter - Class in org.springframework.security.web.webauthn.registration
-
A
Filter
that renders a default WebAuthn registration page. - DefaultWebAuthnRegistrationPageGeneratingFilter(PublicKeyCredentialUserEntityRepository, UserCredentialRepository) - Constructor for class org.springframework.security.web.webauthn.registration.DefaultWebAuthnRegistrationPageGeneratingFilter
-
Creates a new instance.
- DefaultWebFilterChainDecorator() - Constructor for class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
- DefaultWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
Deprecated.
- DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor) - Constructor for class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Deprecated.
- DefaultWebSecurityExpressionHandler - Class in org.springframework.security.web.access.expression
- DefaultWebSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
- DeferredCsrfToken - Interface in org.springframework.security.web.csrf
-
An interface that allows delayed access to a
CsrfToken
that may be generated. - DeferredSecurityContext - Interface in org.springframework.security.core.context
-
An interface that allows delayed access to a
SecurityContext
that may be generated. - DelegateEntry(ServerWebExchangeMatcher, ServerAccessDeniedHandler) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
- DelegateEntry(ServerWebExchangeMatcher, ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
- DelegatingAccessDeniedHandler - Class in org.springframework.security.web.access
-
An
AccessDeniedHandler
that delegates to otherAccessDeniedHandler
instances based upon the type ofAccessDeniedException
passed intoDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException)
. - DelegatingAccessDeniedHandler(LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.DelegatingAccessDeniedHandler
-
Creates a new instance
- delegatingApplicationListener() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- DelegatingApplicationListener - Class in org.springframework.security.context
-
Used for delegating to a number of SmartApplicationListener instances.
- DelegatingApplicationListener() - Constructor for class org.springframework.security.context.DelegatingApplicationListener
- DelegatingAuthenticationConverter - Class in org.springframework.security.web.authentication
-
A
AuthenticationConverter
, that iterates over multipleAuthenticationConverter
. - DelegatingAuthenticationConverter(List<AuthenticationConverter>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
- DelegatingAuthenticationConverter(AuthenticationConverter...) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
- DelegatingAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
-
An
AuthenticationEntryPoint
which selects a concreteAuthenticationEntryPoint
based on aRequestMatcher
evaluation. - DelegatingAuthenticationEntryPoint(LinkedHashMap<RequestMatcher, AuthenticationEntryPoint>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- DelegatingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
An
AuthenticationFailureHandler
that delegates to otherAuthenticationFailureHandler
instances based upon the type ofAuthenticationException
passed intoDelegatingAuthenticationFailureHandler.onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException)
. - DelegatingAuthenticationFailureHandler(LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler>, AuthenticationFailureHandler) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
-
Creates a new instance
- DelegatingJwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication
- DelegatingJwtGrantedAuthoritiesConverter(Collection<Converter<Jwt, Collection<GrantedAuthority>>>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
- DelegatingJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>>...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
-
Constructs a
DelegatingJwtGrantedAuthoritiesConverter
using the provided array ofConverter
s - DelegatingLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
Delegates to logout handlers based on matched request matchers
- DelegatingLogoutSuccessHandler(LinkedHashMap<RequestMatcher, LogoutSuccessHandler>) - Constructor for class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
- DelegatingMethodSecurityMetadataSource - Class in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - DelegatingMethodSecurityMetadataSource(List<MethodSecurityMetadataSource>) - Constructor for class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
-
Deprecated.
- DelegatingOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
that simply delegates to it's internalList
ofOAuth2AuthorizedClientProvider
(s). - DelegatingOAuth2AuthorizedClientProvider(List<OAuth2AuthorizedClientProvider>) - Constructor for class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
-
Constructs a
DelegatingOAuth2AuthorizedClientProvider
using the provided parameters. - DelegatingOAuth2AuthorizedClientProvider(OAuth2AuthorizedClientProvider...) - Constructor for class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
-
Constructs a
DelegatingOAuth2AuthorizedClientProvider
using the provided parameters. - DelegatingOAuth2TokenValidator<T extends OAuth2Token> - Class in org.springframework.security.oauth2.core
-
A composite validator
- DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>>) - Constructor for class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
-
Constructs a
DelegatingOAuth2TokenValidator
using the provided validators. - DelegatingOAuth2TokenValidator(OAuth2TokenValidator<T>...) - Constructor for class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
-
Constructs a
DelegatingOAuth2TokenValidator
using the provided validators. - DelegatingOAuth2UserService<R extends OAuth2UserRequest,
U extends OAuth2User> - Class in org.springframework.security.oauth2.client.userinfo -
An implementation of an
OAuth2UserService
that simply delegates to it's internalList
ofOAuth2UserService
(s). - DelegatingOAuth2UserService(List<OAuth2UserService<R, U>>) - Constructor for class org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService
-
Constructs a
DelegatingOAuth2UserService
using the provided parameters. - DelegatingPasswordEncoder - Class in org.springframework.security.crypto.password
-
A password encoder that delegates to another PasswordEncoder based upon a prefixed identifier.
- DelegatingPasswordEncoder(String, Map<String, PasswordEncoder>) - Constructor for class org.springframework.security.crypto.password.DelegatingPasswordEncoder
-
Creates a new instance
- DelegatingPasswordEncoder(String, Map<String, PasswordEncoder>, String, String) - Constructor for class org.springframework.security.crypto.password.DelegatingPasswordEncoder
-
Creates a new instance
- DelegatingReactiveAuthenticationManager - Class in org.springframework.security.authentication
-
A
ReactiveAuthenticationManager
that delegates to otherReactiveAuthenticationManager
instances. - DelegatingReactiveAuthenticationManager(List<ReactiveAuthenticationManager>) - Constructor for class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
- DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager...) - Constructor for class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
- DelegatingReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization
- DelegatingReactiveAuthorizationManager.Builder - Class in org.springframework.security.web.server.authorization
- DelegatingReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
that simply delegates to it's internalList
ofReactiveOAuth2AuthorizedClientProvider
(s). - DelegatingReactiveOAuth2AuthorizedClientProvider(List<ReactiveOAuth2AuthorizedClientProvider>) - Constructor for class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
-
Constructs a
DelegatingReactiveOAuth2AuthorizedClientProvider
using the provided parameters. - DelegatingReactiveOAuth2AuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider...) - Constructor for class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
-
Constructs a
DelegatingReactiveOAuth2AuthorizedClientProvider
using the provided parameters. - DelegatingRequestMatcherHeaderWriter - Class in org.springframework.security.web.header.writers
-
Delegates to the provided
HeaderWriter
whenRequestMatcher.matches(HttpServletRequest)
returns true. - DelegatingRequestMatcherHeaderWriter(RequestMatcher, HeaderWriter) - Constructor for class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
-
Creates a new instance
- DelegatingSecurityContextAsyncTaskExecutor - Class in org.springframework.security.task
-
An
AsyncTaskExecutor
which wraps eachRunnable
in aDelegatingSecurityContextRunnable
and eachCallable
in aDelegatingSecurityContextCallable
. - DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor) - Constructor for class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
-
Creates a new
DelegatingSecurityContextAsyncTaskExecutor
that uses the currentSecurityContext
. - DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor, SecurityContext) - Constructor for class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
-
Creates a new
DelegatingSecurityContextAsyncTaskExecutor
that uses the specifiedSecurityContext
. - DelegatingSecurityContextCallable<V> - Class in org.springframework.security.concurrent
-
Wraps a delegate
Callable
with logic for setting up aSecurityContext
before invoking the delegateCallable
and then removing theSecurityContext
after the delegate has completed. - DelegatingSecurityContextCallable(Callable<V>) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextCallable
-
Creates a new
DelegatingSecurityContextCallable
with theSecurityContext
from theSecurityContextHolder
. - DelegatingSecurityContextCallable(Callable<V>, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextCallable
-
Creates a new
DelegatingSecurityContextCallable
with a specificSecurityContext
. - DelegatingSecurityContextExecutor - Class in org.springframework.security.concurrent
- DelegatingSecurityContextExecutor(Executor) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
-
Creates a new
DelegatingSecurityContextExecutor
that uses the currentSecurityContext
from theSecurityContextHolder
at the time the task is submitted. - DelegatingSecurityContextExecutor(Executor, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
-
Creates a new
DelegatingSecurityContextExecutor
that uses the specifiedSecurityContext
. - DelegatingSecurityContextExecutorService - Class in org.springframework.security.concurrent
-
An
ExecutorService
which wraps eachRunnable
in aDelegatingSecurityContextRunnable
and eachCallable
in aDelegatingSecurityContextCallable
. - DelegatingSecurityContextExecutorService(ExecutorService) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
-
Creates a new
DelegatingSecurityContextExecutorService
that uses the currentSecurityContext
from theSecurityContextHolder
. - DelegatingSecurityContextExecutorService(ExecutorService, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
-
Creates a new
DelegatingSecurityContextExecutorService
that uses the specifiedSecurityContext
. - DelegatingSecurityContextRepository - Class in org.springframework.security.web.context
- DelegatingSecurityContextRepository(List<SecurityContextRepository>) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository
- DelegatingSecurityContextRepository(SecurityContextRepository...) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository
- DelegatingSecurityContextRunnable - Class in org.springframework.security.concurrent
-
Wraps a delegate
Runnable
with logic for setting up aSecurityContext
before invoking the delegateRunnable
and then removing theSecurityContext
after the delegate has completed. - DelegatingSecurityContextRunnable(Runnable) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
-
Creates a new
DelegatingSecurityContextRunnable
with theSecurityContext
from theSecurityContextHolder
. - DelegatingSecurityContextRunnable(Runnable, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
-
Creates a new
DelegatingSecurityContextRunnable
with a specificSecurityContext
. - DelegatingSecurityContextScheduledExecutorService - Class in org.springframework.security.concurrent
-
An
ScheduledExecutorService
which wraps eachRunnable
in aDelegatingSecurityContextRunnable
and eachCallable
in aDelegatingSecurityContextCallable
. - DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
-
Creates a new
DelegatingSecurityContextScheduledExecutorService
that uses the currentSecurityContext
from theSecurityContextHolder
. - DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
-
Creates a new
DelegatingSecurityContextScheduledExecutorService
that uses the specifiedSecurityContext
. - DelegatingSecurityContextSchedulingTaskExecutor - Class in org.springframework.security.scheduling
-
An
SchedulingTaskExecutor
which wraps eachRunnable
in aDelegatingSecurityContextRunnable
and eachCallable
in aDelegatingSecurityContextCallable
. - DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
-
Creates a new
DelegatingSecurityContextSchedulingTaskExecutor
that uses the currentSecurityContext
. - DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor, SecurityContext) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
-
Creates a new
DelegatingSecurityContextSchedulingTaskExecutor
that uses the specifiedSecurityContext
. - DelegatingSecurityContextTaskExecutor - Class in org.springframework.security.task
- DelegatingSecurityContextTaskExecutor(TaskExecutor) - Constructor for class org.springframework.security.task.DelegatingSecurityContextTaskExecutor
-
Creates a new
DelegatingSecurityContextTaskExecutor
that uses the currentSecurityContext
from theSecurityContextHolder
. - DelegatingSecurityContextTaskExecutor(TaskExecutor, SecurityContext) - Constructor for class org.springframework.security.task.DelegatingSecurityContextTaskExecutor
-
Creates a new
DelegatingSecurityContextTaskExecutor
that uses the specifiedSecurityContext
. - DelegatingSecurityContextTaskScheduler - Class in org.springframework.security.scheduling
-
An implementation of
TaskScheduler
invoking it whenever the trigger indicates a next execution time. - DelegatingSecurityContextTaskScheduler(TaskScheduler) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
-
Creates a new
DelegatingSecurityContextTaskScheduler
that uses the currentSecurityContext
from theSecurityContextHolder
. - DelegatingSecurityContextTaskScheduler(TaskScheduler, SecurityContext) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
-
Creates a new
DelegatingSecurityContextTaskScheduler
that uses the specifiedSecurityContext
. - DelegatingServerAuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
A
ServerAuthenticationConverter
that delegates to otherServerAuthenticationConverter
instances. - DelegatingServerAuthenticationConverter(List<ServerAuthenticationConverter>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
- DelegatingServerAuthenticationConverter(ServerAuthenticationConverter...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
- DelegatingServerAuthenticationEntryPoint - Class in org.springframework.security.web.server
-
A
ServerAuthenticationEntryPoint
which delegates to multipleServerAuthenticationEntryPoint
based on aServerWebExchangeMatcher
- DelegatingServerAuthenticationEntryPoint(List<DelegatingServerAuthenticationEntryPoint.DelegateEntry>) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- DelegatingServerAuthenticationEntryPoint(DelegatingServerAuthenticationEntryPoint.DelegateEntry...) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- DelegatingServerAuthenticationEntryPoint.DelegateEntry - Class in org.springframework.security.web.server
- DelegatingServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Delegates to a collection of
ServerAuthenticationSuccessHandler
implementations. - DelegatingServerAuthenticationSuccessHandler(List<ServerAuthenticationSuccessHandler>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
-
Creates a new instance with the provided list of delegates
- DelegatingServerAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
- DelegatingServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
Delegates to a collection of
ServerLogoutHandler
implementations. - DelegatingServerLogoutHandler(Collection<ServerLogoutHandler>) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
- DelegatingServerLogoutHandler(ServerLogoutHandler...) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
- delete - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- delete(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository
- delete(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository
- delete(Bytes) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository
- delete(Bytes) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository
-
Deletes an entry by credential id
- DELETE - Static variable in class org.springframework.security.acls.domain.BasePermission
- deleteAce(int) - Method in class org.springframework.security.acls.domain.AclImpl
- deleteAce(int) - Method in interface org.springframework.security.acls.model.MutableAcl
- deleteAcl(ObjectIdentity, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- deleteAcl(ObjectIdentity, boolean) - Method in interface org.springframework.security.acls.model.MutableAclService
-
Removes the specified entry from the database.
- deleteCookies(String...) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Allows specifying the names of cookies to be removed on logout success.
- deleteEntries(Long) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.
- deleteGroup(String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Removes a group, including all members and authorities.
- deleteGroup(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- deleteObjectIdentity(Long) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.
- deleteUser(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- deleteUser(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- deleteUser(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- deleteUser(String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
-
Remove the user with the given login name from the system.
- delux(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
-
Creates a text encryptor that uses "stronger" password-based encryption.
- demergePatterns(String, String) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
- deny() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
-
Specify to DENY framing any content from this application.
- DENY - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
- DENY - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
A browser receiving content with this header field MUST NOT display this content in any frame.
- DENY_ALL_ATTRIBUTE - Static variable in class org.springframework.security.access.annotation.Jsr250SecurityConfig
-
Deprecated.
- denyAll - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
-
Allows "denyAll" expression
- denyAll() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Always denies access
- denyAll() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- denyAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are not allowed by anyone.
- denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are not allowed by anyone.
- denyAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are not allowed by anyone.
- denyAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Deny access for everyone
- denyAll() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are not allowed by anyone.
- denyAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specify that URLs are not allowed by anyone.
- DenyAllPermissionEvaluator - Class in org.springframework.security.access.expression
-
A null PermissionEvaluator which denies all access.
- DenyAllPermissionEvaluator() - Constructor for class org.springframework.security.access.expression.DenyAllPermissionEvaluator
- destroy() - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
- destroy() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
- destroy() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- destroy() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- destroy() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.Not used (we rely on IoC container lifecycle services instead)
- destroy() - Method in class org.springframework.security.web.debug.DebugFilter
- determineCauseChain(Throwable) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Determines the cause chain of the provided
Throwable
. - determineExpiredUrl(HttpServletRequest, SessionInformation) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- determineTargetUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Builds the target URL according to the logic defined in the main class Javadoc.
- determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler
- determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Builds the target URL according to the logic defined in the main class Javadoc
- determineUrlToUseForThisRequest(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Allows subclasses to modify the login form URL that should be applicable for a given request.
- DEVICE_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- DEVICE_CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
device_code
- used in Device Authorization Response and Device Access Token Request. - digest() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
- digest(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
- DigestAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
-
Used by the
SecurityEnforcementFilter
to commence authentication via theDigestAuthenticationFilter
. - DigestAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- DigestAuthenticationFilter - Class in org.springframework.security.web.authentication.www
-
Processes a HTTP request's Digest authorization headers, putting the result into the
SecurityContextHolder
. - DigestAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- DigestRequestPostProcessor() - Constructor for class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
- DIRECT - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference
-
The direct preference indicates that the Relying Party wants to receive the attestation statement as generated by the authenticator.
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
-
Disables the
AbstractHttpConfigurer
by removing it. - disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig
-
Disables Cache Control
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig
-
Removes the X-XSS-Protection header.
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
-
Prevents the header from being added to the response.
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Prevents the header from being added to the response.
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
Disables Strict Transport Security
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
-
Disables X-XSS-Protection header (does not include it)
- disable() - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Disables anonymous authentication.
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
-
Disables CORS support within Spring Security.
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Disables CSRF Protection.
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Disables HTTP Basic authentication.
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CacheSpec
-
Disables cache control response headers
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec
-
Disables the content type options response header
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Disables http response headers
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
-
Disables frame options response header
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
-
Disables strict transport security response header
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec
-
Disables the x-xss-protection response header
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
Disables HTTP Basic authentication.
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
-
Disables log out
- disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
-
Disables the
ServerHttpSecurity.RequestCacheSpec
- disabled(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Defines if the account is disabled or not.
- disabled(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Defines if the account is disabled or not.
- disabled(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- DISABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
- DISABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
- disableDefaultRegistrationPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
-
Configures whether the default webauthn registration should be disabled.
- DisabledException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the account is disabled.
- DisabledException(String) - Constructor for exception org.springframework.security.authentication.DisabledException
-
Constructs a
DisabledException
with the specified message. - DisabledException(String, Throwable) - Constructor for exception org.springframework.security.authentication.DisabledException
-
Constructs a
DisabledException
with the specified message and root cause. - DisableEncodeUrlFilter - Class in org.springframework.security.web.session
-
Disables encoding URLs using the
HttpServletResponse
to prevent including the session id in URLs which is not considered URL because the session id can be leaked in things like HTTP access logs. - DisableEncodeUrlFilter() - Constructor for class org.springframework.security.web.session.DisableEncodeUrlFilter
- disableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Invoke this method to disable invoking
OnCommittedResponseWrapper.onResponseCommitted()
when theHttpServletResponse
is committed. - disableSaveOnResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.Invoke this method to disable automatic saving of the
SecurityContext
when theHttpServletResponse
is committed. - DISCOURAGED - Static variable in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement
-
The discouraged requirement indicates that the Relying Party prefers creating a server-side credential, but will accept a client-side discoverable credential.
- DISCOURAGED - Static variable in class org.springframework.security.web.webauthn.api.UserVerificationRequirement
-
The discouraged value indicates that the Relying Party does not want user verification employed during the operation (e.g., in the interest of minimizing disruption to the user interaction flow).
- dispatcherTypeMatchers(DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
- dispatcherTypeMatchers(HttpMethod, DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Maps a
List
ofDispatcherTypeRequestMatcher
instances. - DispatcherTypeRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Checks the
DispatcherType
to decide whether to match a given request. - DispatcherTypeRequestMatcher(DispatcherType) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
-
Creates an instance which matches requests with the provided
DispatcherType
- DispatcherTypeRequestMatcher(DispatcherType, HttpMethod) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
-
Creates an instance which matches requests with the provided
DispatcherType
andHttpMethod
- displayName(String) - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder
-
Sets the
ImmutablePublicKeyCredentialUserEntity.getDisplayName()
property. - DN_KEY - Static variable in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Every search results where a record is defined by a Map<String,String[]> contains at least this key - the DN of the record itself.
- DO_BREAK_LINES - Static variable in class org.springframework.security.crypto.codec.Base64
-
Deprecated.Do break lines when encoding.
- doAfterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- doAfterPropertiesSet() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
- doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
- doBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Executes the build using the
SecurityConfigurer
's that have been applied using the following steps: InvokesAbstractConfiguredSecurityBuilder.beforeInit()
for any subclass to hook into InvokesSecurityConfigurer.init(SecurityBuilder)
for anySecurityConfigurer
that was applied to this builder. InvokesAbstractConfiguredSecurityBuilder.beforeConfigure()
for any subclass to hook into InvokesAbstractConfiguredSecurityBuilder.performBuild()
which actually builds the Object - doBuild() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
-
Subclasses should implement this to perform the build.
- doEndTag() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- doEndTag() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
-
Default processing of the end tag returning EVAL_PAGE.
- doEndTag() - Method in class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
- doesRequestMatch(HttpServletRequest, PortResolver) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
-
Determines if the current request matches the
DefaultSavedRequest
. - doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.Method that is actually called by the filter chain.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Invokes the
requiresAuthentication
method to determine whether the request is for authentication and should be handled by this filter. - doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
-
Deprecated.
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.debug.DebugFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.FilterChainProxy
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Attempts to obtain and run as a JAAS
Subject
usingJaasApiIntegrationFilter.obtainSubject(ServletRequest)
. - doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.SessionManagementFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Extract any Bearer Token from the request and attempt an authentication.
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.csrf.CsrfFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.header.HeaderWriterFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.RequestMatcherRedirectFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.DisableEncodeUrlFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ForceEagerSessionCreationFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.registration.DefaultWebAuthnRegistrationPageGeneratingFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsFilter
- doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter
- doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
- doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
- doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- doStartTag() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
- doStartTag() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- doStartTag() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
-
Invokes the base class
AbstractAuthorizeTag.authorize()
method to decide if the body of the tag should be skipped or not.
E
- EdDSA - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- EdDSA - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- Elements - Class in org.springframework.security.config
-
Contains all the element names used by Spring Security 3 namespace support.
- Elements() - Constructor for class org.springframework.security.config.Elements
- ELRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A RequestMatcher implementation which uses a SpEL expression
- ELRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ELRequestMatcher
- email(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this email in the resulting
OidcUserInfo
- EMAIL - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
-
The
email
scope requests access to theemail
andemail_verified
claims. - EMAIL - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
email
- the user's preferred e-mail address - EMAIL_VERIFIED - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
email_verified
-true
if the user's e-mail address has been verified, otherwisefalse
- emailVerified(Boolean) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this verified-email indicator in the resulting
OidcUserInfo
- EMBEDDED_APACHE_DS - Static variable in class org.springframework.security.config.BeanIds
- EMBEDDED_UNBOUNDID - Static variable in class org.springframework.security.config.BeanIds
- EmbeddedLdapServerContainer - Interface in org.springframework.security.ldap.server
-
Provides lifecycle services for an embedded LDAP server.
- EmbeddedLdapServerContextSourceFactoryBean - Class in org.springframework.security.config.ldap
-
Creates a
DefaultSpringSecurityContextSource
used to perform LDAP authentication and starts and in-memory LDAP server. - EmbeddedLdapServerContextSourceFactoryBean() - Constructor for class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
- EMBEDDER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
- ENABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
- ENABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
- ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
- ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
- enableDefaultTyping(ObjectMapper) - Static method in class org.springframework.security.jackson2.SecurityJackson2Modules
- EnableGlobalAuthentication - Annotation Interface in org.springframework.security.config.annotation.authentication.configuration
-
The
EnableGlobalAuthentication
annotation signals that the annotated class can be used to configure a global instance ofAuthenticationManagerBuilder
. - enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- EnableGlobalMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
-
Deprecated.Use
EnableMethodSecurity
instead - enableHttpSessionEventPublisher() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Override this if
HttpSessionEventPublisher
should be added as a listener. - EnableMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
-
Enables Spring Security Method Security.
- EnableReactiveMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
- EnableRSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.rsocket
-
Add this annotation to a
Configuration
class to have Spring SecurityRSocketSecurity
support added. - enableSessionUrlRewriting(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
If set to true, allows HTTP sessions to be rewritten in the URLs when using
HttpServletResponse.encodeRedirectURL(String)
orHttpServletResponse.encodeURL(String)
, otherwise disallows HTTP sessions to be included in the URL. - EnableWebFluxSecurity - Annotation Interface in org.springframework.security.config.annotation.web.reactive
-
Add this annotation to a
Configuration
class to have Spring Security WebFlux support added. - EnableWebMvcSecurity - Annotation Interface in org.springframework.security.config.annotation.web.servlet.configuration
-
Deprecated.Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.
- EnableWebSecurity - Annotation Interface in org.springframework.security.config.annotation.web.configuration
-
Add this annotation to an
@Configuration
class to have the Spring Security configuration defined in anyWebSecurityConfigurer
or more likely by exposing aSecurityFilterChain
bean: - EnableWebSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.web.socket
-
Allows configuring WebSocket Authorization.
- encode(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64
-
Deprecated.
- encode(byte[]) - Static method in class org.springframework.security.crypto.codec.Hex
- encode(CharSequence) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
- encode(CharSequence) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- encode(CharSequence) - Static method in class org.springframework.security.crypto.codec.Utf8
-
Get the bytes of the String in UTF-8 encoded form.
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder
-
Deprecated.Calculates the hash of password (and salt bytes, if supplied) and returns a base64 encoded concatenation of the hash and salt, prefixed with {SHA} (or {SSHA} if salt was used).
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder
-
Deprecated.Encodes the rawPass using a MessageDigest.
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
-
Deprecated.Encodes the rawPass using a MessageDigest.
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.NoOpPasswordEncoder
-
Deprecated.
- encode(CharSequence) - Method in interface org.springframework.security.crypto.password.PasswordEncoder
-
Encode the raw password.
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
- encode(CharSequence) - Method in class org.springframework.security.crypto.password.StandardPasswordEncoder
-
Deprecated.
- encode(CharSequence) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
- encode(CharSequence, byte[]) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
- encode(Publisher<? extends BearerTokenMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
- encode(Publisher<? extends UsernamePasswordMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
-
Deprecated.
- encode(Publisher<? extends UsernamePasswordMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder
- encode(JwtEncoderParameters) - Method in interface org.springframework.security.oauth2.jwt.JwtEncoder
-
Encode the JWT to it's compact claims representation format.
- encode(JwtEncoderParameters) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtEncoder
- ENCODE - Static variable in class org.springframework.security.crypto.codec.Base64
-
Deprecated.Specify encoding in first bit.
- encodeAndConcatenate(CharSequence, byte[]) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
- encodeCookie(String[]) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Inverse operation of decodeCookie.
- encodeRedirectURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.
- encodeURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.
- encodeValue(BearerTokenMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
- encodeValue(UsernamePasswordMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
-
Deprecated.
- encodeValue(UsernamePasswordMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder
- EncodingUtils - Class in org.springframework.security.crypto.util
-
Static helper for encoding data.
- encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.AesBytesEncryptor
- encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
- encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
- encrypt(byte[]) - Method in interface org.springframework.security.crypto.encrypt.BytesEncryptor
-
Encrypt the byte array.
- encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- encrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- encrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- encrypt(String) - Method in interface org.springframework.security.crypto.encrypt.TextEncryptor
-
Encrypt the raw text string.
- encryption(X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Create a
Saml2X509Credential
that can be used for encryption. - ENCRYPTION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
- encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Apply this
Consumer
to the list ofSaml2X509Credential
s - encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Apply this
Consumer
to the list ofSaml2X509Credential
s - encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Apply this
Consumer
to the list ofSaml2X509Credential
s - Encryptors - Class in org.springframework.security.crypto.encrypt
-
Factory for commonly used encryptors.
- ENTERPRISE - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference
-
The enterprise preference indicates that the Relying Party wants to receive an attestation statement that may include uniquely identifying information.
- entityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Set the asserting party's EntityID.
- entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Set the asserting party's EntityID.
- entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Set the asserting party's EntityID.
- entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the relying party's EntityID.
- Enumerator<T> - Class in org.springframework.security.web.savedrequest
-
Adapter that wraps an
Enumeration
around a Java 2 collectionIterator
. - Enumerator(Collection<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Collection.
- Enumerator(Collection<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Collection.
- Enumerator(Iterator<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values returned by the specified Iterator.
- Enumerator(Iterator<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values returned by the specified Iterator.
- Enumerator(Map<?, T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Map.
- Enumerator(Map<?, T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
-
Return an Enumeration over the values of the specified Map.
- equals(Object) - Method in class org.springframework.security.access.SecurityConfig
- equals(Object) - Method in class org.springframework.security.acls.domain.AbstractPermission
- equals(Object) - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- equals(Object) - Method in class org.springframework.security.acls.domain.AclImpl
- equals(Object) - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
- equals(Object) - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
-
Important so caching operates properly.
- equals(Object) - Method in class org.springframework.security.acls.domain.PrincipalSid
- equals(Object) - Method in interface org.springframework.security.acls.model.ObjectIdentity
- equals(Object) - Method in interface org.springframework.security.acls.model.Sid
-
Refer to the
java.lang.Object
documentation for the interface contract. - equals(Object) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- equals(Object) - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
- equals(Object) - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
- equals(Object) - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
- equals(Object) - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- equals(Object) - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
- equals(Object) - Method in class org.springframework.security.core.context.SecurityContextImpl
- equals(Object) - Method in class org.springframework.security.core.token.DefaultToken
- equals(Object) - Method in class org.springframework.security.core.userdetails.User
-
Returns
true
if the supplied object is aUser
instance with the sameusername
value. - equals(Object) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
-
Compares the LdapAuthority based on
LdapAuthority.getAuthority()
andLdapAuthority.getDn()
values. - equals(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- equals(Object) - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
- equals(Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
- equals(Object) - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
- equals(Object) - Method in class org.springframework.security.oauth2.core.AuthenticationMethod
- equals(Object) - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType
- equals(Object) - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- equals(Object) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
- equals(Object) - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
- equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
- equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
- equals(Object) - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
- equals(Object) - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
- equals(Object) - Method in class org.springframework.security.saml2.core.Saml2X509Credential
- equals(Object) - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- equals(Object) - Method in class org.springframework.security.util.InMemoryResource
- equals(Object) - Method in class org.springframework.security.web.access.intercept.RequestKey
- equals(Object) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- equals(Object) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
- equals(Object) - Method in class org.springframework.security.web.header.Header
- equals(Object) - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- equals(Object) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- equals(Object) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- equals(Object) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- equals(Object) - Method in class org.springframework.security.web.webauthn.api.Bytes
- equalTo(Function<Authentication, String>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable
-
Compares the value of a path variable in the URI with an `Authentication` attribute
- eraseCredentials() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
-
Checks the
credentials
,principal
anddetails
objects, invoking theeraseCredentials
method on any which implementCredentialsContainer
. - eraseCredentials() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
- eraseCredentials() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- eraseCredentials() - Method in interface org.springframework.security.core.CredentialsContainer
- eraseCredentials() - Method in class org.springframework.security.core.userdetails.User
- eraseCredentials() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- eraseCredentials(boolean) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
- error(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns a new
OAuth2AuthorizationResponse.Builder
, initialized with the error code. - ERROR - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
error
- used in Authorization Response and Access Token Response. - ERROR_DESCRIPTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
error_description
- used in Authorization Response and Access Token Response. - ERROR_PARAMETER_NAME - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- ERROR_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
error_uri
- used in Authorization Response and Access Token Response. - errorCode(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the error code.
- errorConverter - Variable in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
- errorDescription(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the error description.
- errorOnInvalidType() - Element in annotation interface org.springframework.security.core.annotation.AuthenticationPrincipal
-
True if a
ClassCastException
should be thrown when the currentAuthentication.getPrincipal()
is the incorrect type. - errorOnInvalidType() - Element in annotation interface org.springframework.security.core.annotation.CurrentSecurityContext
-
True if a
ClassCastException
should be thrown when the currentSecurityContext
is the incorrect type. - errorOnInvalidType() - Element in annotation interface org.springframework.security.web.bind.annotation.AuthenticationPrincipal
-
Deprecated.True if a
ClassCastException
should be thrown when the currentAuthentication.getPrincipal()
is the incorrect type. - errorParametersConverter - Variable in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
- errors(Consumer<Collection<Saml2Error>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder
- errorUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the error uri.
- ES256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
ECDSA using P-256 and SHA-256 (Recommended+)
- ES256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
ECDSA using P-256 and SHA-256 (Recommended+)
- ES256 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- ES256 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- ES384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
ECDSA using P-384 and SHA-384 (Optional)
- ES384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
ECDSA using P-384 and SHA-384 (Optional)
- ES384 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- ES384 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- ES512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
ECDSA using P-521 and SHA-512 (Optional)
- ES512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
ECDSA using P-521 and SHA-512 (Optional)
- ES512 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- ES512 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- escapeEntities(String) - Static method in class org.springframework.security.web.util.TextEscapeUtils
- Essence() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- Essence() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- Essence() - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence
- Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence
- Essence(InetOrgPerson) - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- Essence(LdapUserDetails) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- Essence(Person) - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence
- evalOrSkip(boolean) - Static method in class org.springframework.security.taglibs.TagLibConfig
-
Returns EVAL_BODY_INCLUDE if the authorized flag is true or UI security has been disabled.
- evaluateAsBoolean(Expression, EvaluationContext) - Static method in class org.springframework.security.access.expression.ExpressionUtils
- eventPublisher - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- events(Map<String, Object>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
A JSON object that identifies this token as a logout token
- EVENTS - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
events
- a JSON object that identifies this token as a logout token - evictFromCache(Serializable) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- evictFromCache(Serializable) - Method in interface org.springframework.security.acls.model.AclCache
- evictFromCache(ObjectIdentity) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- evictFromCache(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclCache
- EXCEPTION_TRANSLATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- exceptionHandling() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.exceptionHandling(Customizer)
orexceptionHandling(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - exceptionHandling() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.exceptionHandling(Customizer)
orexceptionHandling(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring exception handling.
- exceptionHandling(Customizer<ServerHttpSecurity.ExceptionHandlingSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures exception handling (i.e.
- ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds exception handling for Spring Security related exceptions to an application.
- ExceptionHandlingConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Creates a new instance
- ExceptionMappingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
Uses the internal map of exceptions types to URLs to determine the destination on authentication failure.
- ExceptionMappingAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
- ExceptionTranslationFilter - Class in org.springframework.security.web.access
-
Handles any
AccessDeniedException
andAuthenticationException
thrown within the filter chain. - ExceptionTranslationFilter(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
- ExceptionTranslationFilter(AuthenticationEntryPoint, RequestCache) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
- ExceptionTranslationWebFilter - Class in org.springframework.security.web.server.authorization
- ExceptionTranslationWebFilter() - Constructor for class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
- ExchangeMatcherRedirectWebFilter - Class in org.springframework.security.web.server
-
Web filter that redirects requests that match
ServerWebExchangeMatcher
to the specified URL. - ExchangeMatcherRedirectWebFilter(ServerWebExchangeMatcher, String) - Constructor for class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter
-
Create and initialize an instance of the web filter.
- excludeCredentials(List<PublicKeyCredentialDescriptor>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getExcludeCredentials()
property. - execute(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
- execute(Runnable, long) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
- EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- exitSwitchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Attempt to exit from an already switched user.
- EXP - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
exp
- A timestamp indicating when the token expires - EXP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
exp
- the Expiration time on or after which the ID Token MUST NOT be accepted - EXP - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
exp
- the Expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing - expiredSessionStrategy(SessionInformationExpiredStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
Determines the behaviour when an expired session is detected.
- expiredUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.
- expireNow() - Method in class org.springframework.security.core.session.SessionInformation
- EXPIRES_IN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
expires_in
- used in Authorization Response and Access Token Response. - EXPIRES_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for expires value
- expiresAt(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this expiration in the resulting
OidcIdToken
- expiresAt(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this expiration in the resulting
Jwt
- expiresAt(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the expiration time
(exp)
claim, which identifies the time on or after which the JWT MUST NOT be accepted for processing. - expiresIn(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Sets the lifetime (in seconds) of the access token.
- expiresIn(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
-
Sets the lifetime (in seconds) of the device code and user code.
- exportTestSecurityContext() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers
- expression() - Element in annotation interface org.springframework.security.core.annotation.AuthenticationPrincipal
-
If specified will use the provided SpEL expression to resolve the principal.
- expression() - Element in annotation interface org.springframework.security.core.annotation.CurrentSecurityContext
-
If specified, will use the provided SpEL expression to resolve the security context.
- EXPRESSION_HANDLER - Static variable in class org.springframework.security.config.Elements
- ExpressionAttributeAuthorizationDecision - Class in org.springframework.security.authorization.method
-
Deprecated.Use
ExpressionAuthorizationDecision
instead - ExpressionAttributeAuthorizationDecision(boolean, ExpressionAttribute) - Constructor for class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision
-
Deprecated.
- ExpressionAuthorizationDecision - Class in org.springframework.security.authorization
-
Represents an
AuthorizationDecision
based on aExpression
- ExpressionAuthorizationDecision(boolean, Expression) - Constructor for class org.springframework.security.authorization.ExpressionAuthorizationDecision
- ExpressionBasedAnnotationAttributeFactory - Class in org.springframework.security.access.expression.method
-
Deprecated.Use
AuthorizationManager
interceptors instead - ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
-
Deprecated.
- ExpressionBasedFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.expression
-
Expression-based
FilterInvocationSecurityMetadataSource
. - ExpressionBasedFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>, SecurityExpressionHandler<FilterInvocation>) - Constructor for class org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource
- ExpressionBasedMessageSecurityMetadataSourceFactory - Class in org.springframework.security.messaging.access.expression
-
Deprecated.Use
MessageMatcherDelegatingAuthorizationManager
instead - ExpressionBasedPostInvocationAdvice - Class in org.springframework.security.access.expression.method
-
Deprecated.Use
AuthorizationManagerAfterMethodInterceptor
instead - ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
-
Deprecated.
- ExpressionBasedPreInvocationAdvice - Class in org.springframework.security.access.expression.method
-
Deprecated.Use
AuthorizationManagerAfterMethodInterceptor
instead - ExpressionBasedPreInvocationAdvice() - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
-
Deprecated.
- expressionHandler(SecurityExpressionHandler<Message<Object>>) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.The
SecurityExpressionHandler
to be used. - expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Set the
SecurityExpressionHandler
to be used. - expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated.Allows customization of the
SecurityExpressionHandler
to be used. - ExpressionJwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication
-
Uses an expression for extracting the token claim value to use for mapping
authorities
. - ExpressionJwtGrantedAuthoritiesConverter(Expression) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ExpressionJwtGrantedAuthoritiesConverter
-
Constructs a
ExpressionJwtGrantedAuthoritiesConverter
using the providedauthoritiesClaimExpression
. - ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.Use
AuthorizeHttpRequestsConfigurer
instead - ExpressionUrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer
-
Deprecated.Creates a new instance
- ExpressionUrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.
- ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.
- ExpressionUtils - Class in org.springframework.security.access.expression
- EXTENSION_ID - Static variable in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput
-
The extension id.
- extensions(AuthenticationExtensionsClientInputs) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getExtensions()
property. - extensions(AuthenticationExtensionsClientInputs) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Sets the
PublicKeyCredentialRequestOptions.getExtensions()
property - extractAttributes(A) - Method in interface org.springframework.security.access.annotation.AnnotationMetadataExtractor
-
Deprecated.
- extractAttributes(HttpSession) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
-
Called to extract the existing attributes from the session, prior to invalidating it.
- extractCause(Throwable) - Method in interface org.springframework.security.web.util.ThrowableCauseExtractor
-
Extracts the cause from the provided
Throwable
. - extractControl(DirContext) - Static method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControlExtractor
- extractPathVariables(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
- extractPrincipal(X509Certificate) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- extractPrincipal(X509Certificate) - Method in interface org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor
-
Returns the principal (usually a String) for the given certificate.
- extractRememberMeCookie(HttpServletRequest) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Locates the Spring Security remember me cookie in the request and returns its value.
- extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
-
Deprecated.
- extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Deprecated.
- extractUriTemplateVariables(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestVariablesExtractor
-
Deprecated.Extract URL template variables from the request.
F
- FACEBOOK - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
- factory() - Element in annotation interface org.springframework.security.test.context.support.WithSecurityContext
-
The
WithUserDetailsSecurityContextFactory
to use to create theSecurityContext
. - failure(Collection<OAuth2Error>) - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
-
Construct a failure
OAuth2TokenValidatorResult
with the provided detail - failure(Collection<Saml2Error>) - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Construct a failure
Saml2ResponseValidatorResult
with the provided detail - failure(OAuth2Error...) - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
-
Construct a failure
OAuth2TokenValidatorResult
with the provided detail - failure(Saml2Error...) - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Construct a failure
Saml2ResponseValidatorResult
with the provided detail - failureForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
-
Forward Authentication Failure Handler
- failureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies the
AuthenticationFailureHandler
to use when authentication fails. - failureUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
The URL to send users if authentication fails.
- FAMILY_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
family_name
- the user's surname(s) or last name(s) - familyName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this family name in the resulting
OidcUserInfo
- FastHttpDateFormat - Class in org.springframework.security.web.savedrequest
-
Utility class to generate HTTP dates.
- FEATURE_POLICY - Static variable in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
- featurePolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated.For removal in 7.0. Use
HeadersConfigurer.permissionsPolicy(Customizer)
orpermissionsPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - featurePolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
instead. - FeaturePolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Feature Policy.
- FeaturePolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
-
Create a new instance of
FeaturePolicyHeaderWriter
with supplied security policy directive(s). - FeaturePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Feature-Policy
response header with configured policy directives. - FeaturePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
- FieldUtils - Class in org.springframework.security.util
-
Offers static methods for directly manipulating fields.
- filter(Object, Expression, EvaluationContext) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Filters the
filterTarget
object (which must be either aCollection
,Array
,Map
orStream
), by evaluating the supplied expression. - filter(Object, Expression, EvaluationContext) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
-
Filters a target collection or array.
- filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
- filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
- filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServerBearerExchangeFilterFunction
- filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.ott.GenerateOneTimeTokenWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.AuthorizationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.ReactorContextWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter
- filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy
- FILTER_CHAIN - Static variable in class org.springframework.security.config.Elements
- FILTER_CHAIN_MAP - Static variable in class org.springframework.security.config.Elements
- FILTER_CHAIN_PROXY - Static variable in class org.springframework.security.config.BeanIds
- FILTER_CHAINS - Static variable in class org.springframework.security.config.BeanIds
- FILTER_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
- FilterBasedLdapUserSearch - Class in org.springframework.security.ldap.search
-
LdapUserSearch implementation which uses an Ldap filter to locate the user.
- FilterBasedLdapUserSearch(String, String, BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
- FilterChainBeanDefinitionParser - Class in org.springframework.security.config.http
- FilterChainBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.FilterChainBeanDefinitionParser
- FilterChainDecoratorFactory() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
- FilterChainMapBeanDefinitionDecorator - Class in org.springframework.security.config.http
-
Sets the filter chain Map for a FilterChainProxy bean declaration.
- FilterChainMapBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
- FilterChainProxy - Class in org.springframework.security.web
-
Delegates
Filter
requests to a list of Spring-managed filter beans. - FilterChainProxy() - Constructor for class org.springframework.security.web.FilterChainProxy
- FilterChainProxy(List<SecurityFilterChain>) - Constructor for class org.springframework.security.web.FilterChainProxy
- FilterChainProxy(SecurityFilterChain) - Constructor for class org.springframework.security.web.FilterChainProxy
- FilterChainProxy.FilterChainDecorator - Interface in org.springframework.security.web
-
A strategy for decorating the provided filter chain with one that accounts for the
SecurityFilterChain
for a given request. - FilterChainProxy.FilterChainValidator - Interface in org.springframework.security.web
- FilterChainProxy.VirtualFilterChainDecorator - Class in org.springframework.security.web
-
A
FilterChainProxy.FilterChainDecorator
that uses theFilterChainProxy.VirtualFilterChain
- FilterInvocation - Class in org.springframework.security.web
-
Holds objects associated with a HTTP filter.
- FilterInvocation(ServletRequest, ServletResponse, FilterChain) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocation(String, String, String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
- FilterInvocationSecurityMetadataSource - Interface in org.springframework.security.web.access.intercept
-
Marker interface for
SecurityMetadataSource
implementations that are designed to perform lookups keyed onFilterInvocation
s. - FilterInvocationSecurityMetadataSourceParser - Class in org.springframework.security.config.http
-
Deprecated.Use `use-authorization-manager` property instead
- FilterInvocationSecurityMetadataSourceParser() - Constructor for class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser
-
Deprecated.
- FilterSecurityInterceptor - Class in org.springframework.security.web.access.intercept
-
Deprecated.Use
AuthorizationFilter
instead - FilterSecurityInterceptor() - Constructor for class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- filterSecurityInterceptorOncePerRequest(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
-
Deprecated.Allows setting if the
FilterSecurityInterceptor
should be only applied once per request (i.e. - filterTarget() - Element in annotation interface org.springframework.security.access.prepost.PreFilter
- finallyInvocation(InterceptorStatusToken) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Cleans up the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
- findAllGroups() - Method in interface org.springframework.security.provisioning.GroupManager
-
Returns the names of all groups that this group manager controls.
- findAllGroups() - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- findAttributes(Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
-
Deprecated.
- findAttributes(Class<?>) - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
-
Deprecated.
- findAttributes(Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
-
Deprecated.Obtains the security metadata registered against the specified class.
- findAttributes(Class<?>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Implementation does not support class-level attributes.
- findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
-
Deprecated.
- findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
-
Deprecated.
- findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
-
Deprecated.Obtains the security metadata applicable to the specified method invocation.
- findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Will walk the method inheritance tree to find the most specific declaration applicable.
- findByCredentialId(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository
- findByCredentialId(Bytes) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository
-
Finds an entry by credential id.
- findByEntityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadataRepository
-
Retrieve an
AssertingPartyMetadata
by its EntityID. - findById(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository
- findById(Bytes) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository
- findByRegistrationId(String) - Method in interface org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
-
Returns the client registration identified by the provided
registrationId
, ornull
if not found. - findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
- findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
- findByRegistrationId(String) - Method in interface org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository
-
Returns the client registration identified by the provided
registrationId
, ornull
if not found. - findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository
- findByRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
-
Returns the relying party registration identified by the provided
registrationId
, ornull
if not found. - findByRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
- findByRegistrationId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
-
Returns the relying party registration identified by the provided
registrationId
, ornull
if not found. - findByUserId(Bytes) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository
- findByUserId(Bytes) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository
-
Finds all
CredentialRecord
instances for a specific user. - findByUsername(String) - Method in class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
- findByUsername(String) - Method in interface org.springframework.security.core.userdetails.ReactiveUserDetailsService
-
Find the
UserDetails
by username. - findByUsername(String) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository
- findByUsername(String) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository
-
Finds the
PublicKeyCredentialUserEntity
by the username. - findChildren(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- findChildren(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclService
-
Locates all object identities that use the specified parent.
- findGroupAuthorities(String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Obtains the list of authorities which are assigned to a group.
- findGroupAuthorities(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- findRequiredWebApplicationContext(ServletContext) - Static method in class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils
-
Find a unique
WebApplicationContext
for this web app: either the root web app context (preferred) or a uniqueWebApplicationContext
among the registeredServletContext
attributes (typically coming from a singleDispatcherServlet
in the current web application). - findUniqueByAssertingPartyEntityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
- findUniqueByAssertingPartyEntityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
- findUniqueByAssertingPartyEntityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
-
Returns the unique relying party registration associated with the asserting party's
entityId
ornull
if there is no unique match. - findUsersInGroup(String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Locates the users who are members of a group
- findUsersInGroup(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- FIRE_AND_FORGET - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
A Fire and Forget exchange.
- FirewalledRequest - Class in org.springframework.security.web.firewall
-
Request wrapper which is returned by the
HttpFirewall
interface. - FirewalledRequest(HttpServletRequest) - Constructor for class org.springframework.security.web.firewall.FirewalledRequest
-
Constructs a request object wrapping the given request.
- FIRST - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- FIRST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- flushBuffer() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclassflushBuffer()
- ForceEagerSessionCreationFilter - Class in org.springframework.security.web.session
-
Eagerly creates
HttpSession
if it does not already exist. - ForceEagerSessionCreationFilter() - Constructor for class org.springframework.security.web.session.ForceEagerSessionCreationFilter
- forEach(Consumer<? super RelyingPartyRegistration>) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
- FORM - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod
- FORM_LOGIN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
Instance of AuthenticationWebFilter
- FORM_LOGIN - Static variable in class org.springframework.security.config.Elements
- format - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
HTTP date format.
- formatCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Formatter cache.
- formatDate(long, DateFormat) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Formats a specified date to HTTP format.
- formats - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
The set of SimpleDateFormat formats to use in
getDateHeader()
. - formatted(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the full mailing address, formatted for display.
- formLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - formLogin() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.formLogin(Customizer)
orformLogin(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - formLogin() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
-
Creates a request (including any necessary
CsrfToken
) that will submit a form based login to POST "/login". - formLogin(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
-
Creates a request (including any necessary
CsrfToken
) that will submit a form based login to POSTloginProcessingUrl
. - formLogin(Customizer<FormLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Specifies to support form based authentication.
- formLogin(Customizer<ServerHttpSecurity.FormLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures form based authentication.
- FormLoginBeanDefinitionParser - Class in org.springframework.security.config.http
- FormLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds form based authentication.
- FormLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
-
Creates a new instance
- ForwardAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
Forward Authentication Failure Handler
- ForwardAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
- ForwardAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
Forward Authentication Success Handler
- ForwardAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
- ForwardLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
LogoutSuccessHandler
implementation that will perform a request dispatcher "forward" to the specified target URL. - ForwardLogoutSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
-
Construct a new
ForwardLogoutSuccessHandler
with the given target URL. - frameOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - frameOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.frameOptions(Customizer)
orframeOptions(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - frameOptions(Customizer<HeadersConfigurer.FrameOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows customizing the
XFrameOptionsHeaderWriter
. - frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures frame options response headers
- from(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
Attempt to resolve the provided algorithm name to a
MacAlgorithm
. - from(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
Attempt to resolve the provided algorithm name to a
SignatureAlgorithm
. - from(String) - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
-
Attempt to resolve the provided algorithm name to a
Saml2MessageBinding
. - from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
- from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
- from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
- from(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
- from(OAuth2AuthorizationRequest) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns a new
OAuth2AuthorizationRequest.Builder
, initialized with the values from the providedauthorizationRequest
. - from(JwsHeader) - Static method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns a new
JwsHeader.Builder
, initialized with the providedheaders
. - from(JwsHeader, JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
- from(JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
-
Returns a new
JwtClaimsSet.Builder
, initialized with the providedclaims
. - from(JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
-
Returns a new
JwtEncoderParameters
, initialized with the providedJwtClaimsSet
. - fromBase64(String) - Static method in class org.springframework.security.web.webauthn.api.Bytes
-
Creates a new instance from a base64 url string.
- fromBase64(String) - Static method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose
-
Creates a new instance form a Base64 URL encoded String
- fromCredentialRecord(CredentialRecord) - Static method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- fromEmbeddedLdapServer() - Static method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
-
Create an EmbeddedLdapServerContextSourceFactoryBean that will use an embedded LDAP server to perform LDAP authentication.
- fromHierarchy(String) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
-
Create a role hierarchy instance with the given definition, similar to the following:
- fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations
-
Creates a
ClientRegistration.Builder
using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize. - fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.JwtDecoders
-
Creates a
JwtDecoder
using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize. - fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
-
Creates a
ReactiveJwtDecoder
using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize. - fromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
-
Return a
RelyingPartyRegistration.Builder
based off of the given SAML 2.0 Asserting Party (IDP) metadata. - fromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
-
Return a
RelyingPartyRegistration.Builder
based off of the given SAML 2.0 Asserting Party (IDP) metadata location. - fromOidcConfiguration(Map<String, Object>) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations
-
Creates a
ClientRegistration.Builder
using the provided map representation of an OpenID Provider Configuration Response to initialize theClientRegistration.Builder
. - fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations
-
Creates a
ClientRegistration.Builder
using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize theClientRegistration.Builder
. - fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.JwtDecoders
-
Creates a
JwtDecoder
using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize theJwtDecoder
. - fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
-
Creates a
ReactiveJwtDecoder
using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize theReactiveJwtDecoder
. - fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
-
Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
-
Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - fromResource(Resource) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
-
Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
-
Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
-
Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - fromResourceLocation(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
-
Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - fromString(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
-
Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the format defined in
UserDetailsResourceFactoryBean
. - fromString(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
-
Creates a UserDetailsResourceFactoryBean with a resource from the provided String
- fromString(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
-
Create a UserDetailsManagerResourceFactoryBean with a String that is in the format defined in
UserDetailsResourceFactoryBean
. - fromTrustedIssuers(String...) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Construct a
JwtIssuerAuthenticationManagerResolver
using the provided parameters - fromTrustedIssuers(String...) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Construct a
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters - fromTrustedIssuers(Collection<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Construct a
JwtIssuerAuthenticationManagerResolver
using the provided parameters - fromTrustedIssuers(Collection<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Construct a
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters - fromTrustedIssuers(Predicate<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Construct a
JwtIssuerAuthenticationManagerResolver
using the provided parameters - fromTrustedIssuers(Predicate<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Construct a
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters - fullyAuthenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance of
AuthenticatedAuthorizationManager
that determines if theAuthentication
is authenticated without using remember me. - fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by users who have authenticated and were not "remembered".
- fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by users who have authenticated and were not "remembered".
- fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by users who have authenticated and were not "remembered".
- fullyAuthenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by users who have authenticated and were not "remembered".
- fullyAuthenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specify that URLs are allowed by users who have authenticated and were not "remembered".
G
- GCM - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- gender(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this gender in the resulting
OidcUserInfo
- GENDER - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
gender
- the user's gender - generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
- generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
- generate(GenerateOneTimeTokenRequest) - Method in interface org.springframework.security.authentication.ott.OneTimeTokenService
-
Generates a one-time token based on the provided generate request.
- generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService
- generate(GenerateOneTimeTokenRequest) - Method in interface org.springframework.security.authentication.ott.reactive.ReactiveOneTimeTokenService
-
Generates a one-time token based on the provided generate request.
- generateKey() - Method in class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
- generateKey() - Method in interface org.springframework.security.crypto.keygen.BytesKeyGenerator
-
Generate a new key.
- generateKey() - Method in interface org.springframework.security.crypto.keygen.StringKeyGenerator
- generateNewContext() - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
By default, calls
SecurityContextHolder.createEmptyContext()
to obtain a new context (there should be no context present in the holder when this method is called). - GenerateOneTimeTokenFilter - Class in org.springframework.security.web.authentication.ott
-
Filter that process a One-Time Token generation request.
- GenerateOneTimeTokenFilter(OneTimeTokenService, OneTimeTokenGenerationSuccessHandler) - Constructor for class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
- GenerateOneTimeTokenRequest - Class in org.springframework.security.authentication.ott
-
Class to store information related to an One-Time Token authentication request
- GenerateOneTimeTokenRequest(String) - Constructor for class org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest
- GenerateOneTimeTokenWebFilter - Class in org.springframework.security.web.server.authentication.ott
-
WebFilter
implementation that process a One-Time Token generation request. - GenerateOneTimeTokenWebFilter(ReactiveOneTimeTokenService, ServerOneTimeTokenGenerationSuccessHandler) - Constructor for class org.springframework.security.web.server.authentication.ott.GenerateOneTimeTokenWebFilter
- generateSeriesData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- generateToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
-
Generates a
CsrfToken
- generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Deprecated.Generates a new token
- generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- generateToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
-
Generates a
CsrfToken
- generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- generateTokenData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- gensalt() - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
- gensalt(int) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Generate a salt for use with the BCrypt.hashpw() method
- gensalt(int, SecureRandom) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Generate a salt for use with the BCrypt.hashpw() method
- gensalt(String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
- gensalt(String, int) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Generate a salt for use with the BCrypt.hashpw() method
- gensalt(String, int, SecureRandom) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Generate a salt for use with the BCrypt.hashpw() method
- get() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken
-
Gets the
CsrfToken
- get(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- getAccess() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- getAccessDecisionManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- getAccessDeniedException() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent
-
Deprecated.
- getAccessDeniedHandler() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
- getAccessor() - Static method in class org.springframework.security.core.SpringSecurityMessageSource
- getAccessToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
Returns the
access token
. - getAccessToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
Returns the
access token
. - getAccessToken() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
-
Returns the
access token
credential granted. - getAccessToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-
Returns the
access token
credential granted. - getAccessToken() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
- getAccessToken() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
-
Returns the
access token
. - getAccessToken() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
-
Returns the
Access Token
. - getAccessTokenHash() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Access Token hash value
(at_hash)
. - getAcl() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- getAcl() - Method in interface org.springframework.security.acls.model.AccessControlEntry
- getActorToken() - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest
-
Returns the
actor token
. - getAdditionalParameters() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
Returns the additional parameters
- getAdditionalParameters() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
-
Returns the additional parameters that may be used in the request.
- getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
-
Returns the additional parameters returned in the response.
- getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the additional parameter(s) used in the request.
- getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns the additional parameters returned in the response.
- getAdditionalRoles(DirContextOperations, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
This method should be overridden if required to obtain any additional roles for the given user (on top of those obtained from the standard search implemented by this class).
- getAddress() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's preferred postal address
(address)
. - getAdvice() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
-
Deprecated.
- getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
- getAdvice() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
- getAfterInvocationManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- getAlg() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
-
The alg member specifies the cryptographic signature algorithm with which the newly generated credential will be used, and thus also the type of asymmetric key pair to be generated, e.g., RSA or Elliptic Curve.
- getAlgorithm() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
- getAllConfigAttributes() - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
-
Deprecated.
- getAllConfigAttributes() - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
-
Deprecated.
- getAllConfigAttributes() - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
-
Deprecated.
- getAllConfigAttributes() - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Obtains the configuration attributes explicitly defined against this bean.
- getAllConfigAttributes() - Method in class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
-
Deprecated.
- getAllConfigAttributes() - Method in interface org.springframework.security.access.SecurityMetadataSource
-
If available, returns all of the
ConfigAttribute
s defined by the implementing class. - getAllConfigAttributes() - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
-
Deprecated.
- getAllConfigAttributes() - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- getAllowCredentials() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
-
The allowCredentials property is an OPTIONAL member is used by the client to find authenticators eligible for this authentication ceremony.
- getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.
- getAllowFromValue(HttpServletRequest) - Method in interface org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy
-
Deprecated.Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
- getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
-
Deprecated.
- getAllowSessionCreation() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getAllPrincipals() - Method in interface org.springframework.security.core.session.SessionRegistry
-
Obtains all the known principals in the
SessionRegistry
. - getAllPrincipals() - Method in class org.springframework.security.core.session.SessionRegistryImpl
- getAllSessions(Object) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- getAllSessions(Object) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
-
Gets all the known
ReactiveSessionInformation
instances for the specified principal. - getAllSessions(Object, boolean) - Method in interface org.springframework.security.core.session.SessionRegistry
-
Obtains all the known sessions for the specified principal.
- getAllSessions(Object, boolean) - Method in class org.springframework.security.core.session.SessionRegistryImpl
- getAppConfigurationEntry(String) - Method in class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
- getApplicationContext() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Gets the
ApplicationContext
- getApplicationEventPublisher() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- getArguments() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
-
Deprecated.
- getArguments() - Method in class org.springframework.security.util.SimpleMethodInvocation
- getArtifactParameter() - Method in class org.springframework.security.cas.ServiceProperties
- getAssertingPartyDetails() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration
-
Deprecated.Get the configuration details for the Asserting Party
- getAssertingPartyDetails() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Deprecated.
- getAssertingPartyMetadata() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the metadata for the Asserting Party
- getAssertion() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
- getAssertion() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- getAssertionConsumerServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the AssertionConsumerService Binding.
- getAssertionConsumerServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the AssertionConsumerService Location.
- getAttestation() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The attestation property is an OPTIONAL member used by the Relying Party to specify a preference regarding attestation conveyance.
- getAttestationClientDataJSON() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The attestationClientDataJSON is the value of the attestationObject attribute when the public key credential source was registered.
- getAttestationClientDataJSON() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getAttestationObject() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse
-
The attestationObject is an OPTIONAL attribute contains an attestation object, if the authenticator supports attestation in assertions.
- getAttestationObject() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse
-
The attestationObject attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client.
- getAttestationObject() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The attestationObject is the value of the attestationObject attribute when the public key credential source was registered.
- getAttestationObject() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getAttribute() - Method in interface org.springframework.security.access.ConfigAttribute
-
If the
ConfigAttribute
can be represented as aString
and thatString
is sufficient in precision to be relied upon as a configuration parameter by aRunAsManager
,AccessDecisionManager
orAccessDecisionManager
delegate, this method should return such aString
. - getAttribute() - Method in class org.springframework.security.access.SecurityConfig
- getAttribute(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
Returns the value of an attribute associated to the context or
null
if not available. - getAttribute(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns the value of an attribute associated to the request or
null
if not available. - getAttribute(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the value of an attribute associated to the request.
- getAttribute(String) - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal
-
Get the OAuth 2.0 token attribute by name
- getAttribute(String) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
-
Get the Saml2 token attribute by name
- getAttributes() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
-
Deprecated.
- getAttributes() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
-
Returns the LDAP attributes
- getAttributes() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
Returns the attributes associated to the context.
- getAttributes() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns the attributes associated to the request.
- getAttributes() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
-
Gets the attributes of the OAuth 2.0 token in map form.
- getAttributes() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the attribute(s) associated to the request.
- getAttributes() - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal
-
Get the OAuth 2.0 token attributes
- getAttributes() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
- getAttributes() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
-
Returns the attributes about the user.
- getAttributes() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
-
Gets the attributes of the OAuth 2.0 Token Introspection in map form.
- getAttributes() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- getAttributes() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
-
Get the Saml2 token attributes
- getAttributes(Object) - Method in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
-
Deprecated.
- getAttributes(Object) - Method in interface org.springframework.security.access.SecurityMetadataSource
-
Accesses the
ConfigAttribute
s that apply to a given secure object. - getAttributes(Object) - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
-
Deprecated.
- getAttributes(Object) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
-
Deprecated.
- getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
-
Deprecated.
- getAttributes(Method, Class<?>) - Method in interface org.springframework.security.access.method.MethodSecurityMetadataSource
-
Deprecated.
- getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
-
Deprecated.
- getAttributes2grantedAuthoritiesMap() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- getAttributeValues(String) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
-
Returns the values for a specific attribute
- getAudience() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns the Audience(s)
(aud)
that this ID Token is intended for. - getAudience() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the intended audience
(aud)
for the token - getAudience() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Audience(s)
(aud)
that this ID Token is intended for. - getAudience() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the Audience
(aud)
claim which identifies the recipient(s) that the JWT is intended for. - getAuthenticatedAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the time when the End-User authentication occurred
(auth_time)
. - getAuthenticatedEnv(String, String) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource
- getAuthentication() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent
-
Deprecated.
- getAuthentication() - Method in class org.springframework.security.access.event.AuthorizedEvent
-
Deprecated.
- getAuthentication() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Gets the
Authentication
used for evaluating the expressions - getAuthentication() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- getAuthentication() - Method in class org.springframework.security.authentication.event.AbstractAuthenticationEvent
-
Getters for the
Authentication
request that caused the event. - getAuthentication() - Method in class org.springframework.security.authentication.jaas.event.JaasAuthenticationEvent
-
Pre-casted method that returns the 'source' of the event.
- getAuthentication() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Get the observed
Authentication
for this authorization - getAuthentication() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
-
Get the principal requiring access
- getAuthentication() - Method in interface org.springframework.security.core.context.SecurityContext
-
Obtains the currently authenticated principal, or an authentication request token.
- getAuthentication() - Method in class org.springframework.security.core.context.SecurityContextImpl
- getAuthentication() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
-
The current
Authentication
- getAuthentication() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
- getAuthentication() - Method in class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialCreationOptionsRequest
- getAuthentication() - Method in class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialRequestOptionsRequest
- getAuthentication() - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialCreationOptionsRequest
-
The current
Authentication
. - getAuthentication() - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialRequestOptionsRequest
-
The current
Authentication
. - getAuthenticationContextClass() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Authentication Context Class Reference
(acr)
. - getAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- getAuthenticationConverter() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- getAuthenticationEntryPoint() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Gets the Authentication Entry Point
- getAuthenticationEntryPoint() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- getAuthenticationEntryPointMatcher(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- getAuthenticationFilter() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Gets the Authentication Filter
- getAuthenticationManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- getAuthenticationManager() - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- getAuthenticationManager() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- getAuthenticationManager() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getAuthenticationManager() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- getAuthenticationManagerClass() - Method in class org.springframework.security.authentication.AuthenticationObservationContext
-
Get the
AuthenticationManager
class that processed the authentication - getAuthenticationManagerResolver() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getAuthenticationMethod() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint
-
Returns the authentication method for the user info endpoint.
- getAuthenticationMethods() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Authentication Methods References
(amr)
. - getAuthenticationRequest() - Method in class org.springframework.security.authentication.AuthenticationObservationContext
-
Get the
Authentication
request that was observed - getAuthenticationRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Returns the authentication request sent to the assertion party or
null
if no authentication request is present - getAuthenticationRequestUri() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
-
Returns the URI endpoint that this AuthNRequest should be sent to.
- getAuthenticationResult() - Method in class org.springframework.security.authentication.AuthenticationObservationContext
-
Get the
Authentication
result that was observed - getAuthenticationTrustResolver() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- getAuthenticatorAttachment() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria
-
If authenticatorAttachment is present, eligible authenticators are filtered to be only those authenticators attached with the specified authenticator attachment modality (see also 6.2.1 Authenticator Attachment Modality).
- getAuthenticatorAttachment() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
The authenticatorAttachment reports the authenticator attachment modality in effect at the time the navigator.credentials.create() or navigator.credentials.get() methods successfully complete.
- getAuthenticatorData() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse
-
The authenticatorData contains the authenticator data returned by the authenticator.
- getAuthenticatorSelection() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The authenticatorSelection property is an OPTIONAL member used by the Relying Party to list any existing credentials mapped to this user account (as identified by user.id).
- getAuthorities() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- getAuthorities() - Method in class org.springframework.security.authorization.AuthorityAuthorizationDecision
- getAuthorities() - Method in interface org.springframework.security.core.Authentication
-
Set by an
AuthenticationManager
to indicate the authorities that the principal has been granted. - getAuthorities() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- getAuthorities() - Method in class org.springframework.security.core.userdetails.User
- getAuthorities() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Returns the authorities granted to the user.
- getAuthorities() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- getAuthorities() - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
-
Any material needed to authorize operations on this session
- getAuthorities() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
- getAuthorities() - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal
-
Get the
Collection
ofGrantedAuthority
s associated with this OAuth 2.0 token - getAuthorities() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
- getAuthorities() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
-
Get the
Collection
ofGrantedAuthority
s associated with this OAuth 2.0 Token Introspection - getAuthorities() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- getAuthoritiesByUsernameQuery() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- getAuthoritiesMapper() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Gets the
GrantedAuthoritiesMapper
and defaults toSimpleAuthorityMapper
. - getAuthoritiesPopulator() - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
- getAuthority() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
- getAuthority() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
- getAuthority() - Method in interface org.springframework.security.core.GrantedAuthority
-
If the
GrantedAuthority
can be represented as aString
and thatString
is sufficient in precision to be relied upon for an access control decision by anAccessDecisionManager
(or delegate), this method should return such aString
. - getAuthority() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
- getAuthority() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
- getAuthority() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- getAuthorizationCodeHash() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Authorization Code hash value
(c_hash)
. - getAuthorizationDecision() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
-
Deprecated.please use
AuthorizationEvent.getAuthorizationResult()
- getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
Returns the
authorization exchange
. - getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
Returns the
authorization exchange
. - getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
-
Returns the
authorization exchange
. - getAuthorizationGrantRequest() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
-
Returns the
authorization grant request
. - getAuthorizationGrantType() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the
authorization grant type
used for the client. - getAuthorizationManager() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Gets the
AuthorizationManager
used by this filter - getAuthorizationRequest() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange
-
Returns the
Authorization Request
. - getAuthorizationRequestUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the
URI
string representation of the OAuth 2.0 Authorization Request. - getAuthorizationResponse() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange
-
Returns the
Authorization Response
. - getAuthorizationResult() - Method in exception org.springframework.security.authorization.AuthorizationDeniedException
- getAuthorizationResult() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Get the observed
AuthorizationResult
- getAuthorizationResult() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
-
Get the response to the principal's request
- getAuthorizationUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
-
Returns the uri for the authorization endpoint.
- getAuthorizationUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the uri for the authorization endpoint.
- getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
-
Returns the
OAuth2AuthorizedClient
. - getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
- getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns the
authorized client
ornull
if it was not provided. - getAuthorizedClientRegistrationId() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
-
Returns the registration identifier of the
Authorized Client
. - getAuthorizedParty() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Authorized party
(azp)
to which the ID Token was issued. - getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
- getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
- getBeanClassName(Element) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- getBeanResolver() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
-
Returns the binding this AuthNRequest will be sent and encoded with.
- getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Get the binding for the asserting party's SingleLogoutService
- getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Get the binding for the asserting party's SingleLogoutService
- getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest
- getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
- getBirthdate() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's birth date
(birthdate)
. - getBuilder() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Gets the
SecurityBuilder
. - getBuilder(String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
-
Create a new
ClientRegistration.Builder
pre-configured with provider defaults. - getBuilder(String, ClientAuthenticationMethod, String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
- getByteLength(RSAKey) - Static method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- getBytes() - Method in class org.springframework.security.web.webauthn.api.Bytes
-
Gets the raw bytes.
- getBytes() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose
- getBytes() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCose
-
The byes of a COSE encoded public key.
- getByTicketId(String) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
- getByTicketId(String) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
- getByTicketId(String) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
-
Retrieves the
CasAuthenticationToken
associated with the specified ticket. - getCarLicense() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getCertificate() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Get the public certificate for this credential
- getChain() - Method in class org.springframework.security.web.FilterInvocation
- getChain() - Method in class org.springframework.security.web.server.WebFilterExchange
-
The filter chain
- getChallenge() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The challenge specifies the challenge that the authenticator signs, along with other data, when producing an attestation object for the newly created credential.
- getChallenge() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
-
The challenge property specifies a challenge that the authenticator signs, along with other data, when producing an authentication assertion.
- getChannelDecisionManager() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- getChannelProcessors() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- getClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as a
T
type. - getClaimAsBoolean(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as a
Boolean
ornull
if the claim does not exist. - getClaimAsInstant(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as an
Instant
ornull
if it does not exist. - getClaimAsMap(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as a
Map<String, Object>
ornull
if the claim does not exist. - getClaimAsString(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as a
String
ornull
if it does not exist or is equal tonull
. - getClaimAsStringList(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as a
List<String>
ornull
if the claim does not exist. - getClaimAsURL(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns the claim value as an
URL
ornull
if it does not exist. - getClaims() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
-
Returns the
JwtClaimsSet.Builder
to be used to customize claims of the JSON Web Token (JWS). - getClaims() - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken
- getClaims() - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
-
Returns a set of claims that may be used for assertions.
- getClaims() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken
- getClaims() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
- getClaims() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
- getClaims() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser
-
Returns the claims about the user.
- getClaims() - Method in class org.springframework.security.oauth2.jwt.Jwt
-
Returns the JWT Claims Set.
- getClaims() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
- getClaims() - Method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
-
Returns the
claims
. - getClaims() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
- getClientAuthenticationMethod() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the
authentication method
used when authenticating the client with the authorization server. - getClientDataJSON() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorResponse
-
The clientDataJSON contains a JSON-compatible serialization of the client data, the hash of which is passed to the authenticator by the client in its call to either create() or get() (i.e., the client data itself is not sent to the authenticator).
- getClientExtensionResults() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
The clientExtensionsResults is a mapping of extension identifier to client extension output.
- getClientId() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the client identifier.
- getClientId() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the client identifier.
- getClientId() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the client identifier
(client_id)
for the token - getClientName() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the logical name of the client or registration.
- getClientRegistration() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
Returns the
client registration
. - getClientRegistration() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
Returns the
client registration
. - getClientRegistration() - Method in class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
-
Returns the
client registration
. - getClientRegistration() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
Returns the
client registration
. - getClientRegistration() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-
Returns the authorized client's
registration
. - getClientRegistration() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
-
Returns the
client registration
. - getClientRegistrationId() - Method in exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Returns the identifier for the client's registration.
- getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
-
Returns the identifier for the
client registration
. - getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns the identifier for the
client registration
. - getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
- getClientSecret() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the client secret.
- getClock() - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- getCn() - Method in class org.springframework.security.ldap.userdetails.Person
- getCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns the authorization code.
- getComment() - Method in class org.springframework.security.web.savedrequest.SavedCookie
-
Deprecated, for removal: This API element is subject to removal in a future version.
- getConfigAttributes() - Method in class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
-
Deprecated.
- getConfigAttributes() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent
-
Deprecated.
- getConfigAttributes() - Method in class org.springframework.security.access.event.AuthorizedEvent
-
Deprecated.
- getConfiguration() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
- getConfigurationMetadata() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
-
Returns a
Map
of the metadata describing the provider's configuration. - getConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Gets the
SecurityConfigurer
by its class name ornull
if not found. - getConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Gets the
SecurityConfigurer
by its class name ornull
if not found. - getConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Gets all the
SecurityConfigurer
instances by its class name or an empty List if not found. - getContentType() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the content type header that declares the media type of the secured content (the payload).
- getContext() - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
- getContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Obtains the current context.
- getContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
-
Gets the
Mono<SecurityContext>
from ReactorContext
- getContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Obtain the current
SecurityContext
. - getContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Obtains the current context.
- getContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
-
Gets the
SecurityContext
fromTestSecurityContextHolder
. - getContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- getContext(PageContext) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
-
Allows test cases to override where application context obtained from.
- getContext(String, String) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource
- getContextHolderStrategy() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Allows retrieval of the context strategy.
- getContextPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getContextSource() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Gets the
BaseLdapPathContextSource
used to perform LDAP authentication. - getContextSource() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- getContextSource() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
- getContextualName(AuthenticationObservationContext) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
- getContextualName(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
- getControlInstance(Control) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControlFactory
-
Creates an instance of PasswordPolicyResponseControl if the passed control is a response control of this type.
- getCookie() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getCookieName() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getCookiePath() - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Get the path that the CSRF cookie will be set to.
- getCookies() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getCookies() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getCookies() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getCountry() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
-
Returns the country.
- getCountry() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- getCreated() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
When this
CredentialRecord
was created. - getCreated() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getCreationOptions() - Method in class org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest
- getCreationOptions() - Method in interface org.springframework.security.web.webauthn.management.RelyingPartyRegistrationRequest
- getCredential() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyPublicKey
- getCredentialId() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The credential.id.
- getCredentialId() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getCredentials() - Method in class org.springframework.security.access.intercept.RunAsUserToken
-
Deprecated.
- getCredentials() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
-
Always returns an empty
String
- getCredentials() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
- getCredentials() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
-
Always returns an empty
String
- getCredentials() - Method in class org.springframework.security.authentication.TestingAuthenticationToken
- getCredentials() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
- getCredentials() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
- getCredentials() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- getCredentials() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- getCredentials() - Method in interface org.springframework.security.core.Authentication
-
The credentials that prove the principal is correct.
- getCredentials() - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
- getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
- getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
- getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
- getCredentials() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
- getCredentials() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
- getCredentials() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
- getCredentials() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Returns the decoded and inflated SAML 2.0 Response XML object as a string
- getCredentials() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Get the credentials
- getCredentials() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication
- getCredentials() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken
- getCredentialsCharset() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- getCredentialsNotFoundException() - Method in class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
-
Deprecated.
- getCredentialType() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The credential.type
- getCredentialType() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getCredentialTypes() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
List all this credential's intended usages
- getCredProtectionPolicy() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect
- getCritical() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
- getCsrfTokenRepository(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils
-
Gets the
CsrfTokenRepository
for the specifiedHttpServletRequest
. - getCsrfTokenRequestHandler(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils
-
Gets the
CsrfTokenRequestHandler
for the specifiedHttpServletRequest
. - getCurrentDate() - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Gets the current date in HTTP format.
- getCurrentSession() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
- getDatabasePopulator() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
- getDataCode() - Method in exception org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException
- getDataMimeType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
- getDataMimeType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
- getDate() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getDecision() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Deprecated.please use
AuthorizationObservationContext.getAuthorizationResult()
instead - getDecisionVoters() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- getDecodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Provides the existing decoded url blocklist which can add/remove entries from
- getDecodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Provides the existing decoded url blocklist which can add/remove entries from
- getDecodedUrlBlocklist() - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- getDecryptionX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the
Collection
of decryptionSaml2X509Credential
s associated with this relying party - getDefaultMessage() - Method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- getDefaultRolePrefix() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- getDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Supplies the default target Url that will be used if no saved request is found or the
alwaysUseDefaultTargetUrl
property is set to true. - getDefaultUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Gets the default
UserDetailsService
for theAuthenticationManagerBuilder
. - getDeferredContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Obtains a
Supplier
that returns the current context. - getDeferredContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Obtains a
Supplier
that returns the current context. - getDeferredContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Obtains a
Supplier
that returns the current context. - getDelegateExecutor() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
- getDepartmentNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getDescription() - Method in class org.springframework.security.ldap.userdetails.Person
- getDescription() - Method in class org.springframework.security.oauth2.core.OAuth2Error
-
Returns the error description.
- getDescription() - Method in class org.springframework.security.saml2.core.Saml2Error
-
Returns the error description.
- getDescription() - Method in class org.springframework.security.util.InMemoryResource
- getDestinationIndicator() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getDetails() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- getDetails() - Method in interface org.springframework.security.core.Authentication
-
Stores additional details about the authentication request.
- getDeviceCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns the
Device Code
. - getDigestAlgorithm() - Method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
- getDispatcherWebApplicationContextSuffix() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Return the <servlet-name> to use the DispatcherServlet's
WebApplicationContext
to find theDelegatingFilterProxy
or null to use the parentApplicationContext
. - getDisplayName() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getDisplayName() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity
- getDisplayName() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity
-
The displayName is a human-palatable name for the user account, intended only for display.
- getDn() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
-
Returns the DN for this LDAP authority
- getDn() - Method in interface org.springframework.security.ldap.userdetails.LdapUserDetails
-
The DN of the entry for this user's account.
- getDn() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- getDomain() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getDomainObject() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
- getDomainObjectInstance(MethodInvocation) - Method in class org.springframework.security.access.vote.AbstractAclVoter
-
Deprecated.
- getEmail() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's preferred e-mail address
(email)
. - getEmailVerified() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns
true
if the user's e-mail address has been verified(email_verified)
, otherwisefalse
. - getEmployeeNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getEnableAuthorities() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- getEnableGroups() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- getEncodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Deprecated.Use
StrictHttpFirewall.getEncodedUrlBlocklist()
instead - getEncodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Provides the existing encoded url blocklist which can add/remove entries from
- getEncodedUrlBlocklist() - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- getEncodedValue() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
-
Retrieves the ASN.1 BER encoded value of the LDAP control.
- getEncodedValue() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Returns the unchanged value of the response control.
- getEncodeServiceUrlWithSessionId() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
Sets whether to encode the service url with the session id or not.
- getEncryptionX509Credentials() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get all encryption
Saml2X509Credential
s associated with this asserting party - getEncryptionX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get all encryption
Saml2X509Credential
s associated with this asserting party - getEntityDescriptor() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails
-
Get the
EntityDescriptor
that underlies thisRelyingPartyRegistration.AssertingPartyDetails
- getEntityId() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the asserting party's EntityID.
- getEntityId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the asserting party's EntityID.
- getEntityId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the relying party's EntityID.
- getEntries() - Method in class org.springframework.security.acls.domain.AclImpl
- getEntries() - Method in interface org.springframework.security.acls.model.Acl
-
Returns all of the entries represented by the present Acl.
- getEntry() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry
- getEntry() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
- getEntry() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
- getEntryPoint() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- getEntryPoint() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- getEntryPoint() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
- getError() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns the
OAuth 2.0 Error
if the Authorization Request failed, otherwisenull
. - getError() - Method in exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
-
Returns the
OAuth 2.0 Error
. - getError() - Method in exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
-
Returns the
OAuth 2.0 Error
. - getErrorCode() - Method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- getErrorCode() - Method in class org.springframework.security.oauth2.core.OAuth2Error
-
Returns the error code.
- getErrorCode() - Method in class org.springframework.security.saml2.core.Saml2Error
-
Returns the error code.
- getErrors() - Method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
-
Return error details regarding the validation attempt
- getErrors() - Method in exception org.springframework.security.oauth2.jwt.JwtValidationException
-
Return the list of
OAuth2Error
s associated with this exception - getErrors() - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Return error details regarding the validation attempt
- getErrors() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
-
Return error details regarding the validation attempt
- getErrorStatus() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
- getEvents() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns a
Map
that identifies this token as a logout token - getException() - Method in class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent
- getException() - Method in class org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent
- getExchange() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
- getExchange() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
- getExchange() - Method in class org.springframework.security.web.server.WebFilterExchange
-
Get the exchange
- getExcludeCredentials() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The excludeCredentials property is the OPTIONAL member used by the Relying Party to list any existing credentials mapped to this user account (as identified by user.id).
- getExpiresAt() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken
- getExpiresAt() - Method in interface org.springframework.security.authentication.ott.OneTimeToken
- getExpiresAt() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Returns the expiration time on or after which the token MUST NOT be accepted.
- getExpiresAt() - Method in interface org.springframework.security.oauth2.core.OAuth2Token
-
Returns the expiration time on or after which the token MUST NOT be accepted.
- getExpiresAt() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns a timestamp
(exp)
indicating when the token expires - getExpiresAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Expiration time
(exp)
on or after which the ID Token MUST NOT be accepted. - getExpiresAt() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the Expiration time
(exp)
claim which identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. - getExpression() - Method in class org.springframework.security.authorization.ExpressionAuthorizationDecision
- getExpressionAttribute() - Method in class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision
-
Deprecated.
- getExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Gets the
MethodSecurityExpressionHandler
or creates it usingGlobalMethodSecurityConfiguration.expressionHandler
. - getExpressionHandler() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Gets the
SecurityExpressionHandler
to be used. - getExpressionParser() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- getExpressionParser() - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
- getExpressionParser() - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- getExtendedInformation() - Method in class org.springframework.security.core.token.DefaultToken
- getExtendedInformation() - Method in interface org.springframework.security.core.token.Token
-
Obtains the extended information associated within the token, which was presented when the token was first created.
- getExtensionId() - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
- getExtensionId() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput
-
Gets the extension identifier.
- getExtensionId() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutput
-
Gets the extension identifier.
- getExtensionId() - Method in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput
- getExtensionId() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput
- getExtensionId() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput
- getExtensions() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The extensions property is an OPTIONAL member used by the Relying Party to provide client extension inputs requesting additional processing by the client and authenticator.
- getExtensions() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
-
The extensions is an OPTIONAL property used by the Relying Party to provide client extension inputs requesting additional processing by the client and authenticator.
- getExtraHiddenFields(HttpServletRequest) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- getExtraHiddenFields(ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- getFailureHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getFailureHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getFailureUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Gets the URL to send users to if authentication fails
- getFamilyName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's surname(s) or last name(s)
(family_name)
. - getField(Class<?>, String) - Static method in class org.springframework.security.util.FieldUtils
-
Attempts to locate the specified field on the class.
- getFieldValue(Object, String) - Static method in class org.springframework.security.util.FieldUtils
-
Returns the value of a (nested) field on a bean.
- getFileName() - Method in class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse
- getFilterChain() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getFilterChainProxy() - Method in class org.springframework.security.web.debug.DebugFilter
- getFilterChains() - Method in class org.springframework.security.web.FilterChainProxy
- getFilterObject() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
- getFilters() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- getFilters() - Method in interface org.springframework.security.web.SecurityFilterChain
- getFilters(String) - Method in class org.springframework.security.web.FilterChainProxy
-
Convenience method, mainly for testing.
- getFirewalledExchange(ServerWebExchange) - Method in interface org.springframework.security.web.server.firewall.ServerWebExchangeFirewall
-
Get a
ServerWebExchange
that has firewall rules applied to it. - getFirewalledExchange(ServerWebExchange) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
- getFirewalledRequest(HttpServletRequest) - Method in interface org.springframework.security.web.firewall.HttpFirewall
-
Provides the request object which will be passed through the filter chain.
- getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
- getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
- getFirewalledResponse(HttpServletResponse) - Method in interface org.springframework.security.web.firewall.HttpFirewall
-
Provides the response which will be passed through the filter chain.
- getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
- getFirstAttribute(String) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
-
Get the first value of Saml2 token attribute by name
- getFirstAttributeValue(String) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
-
Returns the first attribute value for a specified attribute
- getFirstThrowableOfType(Class<? extends Throwable>, Throwable[]) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Returns the first throwable from the passed in array that is assignable to the provided type.
- getFormatted() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
-
Returns the full mailing address, formatted for display.
- getFormatted() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- getFromCache(Serializable) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- getFromCache(Serializable) - Method in interface org.springframework.security.acls.model.AclCache
- getFromCache(ObjectIdentity) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- getFromCache(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclCache
- getFullDn(LdapName, Context) - Static method in class org.springframework.security.ldap.LdapUtils
- getFullDn(DistinguishedName, Context) - Static method in class org.springframework.security.ldap.LdapUtils
-
Deprecated.
- getFullName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's full name
(name)
in displayable form. - getFullRequestUrl() - Method in class org.springframework.security.web.FilterInvocation
-
Indicates the URL that the user agent used for this request.
- getGender() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's gender
(gender)
. - getGeneratedBy() - Method in class org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
-
Getter for the
Class
that generated this event. - getGivenName() - Method in class org.springframework.security.ldap.userdetails.Person
- getGivenName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's given name(s) or first name(s)
(given_name)
. - getGraceLoginsRemaining() - Method in interface org.springframework.security.ldap.ppolicy.PasswordPolicyData
- getGraceLoginsRemaining() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Returns the graceLoginsRemaining.
- getGraceLoginsRemaining() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- getGrantedAuthorities() - Method in interface org.springframework.security.core.authority.GrantedAuthoritiesContainer
- getGrantedAuthorities() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- getGrantedAuthorities() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
- getGrantedAuthorities(Collection<String>) - Method in interface org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper
-
Implementations of this method should map the given collection of attributes to a collection of Spring Security GrantedAuthorities.
- getGrantedAuthorities(Collection<String>) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
-
Map the given array of attributes to Spring Security GrantedAuthorities.
- getGrantedAuthorities(Collection<String>) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
-
Map the given list of string attributes one-to-one to Spring Security GrantedAuthorities.
- getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.ad.DefaultActiveDirectoryAuthoritiesPopulator
- getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator
- getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
- getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Obtains the authorities for the user who's directory entry is represented by the supplied LdapUserDetails object.
- getGrantedAuthorities(DirContextOperations, String) - Method in interface org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
-
Get the list of authorities for the user.
- getGrantedAuthority() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
- getGrantType() - Method in class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
-
Returns the authorization grant type.
- getGrantType() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the
grant type
. - getGroupMembershipRoles(String, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
- getGroupMembershipRoles(String, String) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
- getGroupRoleAttribute() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Returns the attribute name of the LDAP attribute that will be mapped to the role name Method available so that classes extending this can override
- getGroupSearchBase() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
- getGroupSearchFilter() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Returns the search filter configured for this populator Method available so that classes extending this can override
- getHasPermission() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
- getHeader(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the header value.
- getHeaderName() - Method in interface org.springframework.security.web.csrf.CsrfToken
-
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
- getHeaderName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
- getHeaderName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
-
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
- getHeaderName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- getHeaderNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getHeaderNames() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getHeaderNames() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getHeaders() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
-
Returns the
JwsHeader.Builder
to be used to customize headers of the JSON Web Token (JWS). - getHeaders() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
- getHeaders() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the headers.
- getHeaders() - Method in class org.springframework.security.oauth2.jwt.Jwt
-
Returns the JOSE header(s).
- getHeaderValue() - Method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- getHeaderValue() - Method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getHeaderValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getHighCardinalityKeyValues(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
- getHomePhone() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getHomePostalAddress() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getHttpRequest() - Method in class org.springframework.security.web.FilterInvocation
- getHttpResponse() - Method in class org.springframework.security.web.FilterInvocation
- getHttpStatus() - Method in class org.springframework.security.oauth2.server.resource.BearerTokenError
-
Return the HTTP status.
- getId() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- getId() - Method in class org.springframework.security.acls.domain.AclImpl
- getId() - Method in interface org.springframework.security.acls.model.AccessControlEntry
-
Obtains an identifier that represents this ACE.
- getId() - Method in interface org.springframework.security.acls.model.MutableAcl
-
Obtains an identifier that represents this MutableAcl.
- getId() - Method in class org.springframework.security.core.session.SessionDestroyedEvent
- getId() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns the JWT ID
(jti)
claim which provides a unique identifier for the JWT. - getId() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the identifier
(jti)
for the token - getId() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the JWT ID
(jti)
claim which provides a unique identifier for the JWT. - getId() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
-
The unique identifier for this Authentication Request
- getId() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
The unique identifier for this Logout Request
- getId() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- getId() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
- getId() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity
- getId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
The id attribute is inherited from Credential, though PublicKeyCredential overrides Credential's getter, instead returning the base64url encoding of the data contained in the object's [[identifier]] internal slot.
- getId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor
-
The id property contains the credential ID of the public key credential the caller is referring to.
- getId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity
- getId() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity
-
The id is the user handle of the user account.
- getID() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
-
Returns the OID of the Password Policy Control ("1.3.6.1.4.1.42.2.27.8.5.1").
- getIdentifier() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
- getIdentifier() - Method in interface org.springframework.security.acls.model.ObjectIdentity
-
Obtains the actual identifier.
- getIdToken() - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
-
Returns the
ID Token
containing claims about the user. - getIdToken() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
- getIdToken() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser
-
Returns the
ID Token
containing claims about the user. - getIdToken() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Returns the
ID Token
containing claims about the user. - getInitializeCount() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized its
SecurityContextHolderStrategy
. - getInitials() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getInput() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInput
-
Gets the client extension.
- getInput() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput
- getInput() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput
- getInputs() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs
-
Gets all of the
AuthenticationExtensionsClientInput
. - getInputs() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs
- getInputStream() - Method in class org.springframework.security.util.InMemoryResource
- getInsecureKeyword() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- getInstance() - Static method in class org.springframework.security.crypto.password.NoOpPasswordEncoder
-
Deprecated.Get the singleton
NoOpPasswordEncoder
. - getInstance() - Static method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
- getInstance() - Static method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- getInternalMethod() - Method in class org.springframework.security.acls.AclEntryVoter
-
Optionally specifies a method of the domain object that will be used to obtain a contained domain object.
- getInterval() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns the minimum amount of time (in seconds) that the client should wait between polling requests to the token endpoint.
- getIntrospector() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- getIssuedAt() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns the time at which the ID Token was issued
(iat)
. - getIssuedAt() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Returns the time at which the token was issued.
- getIssuedAt() - Method in interface org.springframework.security.oauth2.core.OAuth2Token
-
Returns the time at which the token was issued.
- getIssuedAt() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns a timestamp
(iat)
indicating when the token was issued - getIssuedAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the time at which the ID Token was issued
(iat)
. - getIssuedAt() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the Issued at
(iat)
claim which identifies the time at which the JWT was issued. - getIssuer() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns the Issuer identifier
(iss)
. - getIssuer() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the issuer
(iss)
of the token - getIssuer() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Issuer identifier
(iss)
. - getIssuer() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the Issuer
(iss)
claim which identifies the principal that issued the JWT. - getIssuerUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
-
Returns the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server.
- getJceName() - Method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
- getJwk() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
- getJwkSetUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
-
Returns the uri for the JSON Web Key (JWK) Set endpoint.
- getJwkSetUrl() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
- getJwsHeader() - Method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
-
Returns the
JWS headers
. - getJwt() - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest
-
Returns the
JWT
assertion. - getJwtAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- getJwtDecoder() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- getKey() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- getKey() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- getKey() - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
- getKey() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- getKey() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- getKey() - Method in class org.springframework.security.core.token.DefaultToken
- getKey() - Method in interface org.springframework.security.core.token.Token
-
Obtains the randomised, secure key assigned to this token.
- getKey() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getKey() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getKeyCreationTime() - Method in class org.springframework.security.core.token.DefaultToken
- getKeyCreationTime() - Method in interface org.springframework.security.core.token.Token
-
The time the token key was initially created is available from this method.
- getKeyHash() - Method in class org.springframework.security.access.intercept.RunAsUserToken
-
Deprecated.
- getKeyHash() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
- getKeyHash() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
- getKeyHash() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- getKeyId() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.
- getKeyLength() - Method in interface org.springframework.security.crypto.keygen.BytesKeyGenerator
-
Get the length, in bytes, of keys created by this generator.
- getKeyPair(String) - Method in class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
- getKeyPair(String, char[]) - Method in class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
- getLabel() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
A human-readable label for this
CredentialRecord
assigned by the user. - getLabel() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getLabel() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyPublicKey
- getLastAccessTime() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- getLastRequest() - Method in class org.springframework.security.core.session.SessionInformation
- getLastUsed() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The last time this
CredentialRecord
was used. - getLastUsed() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getLdapTemplate() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Returns the current LDAP template.
- getLocale() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's locale
(locale)
. - getLocales() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getLocales() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getLocales() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getLocality() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
-
Returns the city or locality.
- getLocality() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- getLocalPort() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.Returns the port that is resolved by
TcpTransport
. - getLocation() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Get the location of the asserting party's SingleLogoutService
- getLoginConfig() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- getLoginContext() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationToken
- getLoginFormUrl() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- getLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Gets the login page
- getLoginPageUrl() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- getLoginProcessingUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Gets the URL to submit an authentication request to (i.e.
- getLoginUrl() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
The enterprise-wide CAS login URL.
- getLogoutHandlers() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Gets the
LogoutHandler
instances that will be used. - getLogoutRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
-
The SAML 2.0 Logout Request sent by the asserting party
- getLogoutRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
-
The SAML 2.0 Logout Request sent by this application
- getLogoutResponse() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
-
The SAML 2.0 Logout Response received from the asserting party
- getLogoutSuccessHandler() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Gets the
LogoutSuccessHandler
if not null, otherwise creates a newSimpleUrlLogoutSuccessHandler
using theLogoutConfigurer.logoutSuccessUrl(String)
. - getLowCardinalityKeyValues(AuthenticationObservationContext) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
- getLowCardinalityKeyValues(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
- getMail() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getMappableAttributes() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- getMappableAttributes() - Method in interface org.springframework.security.core.authority.mapping.MappableAttributesRetriever
-
Implementations of this method should return a set of all string attributes which can be mapped to GrantedAuthoritys.
- getMappableAttributes() - Method in class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever
- getMappableAttributes() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
- getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
- getMask() - Method in class org.springframework.security.acls.domain.AbstractPermission
- getMask() - Method in interface org.springframework.security.acls.model.Permission
-
Returns the bits that represents the permission.
- getMatcher() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry
- getMatcher() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
- getMatcher() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
- getMatcher() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
- getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
- getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.
- getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Returns a wrapper around the saved request, if it matches the current request.
- getMaxAge() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getMaximumSessionsAllowed() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
- getMaximumSessionsForThisUser(Authentication) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.
- getMaxLength() - Method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
- getMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
-
Returns the
HttpServletRequest
. - getMessageMatchers() - Method in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
- getMessages() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- getMessageTypeMatcher() - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
- getMetadata() - Method in class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse
- getMetadataMimeType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
- getMetadataMimeType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
- getMethod() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
-
Deprecated.
- getMethod() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- getMethod() - Method in class org.springframework.security.util.SimpleMethodInvocation
- getMethod() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getMethod() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getMethod() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getMethodInvocation() - Method in class org.springframework.security.authorization.method.MethodInvocationResult
-
Return the already-invoked
MethodInvocation
- getMethodMapSize() - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.
- getMethodSecurityMetadataSources() - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
-
Deprecated.
- getMiddleName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's middle name(s)
(middle_name)
. - getMobile() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getModules(ClassLoader) - Static method in class org.springframework.security.jackson2.SecurityJackson2Modules
- getName() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- getName() - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
- getName() - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
- getName() - Method in interface org.springframework.security.core.AuthenticatedPrincipal
-
Returns the name of the authenticated
Principal
. - getName() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
- getName() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
- getName() - Method in interface org.springframework.security.oauth2.jose.JwaAlgorithm
-
Returns the algorithm name.
- getName() - Method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
Returns the algorithm name.
- getName() - Method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
Returns the algorithm name.
- getName() - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
-
The principal name which is, by default, the
Jwt
's subject - getName() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
- getName() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- getName() - Method in class org.springframework.security.web.header.Header
-
Gets the name of the header.
- getName() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getName() - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity
- getName() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity
-
The name property is a human-palatable name for the entity.
- getName() - Method in interface org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity
-
The name property is a human-palatable identifier for a user account.
- getName() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication
- getNameIdFormat() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the NameID format.
- getNewContext() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent
-
Get the
SecurityContext
set on theSecurityContextHolder
as of this event - getNewSessionId() - Method in class org.springframework.security.core.session.SessionIdChangedEvent
-
Returns the new session ID.
- getNewSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
-
Getter for the session ID after it was changed.
- getNewSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
- getNickName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's nick name
(nickname)
that may or may not be the same as the(given_name)
. - getNonce() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns a
String
value(nonce)
used to associate a Client session with an ID Token, and to mitigate replay attacks. - getNonceValiditySeconds() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getNotBefore() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns a timestamp
(nbf)
indicating when the token is not to be used before - getNotBefore() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the Not Before
(nbf)
claim which identifies the time before which the JWT MUST NOT be accepted for processing. - getO() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getObject() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Get the object for which access was requested
- getObject() - Method in class org.springframework.security.authorization.event.AuthorizationDeniedEvent
-
Get the object to which access was requested
- getObject() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
-
Get the object to which access was requested
- getObject() - Method in class org.springframework.security.authorization.event.AuthorizationGrantedEvent
-
Get the object to which access was requested
- getObject() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
-
Gets the object that was built.
- getObject() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- getObject() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
- getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
- getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
- getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
- getObject() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
- getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
- getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
- getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
- getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
- getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
- getObject() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
- getObject() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
- getObjectIdentity() - Method in class org.springframework.security.acls.domain.AclImpl
- getObjectIdentity() - Method in interface org.springframework.security.acls.model.Acl
-
Obtains the domain object this Acl provides entries for.
- getObjectIdentity(Object) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
- getObjectIdentity(Object) - Method in interface org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy
- getObjectType() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- getObjectType() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
- getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
- getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
- getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
- getObjectType() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
- getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
- getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
- getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
- getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
- getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
- getObjectType() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
- getObjectType() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
- getOldContext() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent
-
Get the
SecurityContext
set on theSecurityContextHolder
immediately previous to this event - getOldSessionId() - Method in class org.springframework.security.core.session.SessionIdChangedEvent
-
Returns the old session ID.
- getOldSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
-
Getter for the session ID before it was changed.
- getOldSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
- getOrBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Similar to
AbstractSecurityBuilder.build()
andAbstractSecurityBuilder.getObject()
but checks the state to determine ifAbstractSecurityBuilder.build()
needs to be called first. - getOrder() - Method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
- getOrder() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
- getOrder() - Method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
- getOrder() - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
- getOrder() - Method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- getOrder() - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
- getOrder() - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
- getOrder() - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
- getOrder() - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
-
Returns
11000
. - getOrder() - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
Returns
10000
. - getOrder() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
- getOrder() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getOriginalAuthentication() - Method in class org.springframework.security.access.intercept.RunAsUserToken
-
Deprecated.
- getOu() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getOutput() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutput
- getOutput() - Method in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput
- getOutputs() - Method in interface org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutputs
-
Gets all of the
AuthenticationExtensionsClientOutput
. - getOutputs() - Method in class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs
- getOutputStream() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the callinggetOutputStream().close()
orgetOutputStream().flush()
- getOwner() - Method in class org.springframework.security.acls.domain.AclImpl
- getOwner() - Method in interface org.springframework.security.acls.model.Acl
-
Determines the owner of the Acl.
- getParameter() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getParameter(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Get the
name
parameters, a short-hand forgetParameters().get(name)
Useful when specifying additional query parameters for the Logout Request - getParameter(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Get the
name
parameter, a short-hand forgetParameters().get(name)
Useful when specifying additional query parameters for the Logout Response - getParameterMap() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getParameterMap() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getParameterMap() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getParameterName() - Method in interface org.springframework.security.web.csrf.CsrfToken
-
Gets the HTTP parameter name that should contain the token.
- getParameterName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
- getParameterName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
-
Gets the HTTP parameter name that should contain the token.
- getParameterName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- getParameterNameDiscoverer() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- getParameterNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getParameterNames(Constructor<?>) - Method in class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
- getParameterNames(Method) - Method in class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
- getParameters() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Get all parameters Useful when specifying additional query parameters for the Logout Request
- getParameters() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Get all parameters Useful when specifying additional query parameters for the Logout Response
- getParameterSpec(byte[]) - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- getParametersQuery() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Get an encoded query string of all parameters.
- getParametersQuery() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Get an encoded query string of all parameters.
- getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getParameterValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getParent() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- getParentAcl() - Method in class org.springframework.security.acls.domain.AclImpl
- getParentAcl() - Method in interface org.springframework.security.acls.model.Acl
-
A domain object may have a parent for the purpose of ACL inheritance.
- getPassword() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- getPassword() - Method in class org.springframework.security.core.userdetails.User
- getPassword() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Returns the password used to authenticate the user.
- getPassword() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- getPassword() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest
-
Deprecated.Returns the resource owner's password.
- getPassword() - Method in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
- getPasswordEncoder() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- getPasswordEncoder() - Method in class org.springframework.security.config.authentication.PasswordEncoderParser
- getPasswordParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- getPath() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getPathInfo() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getPathPatternParser() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
- getPathPatternParser() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
- getPattern() - Method in class org.springframework.security.acls.domain.AbstractPermission
- getPattern() - Method in class org.springframework.security.acls.domain.CumulativePermission
- getPattern() - Method in interface org.springframework.security.acls.model.Permission
-
Returns a 32-character long bit pattern
String
representing this permission. - getPattern() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- getPayload() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
- getPayload() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
- getPermission() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- getPermission() - Method in interface org.springframework.security.acls.model.AccessControlEntry
- getPermissionEvaluator() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- getPhoneNumber() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's preferred phone number
(phone_number)
. - getPhoneNumberVerified() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns
true
if the user's phone number has been verified(phone_number_verified)
, otherwisefalse
. - getPicture() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the URL of the user's profile picture
(picture)
. - getPointcut() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
-
Deprecated.
- getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
- getPointcut() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
- getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
- getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
- getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
- getPolicy() - Method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
- getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
- getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
- getPolicy() - Method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- getPort() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- getPort() - Method in interface org.springframework.security.ldap.server.EmbeddedLdapServerContainer
-
Returns the embedded LDAP server port.
- getPort() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- getPortMapper() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getPortMapper() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- getPortMapper() - Method in class org.springframework.security.web.PortResolverImpl
- getPortResolver() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getPortResolver() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- getPostalAddress() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getPostalCode() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getPostalCode() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
-
Returns the zip code or postal code.
- getPostalCode() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- getPostAuthenticationChecks() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Override to extract the credentials (if applicable) from the current request.
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
-
For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
Credentials aren't usually applicable, but if a
credentialsEnvironmentVariable
is set, this will be read and used as the credentials value. - getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
-
Credentials aren't usually applicable, but if a
credentialsRequestHeader
is set, this will be read and used as the credentials value. - getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
-
For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
- getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Override to extract the principal information from the current request
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
-
Return the J2EE user name.
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
Read and returns the variable named by
principalEnvironmentVariable
from the request. - getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
-
Read and returns the header named by
principalRequestHeader
from the request. - getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
-
Return the WebSphere user name.
- getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- getPreAuthenticationChecks() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- getPreferredUsername() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the preferred username
(preferred_username)
that the user wishes to be referred to. - getPrincipal() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
-
Convenience method to access
Authentication.getPrincipal()
fromSecurityExpressionRoot.getAuthentication()
- getPrincipal() - Method in class org.springframework.security.access.intercept.RunAsUserToken
-
Deprecated.
- getPrincipal() - Method in class org.springframework.security.acls.domain.PrincipalSid
- getPrincipal() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
- getPrincipal() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.authentication.TestingAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- getPrincipal() - Method in interface org.springframework.security.core.Authentication
-
The identity of the principal being authenticated.
- getPrincipal() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- getPrincipal() - Method in class org.springframework.security.core.session.SessionInformation
- getPrincipal() - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
-
Get the principals of the logged in user, in this case the distinguished name.
- getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
- getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
-
Returns the End-User
Authentication
(Resource Owner). - getPrincipal() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
Returns the
Principal
(to be) associated to the authorized client. - getPrincipal() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns the
Principal
(to be) associated to the authorized client. - getPrincipal() - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
- getPrincipal() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
- getPrincipal() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
- getPrincipal() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Always returns null.
- getPrincipal() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- getPrincipal() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Get the principal
- getPrincipal() - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchange
- getPrincipal() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication
- getPrincipal() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken
- getPrincipalName() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-
Returns the End-User's
Principal
name. - getPrincipalName() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
-
Returns the name of the End-User
Principal
(Resource Owner). - getPrincipalName() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
- getPrivateKey() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Get the private key for this credential
- getPrivilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Gets the
WebInvocationPrivilegeEvaluator
to be used. - getProcessConfigAttribute() - Method in class org.springframework.security.acls.AclEntryVoter
- getProcessDomainObjectClass() - Method in class org.springframework.security.access.vote.AbstractAclVoter
-
Deprecated.
- getProcessDomainObjectClass() - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- getProfile() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the URL of the user's profile page
(profile)
. - getProtectedFieldValue(String, Object) - Static method in class org.springframework.security.util.FieldUtils
- getProviderDetails() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the details of the provider.
- getProviders() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- getProviders() - Method in class org.springframework.security.authentication.ProviderManager
- getPubKeyCredParams() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The publicKeyCredParams params lisst the key types and signature algorithms the Relying Party Supports, ordered from most preferred to least preferred.
- getPublicKey() - Method in interface org.springframework.security.crypto.encrypt.RsaKeyHolder
- getPublicKey() - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- getPublicKey() - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- getPublicKey() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The publicKey
- getPublicKey() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getPublicKey() - Method in class org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest
- getPublicKey() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest
-
Gets the public key.
- getPublicKey() - Method in interface org.springframework.security.web.webauthn.management.RelyingPartyRegistrationRequest
- getQueryString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getRawId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
The rawId returns the raw identifier.
- getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.NullRoleHierarchy
- getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.access.hierarchicalroles.RoleHierarchy
-
Returns an array of all reachable authorities.
- getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
- getRealmName() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- getRealmName() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- getRedirectStrategy() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- getRedirectStrategy() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- getRedirectStrategy() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- getRedirectUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the uri (or uri template) for the redirection endpoint.
- getRedirectUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the uri for the redirection endpoint.
- getRedirectUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns the uri where the response was redirected to.
- getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- getRedirectUri(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
-
Get the URI that can be redirected to trigger the saved request to be used
- getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- getRedirectUrl() - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler.AuthenticationSuccess
- getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
-
Indicates the URL that the user agent used for this request.
- getRedirectUrl() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
- getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- getRefreshToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
Returns the
refresh token
. - getRefreshToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
Returns the
refresh token
. - getRefreshToken() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
-
Returns the
refresh token
credential granted. - getRefreshToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-
Returns the
refresh token
credential granted. - getRefreshToken() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
- getRefreshToken() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
-
Returns the
Refresh Token
. - getRegion() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
-
Returns the state, province, prefecture, or region.
- getRegion() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- getRegistrationId() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the identifier for the registration.
- getRegistrationId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the unique registration id for this RP/AP pair
- getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
-
The
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>>.AuthorizationManagerRequestMatcherRegistry
is what users will interact with after applying theAuthorizeHttpRequestsConfigurer
. - getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
- getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer
-
Deprecated.
- getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
-
Deprecated.The StandardInterceptUrlRegistry is what users will interact with after applying the
UrlAuthorizationConfigurer
. - getRelativeName(String, Context) - Static method in class org.springframework.security.ldap.LdapUtils
-
Obtains the part of a DN relative to a supplied base context.
- getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
-
Returns the RelayState value, if present in the parameters
- getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
The relay state associated with this Logout Request
- getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
The relay state associated with this Logout Request
- getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
-
The
RelyingPartyRegistration
representing this relying party - getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
-
The
RelyingPartyRegistration
representing this relying party - getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Get the resolved
RelyingPartyRegistration
associated with the request - getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
-
The identifier for the
RelyingPartyRegistration
associated with this request - getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
The identifier for the
RelyingPartyRegistration
associated with this Logout Request - getRelyingPartyRegistrationId() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
-
Get the
RelyingPartyRegistration
identifier - getRememberMeServices() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getRememberMeServices() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- getRemoteAddress() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Indicates the TCP/IP address the authentication request was received from.
- getRemoteUser() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Returns the principal's name, as obtained from the
SecurityContextHolder
. - getRequest() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
- getRequest() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- getRequest() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Returns the
HttpServletRequest
. - getRequest() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
-
Deprecated.
- getRequest() - Method in class org.springframework.security.web.FilterInvocation
- getRequest() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- getRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Returns the saved request, leaving it cached.
- getRequestMatcher() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getRequestMatcher() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- getRequestMatcher() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
- getRequestOptions() - Method in class org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest
-
Ges the request options.
- getRequestURI() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getRequestUrl() - Method in class org.springframework.security.web.FilterInvocation
-
Obtains the web application-specific fragment of the URL.
- getRequestURL() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getResidentKey() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria
-
The residentKey specifies the extent to which the Relying Party desires to create a client-side discoverable credential.
- getResponse() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
- getResponse() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- getResponse() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
-
Deprecated.
- getResponse() - Method in class org.springframework.security.web.FilterInvocation
- getResponse() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getResponse() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
The response to the client's request to either create a public key credential, or generate an authentication assertion.
- getResponseLocation() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Get the response location of the asserting party's SingleLogoutService
- getResponseType() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the
response type
. - getResult() - Method in class org.springframework.security.authorization.method.MethodInvocationResult
-
Return the result of the already-invoked
MethodInvocation
- getReturnObject() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
- getRoleHierarchy() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- getRolePrefix() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- getRolePrefix() - Method in class org.springframework.security.access.vote.RoleVoter
-
Deprecated.
- getRolePrefix() - Method in class org.springframework.security.config.core.GrantedAuthorityDefaults
-
The default prefix used with role based authorization.
- getRolePrefix() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- getRolePrefix() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Returns the role prefix used by this populator Method available so that classes extending this can override
- getRoomNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getRootObject() - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
- getRp() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The rp property contains data about the Relying Party responsible for the request.
- getRpId() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
-
The rpId is an OPTIONAL member specifies the RP ID claimed by the Relying Party.
- getRunAsManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- getSaml2Error() - Method in exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
-
Get the associated
Saml2Error
- getSaml2Response() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
-
Returns the SAML response object, as decoded XML.
- getSaml2Response() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Returns inflated and decoded XML representation of the SAML 2 Response
- getSamlRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
-
Returns the AuthNRequest XML value to be sent.
- getSamlRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Get the signed and serialized <saml2:LogoutRequest> payload
- getSamlResponse() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Get the signed and serialized <saml2:LogoutResponse> payload
- getScheme() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getScope() - Method in class org.springframework.security.oauth2.server.resource.BearerTokenError
-
Return the scope.
- getScopes() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
-
Returns the scope(s) to request.
- getScopes() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns the scope(s) used for the client.
- getScopes() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the scope(s).
- getScopes() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken
-
Returns the scope(s) associated to the token.
- getScopes() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the scopes
(scope)
associated with the token - getSecuredUiPrefix() - Static method in class org.springframework.security.taglibs.TagLibConfig
- getSecuredUiSuffix() - Static method in class org.springframework.security.taglibs.TagLibConfig
- getSecureKeyword() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- getSecureObject() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
-
Deprecated.
- getSecureObjectClass() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.
- getSecureObjectClass() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
-
Deprecated.
- getSecureObjectClass() - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- getSecureObjectClass() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- getSecurityContext() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
-
Deprecated.
- getSecurityContextHolderStrategy() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
- getSecurityContextRepository(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils
-
Gets the
SecurityContextRepository
for the specifiedHttpServletRequest
. - getSecurityContexts() - Method in class org.springframework.security.core.session.SessionDestroyedEvent
-
Provides the
SecurityContext
instances which were associated with the destroyed session. - getSecurityContexts() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
- getSecurityDispatcherTypes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Get the
DispatcherType
for the springSecurityFilterChain. - getSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
-
Deprecated.
- getSecurityMetadataSource() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- getSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- getSeries() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getServerName() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getServerPort() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getServerPort(ServletRequest) - Method in interface org.springframework.security.web.PortResolver
-
Indicates the port the
ServletRequest
was received on. - getServerPort(ServletRequest) - Method in class org.springframework.security.web.PortResolverImpl
- getService() - Method in class org.springframework.security.cas.ServiceProperties
-
Represents the service the user is authenticating to.
- getService() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- getServiceParameter() - Method in class org.springframework.security.cas.ServiceProperties
-
Configures the Request parameter to look for when attempting to send a request to CAS.
- getServiceProperties() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
- getServiceUrl() - Method in interface org.springframework.security.cas.authentication.ServiceAuthenticationDetails
-
Gets the absolute service url (i.e.
- getServiceUrl() - Method in interface org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails
-
Deprecated.Gets the absolute service url (i.e.
- getServletContext() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
- getServletContext() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- getServletPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- getServletPath() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- getSession() - Method in class org.springframework.security.web.session.HttpSessionCreatedEvent
- getSession() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
- getSessionId() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- getSessionId() - Method in class org.springframework.security.core.session.SessionInformation
- getSessionId() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns a
String
value(sid)
representing the OIDC Provider session - getSessionId() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Indicates the
HttpSession
id the authentication request was received from. - getSessionIndexes() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- getSessionIndexes() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
- getSessionInformation() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
- getSessionInformation(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- getSessionInformation(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
-
Gets the
ReactiveSessionInformation
for the specified session identifier. - getSessionInformation(String) - Method in interface org.springframework.security.core.session.SessionRegistry
-
Obtains the session information for the specified
sessionId
. - getSessionInformation(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl
- getSessions() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
- getSessionTrackingModes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Determines how a session should be tracked.
- getSharedInstance() - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService
-
Returns a shared instance of
ClaimConversionService
. - getSharedObject(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Gets a shared Object.
- getSharedObject(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Gets a shared Object.
- getSharedObjects() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Gets the shared objects
- getSid() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- getSid() - Method in interface org.springframework.security.acls.model.AccessControlEntry
- getSids(Authentication) - Method in class org.springframework.security.acls.domain.SidRetrievalStrategyImpl
- getSids(Authentication) - Method in interface org.springframework.security.acls.model.SidRetrievalStrategy
- getSigAlg() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
-
Returns the SigAlg value for
Saml2MessageBinding.REDIRECT
requests - getSignature() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
-
Returns the Signature value for
Saml2MessageBinding.REDIRECT
requests - getSignature() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse
-
The signature contains the raw signature returned from the authenticator.
- getSignatureCount() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
- getSignatureCount() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getSigningAlgorithms() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the list of org.opensaml.saml.ext.saml2alg.SigningMethod Algorithms for this asserting party, in preference order.
- getSigningAlgorithms() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the list of org.opensaml.saml.ext.saml2alg.SigningMethod Algorithms for this asserting party, in preference order.
- getSigningX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the
Collection
of signingSaml2X509Credential
s associated with this relying party - getSingleLogoutServiceBinding() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the SingleLogoutService Binding
- getSingleLogoutServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the SingleLogoutService Binding
- getSingleLogoutServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the SingleLogoutService Binding
- getSingleLogoutServiceBindings() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the SingleLogoutService Binding
- getSingleLogoutServiceLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the SingleLogoutService Location
- getSingleLogoutServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the SingleLogoutService Location
- getSingleLogoutServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the SingleLogoutService Location
- getSingleLogoutServiceResponseLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
- getSingleLogoutServiceResponseLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
- getSingleLogoutServiceResponseLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
- getSingleSignOnServiceBinding() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the SingleSignOnService Binding.
- getSingleSignOnServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the SingleSignOnService Binding.
- getSingleSignOnServiceLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the SingleSignOnService Location.
- getSingleSignOnServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the SingleSignOnService Location.
- getSn() - Method in class org.springframework.security.ldap.userdetails.Person
- getSource() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
-
Returns the original user associated with a successful user switch.
- getSource(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
- getState() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns the state.
- getState() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns the state.
- getStatelessTicketCache() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- getStaticPart() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
-
Deprecated.
- getStaticPart() - Method in class org.springframework.security.util.SimpleMethodInvocation
- getStatus() - Method in exception org.springframework.security.ldap.ppolicy.PasswordPolicyException
- getStreet() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getStreetAddress() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
-
Returns the full street address, which may include house number, street name, P.O.
- getStreetAddress() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- getStringSeparator() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- getSubject() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
-
Returns the Subject identifier
(sub)
. - getSubject() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns usually a machine-readable identifier
(sub)
of the resource owner who authorized the token - getSubject() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
-
Returns the Subject identifier
(sub)
. - getSubject() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the Subject identifier
(sub)
. - getSubject() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
-
Returns the Subject
(sub)
claim which identifies the principal that is the subject of the JWT. - getSubjectToken() - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest
-
Returns the
subject token
. - getSuccessHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- getSuccessHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- getSupportedMediaTypes() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- getTargetUrlParameter() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- getTargetUser() - Method in class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
- getTelephoneNumber() - Method in class org.springframework.security.ldap.userdetails.Person
- getThis() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
- getThis() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
-
Deprecated.
- getThis() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
- getThis() - Method in class org.springframework.security.util.SimpleMethodInvocation
- getTicketValidator() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- getTimeBeforeExpiration() - Method in interface org.springframework.security.ldap.ppolicy.PasswordPolicyData
- getTimeBeforeExpiration() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Returns the timeBeforeExpiration.
- getTimeBeforeExpiration() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- getTimeout() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The timeout property specifies a time, in milliseconds, that the Relying Party is willing to wait for the call to complete.
- getTimeout() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
-
The timeout property is an OPTIONAL member specifies a time, in milliseconds, that the Relying Party is willing to wait for the call to complete.
- getTitle() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getToken() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
-
Get the token bound to this
Authentication
. - getToken() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
-
Get the Bearer Token
- getToken() - Method in class org.springframework.security.rsocket.metadata.BearerTokenMetadata
- getToken() - Method in interface org.springframework.security.web.csrf.CsrfToken
-
Gets the token value.
- getToken() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
- getToken() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
-
Gets the token value.
- getToken() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
-
Returns the attributes of the access token.
- getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
- getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
- getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Loads the token data for the supplied series identifier.
- getTokenForSeries(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- getTokenResponse(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
-
Deprecated.
- getTokenResponse(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
-
Deprecated.
- getTokenResponse(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
-
Deprecated.
- getTokenResponse(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
-
Deprecated.
- getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
-
Deprecated.
- getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient
- getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient
- getTokenResponse(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
-
Deprecated.
- getTokenResponse(T) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
- getTokenResponse(T) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
- getTokenResponse(T) - Method in interface org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
-
Exchanges the authorization grant credential, provided in the authorization grant request, for an access token credential at the Authorization Server's Token Endpoint.
- getTokenResponse(T) - Method in interface org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient
-
Exchanges the authorization grant credential, provided in the authorization grant request, for an access token credential at the Authorization Server's Token Endpoint.
- getTokenType() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken
-
Returns the
token type
. - getTokenType() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the type of the token
(token_type)
, for examplebearer
. - getTokenUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
-
Returns the uri for the token endpoint.
- getTokenValiditySeconds() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getTokenValue() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken
- getTokenValue() - Method in interface org.springframework.security.authentication.ott.OneTimeToken
- getTokenValue() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
-
Returns the one-time token value
- getTokenValue() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Returns the token value.
- getTokenValue() - Method in interface org.springframework.security.oauth2.core.OAuth2Token
-
Returns the token value.
- getTokenValue() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getTranslatedPortMappings() - Method in class org.springframework.security.web.PortMapperImpl
-
Returns the translated (Integer -> Integer) version of the original port mapping specified via setHttpsPortMapping()
- getTransports() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse
-
The transports returns the transports
- getTransports() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The transpots is the value returned from
response.getTransports()
. - getTransports() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getTransports() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor
-
The transports property is an OPTIONAL member that contains a hint as to how the client might communicate with the managing authenticator of the public key credential the caller is referring to.
- getTrustResolver() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- getType() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
- getType() - Method in interface org.springframework.security.acls.model.ObjectIdentity
-
Obtains the "type" metadata for the domain object.
- getType() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the type header that declares the media type of the JWS/JWE.
- getType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
- getType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
- getType() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential
-
The type attribute returns the value of the object's interface object's [[type]] slot, which specifies the credential type represented by this object.
- getType() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor
-
The type property contains the type of the public key credential the caller is referring to.
- getType() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
-
The type property member specifies the type of credential to be created.
- getUid() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- getUpdatedAt() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the time the user's information was last updated
(updated_at)
. - getUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint
-
Returns the uri for the user info endpoint.
- getUri() - Method in class org.springframework.security.oauth2.core.OAuth2Error
-
Returns the error uri.
- getUrl() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- getUrl() - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- getUrn() - Method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
-
Returns the URN value from the SAML 2 specification for this binding.
- getUser() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions
-
The user contains names and an identifier for the user account performing the registration.
- getUserAttributes() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- getUserCache() - Method in class org.springframework.security.authentication.CachingUserDetailsService
- getUserCache() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- getUserCache() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- getUserCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns the
User Code
. - getUserDetails() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- getUserDetailsContextMapper() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
-
Provides access to the injected
UserDetailsContextMapper
strategy for use by subclasses. - getUserDetailsService() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
- getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
-
Gets the
UserDetailsService
that is used with theDaoAuthenticationProvider
- getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer
-
Gets the
UserDetailsService
or null if it is not available - getUserDetailsService() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- getUserDetailsService() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- getUserDns(String) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
-
Builds list of possible DNs for the user, worked out from the userDnPatterns property.
- getUserEntityUserId() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
A reference to the associated
PublicKeyCredentialUserEntity.getId()
- getUserEntityUserId() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- getUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache
- getUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
- getUserFromCache(String) - Method in interface org.springframework.security.core.userdetails.UserCache
-
Obtains a
UserDetails
from the cache. - getUserHandle() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse
-
The userHandle is the user handle which is returned from the authenticator, or null if the authenticator did not return a user handle.
- getUserInfo() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
- getUserInfo() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser
-
Returns the
UserInfo
containing claims about the user. - getUserInfo() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Returns the
UserInfo
containing claims about the user, may benull
. - getUserInfoEndpoint() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
-
Returns the details of the
UserInfo Endpoint
. - getUsername() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken
- getUsername() - Method in class org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest
- getUsername() - Method in interface org.springframework.security.authentication.ott.OneTimeToken
- getUsername() - Method in class org.springframework.security.core.userdetails.User
- getUsername() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Returns the username used to authenticate the user.
- getUsername() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- getUsername() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest
-
Deprecated.Returns the resource owner's username.
- getUsername() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns a human-readable identifier
(username)
for the resource owner that authorized the token - getUsername() - Method in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
- getUsername() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- getUsername(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Returns the name of the target user.
- getUserNameAttributeName() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint
-
Returns the attribute name used to access the user's name from the user info response.
- getUserNameAttributeName() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
-
Returns the attribute name used to access the user's name from the attributes.
- getUsernameParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- getUserPrincipal() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Returns the
Authentication
(which is a subclass ofPrincipal
), ornull
if unavailable. - getUserRoles(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Obtains the list of user roles based on the current user's JEE roles.
- getUsersByUsernameQuery() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- getUserSearch() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- getUserVerification() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria
-
The userVerification specifies the Relying Party's requirements regarding user verification for the create() operation.
- getUserVerification() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions
-
The userVerification property is an OPTIONAL member specifies the Relying Party's requirements regarding user verification for the get() operation.
- getValue() - Method in class org.springframework.security.oauth2.core.AuthenticationMethod
-
Returns the value of the authentication method type.
- getValue() - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType
-
Returns the value of the authorization grant type.
- getValue() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
-
Returns the value of the client authentication method.
- getValue() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
-
Returns the value of the authorization response type.
- getValue() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
-
Returns the value of the token type.
- getValue() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- getValue() - Method in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference
-
Gets the String value of the preference.
- getValue() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment
-
Gets the value.
- getValue() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
Get's the value.
- getValue() - Method in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- getValue() - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialType
-
Gets the value.
- getValue() - Method in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement
-
Gets the value.
- getValue() - Method in class org.springframework.security.web.webauthn.api.UserVerificationRequirement
-
Gets the value
- getValues() - Method in class org.springframework.security.web.header.Header
-
Gets the values of the header.
- getVar() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- getVariables() - Method in class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
-
Returns the extracted variable values where the key is the variable name and the value is the variable value.
- getVariables() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
- getVariables() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
-
Gets potential variables and their values
- getVariables() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Returns the extracted variable values where the key is the variable name and the value is the variable value.
- getVariables() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
- getVariables() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Gets potential variables and their values
- getVariables() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Returns the extracted variable values where the key is the variable name and the value is the variable value
- getVerificationUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns the end-user verification URI.
- getVerificationUriComplete() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns the end-user verification URI that includes the user code.
- getVerificationX509Credentials() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get all verification
Saml2X509Credential
s associated with this asserting party - getVerificationX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get all verification
Saml2X509Credential
s associated with this asserting party - getVersion() - Static method in class org.springframework.security.core.SpringSecurityCoreVersion
- getVersion() - Method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
- getVersion() - Method in class org.springframework.security.web.savedrequest.SavedCookie
-
Deprecated, for removal: This API element is subject to removal in a future version.
- getWantAuthnRequestsSigned() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
-
Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
- getWantAuthnRequestsSigned() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
-
Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
- getWebAuthnRequest() - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken
-
Gets the
RelyingPartyAuthenticationRequest
- getWebFilters() - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
- getWebFilters() - Method in interface org.springframework.security.web.server.SecurityWebFilterChain
-
The
WebFilter
to use - getWebSecurityConfigurers() - Method in class org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents
- getWebsite() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the URL of the user's web page or blog
(website)
. - getWriter() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling thegetWriter().close()
orgetWriter().flush()
- getX509CertificateChain() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
- getX509SHA1Thumbprint() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a.
- getX509SHA256Thumbprint() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.
- getX509Url() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
- getZoneInfo() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
-
Returns the user's time zone
(zoneinfo)
. - GITHUB - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
- GIVEN_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
given_name
- the user's given name(s) or first name(s) - givenName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this given name in the resulting
OidcUserInfo
- GLOBAL_METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
- GlobalAuthenticationConfigurerAdapter - Class in org.springframework.security.config.annotation.authentication.configuration
-
A
SecurityConfigurer
that can be exposed as a bean to configure the globalAuthenticationManagerBuilder
. - GlobalAuthenticationConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
- GlobalMethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method
-
Deprecated.Use
MethodSecurityBeanDefinitionParser
instead - GlobalMethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser
-
Deprecated.
- GlobalMethodSecurityConfiguration - Class in org.springframework.security.config.annotation.method.configuration
-
Deprecated.Use
PrePostMethodSecurityConfiguration
,SecuredMethodSecurityConfiguration
, orJsr250MethodSecurityConfiguration
instead - GlobalMethodSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.
- gmtZone - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
GMT time zone - all HTTP dates are on GMT
- GOOGLE - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
- grant(Principal) - Method in interface org.springframework.security.authentication.jaas.AuthorityGranter
-
The grant method is called for each principal returned from the LoginContext subject.
- GRANT_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
grant_type
- used in Access Token Request. - GrantedAuthoritiesContainer - Interface in org.springframework.security.core.authority
-
Indicates that a object stores GrantedAuthority objects.
- GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping
-
Mapping interface which can be injected into the authentication layer to convert the authorities loaded from storage into those which will be used in the
Authentication
object. - GrantedAuthority - Interface in org.springframework.security.core
-
Represents an authority granted to an
Authentication
object. - GrantedAuthorityDefaults - Class in org.springframework.security.config.core
-
Allows providing defaults for
GrantedAuthority
- GrantedAuthorityDefaults(String) - Constructor for class org.springframework.security.config.core.GrantedAuthorityDefaults
- GrantedAuthorityFromAssertionAttributesUserDetailsService - Class in org.springframework.security.cas.userdetails
-
Populates the
GrantedAuthority
s for a user by reading a list of attributes that were returned as part of the CAS response. - GrantedAuthorityFromAssertionAttributesUserDetailsService(String[]) - Constructor for class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService
- GrantedAuthoritySid - Class in org.springframework.security.acls.domain
-
Represents a
GrantedAuthority
as aSid
. - GrantedAuthoritySid(String) - Constructor for class org.springframework.security.acls.domain.GrantedAuthoritySid
- GrantedAuthoritySid(GrantedAuthority) - Constructor for class org.springframework.security.acls.domain.GrantedAuthoritySid
- groupAuthoritiesByUsername(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
An SQL statement to query user's group authorities given a username.
- GroupManager - Interface in org.springframework.security.provisioning
-
Allows management of groups of authorities and their members.
- groupRoleAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the attribute name which contains the role name.
- groupSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
The search base for group membership searches.
- groupSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
The LDAP filter to search for groups.
- groupSearchSubtree(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
If set to true, a subtree scope search will be performed for group membership.
H
- handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
- handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler
-
Handles a request using a
CsrfToken
. - handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
-
Collect error details from the provided parameters and format according to RFC 6750, specifically
error
,error_description
,error_uri
, andscope
. - handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in interface org.springframework.security.web.access.AccessDeniedHandler
-
Handles an access denied failure.
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.CompositeAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.DelegatingAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.NoOpAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
- handle(HttpServletRequest, HttpServletResponse, OneTimeToken) - Method in interface org.springframework.security.web.authentication.ott.OneTimeTokenGenerationSuccessHandler
-
Handles generated one-time tokens
- handle(HttpServletRequest, HttpServletResponse, OneTimeToken) - Method in class org.springframework.security.web.authentication.ott.RedirectOneTimeTokenGenerationSuccessHandler
- handle(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Invokes the configured
RedirectStrategy
with the URL returned by thedetermineTargetUrl
method. - handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.CompositeRequestRejectedHandler
- handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
- handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
- handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler
- handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in interface org.springframework.security.web.firewall.RequestRejectedHandler
-
Handles an request rejected failure.
- handle(Callback, Authentication) - Method in interface org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler
-
Handle the Callback.
- handle(Callback, Authentication) - Method in class org.springframework.security.authentication.jaas.JaasNameCallbackHandler
-
If the callback passed to the 'handle' method is an instance of NameCallback, the JaasNameCallbackHandler will call, callback.setName(authentication.getPrincipal().toString()).
- handle(Callback, Authentication) - Method in class org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
-
If the callback passed to the 'handle' method is an instance of PasswordCallback, the JaasPasswordCallbackHandler will call, callback.setPassword(authentication.getCredentials().toString()).
- handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler
- handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler
- handle(MaximumSessionsContext) - Method in interface org.springframework.security.web.server.authentication.ServerMaximumSessionsExceededHandler
-
Handles the scenario when the maximum number of sessions for a user has been reached.
- handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
- handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
- handle(ServerWebExchange, AccessDeniedException) - Method in interface org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
- handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
- handle(ServerWebExchange, OneTimeToken) - Method in interface org.springframework.security.web.server.authentication.ott.ServerOneTimeTokenGenerationSuccessHandler
-
Handles generated one-time tokens
- handle(ServerWebExchange, OneTimeToken) - Method in class org.springframework.security.web.server.authentication.ott.ServerRedirectOneTimeTokenGenerationSuccessHandler
- handle(ServerWebExchange, ServerExchangeRejectedException) - Method in class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler
- handle(ServerWebExchange, ServerExchangeRejectedException) - Method in interface org.springframework.security.web.server.firewall.ServerExchangeRejectedHandler
-
Handles an request rejected failure.
- handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
- handle(ServerWebExchange, Mono<CsrfToken>) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
-
Handles a request using a
CsrfToken
. - handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
- HandleAuthorizationDenied - Annotation Interface in org.springframework.security.authorization.method
-
Annotation for specifying handling behavior when an authorization denied happens in method security or an
AuthorizationDeniedException
is thrown during method invocation - handleBindException(String, String, Throwable) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
-
Allows subclasses to inspect the exception thrown by an attempt to bind with a particular DN.
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler
-
Handle denied method invocations, implementations might either throw an
AuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. - handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
- handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
- handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler
-
Handle denied method invocations, implementations might either throw an
AuthorizationDeniedException
or a replacement result instead of invoking the method, e.g. - handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
- handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler
- handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
- handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
- handleError(ClientHttpResponse) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
- handleLogout(SessionDestroyedEvent) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Handles the logout by getting the security contexts for the destroyed session and invoking
LoginContext.logout()
for any which contain aJaasAuthenticationToken
. - handlerClass() - Element in annotation interface org.springframework.security.authorization.method.HandleAuthorizationDenied
-
The
MethodAuthorizationDeniedHandler
used to handle denied authorization results - HandlerMappingIntrospectorRequestTransformer - Class in org.springframework.security.web.access
-
Transforms by passing it into
HandlerMappingIntrospector.setCache(HttpServletRequest)
. - HandlerMappingIntrospectorRequestTransformer(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer
- handleToken(CsrfToken) - Method in class org.springframework.security.taglibs.csrf.CsrfInputTag
- handleToken(CsrfToken) - Method in class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
- hasAnyAuthority(String...) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
. - hasAnyAuthority(String...) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- hasAnyAuthority(String...) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Creates an instance of
AuthorityAuthorizationManager
with the provided authorities. - hasAnyAuthority(String...) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
-
Creates an instance of
AuthorityReactiveAuthorizationManager
with the provided authorities. - hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specifies that a user requires one of many authorities.
- hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs requires any of a number authorities.
- hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies that a user requires one of many authorities
- hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that
Message
instances requires any of a number authorities. - hasAnyAuthority(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require any authority
- hasAnyAuthority(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that
Message
instances requires any of a number authorities. - hasAnyAuthority(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specifies that a user requires one of many authorities.
- hasAnyRole(String...) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
has any of the specified authorities withinAuthentication.getAuthorities()
. - hasAnyRole(String...) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- hasAnyRole(String...) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Creates an instance of
AuthorityAuthorizationManager
with the provided authorities. - hasAnyRole(String...) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
-
Creates an instance of
AuthorityReactiveAuthorizationManager
with the provided authorities. - hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specifies that a user requires one of many roles.
- hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Shortcut for specifying URLs require any of a number of roles.
- hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies that a user requires one of many roles.
- hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Shortcut for specifying
Message
instances require any of a number of roles. - hasAnyRole(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require any specific role.
- hasAnyRole(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Shortcut for specifying
Message
instances require any of a number of roles. - hasAnyRole(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specifies that a user requires one of many roles.
- hasAnyRole(String, String[]) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Creates an instance of
AuthorityAuthorizationManager
with the provided authorities. - hasAnyScope(String...) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers
-
Create an
AuthorizationManager
that requires anAuthentication
to have at least one authority amongSCOPE_scope1
,SCOPE_scope2
, ... - hasAnyScope(String...) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers
-
Create a
ReactiveAuthorizationManager
that requires anAuthentication
to have at least one authority amongSCOPE_scope1
,SCOPE_scope2
, ... - hasAuthority(String) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
. - hasAuthority(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- hasAuthority(String) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Creates an instance of
AuthorityAuthorizationManager
with the provided authority. - hasAuthority(String) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
-
Creates an instance of
AuthorityReactiveAuthorizationManager
with the provided authority. - hasAuthority(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specifies a user requires an authority.
- hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs require a particular authority.
- hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies a user requires an authority.
- hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that
Message
instances require a particular authority. - hasAuthority(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require a specific authority.
- hasAuthority(String) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that
Message
instances require a particular authority. - hasAuthority(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specifies a user requires an authority.
- hasClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
- hasError() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Checks whether an error is present.
- hasError(ClientHttpResponse) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
- hasErrors() - Method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
-
Say whether this result indicates success
- hasErrors() - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Say whether this result indicates success
- hasErrors() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
-
Say whether this result indicates success
- hashCode() - Method in class org.springframework.security.access.SecurityConfig
- hashCode() - Method in class org.springframework.security.acls.domain.AbstractPermission
- hashCode() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- hashCode() - Method in class org.springframework.security.acls.domain.AclImpl
- hashCode() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
- hashCode() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
-
Important so caching operates properly.
- hashCode() - Method in class org.springframework.security.acls.domain.PrincipalSid
- hashCode() - Method in interface org.springframework.security.acls.model.ObjectIdentity
- hashCode() - Method in interface org.springframework.security.acls.model.Sid
-
Refer to the
java.lang.Object
documentation for the interface contract. - hashCode() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- hashCode() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
- hashCode() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
- hashCode() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
- hashCode() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- hashCode() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
- hashCode() - Method in class org.springframework.security.core.context.SecurityContextImpl
- hashCode() - Method in class org.springframework.security.core.token.DefaultToken
- hashCode() - Method in class org.springframework.security.core.userdetails.User
-
Returns the hashcode of the
username
. - hashCode() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
- hashCode() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- hashCode() - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
- hashCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
- hashCode() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
- hashCode() - Method in class org.springframework.security.oauth2.core.AuthenticationMethod
- hashCode() - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType
- hashCode() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- hashCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
- hashCode() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
- hashCode() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
- hashCode() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
- hashCode() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
- hashCode() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
- hashCode() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
- hashCode() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
- hashCode() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- hashCode() - Method in class org.springframework.security.util.InMemoryResource
- hashCode() - Method in class org.springframework.security.web.access.intercept.RequestKey
- hashCode() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- hashCode() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
- hashCode() - Method in class org.springframework.security.web.header.Header
- hashCode() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
- hashCode() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- hashCode() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- hashCode() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- hashCode() - Method in class org.springframework.security.web.webauthn.api.Bytes
- hashpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Hash a password using the OpenBSD bcrypt scheme
- hashpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Hash a password using the OpenBSD bcrypt scheme
- hasIpAddress(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs requires a specific IP Address or subnet.
- hasIpAddress(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require a specific IP address or range using an IP/Netmask (e.g.
- hasIpAddress(String) - Method in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
-
Takes a specific IP address or a range using the IP/Netmask (e.g.
- hasIpAddress(String) - Static method in class org.springframework.security.web.access.IpAddressAuthorizationManager
-
Creates an instance of
IpAddressAuthorizationManager
with the provided IP address. - hasIpAddress(String) - Static method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager
-
Creates an instance of
IpAddressReactiveAuthorizationManager
with the provided IP address. - hasMoreElements() - Method in class org.springframework.security.web.savedrequest.Enumerator
-
Tests if this enumeration contains more elements.
- hasPermission(Object, Object) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
has permission to access the target given the permission - hasPermission(Object, Object) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- hasPermission(Object, String, Object) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
has permission to access the domain object with a given id, type, and permission. - hasPermission(Object, String, Object) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- hasPermission(Authentication, Serializable, String, Object) - Method in class org.springframework.security.access.expression.DenyAllPermissionEvaluator
- hasPermission(Authentication, Serializable, String, Object) - Method in interface org.springframework.security.access.PermissionEvaluator
-
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
- hasPermission(Authentication, Serializable, String, Object) - Method in class org.springframework.security.acls.AclPermissionEvaluator
- hasPermission(Authentication, Object) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- hasPermission(Authentication, Object, Object) - Method in class org.springframework.security.access.expression.DenyAllPermissionEvaluator
- hasPermission(Authentication, Object, Object) - Method in interface org.springframework.security.access.PermissionEvaluator
- hasPermission(Authentication, Object, Object) - Method in class org.springframework.security.acls.AclPermissionEvaluator
-
Determines whether the user has the given permission(s) on the domain object using the ACL configuration.
- hasRole(String) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
has a particular authority withinAuthentication.getAuthorities()
. - hasRole(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- hasRole(String) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Creates an instance of
AuthorityAuthorizationManager
with the provided authority. - hasRole(String) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
-
Creates an instance of
AuthorityReactiveAuthorizationManager
with the provided authority. - hasRole(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specifies a user requires a role.
- hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Shortcut for specifying URLs require a particular role.
- hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies a user requires a role.
- hasRole(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Shortcut for specifying
Message
instances require a particular role. - hasRole(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require a specific role.
- hasRole(String) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Shortcut for specifying
Message
instances require a particular role. - hasRole(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specifies a user requires a role.
- hasScope(String) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers
- hasScope(String) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers
-
Create a
ReactiveAuthorizationManager
that requires anAuthentication
to have aSCOPE_scope
authority. - hasVariable(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that a path variable in URL to be compared.
- hasWarning() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Checks whether a warning is present.
- HaveIBeenPwnedRestApiPasswordChecker - Class in org.springframework.security.web.authentication.password
-
Checks if the provided password was leaked by relying on Have I Been Pwned REST API.
- HaveIBeenPwnedRestApiPasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
- HaveIBeenPwnedRestApiReactivePasswordChecker - Class in org.springframework.security.web.authentication.password
-
Checks if the provided password was leaked by relying on Have I Been Pwned REST API.
- HaveIBeenPwnedRestApiReactivePasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
- header(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the header.
- header(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this header in the resulting
Jwt
- header(String, String...) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- Header - Class in org.springframework.security.web.header
-
Represents a Header to be added to the
HttpServletResponse
- Header(String, String...) - Constructor for class org.springframework.security.web.header.Header
-
Creates a new instance
- HEADER - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod
- HeaderBearerTokenResolver - Class in org.springframework.security.oauth2.server.resource.web
-
Generic resolver extracting pre-authenticated JWT identity from a custom header.
- HeaderBearerTokenResolver(String) - Constructor for class org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver
- headers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - headers() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.headers(Customizer)
orheaders(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - headers(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
A
Consumer
to be provided access to the headers allowing the ability to add, replace, or remove. - headers(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Provides access to every
Jwt.Builder.header(String, Object)
declared so far with the possibility to add, replace, or remove. - headers(Customizer<HeadersConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds the Security headers to the response.
- headers(Customizer<ServerHttpSecurity.HeaderSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures HTTP Response Headers.
- HEADERS - Static variable in class org.springframework.security.config.Elements
- HeadersBeanDefinitionParser - Class in org.springframework.security.config.http
-
Parser for the
HeadersFilter
. - HeadersBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HeadersBeanDefinitionParser
- HeadersConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds the Security HTTP headers to the response.
- HeadersConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Creates a new instance
- HeadersConfigurer.CacheControlConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.ContentSecurityPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.ContentTypeOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.CrossOriginEmbedderPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.CrossOriginOpenerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.CrossOriginResourcePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.FeaturePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.FrameOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.HpkpConfig - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.see Certificate and Public Key Pinning for more context
- HeadersConfigurer.HstsConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.PermissionsPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.ReferrerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
- HeadersConfigurer.XXssConfig - Class in org.springframework.security.config.annotation.web.configurers
- headerValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
-
Sets the value of the X-XSS-PROTECTION header.
- headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec
-
Sets the value of x-xss-protection header.
- HeaderWriter - Interface in org.springframework.security.web.header
-
Contract for writing headers to a
HttpServletResponse
- HeaderWriterFilter - Class in org.springframework.security.web.header
-
Filter implementation to add headers to the current response.
- HeaderWriterFilter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.HeaderWriterFilter
-
Creates a new instance.
- HeaderWriterLogoutHandler - Class in org.springframework.security.web.authentication.logout
- HeaderWriterLogoutHandler(HeaderWriter) - Constructor for class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
-
Constructs a new instance using the passed
HeaderWriter
implementation - HeaderWriterServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
A
ServerLogoutHandler
implementation which writes HTTP headers during logout. - HeaderWriterServerLogoutHandler(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
-
Constructs a new instance using the
ServerHttpHeadersWriter
implementation. - Hex - Class in org.springframework.security.crypto.codec
-
Hex data encoder.
- hideUserNotFoundExceptions - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- HpkpHeaderWriter - Class in org.springframework.security.web.header.writers
-
Deprecated.see Certificate and Public Key Pinning for more context
- HpkpHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Creates a new instance
- HpkpHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Creates a new instance
- HpkpHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Creates a new instance
- HpkpHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Creates a new instance
- HS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
HMAC using SHA-256 (Required)
- HS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
HMAC using SHA-256 (Required)
- HS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
HMAC using SHA-384 (Optional)
- HS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
HMAC using SHA-384 (Optional)
- HS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
HMAC using SHA-512 (Optional)
- HS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
HMAC using SHA-512 (Optional)
- hsts() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.hsts(Customizer)
orhsts(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures the Strict Transport Security response headers
- HstsHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for HTTP Strict Transport Security (HSTS).
- HstsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(RequestMatcher, long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- HstsHeaderWriter(RequestMatcher, long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Creates a new instance
- http() - Static method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Creates a new instance.
- http(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
-
Adds a port mapping
- HTTP - Static variable in class org.springframework.security.config.Elements
- HTTP_BASIC - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
Instance of AuthenticationWebFilter
- HTTP_FIREWALL - Static variable in class org.springframework.security.config.Elements
- HTTP_HEADERS_WRITER - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- Http403ForbiddenEntryPoint - Class in org.springframework.security.web.authentication
-
In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked.
- Http403ForbiddenEntryPoint() - Constructor for class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
- httpBasic() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - httpBasic() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.httpBasic(Customizer)
orhttpBasic(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - httpBasic(String, String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password.
- httpBasic(Customizer<HttpBasicConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures HTTP Basic authentication.
- httpBasic(Customizer<ServerHttpSecurity.HttpBasicSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures HTTP Basic authentication.
- HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds HTTP basic based authentication.
- HttpBasicConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
Creates a new instance
- HttpBasicServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication
-
Prompts a user for HTTP Basic authentication.
- HttpBasicServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
- httpFirewall(HttpFirewall) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Allows customizing the
HttpFirewall
. - HttpFirewall - Interface in org.springframework.security.web.firewall
-
Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.
- HttpFirewallBeanDefinitionParser - Class in org.springframework.security.config.http
-
Injects the supplied
HttpFirewall
bean reference into theFilterChainProxy
. - HttpFirewallBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
- HttpHeaderWriterWebFilter - Class in org.springframework.security.web.server.header
-
Invokes a
ServerHttpHeadersWriter
onReactiveHttpOutputMessage.beforeCommit(java.util.function.Supplier)
. - HttpHeaderWriterWebFilter(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
- HttpMessageConverterAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
An
AuthenticationSuccessHandler
that writes a JSON response with the redirect URL and an authenticated status similar to:{ "redirectUrl": "/user/profile", "authenticated": true }
- HttpMessageConverterAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler
- HttpMessageConverterAuthenticationSuccessHandler.AuthenticationSuccess - Class in org.springframework.security.web.authentication
-
A response object used to write the JSON response for successful authentication.
- httpPublicKeyPinning() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated.see Certificate and Public Key Pinning for more context
- httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated.see Certificate and Public Key Pinning for more context
- HttpRequestResponseHolder - Class in org.springframework.security.web.context
- HttpRequestResponseHolder(HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.context.HttpRequestResponseHolder
-
Deprecated.
- HTTPS_REDIRECT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- HttpSecurity - Class in org.springframework.security.config.annotation.web.builders
-
A
HttpSecurity
is similar to Spring Security's XML <http> element in the namespace configuration. - HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.
- HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Creates a new instance
- HttpSecurity.RequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders
-
Allows mapping HTTP requests that this
HttpSecurity
will be used for - HttpSecurityBeanDefinitionParser - Class in org.springframework.security.config.http
-
Sets up HTTP security: filter stack and protected URLs.
- HttpSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser
- HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean - Class in org.springframework.security.config.http
- HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory - Class in org.springframework.security.config.http
- HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor - Class in org.springframework.security.config.http
- HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> - Interface in org.springframework.security.config.annotation.web
- httpServletRequest(HttpServletRequest) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theHttpServletRequest
used to look up and save theOAuth2AuthorizedClient
. - httpServletResponse(HttpServletResponse) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theHttpServletResponse
used to save theOAuth2AuthorizedClient
. - HttpSessionCreatedEvent - Class in org.springframework.security.web.session
-
Published by the
HttpSessionEventPublisher
when anHttpSession
is created by the container - HttpSessionCreatedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionCreatedEvent
- HttpSessionCsrfTokenRepository - Class in org.springframework.security.web.csrf
- HttpSessionCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- HttpSessionDestroyedEvent - Class in org.springframework.security.web.session
-
Published by the
HttpSessionEventPublisher
when a HttpSession is removed from the container - HttpSessionDestroyedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionDestroyedEvent
- HttpSessionEventPublisher - Class in org.springframework.security.web.session
-
Declared in web.xml as
- HttpSessionEventPublisher() - Constructor for class org.springframework.security.web.session.HttpSessionEventPublisher
- HttpSessionIdChangedEvent - Class in org.springframework.security.web.session
-
Published by the
HttpSessionEventPublisher
when anHttpSession
ID is changed. - HttpSessionIdChangedEvent(HttpSession, String) - Constructor for class org.springframework.security.web.session.HttpSessionIdChangedEvent
- HttpSessionLogoutRequestRepository - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
-
An implementation of an
Saml2LogoutRequestRepository
that storesSaml2LogoutRequest
in theHttpSession
. - HttpSessionLogoutRequestRepository() - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
- HttpSessionOAuth2AuthorizationRequestRepository - Class in org.springframework.security.oauth2.client.web
-
An implementation of an
AuthorizationRequestRepository
that storesOAuth2AuthorizationRequest
in theHttpSession
. - HttpSessionOAuth2AuthorizationRequestRepository() - Constructor for class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
- HttpSessionOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web
-
An implementation of an
OAuth2AuthorizedClientRepository
that storesOAuth2AuthorizedClient
's in theHttpSession
. - HttpSessionOAuth2AuthorizedClientRepository() - Constructor for class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
- HttpSessionPublicKeyCredentialCreationOptionsRepository - Class in org.springframework.security.web.webauthn.registration
- HttpSessionPublicKeyCredentialCreationOptionsRepository() - Constructor for class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository
- HttpSessionPublicKeyCredentialRequestOptionsRepository - Class in org.springframework.security.web.webauthn.authentication
-
A
PublicKeyCredentialRequestOptionsRepository
that stores thePublicKeyCredentialRequestOptions
in theHttpSession
. - HttpSessionPublicKeyCredentialRequestOptionsRepository() - Constructor for class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository
- HttpSessionRequestCache - Class in org.springframework.security.web.savedrequest
-
RequestCache
which stores theSavedRequest
in the HttpSession. - HttpSessionRequestCache() - Constructor for class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- HttpSessionSaml2AuthenticationRequestRepository - Class in org.springframework.security.saml2.provider.service.web
-
A
Saml2AuthenticationRequestRepository
implementation that usesHttpSession
to store and retrieve theAbstractSaml2AuthenticationRequest
- HttpSessionSaml2AuthenticationRequestRepository() - Constructor for class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
- HttpSessionSecurityContextRepository - Class in org.springframework.security.web.context
-
A
SecurityContextRepository
implementation which stores the security context in theHttpSession
between requests. - HttpSessionSecurityContextRepository() - Constructor for class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- HttpsRedirectSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
- HttpsRedirectWebFilter - Class in org.springframework.security.web.server.transport
-
Redirects any non-HTTPS request to its HTTPS equivalent.
- HttpsRedirectWebFilter() - Constructor for class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
- httpsRedirectWhen(Function<ServerWebExchange, Boolean>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
-
Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
- httpsRedirectWhen(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
-
Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
- HttpStatusEntryPoint - Class in org.springframework.security.web.authentication
-
An
AuthenticationEntryPoint
that sends a genericHttpStatus
as a response. - HttpStatusEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.authentication.HttpStatusEntryPoint
-
Creates a new instance.
- HttpStatusExchangeRejectedHandler - Class in org.springframework.security.web.server.firewall
-
A simple implementation of
ServerExchangeRejectedHandler
that sends an error with configurable status code. - HttpStatusExchangeRejectedHandler() - Constructor for class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler
-
Constructs an instance which uses
400
as response code. - HttpStatusExchangeRejectedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.firewall.HttpStatusExchangeRejectedHandler
-
Constructs an instance which uses a configurable http code as response.
- HttpStatusRequestRejectedHandler - Class in org.springframework.security.web.firewall
-
A simple implementation of
RequestRejectedHandler
that sends an error with configurable status code. - HttpStatusRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
-
Constructs an instance which uses
400
as response code. - HttpStatusRequestRejectedHandler(int) - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
-
Constructs an instance which uses a configurable http code as response.
- HttpStatusReturningLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
Implementation of the
LogoutSuccessHandler
. - HttpStatusReturningLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
-
Initialize the
HttpStatusLogoutSuccessHandler
with the defaultHttpStatus.OK
. - HttpStatusReturningLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
-
Initialize the
HttpStatusLogoutSuccessHandler
with a user-definedHttpStatus
. - HttpStatusReturningServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout
-
Implementation of the
ServerLogoutSuccessHandler
. - HttpStatusReturningServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
-
Initialize the
HttpStatusReturningServerLogoutSuccessHandler
with the defaultHttpStatus.OK
. - HttpStatusReturningServerLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
-
Initialize the
HttpStatusReturningServerLogoutSuccessHandler
with a user-definedHttpStatus
. - HttpStatusServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization
-
Sets the provided HTTP Status when access is denied.
- HttpStatusServerAccessDeniedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
-
Creates an instance with the provided status
- HttpStatusServerEntryPoint - Class in org.springframework.security.web.server.authentication
-
A
ServerAuthenticationEntryPoint
that sends a genericHttpStatus
as a response. - HttpStatusServerEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
- httpStrictTransportSecurity() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.httpStrictTransportSecurity(Customizer)
instead - httpStrictTransportSecurity(Customizer<HeadersConfigurer.HstsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows customizing the
HstsHeaderWriter
which provides support for HTTP Strict Transport Security (HSTS). - HYBRID - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
hybrid indicates the respective authenticator can be contacted using a combination of (often separate) data-transport and proximity mechanisms.
I
- IAT - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
iat
- the time at which the ID Token was issued - IAT - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
iat
- A timestamp indicating when the token was issued - IAT - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
iat
- the time at which the ID Token was issued - IAT - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
iat
- The Issued at claim identifies the time at which the JWT was issued - id - Variable in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- id(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the JWT ID
(jti)
claim, which provides a unique identifier for the JWT. - id(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
This is the unique id used in the
AbstractSaml2AuthenticationRequest.Builder.samlRequest
- id(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
This is the unique id used in the
Saml2LogoutRequest.Builder.samlRequest(java.lang.String)
- id(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Sets the
PublicKeyCredential.getId()
property - id(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder
-
Sets the
PublicKeyCredentialRpEntity.getId()
property. - id(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder
-
Sets the
ImmutablePublicKeyCredentialUserEntity.getId()
property. - id(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder
-
Sets the
PublicKeyCredentialDescriptor.getId()
property. - ID_TOKEN - Static variable in class org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
-
id_token
- used in the Access Token Response. - identity() - Static method in interface org.springframework.security.config.ObjectPostProcessor
- IDENTITY - Static variable in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
- IdentityUnavailableException - Exception in org.springframework.security.acls.domain
-
Thrown if an ACL identity could not be extracted from an object.
- IdentityUnavailableException(String) - Constructor for exception org.springframework.security.acls.domain.IdentityUnavailableException
-
Constructs an
IdentityUnavailableException
with the specified message. - IdentityUnavailableException(String, Throwable) - Constructor for exception org.springframework.security.acls.domain.IdentityUnavailableException
-
Constructs an
IdentityUnavailableException
with the specified message and root cause. - idToken(Consumer<OidcIdToken.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided
OidcIdToken
when constructing the authenticated user - idToken(Consumer<OidcIdToken.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided
OidcIdToken
when constructing the authenticated user - IdTokenClaimAccessor - Interface in org.springframework.security.oauth2.core.oidc
-
A
ClaimAccessor
for the "claims" that can be returned in the ID Token, which provides information about the authentication of an End-User by an Authorization Server. - IdTokenClaimNames - Class in org.springframework.security.oauth2.core.oidc
-
The names of the "claims" defined by the OpenID Connect Core 1.0 specification that can be returned in the ID Token.
- IF_REQUIRED - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Spring Security will only create an
HttpSession
if required - ignoring() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Allows adding
RequestMatcher
instances that Spring Security should ignore. - ignoringRequestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Allows specifying
HttpServletRequest
that should not use CSRF Protection even if they match theCsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher)
. - ignoringRequestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Allows specifying
HttpServletRequest
s that should not use CSRF Protection even if they match theCsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher)
. - ImmutableAuthenticationExtensionsClientInput<T> - Class in org.springframework.security.web.webauthn.api
-
An immutable
AuthenticationExtensionsClientInput
. - ImmutableAuthenticationExtensionsClientInput(String, T) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput
-
Creates a new instance
- ImmutableAuthenticationExtensionsClientInputs - Class in org.springframework.security.web.webauthn.api
-
An immutable implementation of
AuthenticationExtensionsClientInputs
. - ImmutableAuthenticationExtensionsClientInputs(List<AuthenticationExtensionsClientInput>) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs
- ImmutableAuthenticationExtensionsClientInputs(AuthenticationExtensionsClientInput...) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs
- ImmutableAuthenticationExtensionsClientOutputs - Class in org.springframework.security.web.webauthn.api
-
An immutable implementation of
AuthenticationExtensionsClientOutputs
. - ImmutableAuthenticationExtensionsClientOutputs(List<AuthenticationExtensionsClientOutput<?>>) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs
- ImmutableAuthenticationExtensionsClientOutputs(AuthenticationExtensionsClientOutput<?>...) - Constructor for class org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs
- ImmutableCredentialRecord - Class in org.springframework.security.web.webauthn.api
-
An immutable
CredentialRecord
. - ImmutableCredentialRecord.ImmutableCredentialRecordBuilder - Class in org.springframework.security.web.webauthn.api
- ImmutablePublicKeyCose - Class in org.springframework.security.web.webauthn.api
-
An immutable
PublicKeyCose
- ImmutablePublicKeyCose(byte[]) - Constructor for class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose
-
Creates a new instance.
- ImmutablePublicKeyCredentialCreationOptionsRequest - Class in org.springframework.security.web.webauthn.management
-
An immutable implementation of
PublicKeyCredentialCreationOptionsRequest
. - ImmutablePublicKeyCredentialCreationOptionsRequest(Authentication) - Constructor for class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialCreationOptionsRequest
- ImmutablePublicKeyCredentialRequestOptionsRequest - Class in org.springframework.security.web.webauthn.management
- ImmutablePublicKeyCredentialRequestOptionsRequest(Authentication) - Constructor for class org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialRequestOptionsRequest
- ImmutablePublicKeyCredentialUserEntity - Class in org.springframework.security.web.webauthn.api
-
PublicKeyCredentialUserEntity is used to supply additional user account attributes when creating a new credential.
- ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder - Class in org.springframework.security.web.webauthn.api
-
Used to build
PublicKeyCredentialUserEntity
. - ImmutableRelyingPartyRegistrationRequest - Class in org.springframework.security.web.webauthn.management
-
Contains the information necessary to register a new Credential.
- ImmutableRelyingPartyRegistrationRequest(PublicKeyCredentialCreationOptions, RelyingPartyPublicKey) - Constructor for class org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest
-
Creates a new instance.
- implies(String...) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder.ImpliedRoles
-
Specifies implied role(s) for the current role in the hierarchy.
- inboundChannelSecurity(MessageSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- inboundMessageSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- includeSubdomains(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
-
Configures if subdomains should be included.
- includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
- includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
If true, subdomains should be considered HSTS Hosts too.
- INDIRECT - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference
-
The indirect preference indicates that the Relying Party wants to receive a verifiable attestation statement, but allows the client to decide how to obtain such an attestation statement.
- INET_ORG_PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- InetOrgPerson - Class in org.springframework.security.ldap.userdetails
-
UserDetails implementation whose properties are based on a subset of the LDAP schema for inetOrgPerson.
- InetOrgPerson() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson
- InetOrgPerson.Essence - Class in org.springframework.security.ldap.userdetails
- InetOrgPersonContextMapper - Class in org.springframework.security.ldap.userdetails
- InetOrgPersonContextMapper() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper
- init() - Method in class org.springframework.security.config.SecurityNamespaceHandler
- init(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer
-
Initialize the
SecurityBuilder
. - init(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
- init(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- init(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
- init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
- init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- init(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Initialize the
SecurityBuilder
. - init(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
- init(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
- init(FilterConfig) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.Not used (we rely on IoC container lifecycle services instead)
- init(FilterConfig) - Method in class org.springframework.security.web.debug.DebugFilter
- init(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
- initDao() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- initDao() - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- initDao() - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- initExtractorMap() - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Initializes associations between
Throwable
s andThrowableCauseExtractor
s. - initialize() - Static method in class org.springframework.security.saml2.core.OpenSamlInitializationService
-
Ready OpenSAML for use and configure it with reasonable defaults.
- initialize(Subject, CallbackHandler, Map, Map) - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Initialize this
LoginModule
. - initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- initializeUserDetailsBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
- initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
-
Populates the users that have been added.
- initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
-
Allows subclasses to initialize the
UserDetailsService
. - inMemoryAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Add in memory authentication to the
AuthenticationManagerBuilder
and return aInMemoryUserDetailsManagerConfigurer
to allow customization of the in memory authentication. - InMemoryClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration
-
A
ClientRegistrationRepository
that storesClientRegistration
(s) in-memory. - InMemoryClientRegistrationRepository(List<ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
-
Constructs an
InMemoryClientRegistrationRepository
using the provided parameters. - InMemoryClientRegistrationRepository(Map<String, ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
-
Constructs an
InMemoryClientRegistrationRepository
using the providedMap
ofregistration id
toClientRegistration
. - InMemoryClientRegistrationRepository(ClientRegistration...) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
-
Constructs an
InMemoryClientRegistrationRepository
using the provided parameters. - InMemoryConfiguration - Class in org.springframework.security.authentication.jaas.memory
-
An in memory representation of a JAAS configuration.
- InMemoryConfiguration(Map<String, AppConfigurationEntry[]>) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
-
Creates a new instance with a mapping of login context name to an array of
AppConfigurationEntry
s. - InMemoryConfiguration(Map<String, AppConfigurationEntry[]>, AppConfigurationEntry[]) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
-
Creates a new instance with a mapping of login context name to an array of
AppConfigurationEntry
s along with a default configuration that will be used if no mapping is found for the given login context name. - InMemoryConfiguration(AppConfigurationEntry[]) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
-
Creates a new instance with only a defaultConfiguration.
- InMemoryOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
-
An
OAuth2AuthorizedClientService
that storesAuthorized Client(s)
in-memory. - InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
-
Constructs an
InMemoryOAuth2AuthorizedClientService
using the provided parameters. - InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository, Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient>) - Constructor for class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
-
Constructs an
InMemoryOAuth2AuthorizedClientService
using the provided parameters. - InMemoryOidcSessionRegistry - Class in org.springframework.security.oauth2.client.oidc.session
-
An in-memory implementation of
OidcSessionRegistry
- InMemoryOidcSessionRegistry() - Constructor for class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
- InMemoryOneTimeTokenService - Class in org.springframework.security.authentication.ott
-
Provides an in-memory implementation of the
OneTimeTokenService
interface that uses aConcurrentHashMap
to store the generatedOneTimeToken
. - InMemoryOneTimeTokenService() - Constructor for class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
- InMemoryReactiveClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration
-
A Reactive
ClientRegistrationRepository
that storesClientRegistration
(s) in-memory. - InMemoryReactiveClientRegistrationRepository(List<ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
-
Constructs an
InMemoryReactiveClientRegistrationRepository
using the provided parameters. - InMemoryReactiveClientRegistrationRepository(ClientRegistration...) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
-
Constructs an
InMemoryReactiveClientRegistrationRepository
using the provided parameters. - InMemoryReactiveOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
-
An
OAuth2AuthorizedClientService
that storesAuthorized Client(s)
in-memory. - InMemoryReactiveOAuth2AuthorizedClientService(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
-
Constructs an
InMemoryReactiveOAuth2AuthorizedClientService
using the provided parameters. - InMemoryReactiveOidcSessionRegistry - Class in org.springframework.security.oauth2.client.oidc.server.session
-
An in-memory implementation of
ReactiveOidcSessionRegistry
- InMemoryReactiveOidcSessionRegistry() - Constructor for class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
- InMemoryReactiveOneTimeTokenService - Class in org.springframework.security.authentication.ott.reactive
-
Reactive adapter for
InMemoryOneTimeTokenService
- InMemoryReactiveOneTimeTokenService() - Constructor for class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService
- InMemoryReactiveSessionRegistry - Class in org.springframework.security.core.session
-
Provides an in-memory implementation of
ReactiveSessionRegistry
. - InMemoryReactiveSessionRegistry() - Constructor for class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- InMemoryReactiveSessionRegistry(ConcurrentMap<Object, Set<String>>, Map<String, ReactiveSessionInformation>) - Constructor for class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- InMemoryRelyingPartyRegistrationRepository - Class in org.springframework.security.saml2.provider.service.registration
-
An in-memory implementation of
RelyingPartyRegistrationRepository
. - InMemoryRelyingPartyRegistrationRepository(Collection<RelyingPartyRegistration>) - Constructor for class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
- InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration...) - Constructor for class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
- InMemoryResource - Class in org.springframework.security.util
-
An in memory implementation of Spring's
Resource
interface. - InMemoryResource(byte[]) - Constructor for class org.springframework.security.util.InMemoryResource
- InMemoryResource(byte[], String) - Constructor for class org.springframework.security.util.InMemoryResource
- InMemoryResource(String) - Constructor for class org.springframework.security.util.InMemoryResource
- InMemoryTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme
-
Simple PersistentTokenRepository implementation backed by a Map.
- InMemoryTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- InMemoryUserDetailsManager - Class in org.springframework.security.provisioning
-
Non-persistent implementation of
UserDetailsManager
which is backed by an in-memory map. - InMemoryUserDetailsManager() - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
- InMemoryUserDetailsManager(Collection<UserDetails>) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
- InMemoryUserDetailsManager(Properties) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
- InMemoryUserDetailsManager(UserDetails...) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
- InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
-
Configures an
AuthenticationManagerBuilder
to have in memory authentication. - InMemoryUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer
-
Creates a new instance
- INSECURE_NOOP - Static variable in interface org.springframework.security.web.server.firewall.ServerWebExchangeFirewall
-
An implementation of
StrictServerWebExchangeFirewall
that does nothing. - InsecureChannelProcessor - Class in org.springframework.security.web.access.channel
-
Ensures channel security is inactive by review of
HttpServletRequest.isSecure()
responses. - InsecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.InsecureChannelProcessor
- insertAce(int, Permission, Sid, boolean) - Method in class org.springframework.security.acls.domain.AclImpl
- insertAce(int, Permission, Sid, boolean) - Method in interface org.springframework.security.acls.model.MutableAcl
- insertFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Inserts the provided
Filter
s before existingFilter
s using default generated names,AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes()
, andAbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported()
. - instance - Variable in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- INSTANCE - Static variable in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- INSUFFICIENT_PASSWORD_QUALITY - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- INSUFFICIENT_SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
insufficient_scope
- The request requires higher privileges than provided by the access token. - INSUFFICIENT_SCOPE - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
-
insufficient_scope
- The request requires higher privileges than provided by the access token. - InsufficientAuthenticationException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.
- InsufficientAuthenticationException(String) - Constructor for exception org.springframework.security.authentication.InsufficientAuthenticationException
-
Constructs an
InsufficientAuthenticationException
with the specified message. - InsufficientAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.authentication.InsufficientAuthenticationException
-
Constructs an
InsufficientAuthenticationException
with the specified message and root cause. - insufficientScope(String, String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors
-
Create a
BearerTokenError
caused by an invalid token - InteractiveAuthenticationSuccessEvent - Class in org.springframework.security.authentication.event
-
Indicates an interactive authentication was successful.
- InteractiveAuthenticationSuccessEvent(Authentication, Class<?>) - Constructor for class org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
- intercept(HttpRequest, byte[], ClientHttpRequestExecution) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
- intercept(PayloadExchange, PayloadInterceptorChain) - Method in interface org.springframework.security.rsocket.api.PayloadInterceptor
-
Process the Web request and (optionally) delegate to the next
PayloadInterceptor
through the givenPayloadInterceptorChain
. - intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
- intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
- intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
- INTERCEPT_MESSAGE - Static variable in class org.springframework.security.config.Elements
- INTERCEPT_METHODS - Static variable in class org.springframework.security.config.Elements
- INTERCEPT_URL - Static variable in class org.springframework.security.config.Elements
- InterceptMethodsBeanDefinitionDecorator - Class in org.springframework.security.config.method
- InterceptMethodsBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
- InterceptorStatusToken - Class in org.springframework.security.access.intercept
-
Deprecated.Use delegation with
AuthorizationManager
- InterceptorStatusToken(SecurityContext, boolean, Collection<ConfigAttribute>, Object) - Constructor for class org.springframework.security.access.intercept.InterceptorStatusToken
-
Deprecated.
- INTERNAL - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
internal indicates the respective authenticator is contacted using a client device-specific transport, i.e., it is a platform authenticator.
- INTERNAL_VALIDATION_ERROR - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
An error happened during validation.
- InternalAuthenticationServiceException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request could not be processed due to a system problem that occurred internally.
- InternalAuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.InternalAuthenticationServiceException
- InternalAuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.InternalAuthenticationServiceException
- interval(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
-
Sets the minimum amount of time (in seconds) that the client should wait between polling requests to the token endpoint.
- INTERVAL - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
interval
- used in Device Authorization Response. - introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
-
Deprecated.
- introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
-
Deprecated.
- introspect(String) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
-
Introspect and verify the given token, returning its attributes.
- introspect(String) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector
-
Introspect and verify the given token, returning its attributes.
- introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
- introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
- introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
-
Configures the credentials for Introspection endpoint
- introspectionUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- introspectionUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
-
Configures the URI of the Introspection endpoint
- introspector(OpaqueTokenIntrospector) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- introspector(ReactiveOpaqueTokenIntrospector) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- INVALID_ASSERTION - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The assertion was not valid.
- INVALID_CLIENT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
invalid_client
- Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). - INVALID_DESTINATION - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
Response destination does not match the request URL.
- INVALID_GRANT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
invalid_grant
- The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. - INVALID_IN_RESPONSE_TO - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The InResponseTo content of the response does not match the ID of the AuthNRequest.
- INVALID_ISSUER - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
An Issuer element contained a value that didn't https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15
- INVALID_REDIRECT_URI - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
invalid_redirect_uri
- The value of one or more redirection URIs is invalid. - INVALID_REQUEST - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
invalid_request
- The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. - INVALID_REQUEST - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
-
invalid_request
- The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed. - INVALID_REQUEST - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
Request is invalid in a general way.
- INVALID_RESPONSE - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
Response is invalid in a general way.
- INVALID_SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
invalid_scope
- The requested scope is invalid, unknown, malformed or exceeds the scope granted by the resource owner. - INVALID_SIGNATURE - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The signature of response or assertion was invalid.
- INVALID_TOKEN - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
invalid_token
- The access token provided is expired, revoked, malformed, or invalid for other reasons. - INVALID_TOKEN - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
-
invalid_token
- The access token provided is expired, revoked, malformed, or invalid for other reasons. - invalidate() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- invalidateHttpSession(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Configures
SecurityContextLogoutHandler
to invalidate theHttpSession
at the time of logout. - InvalidateLeastUsedServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication
-
Implementation of
ServerMaximumSessionsExceededHandler
that invalidates the least recently usedReactiveSessionInformation
and removes the related sessions from theWebSessionStore
. - InvalidateLeastUsedServerMaximumSessionsExceededHandler(WebSessionStore) - Constructor for class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler
- InvalidBearerTokenException - Exception in org.springframework.security.oauth2.server.resource
-
An
OAuth2AuthenticationException
that indicates an invalid bearer token. - InvalidBearerTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.InvalidBearerTokenException
-
Construct an instance of
InvalidBearerTokenException
given the provided description. - InvalidBearerTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.InvalidBearerTokenException
-
Construct an instance of
InvalidBearerTokenException
given the provided description and cause The description will be wrapped into anOAuth2Error
instance as theerror_description
. - InvalidCookieException - Exception in org.springframework.security.web.authentication.rememberme
-
Exception thrown by a RememberMeServices implementation to indicate that a submitted cookie is of an invalid format or has expired.
- InvalidCookieException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.InvalidCookieException
- InvalidCsrfTokenException - Exception in org.springframework.security.web.csrf
-
Thrown when an expected
CsrfToken
exists, but it does not match the value present on theHttpServletRequest
- InvalidCsrfTokenException(CsrfToken, String) - Constructor for exception org.springframework.security.web.csrf.InvalidCsrfTokenException
- InvalidOneTimeTokenException - Exception in org.springframework.security.authentication.ott
-
An
AuthenticationException
that indicates an invalid one-time token. - InvalidOneTimeTokenException(String) - Constructor for exception org.springframework.security.authentication.ott.InvalidOneTimeTokenException
- invalidRequest(String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors
-
Create a
BearerTokenError
caused by an invalid request - InvalidSessionAccessDeniedHandler - Class in org.springframework.security.web.session
-
An adapter of
InvalidSessionStrategy
toAccessDeniedHandler
- InvalidSessionAccessDeniedHandler(InvalidSessionStrategy) - Constructor for class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
-
Creates a new instance
- invalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Setting this attribute will inject the provided invalidSessionStrategy into the
SessionManagementFilter
. - InvalidSessionStrategy - Interface in org.springframework.security.web.session
-
Determines the behaviour of the
SessionManagementFilter
when an invalid session Id is submitted and detected in theSessionManagementFilter
. - invalidSessionUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Setting this attribute will inject the
SessionManagementFilter
with aSimpleRedirectInvalidSessionStrategy
configured with the attribute value. - invalidToken(String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors
-
Create a
BearerTokenError
caused by an invalid token - INVOCATION_ATTRIBUTE_FACTORY - Static variable in class org.springframework.security.config.Elements
- INVOCATION_HANDLING - Static variable in class org.springframework.security.config.Elements
- INVOCATIONTARGET_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer
-
Default extractor for
InvocationTargetException
instances. - invoke(MethodInvocation) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
-
Deprecated.This method should be used to enforce security on a
MethodInvocation
. - invoke(MethodInvocation) - Method in class org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor
-
Deprecated.
- invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
- invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
-
Determines if an
Authentication
has access to the returned object from theMethodInvocation
using the configuredReactiveAuthorizationManager
. - invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Determine if an
Authentication
has access to theMethodInvocation
using the configuredAuthorizationManager
. - invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
-
Determines if an
Authentication
has access to theMethodInvocation
using the configuredReactiveAuthorizationManager
. - invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
- invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
-
Filters the returned object from the
MethodInvocation
by evaluating an expression from thePostFilter
annotation. - invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
-
Filter the method argument specified in the
PreFilter
annotation thatMethodInvocation
specifies. - invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
-
Filters a reactive method argument by evaluating an expression from the
PreFilter
annotation. - invoke(JoinPoint) - Method in class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
-
Deprecated.Method that is suitable for user with @Aspect notation.
- invoke(JoinPoint, AspectJCallback) - Method in class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
-
Deprecated.Method that is suitable for user with traditional AspectJ-code aspects.
- invoke(FilterInvocation) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- invokeAll(Collection) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- invokeAll(Collection, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- invokeAny(Collection) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- invokeAny(Collection, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- IpAddressAuthorizationManager - Class in org.springframework.security.web.access
-
A
AuthorizationManager
, that determines if the current request contains the specified address or range of addresses - IpAddressMatcher - Class in org.springframework.security.web.util.matcher
-
Matches a request based on IP Address or subnet mask matching against the remote address.
- IpAddressMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.IpAddressMatcher
-
Takes a specific IP address or a range specified using the IP/Netmask (e.g.
- IpAddressReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization
-
A
ReactiveAuthorizationManager
, that determines if the current request contains the specified address or range of addresses - IpAddressServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches a request based on IP Address or subnet mask matching against the remote address.
- IpAddressServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
-
Takes a specific IP address or a range specified using the IP/Netmask (e.g.
- IS_AUTHENTICATED_ANONYMOUSLY - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- IS_AUTHENTICATED_FULLY - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- IS_AUTHENTICATED_REMEMBERED - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- isAbsoluteUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
- isAccountNonExpired() - Method in class org.springframework.security.core.userdetails.User
- isAccountNonExpired() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Indicates whether the user's account has expired.
- isAccountNonExpired() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- isAccountNonLocked() - Method in class org.springframework.security.core.userdetails.User
- isAccountNonLocked() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Indicates whether the user is locked or unlocked.
- isAccountNonLocked() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- isAclClassIdSupported() - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- isActive() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
-
Returns the indicator
(active)
whether or not the token is currently active - isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Deprecated.Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
- isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(String, String, String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
- isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Deprecated.Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
-
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
- isAllowed(MethodInvocation, Authentication) - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
-
Deprecated.
- isAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- isAllowIfEqualGrantedDeniedDecisions() - Method in class org.springframework.security.access.vote.ConsensusBased
-
Deprecated.
- isAllowSessionCreation() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- isAlwaysReauthenticate() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- isAlwaysUseDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- isAnonymous() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
is anonymous - isAnonymous() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- isAnonymous(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
-
Indicates whether the passed
Authentication
token represents an anonymous user. - isAnonymous(Authentication) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
- isAsyncSecuritySupported() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Determine if the springSecurityFilterChain should be marked as supporting async.
- isAuditFailure() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- isAuditFailure() - Method in interface org.springframework.security.acls.model.AuditableAccessControlEntry
- isAuditSuccess() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- isAuditSuccess() - Method in interface org.springframework.security.acls.model.AuditableAccessControlEntry
- isAuthenticateAllArtifacts() - Method in class org.springframework.security.cas.ServiceProperties
- isAuthenticated() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines ifthe
SecurityExpressionOperations.getAuthentication()
is authenticated - isAuthenticated() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- isAuthenticated() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- isAuthenticated() - Method in interface org.springframework.security.core.Authentication
-
Used to indicate to
AbstractSecurityInterceptor
whether it should present the authentication token to theAuthenticationManager
. - isAuthenticated() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
- isAuthenticated() - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler.AuthenticationSuccess
- isAuthenticated(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
-
Checks if the
Authentication
is not null, authenticated, and not anonymous. - isAuthnRequestsSigned() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Get the AuthnRequestsSigned setting.
- isBackupEligible() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The backupElgible flag is the same as the BE flag in authData.
- isBackupEligible() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- isBackupState() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
The backupState flag is the same as the BS flag in authData.
- isBackupState() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- isBase64(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64
-
Deprecated.
- isChangeAfterReset() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
- isCleared() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent
-
Say whether the event is a context-clearing event.
- isCompromised() - Method in class org.springframework.security.authentication.password.CompromisedPasswordDecision
- isConfigured() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Determines if the
AuthenticationManagerBuilder
is configured to build a non nullAuthenticationManager
. - isContextHolderRefreshRequired() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
-
Deprecated.
- isContextRelative() - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
Returns true, if the redirection URL should be calculated minus the protocol and context path (defaults to false).
- isContextSaved() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.Tells if the response wrapper has called
saveContext()
because of this wrapper. - isConvertToUpperCase() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Returns true if role names are converted to uppercase Method available so that classes extending this can override
- isCredentialsNonExpired() - Method in class org.springframework.security.core.userdetails.User
- isCredentialsNonExpired() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Indicates whether the user's credentials (password) has expired.
- isCredentialsNonExpired() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- isCritical() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
-
Returns whether the control is critical for the client.
- isCustomLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- isDecryptionCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Indicate whether this credential can be used for decryption
- isDisableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Returns true if
OnCommittedResponseWrapper.onResponseCommitted()
will be invoked when the response is committed, else false. - isEnabled() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- isEnabled() - Method in class org.springframework.security.core.userdetails.User
- isEnabled() - Method in interface org.springframework.security.core.userdetails.UserDetails
-
Indicates whether the user is enabled or disabled.
- isEnabled() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- isEnabled() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- isEncryptionCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Indicate whether this credential can be used for encryption
- isEnforceCredentialProtectionPolicy() - Method in class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect
- isEntriesInheriting() - Method in class org.springframework.security.acls.domain.AclImpl
- isEntriesInheriting() - Method in interface org.springframework.security.acls.model.Acl
-
Indicates whether the ACL entries from the
Acl.getParentAcl()
should flow down into the current Acl. - isEraseCredentialsAfterAuthentication() - Method in class org.springframework.security.authentication.ProviderManager
- isExpired() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- isExpired() - Method in class org.springframework.security.core.session.SessionInformation
- isExpired() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
- isForceHttps() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- isForcePrincipalAsString() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- isFullyAuthenticated() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
authenticated without the use of remember me - isFullyAuthenticated() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- isFullyAuthenticated(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
-
Indicates whether the passed
Authentication
token represents a fully authenticated user (that is, neither anonymous or remember-me). - isGenerated() - Method in interface org.springframework.security.core.context.DeferredSecurityContext
-
Returns true if
Supplier.get()
refers to a generatedSecurityContext
or false if it already existed. - isGenerated() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken
-
Returns true if
DeferredCsrfToken.get()
refers to a generatedCsrfToken
or false if it already existed. - isGranted() - Method in class org.springframework.security.authorization.AuthorizationDecision
- isGranted() - Method in exception org.springframework.security.authorization.AuthorizationDeniedException
- isGranted() - Method in interface org.springframework.security.authorization.AuthorizationResult
- isGranted(List<Permission>, List<Sid>, boolean) - Method in class org.springframework.security.acls.domain.AclImpl
-
Delegates to the
PermissionGrantingStrategy
. - isGranted(List<Permission>, List<Sid>, boolean) - Method in interface org.springframework.security.acls.model.Acl
-
This is the actual authorization logic method, and must be used whenever ACL authorization decisions are required.
- isGranted(AccessControlEntry, Permission) - Method in class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy
-
Compares an ACE Permission to the given Permission.
- isGranted(Acl, List<Permission>, List<Sid>, boolean) - Method in class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy
-
Determines authorization.
- isGranted(Acl, List<Permission>, List<Sid>, boolean) - Method in interface org.springframework.security.acls.model.PermissionGrantingStrategy
-
Returns true if the supplied strategy decides that the supplied
Acl
grants access based on the supplied list of permissions and sids. - isGranting() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- isGranting() - Method in interface org.springframework.security.acls.model.AccessControlEntry
-
Indicates the permission is being granted to the relevant Sid.
- isHideUserNotFoundExceptions() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- isHtmlEscape() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
-
Return the HTML escaping setting for this tag, or the default setting if not overridden.
- isIgnoreFailure() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- isIgnoreUnknown() - Method in class org.springframework.security.authorization.method.PrePostTemplateDefaults
-
Deprecated.Whether template resolution should ignore placeholders it doesn't recognize.
- isIgnoreUnknown() - Method in class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults
-
Whether template resolution should ignore placeholders it doesn't recognize.
- isInvalidateHttpSession() - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- isLocked() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Determines whether an account locked error has been returned.
- isLogInteractiveAuthenticationSuccessEvents() - Method in class org.springframework.security.authentication.event.LoggerListener
- isMatch() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
- isMatch() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
- isMatch() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
- isMergeEnabled() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
- isMergeEnabled() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
- isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
- isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.Indicates whether once-per-request handling will be observed.
- isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
- isPerInstance() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
- isRejectPublicInvocations() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- isRememberMe() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Determines if the
SecurityExpressionOperations.getAuthentication()
was authenticated using remember me - isRememberMe() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- isRememberMe(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
-
Indicates whether the passed
Authentication
token represents user that has been remembered (i.e. - isRememberMe(Authentication) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
- isRequest() - Method in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
Determines if this exchange is a type of request (i.e.
- isRk() - Method in class org.springframework.security.web.webauthn.api.CredentialPropertiesOutput.ExtensionOutput
-
This OPTIONAL property, known abstractly as the resident key credential property (i.e., client-side discoverable credential property), is a Boolean value indicating whether the PublicKeyCredential returned as a result of a registration ceremony is a client-side discoverable credential.
- isRunning() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- isRunning() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- ISS - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
iss
- the Issuer identifier - ISS - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
iss
- The issuer of the token - ISS - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
iss
- the Issuer identifier - ISS - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
iss
- the Issuer claim identifies the principal that issued the JWT - isSecure() - Method in class org.springframework.security.web.savedrequest.SavedCookie
- isSendRenew() - Method in class org.springframework.security.cas.ServiceProperties
-
Indicates whether the
renew
parameter should be sent to the CAS login URL and CAS validation URL. - isShutdown() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- isSidLoaded(List<Sid>) - Method in class org.springframework.security.acls.domain.AclImpl
- isSidLoaded(List<Sid>) - Method in interface org.springframework.security.acls.model.Acl
-
For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system.
- isSigningCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Indicate whether this credential can be used for signing
- isSimpDestPathMatcherConfigured() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Determines if the
MessageSecurityMetadataSourceRegistry.simpDestPathMatcher(PathMatcher)
has been explicitly set. - isSingleton() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- isSingleton() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
- isStateless() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- isSuccess() - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter.SuccessfulUserRegistrationResponse
- ISSUED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
issued_token_type
- used in Token Exchange Access Token Response. - issuedAt(Instant) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this issued-at timestamp in the resulting
OidcLogoutToken
- issuedAt(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this issued-at timestamp in the resulting
OidcIdToken
- issuedAt(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this issued-at timestamp in the resulting
Jwt
- issuedAt(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the issued at
(iat)
claim, which identifies the time at which the JWT was issued. - issuer(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this issuer in the resulting
OidcLogoutToken
- issuer(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this issuer in the resulting
OidcIdToken
- issuer(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this issuer in the resulting
Jwt
- issuer(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the issuer
(iss)
claim, which identifies the principal that issued the JWT. - issuerUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server.
- isTerminated() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- isTokenExpired(long) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- isUiSecurityDisabled() - Static method in class org.springframework.security.taglibs.TagLibConfig
- isUseForward() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- isUseForward() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- isUserInRole(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Simple searches for an exactly matching
GrantedAuthority.getAuthority()
. - isUsernameBasedPrimaryKey() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- isUsingGraceLogins() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
- isUvInitialized() - Method in interface org.springframework.security.web.webauthn.api.CredentialRecord
-
uvInitialized is the value of the UV (user verified) flag in authData and indicates whether any credential from this public key credential source has had the UV flag set.
- isUvInitialized() - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord
- isValid() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- isValidateConfigAttributes() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- isValidRedirectUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Returns true if the supplied URL starts with a "/" or is absolute.
- isVerificationCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Indicate whether this credential can be used for verification
- IterableRelyingPartyRegistrationRepository - Interface in org.springframework.security.saml2.provider.service.registration
-
An interface that simplifies APIs which require the
RelyingPartyRegistrationRepository
to also beIterable
- iterator() - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
- iterator() - Method in class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
-
Returns an
Iterator
ofClientRegistration
. - iterator() - Method in class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
-
Returns an
Iterator
ofClientRegistration
. - iterator() - Method in class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository
-
Returns an
Iterator
ofClientRegistration
. - iterator() - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
- iterator() - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
J
- J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.j2ee
-
Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling
HttpServletRequest.isUserInRole(String)
) intoGrantedAuthority
s and stores these in the authentication details object. - J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- j2eeMappableRoles - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
The role attributes returned by the configured
MappableAttributesRetriever
- j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Allows specifying the
J2eePreAuthenticatedProcessingFilter
to use. - J2eePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.j2ee
-
This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE container-based authentication mechanism.
- J2eePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
- j2eeUserRoles2GrantedAuthoritiesMapper - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- JaasApiIntegrationFilter - Class in org.springframework.security.web.jaasapi
-
A
Filter
which attempts to obtain a JAASSubject
and continue theFilterChain
running as thatSubject
. - JaasApiIntegrationFilter() - Constructor for class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
- JaasAuthenticationCallbackHandler - Interface in org.springframework.security.authentication.jaas
-
The JaasAuthenticationCallbackHandler is similar to the javax.security.auth.callback.CallbackHandler interface in that it defines a handle method.
- JaasAuthenticationEvent - Class in org.springframework.security.authentication.jaas.event
-
Parent class for events fired by the
JaasAuthenticationProvider
. - JaasAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationEvent
-
The Authentication object is stored as the ApplicationEvent 'source'.
- JaasAuthenticationFailedEvent - Class in org.springframework.security.authentication.jaas.event
-
Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time.
- JaasAuthenticationFailedEvent(Authentication, Exception) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent
- JaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
-
An
AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration. - JaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- JaasAuthenticationSuccessEvent - Class in org.springframework.security.authentication.jaas.event
-
Fired by the
JaasAuthenticationProvider
after successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters. - JaasAuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent
- JaasAuthenticationToken - Class in org.springframework.security.authentication.jaas
-
UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the user was logged into
- JaasAuthenticationToken(Object, Object, List<GrantedAuthority>, LoginContext) - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationToken
- JaasAuthenticationToken(Object, Object, LoginContext) - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationToken
- JaasGrantedAuthority - Class in org.springframework.security.authentication.jaas
-
GrantedAuthority
which, in addition to the assigned role, holds the principal that anAuthorityGranter
used as a reason to grant this authority. - JaasGrantedAuthority(String, Principal) - Constructor for class org.springframework.security.authentication.jaas.JaasGrantedAuthority
- JaasNameCallbackHandler - Class in org.springframework.security.authentication.jaas
-
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
- JaasNameCallbackHandler() - Constructor for class org.springframework.security.authentication.jaas.JaasNameCallbackHandler
- JaasPasswordCallbackHandler - Class in org.springframework.security.authentication.jaas
-
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
- JaasPasswordCallbackHandler() - Constructor for class org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
- JDBC_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
- JdbcAclService - Class in org.springframework.security.acls.jdbc
-
Simple JDBC-based implementation of
AclService
. - JdbcAclService(DataSource, LookupStrategy) - Constructor for class org.springframework.security.acls.jdbc.JdbcAclService
- JdbcAclService(JdbcOperations, LookupStrategy) - Constructor for class org.springframework.security.acls.jdbc.JdbcAclService
- jdbcAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Add JDBC authentication to the
AuthenticationManagerBuilder
and return aJdbcUserDetailsManagerConfigurer
to allow customization of the JDBC authentication. - JdbcDaoImpl - Class in org.springframework.security.core.userdetails.jdbc
-
UserDetailsService implementation which retrieves the user details (username, password, enabled flag, and authorities) from a database using JDBC queries.
- JdbcDaoImpl() - Constructor for class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- JdbcMutableAclService - Class in org.springframework.security.acls.jdbc
-
Provides a base JDBC implementation of
MutableAclService
. - JdbcMutableAclService(DataSource, LookupStrategy, AclCache) - Constructor for class org.springframework.security.acls.jdbc.JdbcMutableAclService
- JdbcOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
-
A JDBC implementation of an
OAuth2AuthorizedClientService
that uses aJdbcOperations
forOAuth2AuthorizedClient
persistence. - JdbcOAuth2AuthorizedClientService(JdbcOperations, ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
-
Constructs a
JdbcOAuth2AuthorizedClientService
using the provided parameters. - JdbcOAuth2AuthorizedClientService(JdbcOperations, ClientRegistrationRepository, LobHandler) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
-
Constructs a
JdbcOAuth2AuthorizedClientService
using the provided parameters. - JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder - Class in org.springframework.security.oauth2.client
-
A holder for an
OAuth2AuthorizedClient
and End-UserAuthentication
(Resource Owner). - JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper - Class in org.springframework.security.oauth2.client
-
The default
Function
that mapsJdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
to aList
ofSqlParameterValue
. - JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper - Class in org.springframework.security.oauth2.client
- JdbcOneTimeTokenService - Class in org.springframework.security.authentication.ott
-
A JDBC implementation of an
OneTimeTokenService
that uses aJdbcOperations
forOneTimeToken
persistence. - JdbcOneTimeTokenService(JdbcOperations) - Constructor for class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
-
Constructs a
JdbcOneTimeTokenService
using the provide parameters. - jdbcOperations - Variable in class org.springframework.security.acls.jdbc.JdbcAclService
- jdbcOperations - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- JdbcTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme
-
JDBC based persistent login token repository implementation.
- JdbcTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- JdbcUserDetailsManager - Class in org.springframework.security.provisioning
-
Jdbc user management service, based on the same table structure as its parent class, JdbcDaoImpl.
- JdbcUserDetailsManager() - Constructor for class org.springframework.security.provisioning.JdbcUserDetailsManager
- JdbcUserDetailsManager(DataSource) - Constructor for class org.springframework.security.provisioning.JdbcUserDetailsManager
- JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
-
Configures an
AuthenticationManagerBuilder
to have JDBC authentication. - JdbcUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
- JdbcUserDetailsManagerConfigurer(JdbcUserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
- JdbcUserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
- JdbcUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
- jee() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.jee(Customizer)
orjee(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - jee(Customizer<JeeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures container based pre authentication.
- JEE - Static variable in class org.springframework.security.config.Elements
- JeeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds support for J2EE pre authentication.
- JeeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Creates a new instance
- JKU - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
jku
- the JWK Set URL header is a URI that refers to a resource for a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign a JWS or encrypt a JWE - JoseHeaderNames - Class in org.springframework.security.oauth2.jwt
-
The Registered Header Parameter Names defined by the JSON Web Token (JWT), JSON Web Signature (JWS) and JSON Web Encryption (JWE) specifications that may be contained in the JOSE Header of a JWT.
- JspAuthorizeTag - Class in org.springframework.security.taglibs.authz
-
A JSP
Tag
implementation ofAbstractAuthorizeTag
. - JspAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.JspAuthorizeTag
- jsr250() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the JSR-250 annotations
- jsr250(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the JSR-250 annotations
- jsr250(Jsr250AuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the JSR-250 annotations
- JSR250 - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- Jsr250AuthorizationManager - Class in org.springframework.security.authorization.method
-
An
AuthorizationManager
which can determine if anAuthentication
may invoke theMethodInvocation
by evaluating if theAuthentication
contains a specified authority from the JSR-250 security annotations. - Jsr250AuthorizationManager() - Constructor for class org.springframework.security.authorization.method.Jsr250AuthorizationManager
- Jsr250AuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
- jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
-
Deprecated.Determines if JSR-250 annotations should be enabled.
- jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
-
Determines if JSR-250 annotations should be enabled.
- Jsr250MethodSecurityMetadataSource - Class in org.springframework.security.access.annotation
-
Deprecated.Use
Jsr250AuthorizationManager
instead - Jsr250MethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
-
Deprecated.
- Jsr250SecurityConfig - Class in org.springframework.security.access.annotation
-
Deprecated.
- Jsr250SecurityConfig(String) - Constructor for class org.springframework.security.access.annotation.Jsr250SecurityConfig
-
Deprecated.
- Jsr250Voter - Class in org.springframework.security.access.annotation
-
Deprecated.Use
Jsr250AuthorizationManager
instead - Jsr250Voter() - Constructor for class org.springframework.security.access.annotation.Jsr250Voter
-
Deprecated.
- jti(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this id to identify the resulting
OidcLogoutToken
- jti(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this identifier in the resulting
Jwt
- JTI - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
jti
- the JTI identifier - JTI - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
jti
- The identifier for the token - JTI - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
jti
- The JWT ID claim provides a unique identifier for the JWT - JwaAlgorithm - Interface in org.springframework.security.oauth2.jose
-
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents and JSON Web Encryption (JWE) to encrypt the contents.
- jwk(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
- JWK - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
jwk
- the JSON Web Key header is the public key that corresponds to the key used to digitally sign a JWS or encrypt a JWE - jwkSetUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
- jwkSetUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
-
Configures a
ReactiveJwtDecoder
using JSON Web Key (JWK) URL - jwkSetUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the uri for the JSON Web Key (JWK) Set endpoint.
- jwkSetUrl(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
- jwsAlgorithm(JwsAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
-
Use the given signing algorithm.
- jwsAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Append the given signing algorithm to the set of algorithms to use.
- jwsAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
-
Append the given signing algorithm to the set of algorithms to use.
- JwsAlgorithm - Interface in org.springframework.security.oauth2.jose.jws
-
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
- jwsAlgorithms(Consumer<Set<SignatureAlgorithm>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Configure the list of algorithms to use with the given
Consumer
. - jwsAlgorithms(Consumer<Set<SignatureAlgorithm>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
-
Configure the list of algorithms to use with the given
Consumer
. - JwsAlgorithms - Class in org.springframework.security.oauth2.jose.jws
-
The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
- JwsHeader - Class in org.springframework.security.oauth2.jwt
-
The JSON Web Signature (JWS) header is a JSON object representing the header parameters of a JSON Web Token, that describe the cryptographic operations used to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
- JwsHeader.Builder - Class in org.springframework.security.oauth2.jwt
-
A builder for
JwsHeader
. - jwt() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2ResourceServerConfigurer.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - jwt() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer)
orjwt(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - jwt() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that has aJwtAuthenticationToken
for theAuthentication
and aJwt
for theAuthentication.getPrincipal()
. - jwt(Consumer<Jwt.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Use the given
Jwt.Builder
Consumer
to configure the underlyingJwt
This method first creates a defaultJwt.Builder
instance with default values for thealg
,sub
, andscope
claims. - jwt(Consumer<Jwt.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Use the given
Jwt.Builder
Consumer
to configure the underlyingJwt
This method first creates a defaultJwt.Builder
instance with default values for thealg
,sub
, andscope
claims. - jwt(Customizer<RSocketSecurity.JwtSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
-
Enables Jwt-encoded bearer token support.
- jwt(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Enables JWT Resource Server support.
- jwt(Jwt) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Use the given
Jwt
- jwt(Jwt) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Use the given
Jwt
- Jwt - Class in org.springframework.security.oauth2.jwt
-
An implementation of an
AbstractOAuth2Token
representing a JSON Web Token (JWT). - Jwt(String, Instant, Instant, Map<String, Object>, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.jwt.Jwt
-
Constructs a
Jwt
using the provided parameters. - JWT - Static variable in class org.springframework.security.config.Elements
- JWT_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where JWT based authentication is performed.
- JWT_BEARER - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- Jwt.Builder - Class in org.springframework.security.oauth2.jwt
-
Helps configure a
Jwt
- jwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
- jwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- JwtAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication
- JwtAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
- JwtAuthenticationProvider - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
AuthenticationProvider
implementation of theJwt
-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers. - JwtAuthenticationProvider(JwtDecoder) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
- JwtAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication
- JwtAuthenticationToken(Jwt) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
-
Constructs a
JwtAuthenticationToken
using the provided parameters. - JwtAuthenticationToken(Jwt, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
-
Constructs a
JwtAuthenticationToken
using the provided parameters. - JwtAuthenticationToken(Jwt, Collection<? extends GrantedAuthority>, String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
-
Constructs a
JwtAuthenticationToken
using the provided parameters. - JwtBearerGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
A JWT Bearer Grant request that holds a
Jwt
assertion. - JwtBearerGrantRequest(ClientRegistration, Jwt) - Constructor for class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest
-
Constructs a
JwtBearerGrantRequest
using the provided parameters. - JwtBearerGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
DefaultOAuth2TokenRequestParametersConverter
instead - JwtBearerGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter
-
Deprecated.
- JwtBearerOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for thejwt-bearer
grant. - JwtBearerOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
- JwtBearerReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
ReactiveOAuth2AuthorizedClientProvider
for thejwt-bearer
grant. - JwtBearerReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
- JwtBearerTokenAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication
- JwtBearerTokenAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter
- JwtClaimAccessor - Interface in org.springframework.security.oauth2.jwt
-
A
ClaimAccessor
for the "claims" that may be contained in the JSON object JWT Claims Set of a JSON Web Token (JWT). - JwtClaimNames - Class in org.springframework.security.oauth2.jwt
-
The Registered Claim Names defined by the JSON Web Token (JWT) specification that may be contained in the JSON object JWT Claims Set.
- JwtClaimsSet - Class in org.springframework.security.oauth2.jwt
-
The
JWT
Claims Set is a JSON object representing the claims conveyed by a JSON Web Token. - JwtClaimsSet.Builder - Class in org.springframework.security.oauth2.jwt
-
A builder for
JwtClaimsSet
. - JwtClaimValidator<T> - Class in org.springframework.security.oauth2.jwt
- JwtClaimValidator(String, Predicate<T>) - Constructor for class org.springframework.security.oauth2.jwt.JwtClaimValidator
-
Constructs a
JwtClaimValidator
using the provided parameters - jwtDecoder(ReactiveJwtDecoder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
-
Configures the
ReactiveJwtDecoder
to use - JwtDecoder - Interface in org.springframework.security.oauth2.jwt
-
Implementations of this interface are responsible for "decoding" a JSON Web Token (JWT) from its compact claims representation format to a
Jwt
. - JwtDecoderFactory<C> - Interface in org.springframework.security.oauth2.jwt
-
A factory for
JwtDecoder
(s). - JwtDecoderInitializationException - Exception in org.springframework.security.oauth2.jwt
-
An exception thrown when a
JwtDecoder
orReactiveJwtDecoder
's lazy initialization fails. - JwtDecoderInitializationException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtDecoderInitializationException
- JwtDecoders - Class in org.springframework.security.oauth2.jwt
-
Allows creating a
JwtDecoder
from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked. - JwtEncoder - Interface in org.springframework.security.oauth2.jwt
-
Implementations of this interface are responsible for encoding a JSON Web Token (JWT) to it's compact claims representation format.
- JwtEncoderParameters - Class in org.springframework.security.oauth2.jwt
-
A holder of parameters containing the JWS headers and JWT Claims Set.
- JwtEncodingException - Exception in org.springframework.security.oauth2.jwt
-
This exception is thrown when an error occurs while attempting to encode a JSON Web Token (JWT).
- JwtEncodingException(String) - Constructor for exception org.springframework.security.oauth2.jwt.JwtEncodingException
-
Constructs a
JwtEncodingException
using the provided parameters. - JwtEncodingException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtEncodingException
-
Constructs a
JwtEncodingException
using the provided parameters. - JwtException - Exception in org.springframework.security.oauth2.jwt
-
Base exception for all JSON Web Token (JWT) related errors.
- JwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.JwtException
-
Constructs a
JwtException
using the provided parameters. - JwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtException
-
Constructs a
JwtException
using the provided parameters. - JwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication
-
Extracts the
GrantedAuthority
s from scope attributes typically found in aJwt
. - JwtGrantedAuthoritiesConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
- JwtIssuerAuthenticationManagerResolver - Class in org.springframework.security.oauth2.server.resource.authentication
-
An implementation of
AuthenticationManagerResolver
that resolves a JWT-basedAuthenticationManager
based on the Issuer in a signed JWT (JWS). - JwtIssuerAuthenticationManagerResolver(String...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Deprecated, for removal: This API element is subject to removal in a future version.
- JwtIssuerAuthenticationManagerResolver(Collection<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Deprecated, for removal: This API element is subject to removal in a future version.
- JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Construct a
JwtIssuerAuthenticationManagerResolver
using the provided parameters Note that theAuthenticationManagerResolver
provided in this constructor will need to verify that the issuer is trusted. - JwtIssuerReactiveAuthenticationManagerResolver - Class in org.springframework.security.oauth2.server.resource.authentication
-
An implementation of
ReactiveAuthenticationManagerResolver
that resolves a JWT-basedReactiveAuthenticationManager
based on the Issuer in a signed JWT (JWS). - JwtIssuerReactiveAuthenticationManagerResolver(String...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Deprecated, for removal: This API element is subject to removal in a future version.
- JwtIssuerReactiveAuthenticationManagerResolver(Collection<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Deprecated, for removal: This API element is subject to removal in a future version.
- JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Construct a
JwtIssuerReactiveAuthenticationManagerResolver
using the provided parameters Note that theReactiveAuthenticationManagerResolver
provided in this constructor will need to verify that the issuer is trusted. - JwtIssuerValidator - Class in org.springframework.security.oauth2.jwt
-
Validates the "iss" claim in a
Jwt
, that is matches a configured value - JwtIssuerValidator(String) - Constructor for class org.springframework.security.oauth2.jwt.JwtIssuerValidator
-
Constructs a
JwtIssuerValidator
using the provided parameters - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusReactiveJwtDecoder
. - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusReactiveJwtDecoder
. - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusJwtDecoder
. - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusJwtDecoder
. - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusJwtDecoder
. - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusReactiveJwtDecoder
. - jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
-
Use the given
Consumer
to customize theConfigurableJWTProcessor
before passing it to the buildNimbusReactiveJwtDecoder
. - JwtReactiveAuthenticationManager - Class in org.springframework.security.oauth2.server.resource.authentication
-
A
ReactiveAuthenticationManager
for Jwt tokens. - JwtReactiveAuthenticationManager(ReactiveJwtDecoder) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
- JwtSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- JwtTimestampValidator - Class in org.springframework.security.oauth2.jwt
-
An implementation of
OAuth2TokenValidator
for verifying claims in a Jwt-based access token - JwtTimestampValidator() - Constructor for class org.springframework.security.oauth2.jwt.JwtTimestampValidator
-
A basic instance with no custom verification and the default max clock skew
- JwtTimestampValidator(Duration) - Constructor for class org.springframework.security.oauth2.jwt.JwtTimestampValidator
- JwtValidationException - Exception in org.springframework.security.oauth2.jwt
-
An exception that results from an unsuccessful
OAuth2TokenValidatorResult
- JwtValidationException(String, Collection<OAuth2Error>) - Constructor for exception org.springframework.security.oauth2.jwt.JwtValidationException
-
Constructs a
JwtValidationException
using the provided parameters While eachOAuth2Error
does contain an error description, this constructor can take an overarching description that encapsulates the composition of failures That said, it is appropriate to pass one of the messages from the error list in as the exception description, for example: - JwtValidators - Class in org.springframework.security.oauth2.jwt
-
Provides factory methods for creating
OAuth2TokenValidator<Jwt>
K
- key(String) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the key to identify tokens created for anonymous authentication.
- key(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Sets the key to identify tokens created for remember me authentication.
- key(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the key to identify tokens created for anonymous authentication.
- KeyBasedPersistenceTokenService - Class in org.springframework.security.core.token
-
Basic implementation of
TokenService
that is compatible with clusters and across machine restarts, without requiring database persistence. - KeyBasedPersistenceTokenService() - Constructor for class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- KeyGenerators - Class in org.springframework.security.crypto.keygen
-
Factory for commonly used key generators.
- keyId(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the key ID that is a hint indicating which key was used to secure the JWS or JWE.
- KeyStoreKeyFactory - Class in org.springframework.security.crypto.encrypt
- KeyStoreKeyFactory(Resource, char[]) - Constructor for class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
- KeyStoreKeyFactory(Resource, char[], String) - Constructor for class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
- KID - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
kid
- the key ID header is a hint indicating which key was used to secure a JWS or JWE
L
- label(String) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- LAST - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- LAST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- lastUsed(Instant) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- LazyCsrfTokenRepository - Class in org.springframework.security.web.csrf
-
Deprecated.
- LazyCsrfTokenRepository(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Deprecated.Creates a new instance
- LDAP_AUTHORITIES_POPULATOR_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- LDAP_PASSWORD_COMPARE - Static variable in class org.springframework.security.config.Elements
- LDAP_PROVIDER - Static variable in class org.springframework.security.config.Elements
- LDAP_SEARCH_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- LDAP_SERVER - Static variable in class org.springframework.security.config.Elements
- LDAP_USER_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- LDAP_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
- ldapAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Add LDAP authentication to the
AuthenticationManagerBuilder
and return aLdapAuthenticationProviderConfigurer
to allow customization of the LDAP authentication. - LdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication
-
An
AuthenticationProvider
implementation that authenticates against an LDAP server. - LdapAuthenticationProvider(LdapAuthenticator) - Constructor for class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
-
Creates an instance with the supplied authenticator and a null authorities populator.
- LdapAuthenticationProvider(LdapAuthenticator, LdapAuthoritiesPopulator) - Constructor for class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
-
Create an instance with the supplied authenticator and authorities populator implementations.
- LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.ldap
-
Configures LDAP
AuthenticationProvider
in theProviderManagerBuilder
. - LdapAuthenticationProviderConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
- LdapAuthenticationProviderConfigurer.ContextSourceBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.ldap
-
Allows building a
BaseLdapPathContextSource
and optionally creating an embedded LDAP instance. - LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer - Class in org.springframework.security.config.annotation.authentication.configurers.ldap
-
Sets up Password based comparison
- LdapAuthenticator - Interface in org.springframework.security.ldap.authentication
-
The strategy interface for locating and authenticating an Ldap user.
- ldapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the
LdapAuthoritiesPopulator
. - LdapAuthoritiesPopulator - Interface in org.springframework.security.ldap.userdetails
-
Obtains a list of granted authorities for an Ldap user.
- LdapAuthority - Class in org.springframework.security.ldap.userdetails
-
An authority that contains at least a DN and a role name for an LDAP entry but can also contain other desired attributes to be fetched during an LDAP authority search.
- LdapAuthority(String, String) - Constructor for class org.springframework.security.ldap.userdetails.LdapAuthority
-
Constructs an LdapAuthority that has a role and a DN but no other attributes
- LdapAuthority(String, String, Map<String, List<String>>) - Constructor for class org.springframework.security.ldap.userdetails.LdapAuthority
-
Constructs an LdapAuthority with the given role, DN and other LDAP attributes
- LdapBindAuthenticationManagerFactory - Class in org.springframework.security.config.ldap
-
Creates an
AuthenticationManager
that can perform LDAP authentication using bind authentication. - LdapBindAuthenticationManagerFactory(BaseLdapPathContextSource) - Constructor for class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
- LdapJackson2Module - Class in org.springframework.security.ldap.jackson2
-
Jackson module for
spring-security-ldap
. - LdapJackson2Module() - Constructor for class org.springframework.security.ldap.jackson2.LdapJackson2Module
- LdapPasswordComparisonAuthenticationManagerFactory - Class in org.springframework.security.config.ldap
-
Creates an
AuthenticationManager
that can perform LDAP authentication using password comparison. - LdapPasswordComparisonAuthenticationManagerFactory(BaseLdapPathContextSource, PasswordEncoder) - Constructor for class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
- LdapProviderBeanDefinitionParser - Class in org.springframework.security.config.ldap
-
Ldap authentication provider namespace configuration.
- LdapProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
- LdapServerBeanDefinitionParser - Class in org.springframework.security.config.ldap
- LdapServerBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
- LdapShaPasswordEncoder - Class in org.springframework.security.crypto.password
-
Deprecated.Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure. - LdapShaPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.LdapShaPasswordEncoder
-
Deprecated.
- LdapShaPasswordEncoder(BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.password.LdapShaPasswordEncoder
-
Deprecated.
- LdapUserDetails - Interface in org.springframework.security.ldap.userdetails
-
Captures the information for a user's LDAP entry.
- LdapUserDetailsImpl - Class in org.springframework.security.ldap.userdetails
-
A UserDetails implementation which is used internally by the Ldap services.
- LdapUserDetailsImpl() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- LdapUserDetailsImpl.Essence - Class in org.springframework.security.ldap.userdetails
-
Variation of essence pattern.
- LdapUserDetailsManager - Class in org.springframework.security.ldap.userdetails
-
An Ldap implementation of UserDetailsManager.
- LdapUserDetailsManager(ContextSource) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- LdapUserDetailsMapper - Class in org.springframework.security.ldap.userdetails
-
The context mapper used by the LDAP authentication provider to create an LDAP user object.
- LdapUserDetailsMapper() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
- LdapUserDetailsService - Class in org.springframework.security.ldap.userdetails
-
LDAP implementation of UserDetailsService based around an
LdapUserSearch
and anLdapAuthoritiesPopulator
. - LdapUserDetailsService(LdapUserSearch) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsService
- LdapUserDetailsService(LdapUserSearch, LdapAuthoritiesPopulator) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsService
- LdapUsernameToDnMapper - Interface in org.springframework.security.ldap
-
Constructs an Ldap Distinguished Name from a username.
- LdapUserSearch - Interface in org.springframework.security.ldap.search
-
Obtains a user's information from the LDAP directory given a login name.
- LdapUserServiceBeanDefinitionParser - Class in org.springframework.security.config.ldap
- LdapUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- LdapUtils - Class in org.springframework.security.ldap
-
LDAP Utility methods.
- ldif(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
Specifies an ldif to load at startup for an embedded LDAP server.
- ListeningSecurityContextHolderStrategy - Class in org.springframework.security.core.context
-
An API for notifying when the
SecurityContext
changes. - ListeningSecurityContextHolderStrategy(Collection<SecurityContextChangedListener>) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Construct a
ListeningSecurityContextHolderStrategy
based onThreadLocalSecurityContextHolderStrategy
- ListeningSecurityContextHolderStrategy(SecurityContextChangedListener...) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Construct a
ListeningSecurityContextHolderStrategy
based onThreadLocalSecurityContextHolderStrategy
- ListeningSecurityContextHolderStrategy(SecurityContextHolderStrategy, Collection<SecurityContextChangedListener>) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Construct a
ListeningSecurityContextHolderStrategy
- ListeningSecurityContextHolderStrategy(SecurityContextHolderStrategy, SecurityContextChangedListener...) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Construct a
ListeningSecurityContextHolderStrategy
- load(HttpServletRequest) - Method in class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository
- load(HttpServletRequest) - Method in interface org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsRepository
-
Gets a saved
PublicKeyCredentialRequestOptions
if it exists, otherwise null. - load(HttpServletRequest) - Method in class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository
- load(HttpServletRequest) - Method in interface org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsRepository
-
Gets a saved
PublicKeyCredentialCreationOptions
if it exists, otherwise null. - load(MvcResult) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
- load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
- load(ServerWebExchange) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository
-
Loads the SecurityContext associated with the
ServerWebExchange
- load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- loadAuthenticationRequest(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
- loadAuthenticationRequest(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository
-
Loads the
AbstractSaml2AuthenticationRequest
from the request - loadAuthorizationRequest(HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
-
Returns the
OAuth2AuthorizationRequest
associated to the providedHttpServletRequest
ornull
if not available. - loadAuthorizationRequest(HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
- loadAuthorizationRequest(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository
-
Returns the
OAuth2AuthorizationRequest
associated to the providedHttpServletRequest
ornull
if not available. - loadAuthorizationRequest(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
- loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
- loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
- loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- loadAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
-
Returns the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-User'sPrincipal
name ornull
if not available. - loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- loadAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
-
Returns the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-User'sPrincipal
name ornull
if not available. - loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
- loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
- loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
-
Returns the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-UserAuthentication
(Resource Owner) ornull
if not available. - loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
- loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository
-
Returns the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-UserAuthentication
(Resource Owner) ornull
if not available. - loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
- loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
- loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Gets the security context for the current request (if available) and returns it.
- loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
- loadContext(HttpRequestResponseHolder) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Deprecated.
- loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
- loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
- loadDeferredContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Defers loading the
SecurityContext
using theHttpServletRequest
until it is needed by the application. - loadDeferredToken(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
-
Defers loading the
CsrfToken
using theHttpServletRequest
andHttpServletResponse
until it is needed by the application. - loadGroupAuthorities(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Loads authorities by executing the SQL from groupAuthoritiesByUsernameQuery.
- loadLogoutRequest(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
-
Returns the
Saml2LogoutRequest
associated to the providedHttpServletRequest
ornull
if not available. - loadLogoutRequest(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
-
Returns the
Saml2LogoutRequest
associated to the providedHttpServletRequest
ornull
if not available. - loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- loadToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
-
Loads the expected
CsrfToken
from theHttpServletRequest
- loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Deprecated.Delegates to the injected
CsrfTokenRepository
- loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- loadToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
-
Loads the expected
CsrfToken
from theServerWebExchange
- loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- loadUser(OidcUserRequest) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
- loadUser(OidcUserRequest) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
- loadUser(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
- loadUser(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
- loadUser(R) - Method in class org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService
- loadUser(R) - Method in interface org.springframework.security.oauth2.client.userinfo.OAuth2UserService
-
Returns an
OAuth2User
after obtaining the user attributes of the End-User from the UserInfo Endpoint. - loadUser(R) - Method in interface org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService
-
Returns an
OAuth2User
after obtaining the user attributes of the End-User from the UserInfo Endpoint. - loadUserAuthorities(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Loads authorities by executing the SQL from authoritiesByUsernameQuery.
- loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
-
Creates the user authority list from the values of the
memberOf
attribute obtained from the user's Active Directory entry. - loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
- loadUserByAssertion(Assertion) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
-
Template method for retrieving the UserDetails based on the assertion.
- loadUserByUsername(String) - Method in class org.springframework.security.authentication.CachingUserDetailsService
- loadUserByUsername(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- loadUserByUsername(String) - Method in interface org.springframework.security.core.userdetails.UserDetailsService
-
Locates the user based on the username.
- loadUserByUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- loadUserByUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsService
- loadUserByUsername(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- loadUserDetails(Assertion) - Method in class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
-
Protected template method for construct a
UserDetails
via the supplied CAS assertion. - loadUserDetails(Assertion) - Method in class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService
- loadUserDetails(CasAssertionAuthenticationToken) - Method in class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
- loadUserDetails(PreAuthenticatedAuthenticationToken) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
-
Get a UserDetails object based on the user name contained in the given token, and the GrantedAuthorities as returned by the GrantedAuthoritiesContainer implementation as returned by the token.getDetails() method.
- loadUserDetails(T) - Method in interface org.springframework.security.core.userdetails.AuthenticationUserDetailsService
- loadUserDetails(T) - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
-
Get the UserDetails object from the wrapped UserDetailsService implementation
- loadUsersByUsername(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.
- loadUsersByUsername(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
-
Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.
- lobHandler - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- lobHandler - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- locale(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this locale in the resulting
OidcUserInfo
- LOCALE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
locale
- the user's locale - locality(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the city or locality.
- location(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this location for the SAML 2.0 logout endpoint By default, the asserting party's endpoint is used
- location(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this location for the SAML 2.0 logout endpoint By default, the asserting party's endpoint is used
- LockedException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the account is locked.
- LockedException(String) - Constructor for exception org.springframework.security.authentication.LockedException
-
Constructs a
LockedException
with the specified message. - LockedException(String, Throwable) - Constructor for exception org.springframework.security.authentication.LockedException
-
Constructs a
LockedException
with the specified message and root cause. - log - Static variable in class org.springframework.security.acls.jdbc.JdbcAclService
- log - Variable in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- log - Static variable in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- log - Variable in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Logger for use by subclasses
- logger - Variable in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- logger - Variable in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
-
Deprecated.
- logger - Variable in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- logger - Static variable in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- logger - Static variable in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
-
Deprecated.
- logger - Variable in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
-
Deprecated.
- logger - Variable in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
-
Deprecated.
- logger - Variable in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
-
Deprecated.
- logger - Variable in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- logger - Static variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
- logger - Static variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- logger - Variable in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- logger - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- logger - Variable in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
- logger - Variable in class org.springframework.security.core.session.SessionRegistryImpl
- logger - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- logger - Variable in class org.springframework.security.ldap.DefaultSpringSecurityContextSource
- logger - Variable in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
- logger - Variable in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- logger - Variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
- logger - Static variable in class org.springframework.security.taglibs.authz.AccessControlListTag
- logger - Static variable in class org.springframework.security.web.access.AccessDeniedHandlerImpl
- logger - Variable in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- logger - Static variable in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Deprecated.
- logger - Variable in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- logger - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- logger - Variable in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- logger - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- logger - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- logger - Variable in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- logger - Variable in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
- logger - Variable in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- logger - Variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- logger - Variable in class org.springframework.security.web.DefaultRedirectStrategy
- logger - Variable in class org.springframework.security.web.savedrequest.CookieRequestCache
- logger - Static variable in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- logger - Variable in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- logger - Variable in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- LOGGER - Variable in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
-
Deprecated.since 5.4 in favor of
AbstractMessageMatcherComposite.logger
- LoggerListener - Class in org.springframework.security.access.event
-
Deprecated.Logging is now embedded in Spring Security components. If you need further logging, please consider using your own
ApplicationListener
- LoggerListener - Class in org.springframework.security.authentication.event
-
Outputs authentication-related application events to Commons Logging.
- LoggerListener() - Constructor for class org.springframework.security.access.event.LoggerListener
-
Deprecated.
- LoggerListener() - Constructor for class org.springframework.security.authentication.event.LoggerListener
- logIfNeeded(boolean, AccessControlEntry) - Method in interface org.springframework.security.acls.domain.AuditLogger
- logIfNeeded(boolean, AccessControlEntry) - Method in class org.springframework.security.acls.domain.ConsoleAuditLogger
- login() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Authenticate the
Subject
(phase one) by extracting the Spring SecurityAuthentication
from the currentSecurityContext
. - LOGIN_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- LoginExceptionResolver - Interface in org.springframework.security.authentication.jaas
-
The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve LoginModule specific exceptions to Spring Security AuthenticationExceptions.
- loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- loginFail(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
- loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies the URL to send users to if login is required.
- loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
-
Specifies the URL to send users to if login is required.
- loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
- loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.
- loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Specifies the URL to send users to if login is required.
- LoginPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
-
Generates a default log in page used for authenticating users.
- LoginPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies the URL to validate the credentials.
- loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Specifies the URL to process the login request, defaults to
/login/ott
. - loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Specifies the URL to validate the credentials.
- loginProcessingUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Specifies the URL to process the login request, defaults to
/login/ott
. - loginProcessingUrl(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
Specifies the URL to POST to.
- loginProcessingUrl(String, Object...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
Specifies the URL to POST to.
- loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Called whenever an interactive authentication attempt is successful.
- loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
Called whenever an interactive authentication attempt is successful.
- LoginUrlAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
-
Used by the
ExceptionTranslationFilter
to commence a form login authentication via theUsernamePasswordAuthenticationFilter
. - LoginUrlAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- logout() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Log out the
Subject
. - logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - logout() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.logout(Customizer)
orlogout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - logout() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
-
Creates a logout request.
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutHandler
-
Causes a logout to be completed.
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
Requires the request to be passed in.
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Implementation of
LogoutHandler
. - logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.csrf.CsrfLogoutHandler
-
Clears the
CsrfToken
- logout(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
-
Creates a logout request (including any necessary
CsrfToken
) to the specifiedlogoutUrl
- logout(Customizer<LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Provides logout support.
- logout(Customizer<ServerHttpSecurity.LogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures log out.
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutHandler
-
Invoked when log out is requested
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler
- logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
-
Clears the
CsrfToken
- LOGOUT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- LOGOUT - Static variable in class org.springframework.security.config.Elements
- LOGOUT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds logout support.
- LogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Creates a new instance
- LogoutFilter - Class in org.springframework.security.web.authentication.logout
-
Logs a principal out.
- LogoutFilter(String, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
- LogoutFilter(LogoutSuccessHandler, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
-
Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.
- logoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
-
Configure what and how per-session logout will be performed.
- logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
-
Configures the logout handler.
- logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
-
Configure what and how per-session logout will be performed.
- LogoutHandler - Interface in org.springframework.security.web.authentication.logout
-
Indicates a class that is able to participate in logout handling.
- LogoutPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
-
Generates a default log out page.
- LogoutPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
- logoutRequest() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
Saml2LogoutConfigurer.logoutRequest(Customizer)
orlogoutRequest(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - logoutRequest(Customizer<Saml2LogoutConfigurer.LogoutRequestConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Configures SAML 2.0 Logout Request components
- logoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
The RequestMatcher that triggers log out to occur.
- logoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
-
Use this
Saml2LogoutRequestRepository
for storing logout requests - logoutRequestResolver(Saml2LogoutRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
-
Use this
Saml2LogoutRequestResolver
for producing a logout request to send to the asserting party - logoutRequestValidator(Saml2LogoutRequestValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
-
Use this
LogoutHandler
for processing a logout request from the asserting party - logoutResponse() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
Saml2LogoutConfigurer.logoutResponse(Customizer)
orlogoutResponse(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - logoutResponse(Customizer<Saml2LogoutConfigurer.LogoutResponseConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Configures SAML 2.0 Logout Response components
- logoutResponseResolver(Saml2LogoutResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
-
Use this
Saml2LogoutRequestResolver
for producing a logout response to send to the asserting party - logoutResponseValidator(Saml2LogoutResponseValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
-
Use this
LogoutHandler
for processing a logout response from the asserting party - LogoutSuccessEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates successful logout
- LogoutSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.LogoutSuccessEvent
- LogoutSuccessEventPublishingLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
A logout handler which publishes
LogoutSuccessEvent
- LogoutSuccessEventPublishingLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
- logoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Sets the
LogoutSuccessHandler
to use. - logoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
- LogoutSuccessHandler - Interface in org.springframework.security.web.authentication.logout
-
Strategy that is called after a successful logout by the
LogoutFilter
, to handle redirection or forwarding to the appropriate destination. - logoutSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
The URL to redirect to after logout has occurred.
- LogoutTokenClaimAccessor - Interface in org.springframework.security.oauth2.client.oidc.authentication.logout
-
A
ClaimAccessor
for the "claims" that can be returned in OIDC Logout Tokens - LogoutTokenClaimNames - Class in org.springframework.security.oauth2.client.oidc.authentication.logout
-
The names of the "claims" defined by the OpenID Back-Channel Logout 1.0 specification that can be returned in a Logout Token.
- logoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
-
Use this endpoint when invoking a back-channel logout.
- logoutUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
-
Use this endpoint when invoking a back-channel logout.
- logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
The URL that triggers log out to occur (default is "/logout").
- logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
-
The URL by which the asserting party can send a SAML 2.0 Logout Request
- logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
-
The URL by which the asserting party can send a SAML 2.0 Logout Response
- logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
The URL by which the relying or asserting party can trigger logout.
- logoutUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
-
Configures what URL a POST to will trigger a log out.
- logoutUrl(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
-
Specifies the logout URL to POST to.
- logoutUrl(String, Object...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
-
Specifies the logout URL to POST to.
- LogoutWebFilter - Class in org.springframework.security.web.server.authentication.logout
-
If the request matches, logs an authenticated user out by delegating to a
ServerLogoutHandler
. - LogoutWebFilter() - Constructor for class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
- lookupHttpPort(Integer) - Method in interface org.springframework.security.web.PortMapper
-
Locates the HTTP port associated with the specified HTTPS port.
- lookupHttpPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
- lookupHttpsPort(Integer) - Method in interface org.springframework.security.web.PortMapper
-
Locates the HTTPS port associated with the specified HTTP port.
- lookupHttpsPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
- LookupStrategy - Interface in org.springframework.security.acls.jdbc
-
Performs lookups for
AclService
.
M
- macAlgorithm(MacAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
-
Use the given algorithm when generating the MAC.
- macAlgorithm(MacAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
-
Use the given algorithm when generating the MAC.
- MacAlgorithm - Enum Class in org.springframework.security.oauth2.jose.jws
-
An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to create a MAC of the contents of the JWS Protected Header and JWS Payload.
- makeTokenSignature(long, String, String) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Calculates the digital signature to be put in the cookie.
- makeTokenSignature(long, String, String, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Calculates the digital signature to be put in the cookie.
- MALFORMED_REQUEST_DATA - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The serialized AuthNRequest could not be deserialized correctly.
- MALFORMED_RESPONSE_DATA - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The response data is malformed or incomplete.
- managerDn(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
Username (DN) of the "manager" user identity (i.e.
- managerPassword(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
The password for the manager DN.
- mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
- mapAuthorities(Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
- mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.authority.mapping.NullAuthoritiesMapper
- mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
-
Creates a mapping of the supplied authorities based on the case-conversion and prefix settings.
- MapBasedAttributes2GrantedAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping
-
This class implements the Attributes2GrantedAuthoritiesMapper and MappableAttributesRetriever interfaces based on the supplied Map.
- MapBasedAttributes2GrantedAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- MapBasedMethodSecurityMetadataSource - Class in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - MapBasedMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.
- MapBasedMethodSecurityMetadataSource(Map<String, List<ConfigAttribute>>) - Constructor for class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Creates the MapBasedMethodSecurityMetadataSource from a
- MappableAttributesRetriever - Interface in org.springframework.security.core.authority.mapping
-
Interface to be implemented by classes that can retrieve a list of mappable security attribute strings (for example the list of all available J2EE roles in a web or EJB application).
- mappableAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Specifies roles to use map from the
HttpServletRequest
to theUserDetails
. - mappableAuthorities(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Specifies roles to use map from the
HttpServletRequest
to theUserDetails
. - mappableRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Specifies roles to use map from the
HttpServletRequest
to theUserDetails
and automatically prefixes it with "ROLE_". - mapPassword(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
Extension point to allow customized creation of the user's password from the attribute stored in the directory.
- MappedJwtClaimSetConverter - Class in org.springframework.security.oauth2.jwt
-
Converts a JWT claim set, claim by claim.
- MappedJwtClaimSetConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
-
Constructs a
MappedJwtClaimSetConverter
with the provided arguments This will completely replace any set of default converters. - mappings(Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Allows to configure the
RequestMatcher
toAuthorizationManager
mappings. - MapPublicKeyCredentialUserEntityRepository - Class in org.springframework.security.web.webauthn.management
-
A
Map
based implementation ofPublicKeyCredentialUserEntityRepository
. - MapPublicKeyCredentialUserEntityRepository() - Constructor for class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository
- MapReactiveUserDetailsService - Class in org.springframework.security.core.userdetails
-
A
Map
based implementation ofReactiveUserDetailsService
- MapReactiveUserDetailsService(Collection<UserDetails>) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
-
Creates a new instance
- MapReactiveUserDetailsService(Map<String, UserDetails>) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
-
Creates a new instance using a
Map
that must be non blocking. - MapReactiveUserDetailsService(UserDetails...) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
-
Creates a new instance
- mapRow(ResultSet, int) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- mapsTo(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer.HttpPortMapping
-
Maps the given HTTP port to the provided HTTPS port and vice versa.
- MapUserCredentialRepository - Class in org.springframework.security.web.webauthn.management
-
A
Map
based implementation ofUserCredentialRepository
. - MapUserCredentialRepository() - Constructor for class org.springframework.security.web.webauthn.management.MapUserCredentialRepository
- mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper
- mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
- mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.PersonContextMapper
- mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper
-
Creates a fully populated UserDetails object for use by the security framework.
- mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper
- mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
- mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.PersonContextMapper
- mapUserToContext(UserDetails, DirContextAdapter) - Method in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper
-
Reverse of the above operation.
- mask - Variable in class org.springframework.security.acls.domain.AbstractPermission
- match() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
-
Creates an instance of
PayloadExchangeMatcher.MatchResult
that is a match with no variables - match() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Creates an instance of
ServerWebExchangeMatcher.MatchResult
that is a match with no variables - match() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Creates an instance of
RequestMatcher.MatchResult
that is a match with no variables - match(Map<String, ? extends Object>) - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
-
Creates an instance of
PayloadExchangeMatcher.MatchResult
that is a match with the specified variables - match(Map<String, Object>) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Creates an instance of
ServerWebExchangeMatcher.MatchResult
that is a match with the specified variables - match(Map<String, String>) - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Creates an instance of
RequestMatcher.MatchResult
that is a match with the specified variables - match(MvcResult) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
- matcher(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Returns a
RequestMatcher.MatchResult
for thisHttpServletRequest
. - matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
-
Returns a
RequestMatcher.MatchResult
for thisHttpServletRequest
. - matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ParameterRequestMatcher
- matcher(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher
-
Returns a MatchResult for this RequestMatcher The default implementation returns
Collections.emptyMap()
whenRequestMatcher.MatchResult.getVariables()
is invoked. - matcher(PayloadExchangeMatcher) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- matchers - Variable in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
- matchers(MessageMatcher<?>...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Maps a
List
ofMessageMatcher
instances to a security expression. - matchers(MessageMatcher<?>...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
Maps a
List
ofMessageMatcher
instances to a security expression. - matchers(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Associates a list of
ServerWebExchangeMatcher
instances - matchers(ServerWebExchangeMatcher...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that will match on any of the provided matchers
- MatcherSecurityWebFilterChain - Class in org.springframework.security.web.server
-
A
SecurityWebFilterChain
that leverages aServerWebExchangeMatcher
to determine whichWebFilter
to execute. - MatcherSecurityWebFilterChain(ServerWebExchangeMatcher, List<WebFilter>) - Constructor for class org.springframework.security.web.server.MatcherSecurityWebFilterChain
- MatcherType - Enum Class in org.springframework.security.config.http
-
Defines the
RequestMatcher
types supported by the namespace. - matches(byte[], byte[]) - Static method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
-
Constant time comparison to prevent against timing attacks.
- matches(HttpServletRequest) - Method in class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- matches(HttpServletRequest) - Method in interface org.springframework.security.web.SecurityFilterChain
- matches(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Returns true if the configured pattern (and HTTP-Method) match those of the supplied request.
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
-
Performs the match against the request's method and dispatcher type.
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ParameterRequestMatcher
- matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Performs the match of the request URL (
servletPath + pathInfo + queryString
) against the compiled pattern. - matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
- matches(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher
-
Decides whether the rule implemented by the strategy matches the supplied request.
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder
-
Deprecated.Checks the validity of an unencoded password against an encoded one in the form "{SSHA}sQuQF8vj8Eg2Y1hPdh3bkQhCKQBgjhQI".
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder
-
Deprecated.Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
-
Deprecated.Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.NoOpPasswordEncoder
-
Deprecated.
- matches(CharSequence, String) - Method in interface org.springframework.security.crypto.password.PasswordEncoder
-
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.StandardPasswordEncoder
-
Deprecated.
- matches(CharSequence, String) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
- matches(String) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
- matches(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
- matches(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
- matches(Message<? extends T>) - Method in class org.springframework.security.messaging.util.matcher.AndMessageMatcher
- matches(Message<? extends T>) - Method in interface org.springframework.security.messaging.util.matcher.MessageMatcher
-
Returns true if the
Message
matches, else false - matches(Message<? extends T>) - Method in class org.springframework.security.messaging.util.matcher.OrMessageMatcher
- matches(PayloadExchange) - Method in interface org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher
-
Determines if a request matches or not
- matches(PayloadExchange) - Method in class org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
- matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.SecurityWebFilterChain
-
Determines if this
SecurityWebFilterChain
matches the providedServerWebExchange
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
-
Determines if a request matches or not
- maxAge(Duration) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
-
Configures the max age.
- maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
- maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
- maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
Controls the maximum number of sessions for a user.
- maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Controls the maximum number of sessions for a user.
- maximumSessions(SessionLimit) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
-
Sets the maximum number of sessions allowed for any user.
- MaximumSessionsContext - Class in org.springframework.security.web.server.authentication
- MaximumSessionsContext(Authentication, List<ReactiveSessionInformation>, int, WebSession) - Constructor for class org.springframework.security.web.server.authentication.MaximumSessionsContext
- maximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
-
Sets the
ServerMaximumSessionsExceededHandler
to use when the maximum number of sessions is exceeded. - maxSessionsPreventsLogin(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
If true, prevents a user from authenticating when the
SessionManagementConfigurer.ConcurrencyControlConfigurer.maximumSessions(int)
has been reached. - Md4PasswordEncoder - Class in org.springframework.security.crypto.password
-
Deprecated.Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure. - Md4PasswordEncoder() - Constructor for class org.springframework.security.crypto.password.Md4PasswordEncoder
-
Deprecated.
- MD5 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
- MediaTypeRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Allows matching
HttpServletRequest
based upon theMediaType
's resolved from aContentNegotiationStrategy
. - MediaTypeRequestMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeRequestMatcher(MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeRequestMatcher(ContentNegotiationStrategy, Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeRequestMatcher(ContentNegotiationStrategy, MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Creates an instance
- MediaTypeServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches based upon the accept headers.
- MediaTypeServerWebExchangeMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
Creates a new instance
- MediaTypeServerWebExchangeMatcher(MediaType...) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
Creates a new instance
- merge(Object) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
- merge(Object) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
- mergePatterns(String, String) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
- message - Variable in class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot
- MessageAuthorizationContext<T> - Class in org.springframework.security.messaging.access.intercept
-
An
Message
authorization context. - MessageAuthorizationContext(Message<T>) - Constructor for class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
-
Creates an instance.
- MessageAuthorizationContext(Message<T>, Map<String, String>) - Constructor for class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
-
Creates an instance.
- MessageAuthorizationContextSecurityExpressionHandler - Class in org.springframework.security.messaging.access.expression
-
An expression handler for
MessageAuthorizationContext
. - MessageAuthorizationContextSecurityExpressionHandler() - Constructor for class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- MessageAuthorizationContextSecurityExpressionHandler(SecurityExpressionHandler<Message<?>>) - Constructor for class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- MessageDigestPasswordEncoder - Class in org.springframework.security.crypto.password
-
Deprecated.Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure. - MessageDigestPasswordEncoder(String) - Constructor for class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
-
Deprecated.The digest algorithm to use Supports the named Message Digest Algorithms in the Java environment.
- MessageExpressionVoter<T> - Class in org.springframework.security.messaging.access.expression
-
Deprecated.Use
MessageMatcherDelegatingAuthorizationManager
instead - MessageExpressionVoter() - Constructor for class org.springframework.security.messaging.access.expression.MessageExpressionVoter
-
Deprecated.
- MessageMatcher<T> - Interface in org.springframework.security.messaging.util.matcher
-
API for determining if a
Message
should be matched on. - MessageMatcherDelegatingAuthorizationManager - Class in org.springframework.security.messaging.access.intercept
- MessageMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.messaging.access.intercept
-
A builder for
MessageMatcherDelegatingAuthorizationManager
. - MessageMatcherDelegatingAuthorizationManager.Builder.Constraint - Class in org.springframework.security.messaging.access.intercept
-
Represents the security constraint to be applied to the
MessageMatcher
instances. - messages - Variable in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- messages - Variable in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- messages - Variable in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- messages - Variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- messages - Variable in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- messages - Variable in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
- messages - Variable in class org.springframework.security.authentication.AnonymousAuthenticationProvider
- messages - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- messages - Variable in class org.springframework.security.authentication.ProviderManager
- messages - Variable in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- messages - Variable in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- messages - Variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- messages - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- messages - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- messages - Variable in class org.springframework.security.web.access.ExceptionTranslationFilter
- messages - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- messages - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- messages - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- messages - Variable in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
- messages - Variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- messages - Variable in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- MessageSecurityExpressionRoot - Class in org.springframework.security.messaging.access.expression
-
The
SecurityExpressionRoot
used forMessage
expressions. - MessageSecurityExpressionRoot(Supplier<Authentication>, Message<?>) - Constructor for class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot
- MessageSecurityExpressionRoot(Authentication, Message<?>) - Constructor for class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot
- MessageSecurityMetadataSource - Interface in org.springframework.security.messaging.access.intercept
-
Deprecated.Use
MessageMatcherDelegatingAuthorizationManager
instead - MessageSecurityMetadataSourceRegistry - Class in org.springframework.security.config.annotation.web.messaging
-
Deprecated.Use
MessageMatcherDelegatingAuthorizationManager
instead - MessageSecurityMetadataSourceRegistry() - Constructor for class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.
- MessageSecurityMetadataSourceRegistry.Constraint - Class in org.springframework.security.config.annotation.web.messaging
-
Deprecated.Represents the security constraint to be applied to the
MessageMatcher
instances. - METADATA_PUSH - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
A Metadata Push exchange.
- metadataResponseResolver(Saml2MetadataResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
-
Use this
Saml2MetadataResponseResolver
to parse the request and respond with SAML 2.0 metadata. - metadataUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
-
Use this endpoint to request relying party metadata.
- METHOD_ACCESS_MANAGER - Static variable in class org.springframework.security.config.BeanIds
- METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
- METHOD_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
- METHOD_SECURITY_METADATA_SOURCE_ADVISOR - Static variable in class org.springframework.security.config.BeanIds
- MethodAuthorizationDeniedHandler - Interface in org.springframework.security.authorization.method
-
An interface used to define a strategy to handle denied method invocations
- MethodExpressionAuthorizationManager - Class in org.springframework.security.authorization.method
-
An expression-based
AuthorizationManager
that determines the access by evaluating the provided expression against theMethodInvocation
. - MethodExpressionAuthorizationManager(String) - Constructor for class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
-
Creates an instance.
- MethodInvocationAdapter - Class in org.springframework.security.access.intercept.aspectj
-
Deprecated.This class will be removed from the public API. See `JoinPointMethodInvocation` in `spring-security-aspects` for its replacement
- MethodInvocationPrivilegeEvaluator - Class in org.springframework.security.access.intercept
-
Deprecated.Use
AuthorizationManager
instead - MethodInvocationPrivilegeEvaluator() - Constructor for class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
-
Deprecated.
- MethodInvocationResult - Class in org.springframework.security.authorization.method
-
A context object that contains a
MethodInvocation
and the result of thatMethodInvocation
. - MethodInvocationResult(MethodInvocation, Object) - Constructor for class org.springframework.security.authorization.method.MethodInvocationResult
-
Construct a
MethodInvocationResult
with the provided parameters - MethodInvocationUtils - Class in org.springframework.security.util
-
Static utility methods for creating
MethodInvocation
s usable within Spring Security. - methodMap - Variable in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Map from RegisteredMethod to ConfigAttribute list
- MethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method
-
Processes the top-level "method-security" element.
- MethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
- MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor - Class in org.springframework.security.config.method
- MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean - Class in org.springframework.security.config.method
- MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
- MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
- MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
- MethodSecurityExpressionHandler - Interface in org.springframework.security.access.expression.method
-
Extended expression-handler facade which adds methods which are specific to securing method invocations.
- MethodSecurityExpressionHandlerBean() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
- MethodSecurityExpressionOperations - Interface in org.springframework.security.access.expression.method
-
Interface which must be implemented if you want to use filtering in method security expressions.
- methodSecurityInterceptor(MethodSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
- MethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aopalliance
-
Deprecated.Please use
AuthorizationManagerBeforeMethodInterceptor
andAuthorizationManagerAfterMethodInterceptor
instead - MethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
-
Deprecated.
- methodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provides the default
MethodSecurityMetadataSource
that will be used. - MethodSecurityMetadataSource - Interface in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - MethodSecurityMetadataSourceAdvisor - Class in org.springframework.security.access.intercept.aopalliance
-
Deprecated.Use
EnableMethodSecurity
or publish interceptors directly - MethodSecurityMetadataSourceAdvisor(String, MethodSecurityMetadataSource, String) - Constructor for class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
-
Deprecated.Alternative constructor for situations where we want the advisor decoupled from the advice.
- MethodSecurityMetadataSourceBeanDefinitionParser - Class in org.springframework.security.config.method
-
Deprecated.Use
<intercept-methods>
,<method-security>
, or@EnableMethodSecurity
- MethodSecurityMetadataSourceBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser
-
Deprecated.
- MIDDLE_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
middle_name
- the user's middle name(s) - middleName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this middle name in the resulting
OidcUserInfo
- migrateSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
-
Specifies that a new session should be created and the session attributes from the original
HttpSession
should be retained. - MISSING_BEAN_ERROR_MESSAGE - Static variable in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- MissingCsrfTokenException - Exception in org.springframework.security.web.csrf
-
Thrown when no expected
CsrfToken
is found but is required. - MissingCsrfTokenException(String) - Constructor for exception org.springframework.security.web.csrf.MissingCsrfTokenException
- mockAuthentication(Authentication) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to use the provided Authentication as the Principal
- mockJwt() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to establish a
SecurityContext
that has aJwtAuthenticationToken
for theAuthentication
and aJwt
for theAuthentication.getPrincipal()
. - mockOAuth2Client() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to establish a
OAuth2AuthorizedClient
in the session. - mockOAuth2Client(String) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to establish a
OAuth2AuthorizedClient
in the session. - mockOAuth2Login() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to establish a
SecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
. - mockOidcLogin() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to establish a
SecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
. - mockOpaqueToken() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to establish a
SecurityContext
that has aBearerTokenAuthentication
for theAuthentication
and anOAuth2AuthenticatedPrincipal
for theAuthentication.getPrincipal()
. - mockUser() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as the Principal.
- mockUser(String) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as the Principal.
- mockUser(UserDetails) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Updates the ServerWebExchange to use the provided UserDetails to create a UsernamePasswordAuthenticationToken as the Principal
- mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
-
Deprecated.Indicate how security advice should be applied.
- mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
-
Indicate how security advice should be applied.
- mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
-
Indicate how security advice should be applied.
- mode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
-
The mode to configure.
- MODE_GLOBAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder
- MODE_INHERITABLETHREADLOCAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder
- MODE_THREADLOCAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder
- modifyGrantedAuthorities(UserDetails, Authentication, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.web.authentication.switchuser.SwitchUserAuthorityChanger
-
Allow subclasses to add or remove authorities that will be granted when in switch user mode.
- MUST_SUPPLY_OLD_PASSWORD - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- MutableAcl - Interface in org.springframework.security.acls.model
-
A mutable Acl.
- MutableAclService - Interface in org.springframework.security.acls.model
-
Provides support for creating and storing
Acl
instances. - mutate() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
- mutate() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails
- mutate() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration
-
Deprecated.Copy the properties in this
RelyingPartyRegistration
into aRelyingPartyRegistration.Builder
- mutate() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
- mutate() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Copy the properties in this
RelyingPartyRegistration
into aRelyingPartyRegistration.Builder
- mvc - Enum constant in enum class org.springframework.security.config.http.MatcherType
- MvcRequestMatcher - Class in org.springframework.security.web.servlet.util.matcher
-
A
RequestMatcher
that uses Spring MVC'sHandlerMappingIntrospector
to match the path and extract variables. - MvcRequestMatcher(HandlerMappingIntrospector, String) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- MvcRequestMatcher.Builder - Class in org.springframework.security.web.servlet.util.matcher
-
A builder for
MvcRequestMatcher
N
- name(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this name in the resulting
OidcUserInfo
- name(String) - Method in class org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.PublicKeyCredentialUserEntityBuilder
-
Sets the
ImmutablePublicKeyCredentialUserEntity.getName()
property. - name(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder
-
Sets the
PublicKeyCredentialRpEntity.getName()
property. - NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
name
- the user's full name - nameIdFormat(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- nameIdFormat(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the NameID format
- NBF - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
nbf
- A timestamp indicating when the token is not to be used before - NBF - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
nbf
- the Not Before claim identifies the time before which the JWT MUST NOT be accepted for processing - NegatedRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A
RequestMatcher
that will negate theRequestMatcher
passed in. - NegatedRequestMatcher(RequestMatcher) - Constructor for class org.springframework.security.web.util.matcher.NegatedRequestMatcher
-
Creates a new instance
- NegatedServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Negates the provided matcher.
- NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher) - Constructor for class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
- NestedLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.userdetails
-
A LDAP authority populator that can recursively search static nested groups.
- NestedLdapAuthoritiesPopulator(ContextSource, String) - Constructor for class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
-
Constructor for group search scenarios.
- NEVER - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Spring Security will never create an
HttpSession
, but will use theHttpSession
if it already exists - newSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
-
Specifies that a new session should be created, but the session attributes from the original
HttpSession
should not be retained. - next(PayloadExchange) - Method in interface org.springframework.security.rsocket.api.PayloadInterceptorChain
-
Process the payload exchange.
- nextElement() - Method in class org.springframework.security.web.savedrequest.Enumerator
-
Returns the next element of this enumeration if this enumeration has at least one more element to provide.
- NFC - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
nfc indicates the respective authenticator can be contacted over Near Field Communication (NFC).
- nickname(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this nickname in the resulting
OidcUserInfo
- NICKNAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
nickname
- the user's nick name that may or may not be the same as thegiven_name
- NimbusJwtClientAuthenticationParametersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
A
Converter
that customizes the OAuth 2.0 Access Token Request parameters by adding a signed JSON Web Token (JWS) to be used for client authentication at the Authorization Server's Token Endpoint. - NimbusJwtClientAuthenticationParametersConverter(Function<ClientRegistration, JWK>) - Constructor for class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
-
Constructs a
NimbusJwtClientAuthenticationParametersConverter
using the provided parameters. - NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
A context that holds client authentication-specific state and is used by
NimbusJwtClientAuthenticationParametersConverter
when attempting to customize the JSON Web Token (JWS) client assertion. - NimbusJwtDecoder - Class in org.springframework.security.oauth2.jwt
-
A low-level Nimbus implementation of
JwtDecoder
which takes a raw Nimbus configuration. - NimbusJwtDecoder(JWTProcessor<SecurityContext>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Configures a
NimbusJwtDecoder
with the given parameters - NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusJwtDecoder
instances based on a JWK Set uri. - NimbusJwtDecoder.PublicKeyJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusJwtDecoder
instances based on a public key. - NimbusJwtDecoder.SecretKeyJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusJwtDecoder
instances based on aSecretKey
. - NimbusJwtEncoder - Class in org.springframework.security.oauth2.jwt
-
An implementation of a
JwtEncoder
that encodes a JSON Web Token (JWT) using the JSON Web Signature (JWS) Compact Serialization format. - NimbusJwtEncoder(JWKSource<SecurityContext>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusJwtEncoder
-
Constructs a
NimbusJwtEncoder
using the provided parameters. - NimbusOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
-
Deprecated.Please use
SpringOpaqueTokenIntrospector
instead - NimbusOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
-
Deprecated.Creates a
OpaqueTokenAuthenticationProvider
with the provided parameters - NimbusOpaqueTokenIntrospector(String, RestOperations) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
-
Deprecated.Creates a
OpaqueTokenAuthenticationProvider
with the provided parameters The givenRestOperations
should perform its own client authentication against the introspection endpoint. - NimbusReactiveJwtDecoder - Class in org.springframework.security.oauth2.jwt
-
An implementation of a
ReactiveJwtDecoder
that "decodes" a JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web Signature (JWS). - NimbusReactiveJwtDecoder(String) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Constructs a
NimbusReactiveJwtDecoder
using the provided parameters. - NimbusReactiveJwtDecoder(RSAPublicKey) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Constructs a
NimbusReactiveJwtDecoder
using the provided parameters. - NimbusReactiveJwtDecoder(Converter<JWT, Mono<JWTClaimsSet>>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Constructs a
NimbusReactiveJwtDecoder
using the provided parameters. - NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusReactiveJwtDecoder
instances based on a JWK Set uri. - NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusReactiveJwtDecoder
instances. - NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusReactiveJwtDecoder
instances based on a public key. - NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
-
A builder for creating
NimbusReactiveJwtDecoder
instances based on aSecretKey
. - NimbusReactiveOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
-
Deprecated.Please use
SpringReactiveOpaqueTokenIntrospector
instead - NimbusReactiveOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
-
Deprecated.Creates a
OpaqueTokenReactiveAuthenticationManager
with the provided parameters - NimbusReactiveOpaqueTokenIntrospector(String, WebClient) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
-
Deprecated.Creates a
OpaqueTokenReactiveAuthenticationManager
with the provided parameters - NO_ATTRS - Static variable in class org.springframework.security.ldap.SpringSecurityLdapTemplate
- NO_AUTHORITIES - Static variable in class org.springframework.security.core.authority.AuthorityUtils
- NO_CONTEXT - Static variable in class org.springframework.security.core.context.SecurityContextChangedEvent
- NO_OPTIONS - Static variable in class org.springframework.security.crypto.codec.Base64
-
Deprecated.No options specified.
- NO_REFERRER - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- NO_REFERRER - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- nonce(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this nonce in the resulting
OidcIdToken
- NONCE - Static variable in class org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
-
nonce
- used in the Authentication Request. - NONCE - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
nonce
- aString
value used to associate a Client session with an ID Token, and to mitigate replay attacks. - NonceExpiredException - Exception in org.springframework.security.web.authentication.www
-
Thrown if an authentication request is rejected because the digest nonce has expired.
- NonceExpiredException(String) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException
-
Constructs a
NonceExpiredException
with the specified message. - NonceExpiredException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException
-
Constructs a
NonceExpiredException
with the specified message and root cause. - none() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
-
Specifies that no session fixation protection should be enabled.
- NONE - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- NONE - Static variable in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference
-
The none preference indicates that the Relying Party is not interested in authenticator attestation.
- noObservations() - Static method in class org.springframework.security.config.observation.SecurityObservationSettings
-
Make no Spring Security observations
- NoOpAccessDeniedHandler - Class in org.springframework.security.web.access
-
An
AccessDeniedHandler
implementation that does nothing. - NoOpAccessDeniedHandler() - Constructor for class org.springframework.security.web.access.NoOpAccessDeniedHandler
- NoOpAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
-
An
AuthenticationEntryPoint
implementation that does nothing. - NoOpAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint
- NoOpPasswordEncoder - Class in org.springframework.security.crypto.password
-
Deprecated.This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure. - NoOpServerRequestCache - Class in org.springframework.security.web.server.savedrequest
-
An implementation of
ServerRequestCache
that does nothing. - NoOpServerSecurityContextRepository - Class in org.springframework.security.web.server.context
-
A do nothing implementation of
ServerSecurityContextRepository
. - noOpText() - Static method in class org.springframework.security.crypto.encrypt.Encryptors
-
Creates a text encryptor that performs no encryption.
- NOSNIFF - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- NOSNIFF - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- not() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Negates the following authorization rule.
- not() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Negates the following expression.
- not(AuthorizationManager<T>) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that reverses whatever decision the givenAuthorizationManager
granted. - not(RequestMatcher) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers
-
Creates a
RequestMatcher
that matches if the givenRequestMatcher
does not match. - notBefore(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this not-before timestamp in the resulting
Jwt
- notBefore(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the not before
(nbf)
claim, which identifies the time before which the JWT MUST NOT be accepted for processing. - NotFoundException - Exception in org.springframework.security.acls.model
-
Thrown if an ACL-related object cannot be found.
- NotFoundException(String) - Constructor for exception org.springframework.security.acls.model.NotFoundException
-
Constructs an
NotFoundException
with the specified message. - NotFoundException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.NotFoundException
-
Constructs an
NotFoundException
with the specified message and root cause. - notMatch() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
-
Creates an instance of
PayloadExchangeMatcher.MatchResult
that is not a match. - notMatch() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
-
Creates an instance of
ServerWebExchangeMatcher.MatchResult
that is not a match. - notMatch() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
-
Creates an instance of
RequestMatcher.MatchResult
that is not a match. - NULL_DESTINATION_MATCHER - Static variable in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
- NullAuthenticatedSessionStrategy - Class in org.springframework.security.web.authentication.session
- NullAuthenticatedSessionStrategy() - Constructor for class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
- NullAuthenticationProvider() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
- NullAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping
- NullAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.NullAuthoritiesMapper
- nullDestMatcher() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Maps any
Message
that has a null SimpMessageHeaderAccessor destination header (i.e. - nullDestMatcher() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
Maps any
Message
that has a null SimpMessageHeaderAccessor destination header (i.e. - NullEventPublisher() - Constructor for class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
- NullLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication
- NullLdapAuthoritiesPopulator() - Constructor for class org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator
- NullRememberMeServices - Class in org.springframework.security.web.authentication
-
Implementation of
NullRememberMeServices
that does nothing. - NullRememberMeServices() - Constructor for class org.springframework.security.web.authentication.NullRememberMeServices
- NullRequestCache - Class in org.springframework.security.web.savedrequest
-
Null implementation of RequestCache.
- NullRequestCache() - Constructor for class org.springframework.security.web.savedrequest.NullRequestCache
- NullRoleHierarchy - Class in org.springframework.security.access.hierarchicalroles
- NullRoleHierarchy() - Constructor for class org.springframework.security.access.hierarchicalroles.NullRoleHierarchy
- NullSecurityContextRepository - Class in org.springframework.security.web.context
- NullSecurityContextRepository() - Constructor for class org.springframework.security.web.context.NullSecurityContextRepository
- NullStatelessTicketCache - Class in org.springframework.security.cas.authentication
-
Implementation of @link
StatelessTicketCache
that has no backing cache. - NullStatelessTicketCache() - Constructor for class org.springframework.security.cas.authentication.NullStatelessTicketCache
- NullUserCache - Class in org.springframework.security.core.userdetails.cache
-
Does not perform any caching.
- NullUserCache() - Constructor for class org.springframework.security.core.userdetails.cache.NullUserCache
O
- OAEP - Enum constant in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
- OAUTH2_AUTHORIZATION_CODE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- OAUTH2_CLIENT - Static variable in class org.springframework.security.config.Elements
- OAUTH2_LOGIN - Static variable in class org.springframework.security.config.Elements
- OAUTH2_RESOURCE_SERVER - Static variable in class org.springframework.security.config.Elements
- OAuth2AccessToken - Class in org.springframework.security.oauth2.core
-
An implementation of an
AbstractOAuth2Token
representing an OAuth 2.0 Access Token. - OAuth2AccessToken(OAuth2AccessToken.TokenType, String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2AccessToken
-
Constructs an
OAuth2AccessToken
using the provided parameters. - OAuth2AccessToken(OAuth2AccessToken.TokenType, String, Instant, Instant, Set<String>) - Constructor for class org.springframework.security.oauth2.core.OAuth2AccessToken
-
Constructs an
OAuth2AccessToken
using the provided parameters. - OAuth2AccessToken.TokenType - Class in org.springframework.security.oauth2.core
-
Access Token Types.
- oauth2AccessTokenResponse() - Static method in class org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors
-
Extractor to decode an
OAuth2AccessTokenResponse
- OAuth2AccessTokenResponse - Class in org.springframework.security.oauth2.core.endpoint
-
A representation of an OAuth 2.0 Access Token Response.
- OAuth2AccessTokenResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint
-
A builder for
OAuth2AccessTokenResponse
. - OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Interface in org.springframework.security.oauth2.client.endpoint
-
A strategy for "exchanging" an authorization grant credential (e.g.
- OAuth2AccessTokenResponseHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter
-
A
HttpMessageConverter
for anOAuth 2.0 Access Token Response
. - OAuth2AccessTokenResponseHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
- OAuth2AuthenticatedPrincipal - Interface in org.springframework.security.oauth2.core
-
An
AuthenticatedPrincipal
that represents the principal associated with an OAuth 2.0 token. - OAuth2AuthenticationException - Exception in org.springframework.security.oauth2.core
-
This exception is thrown for all OAuth 2.0 related
Authentication
errors. - OAuth2AuthenticationException(String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
-
Constructs an
OAuth2AuthenticationException
using the provided parameters. - OAuth2AuthenticationException(OAuth2Error) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
-
Constructs an
OAuth2AuthenticationException
using the provided parameters. - OAuth2AuthenticationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
-
Constructs an
OAuth2AuthenticationException
using the provided parameters. - OAuth2AuthenticationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
-
Constructs an
OAuth2AuthenticationException
using the provided parameters. - OAuth2AuthenticationException(OAuth2Error, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
-
Constructs an
OAuth2AuthenticationException
using the provided parameters. - OAuth2AuthenticationToken - Class in org.springframework.security.oauth2.client.authentication
-
An implementation of an
AbstractAuthenticationToken
that represents an OAuth 2.0Authentication
. - OAuth2AuthenticationToken(OAuth2User, Collection<? extends GrantedAuthority>, String) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
-
Constructs an
OAuth2AuthenticationToken
using the provided parameters. - OAuth2AuthorizationCodeAuthenticationProvider - Class in org.springframework.security.oauth2.client.authentication
-
An implementation of an
AuthenticationProvider
for the OAuth 2.0 Authorization Code Grant. - OAuth2AuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
-
Constructs an
OAuth2AuthorizationCodeAuthenticationProvider
using the provided parameters. - OAuth2AuthorizationCodeAuthenticationToken - Class in org.springframework.security.oauth2.client.authentication
-
An
AbstractAuthenticationToken
for the OAuth 2.0 Authorization Code Grant. - OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
This constructor should be used when the Authorization Request/Response is complete.
- OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed.
- OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
-
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed.
- OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken, OAuth2RefreshToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
- OAuth2AuthorizationCodeGrantFilter - Class in org.springframework.security.oauth2.client.web
-
A
Filter
for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Response. - OAuth2AuthorizationCodeGrantFilter(ClientRegistrationRepository, OAuth2AuthorizedClientRepository, AuthenticationManager) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
-
Constructs an
OAuth2AuthorizationCodeGrantFilter
using the provided parameters. - OAuth2AuthorizationCodeGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code credential, which was granted by the Resource Owner to the
Client
. - OAuth2AuthorizationCodeGrantRequest(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
-
Constructs an
OAuth2AuthorizationCodeGrantRequest
using the provided parameters. - OAuth2AuthorizationCodeGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
DefaultOAuth2TokenRequestParametersConverter
instead - OAuth2AuthorizationCodeGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
-
Deprecated.
- OAuth2AuthorizationCodeGrantWebFilter - Class in org.springframework.security.oauth2.client.web.server
-
A
Filter
for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Response. - OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager, ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
- OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager, ServerAuthenticationConverter, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
- OAuth2AuthorizationCodeReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.authentication
-
An implementation of an
AuthenticationProvider
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow. - OAuth2AuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager
- OAuth2AuthorizationContext - Class in org.springframework.security.oauth2.client
-
A context that holds authorization-specific state and is used by an
OAuth2AuthorizedClientProvider
when attempting to authorize (or re-authorize) an OAuth 2.0 Client. - OAuth2AuthorizationContext.Builder - Class in org.springframework.security.oauth2.client
-
A builder for
OAuth2AuthorizationContext
. - OAuth2AuthorizationException - Exception in org.springframework.security.oauth2.core
-
Base exception for OAuth 2.0 Authorization errors.
- OAuth2AuthorizationException(OAuth2Error) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
-
Constructs an
OAuth2AuthorizationException
using the provided parameters. - OAuth2AuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
-
Constructs an
OAuth2AuthorizationException
using the provided parameters. - OAuth2AuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
-
Constructs an
OAuth2AuthorizationException
using the provided parameters. - OAuth2AuthorizationException(OAuth2Error, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
-
Constructs an
OAuth2AuthorizationException
using the provided parameters. - OAuth2AuthorizationExchange - Class in org.springframework.security.oauth2.core.endpoint
-
An "exchange" of an OAuth 2.0 Authorization Request and Response for the authorization code grant type.
- OAuth2AuthorizationExchange(OAuth2AuthorizationRequest, OAuth2AuthorizationResponse) - Constructor for class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange
-
Constructs a new
OAuth2AuthorizationExchange
with the provided Authorization Request and Authorization Response. - OAuth2AuthorizationFailureHandler - Interface in org.springframework.security.oauth2.client
-
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the Authorization Server or Resource Server.
- OAuth2AuthorizationManagers - Class in org.springframework.security.oauth2.core.authorization
-
A convenience class for creating OAuth 2.0-specific
AuthorizationManager
s. - OAuth2AuthorizationRequest - Class in org.springframework.security.oauth2.core.endpoint
-
A representation of an OAuth 2.0 Authorization Request for the authorization code grant type.
- OAuth2AuthorizationRequest.Builder - Class in org.springframework.security.oauth2.core.endpoint
-
A builder for
OAuth2AuthorizationRequest
. - OAuth2AuthorizationRequestCustomizers - Class in org.springframework.security.oauth2.client.web
-
A factory of customizers that customize the
OAuth 2.0 Authorization Request
via theOAuth2AuthorizationRequest.Builder
. - OAuth2AuthorizationRequestRedirectFilter - Class in org.springframework.security.oauth2.client.web
-
This
Filter
initiates the authorization code grant flow by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint. - OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Constructs an
OAuth2AuthorizationRequestRedirectFilter
using the provided parameters. - OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Constructs an
OAuth2AuthorizationRequestRedirectFilter
using the provided parameters. - OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Constructs an
OAuth2AuthorizationRequestRedirectFilter
using the provided parameters. - OAuth2AuthorizationRequestRedirectWebFilter - Class in org.springframework.security.oauth2.client.web.server
-
This
WebFilter
initiates the authorization code grant flow by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint. - OAuth2AuthorizationRequestRedirectWebFilter(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
-
Constructs an
OAuth2AuthorizationRequestRedirectFilter
using the provided parameters. - OAuth2AuthorizationRequestRedirectWebFilter(ServerOAuth2AuthorizationRequestResolver) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
-
Constructs an
OAuth2AuthorizationRequestRedirectFilter
using the provided parameters. - OAuth2AuthorizationRequestResolver - Interface in org.springframework.security.oauth2.client.web
-
Implementations of this interface are capable of resolving an
OAuth2AuthorizationRequest
from the providedHttpServletRequest
. - OAuth2AuthorizationResponse - Class in org.springframework.security.oauth2.core.endpoint
-
A representation of an OAuth 2.0 Authorization Response for the authorization code grant type.
- OAuth2AuthorizationResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint
-
A builder for
OAuth2AuthorizationResponse
. - OAuth2AuthorizationResponseType - Class in org.springframework.security.oauth2.core.endpoint
-
The
response_type
parameter is consumed by the authorization endpoint which is used by the authorization code grant type. - OAuth2AuthorizationResponseType(String) - Constructor for class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
- OAuth2AuthorizationSuccessHandler - Interface in org.springframework.security.oauth2.client
-
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the Authorization Server.
- oauth2AuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theOAuth2AuthorizedClient
to be used for providing the Bearer Token. - oauth2AuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theOAuth2AuthorizedClient
to be used for providing the Bearer Token. - OAuth2AuthorizedClient - Class in org.springframework.security.oauth2.client
-
A representation of an OAuth 2.0 "Authorized Client".
- OAuth2AuthorizedClient(ClientRegistration, String, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-
Constructs an
OAuth2AuthorizedClient
using the provided parameters. - OAuth2AuthorizedClient(ClientRegistration, String, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
-
Constructs an
OAuth2AuthorizedClient
using the provided parameters. - OAuth2AuthorizedClientArgumentResolver - Class in org.springframework.security.oauth2.client.web.method.annotation
-
An implementation of a
HandlerMethodArgumentResolver
that is capable of resolving a method parameter to an argument value of typeOAuth2AuthorizedClient
. - OAuth2AuthorizedClientArgumentResolver - Class in org.springframework.security.oauth2.client.web.reactive.result.method.annotation
-
An implementation of a
HandlerMethodArgumentResolver
that is capable of resolving a method parameter to an argument value of typeOAuth2AuthorizedClient
. - OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
-
Constructs an
OAuth2AuthorizedClientArgumentResolver
using the provided parameters. - OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
-
Constructs an
OAuth2AuthorizedClientArgumentResolver
using the provided parameters. - OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
-
Constructs an
OAuth2AuthorizedClientArgumentResolver
using the provided parameters. - OAuth2AuthorizedClientArgumentResolver(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
-
Constructs an
OAuth2AuthorizedClientArgumentResolver
using the provided parameters. - OAuth2AuthorizedClientHolder(String, String, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
-
Constructs an
OAuth2AuthorizedClientHolder
using the provided parameters. - OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient, Authentication) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
-
Constructs an
OAuth2AuthorizedClientHolder
using the provided parameters. - OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient, Authentication) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
-
Constructs an
OAuth2AuthorizedClientHolder
using the provided parameters. - OAuth2AuthorizedClientId - Class in org.springframework.security.oauth2.client
-
The identifier for
OAuth2AuthorizedClient
. - OAuth2AuthorizedClientId(String, String) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
-
Constructs an
OAuth2AuthorizedClientId
using the provided parameters. - OAuth2AuthorizedClientManager - Interface in org.springframework.security.oauth2.client
-
Implementations of this interface are responsible for the overall management of
Authorized Client(s)
. - OAuth2AuthorizedClientParametersMapper() - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
- OAuth2AuthorizedClientParametersMapper() - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
- OAuth2AuthorizedClientProvider - Interface in org.springframework.security.oauth2.client
-
A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
- OAuth2AuthorizedClientProviderBuilder - Class in org.springframework.security.oauth2.client
-
A builder that builds a
DelegatingOAuth2AuthorizedClientProvider
composed of one or moreOAuth2AuthorizedClientProvider
(s) that implement specific authorization grants. - OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
authorization_code
grant. - OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
client_credentials
grant. - OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
password
grant. - OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
refresh_token
grant. - OAuth2AuthorizedClientRepository - Interface in org.springframework.security.oauth2.client.web
-
Implementations of this interface are responsible for the persistence of
Authorized Client(s)
between requests. - OAuth2AuthorizedClientRowMapper() - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- OAuth2AuthorizedClientRowMapper(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- OAuth2AuthorizedClientService - Interface in org.springframework.security.oauth2.client
-
Implementations of this interface are responsible for the management of
Authorized Client(s)
, which provide the purpose of associating anAccess Token
credential to aClient
and Resource Owner, who is thePrincipal
that originally granted the authorization. - OAuth2AuthorizeRequest - Class in org.springframework.security.oauth2.client
-
Represents a request the
OAuth2AuthorizedClientManager
uses toauthorize
(or re-authorize) theclient
identified by the providedclientRegistrationId
. - OAuth2AuthorizeRequest.Builder - Class in org.springframework.security.oauth2.client
-
A builder for
OAuth2AuthorizeRequest
. - OAuth2BodyExtractors - Class in org.springframework.security.oauth2.core.web.reactive.function
-
Static factory methods for OAuth2
BodyExtractor
implementations. - oauth2Client() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - oauth2Client() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.oauth2Client(Customizer)
oroauth2Client(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - oauth2Client() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish an
OAuth2AuthorizedClient
in the session. - oauth2Client(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish an
OAuth2AuthorizedClient
in the session. - oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures OAuth 2.0 Client support.
- oauth2Client(Customizer<ServerHttpSecurity.OAuth2ClientSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures the OAuth2 client.
- OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
An
AbstractHttpConfigurer
for OAuth 2.0 Client support. - OAuth2ClientConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
- OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
Configuration options for the OAuth 2.0 Authorization Code Grant.
- OAuth2ClientCredentialsGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
An OAuth 2.0 Client Credentials Grant request that holds the client's credentials in
AbstractOAuth2AuthorizationGrantRequest.getClientRegistration()
. - OAuth2ClientCredentialsGrantRequest(ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest
-
Constructs an
OAuth2ClientCredentialsGrantRequest
using the provided parameters. - OAuth2ClientCredentialsGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
DefaultOAuth2TokenRequestParametersConverter
instead - OAuth2ClientCredentialsGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
-
Deprecated.
- OAuth2ClientHttpRequestInterceptor - Class in org.springframework.security.oauth2.client.web.client
-
Provides an easy mechanism for using an
OAuth2AuthorizedClient
to make OAuth 2.0 requests by including theaccess token
as a bearer token. - OAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
-
Constructs a
OAuth2ClientHttpRequestInterceptor
using the provided parameters. - OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver - Interface in org.springframework.security.oauth2.client.web.client
-
A strategy for resolving a
clientRegistrationId
from an intercepted request. - OAuth2ClientHttpRequestInterceptor.PrincipalResolver - Interface in org.springframework.security.oauth2.client.web.client
-
A strategy for resolving a
principal
from an intercepted request. - OAuth2ClientJackson2Module - Class in org.springframework.security.oauth2.client.jackson2
-
Jackson
Module
forspring-security-oauth2-client
, that registers the following mix-in annotations:OAuth2AuthorizationRequestMixin
ClientRegistrationMixin
OAuth2AccessTokenMixin
OAuth2RefreshTokenMixin
OAuth2AuthorizedClientMixin
OAuth2UserAuthorityMixin
DefaultOAuth2UserMixin
OidcIdTokenMixin
OidcUserInfoMixin
OidcUserAuthorityMixin
DefaultOidcUserMixin
OAuth2AuthenticationTokenMixin
OAuth2AuthenticationExceptionMixin
OAuth2ErrorMixin
If not already enabled, default typing will be automatically enabled as type info is required to properly serialize/deserialize objects. - OAuth2ClientJackson2Module() - Constructor for class org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module
- oauth2Configuration() - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Configures the builder with
ServletOAuth2AuthorizedClientExchangeFilterFunction.defaultRequest()
and adds this as aExchangeFilterFunction
- OAuth2DeviceAuthorizationResponse - Class in org.springframework.security.oauth2.core.endpoint
-
A representation of an OAuth 2.0 Device Authorization Response.
- OAuth2DeviceAuthorizationResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint
-
A builder for
OAuth2DeviceAuthorizationResponse
. - OAuth2DeviceAuthorizationResponseHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter
-
A
HttpMessageConverter
for anOAuth 2.0 Device Authorization Response
. - OAuth2DeviceAuthorizationResponseHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
- OAuth2DeviceCode - Class in org.springframework.security.oauth2.core
-
An implementation of an
AbstractOAuth2Token
representing a device code as part of the OAuth 2.0 Device Authorization Grant. - OAuth2DeviceCode(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2DeviceCode
-
Constructs an
OAuth2DeviceCode
using the provided parameters. - OAuth2Error - Class in org.springframework.security.oauth2.core
-
A representation of an OAuth 2.0 Error.
- OAuth2Error(String) - Constructor for class org.springframework.security.oauth2.core.OAuth2Error
-
Constructs an
OAuth2Error
using the provided parameters. - OAuth2Error(String, String, String) - Constructor for class org.springframework.security.oauth2.core.OAuth2Error
-
Constructs an
OAuth2Error
using the provided parameters. - OAuth2ErrorCodes - Class in org.springframework.security.oauth2.core
-
Standard error codes defined by the OAuth 2.0 Authorization Framework.
- OAuth2ErrorHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter
-
A
HttpMessageConverter
for anOAuth 2.0 Error
. - OAuth2ErrorHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
- OAuth2ErrorResponseErrorHandler - Class in org.springframework.security.oauth2.client.http
-
A
ResponseErrorHandler
that handles anOAuth 2.0 Error
. - OAuth2ErrorResponseErrorHandler() - Constructor for class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
- OAuth2IntrospectionAuthenticatedPrincipal - Class in org.springframework.security.oauth2.server.resource.introspection
-
A domain object that wraps the attributes of OAuth 2.0 Token Introspection.
- OAuth2IntrospectionAuthenticatedPrincipal(String, Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
-
Constructs an
OAuth2IntrospectionAuthenticatedPrincipal
using the provided parameters. - OAuth2IntrospectionAuthenticatedPrincipal(Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
-
Constructs an
OAuth2IntrospectionAuthenticatedPrincipal
using the provided parameters. - OAuth2IntrospectionException - Exception in org.springframework.security.oauth2.server.resource.introspection
-
Base exception for all OAuth 2.0 Introspection related errors
- OAuth2IntrospectionException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException
- OAuth2IntrospectionException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException
- oauth2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - oauth2Login() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.oauth2Login(Customizer)
oroauth2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - oauth2Login() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
, aOAuth2User
as the principal, and aOAuth2AuthorizedClient
in the session. - oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
- oauth2Login(Customizer<ServerHttpSecurity.OAuth2LoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
- OAuth2LoginAuthenticationFilter - Class in org.springframework.security.oauth2.client.web
-
An implementation of an
AbstractAuthenticationProcessingFilter
for OAuth 2.0 Login. - OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
Constructs an
OAuth2LoginAuthenticationFilter
using the provided parameters. - OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientService, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
Constructs an
OAuth2LoginAuthenticationFilter
using the provided parameters. - OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
Constructs an
OAuth2LoginAuthenticationFilter
using the provided parameters. - OAuth2LoginAuthenticationProvider - Class in org.springframework.security.oauth2.client.authentication
-
An implementation of an
AuthenticationProvider
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow. - OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
-
Constructs an
OAuth2LoginAuthenticationProvider
using the provided parameters. - OAuth2LoginAuthenticationToken - Class in org.springframework.security.oauth2.client.authentication
-
An
AbstractAuthenticationToken
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow. - OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
This constructor should be used when the Authorization Request/Response is complete.
- OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2User, Collection<? extends GrantedAuthority>, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed and OAuth 2.0 Login has been achieved.
- OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2User, Collection<? extends GrantedAuthority>, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
-
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed and OAuth 2.0 Login has been achieved.
- OAuth2LoginAuthenticationWebFilter - Class in org.springframework.security.oauth2.client.web.server.authentication
-
A specialized
AuthenticationWebFilter
that converts from anOAuth2LoginAuthenticationToken
to anOAuth2AuthenticationToken
and saves theOAuth2AuthorizedClient
- OAuth2LoginAuthenticationWebFilter(ReactiveAuthenticationManager, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter
-
Creates an instance
- OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
An
AbstractHttpConfigurer
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow. - OAuth2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- OAuth2LoginConfigurer.AuthorizationEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
Configuration options for the Authorization Server's Authorization Endpoint.
- OAuth2LoginConfigurer.RedirectionEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
Configuration options for the Client's Redirection Endpoint.
- OAuth2LoginConfigurer.TokenEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
Configuration options for the Authorization Server's Token Endpoint.
- OAuth2LoginConfigurer.UserInfoEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
Configuration options for the Authorization Server's UserInfo Endpoint.
- OAuth2LoginReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.authentication
-
An implementation of an
AuthenticationProvider
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow. - OAuth2LoginReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
- OAuth2ParameterNames - Class in org.springframework.security.oauth2.core.endpoint
-
Standard and custom (non-standard) parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint, token endpoint and token revocation endpoint.
- OAuth2PasswordGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- OAuth2PasswordGrantRequest(ClientRegistration, String, String) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest
-
Deprecated.Constructs an
OAuth2PasswordGrantRequest
using the provided parameters. - OAuth2PasswordGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
DefaultOAuth2TokenRequestParametersConverter
instead - OAuth2PasswordGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter
-
Deprecated.
- OAuth2ReactiveAuthorizationManagers - Class in org.springframework.security.oauth2.core.authorization
-
A convenience class for creating OAuth 2.0-specific
AuthorizationManager
s. - OAuth2RefreshToken - Class in org.springframework.security.oauth2.core
-
An implementation of an
AbstractOAuth2Token
representing an OAuth 2.0 Refresh Token. - OAuth2RefreshToken(String, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2RefreshToken
-
Constructs an
OAuth2RefreshToken
using the provided parameters. - OAuth2RefreshToken(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2RefreshToken
-
Constructs an
OAuth2RefreshToken
using the provided parameters. - OAuth2RefreshTokenGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
An OAuth 2.0 Refresh Token Grant request that holds the
refresh token
credential granted to theclient
. - OAuth2RefreshTokenGrantRequest(ClientRegistration, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
-
Constructs an
OAuth2RefreshTokenGrantRequest
using the provided parameters. - OAuth2RefreshTokenGrantRequest(ClientRegistration, OAuth2AccessToken, OAuth2RefreshToken, Set<String>) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
-
Constructs an
OAuth2RefreshTokenGrantRequest
using the provided parameters. - OAuth2RefreshTokenGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
DefaultOAuth2TokenRequestParametersConverter
instead - OAuth2RefreshTokenGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter
-
Deprecated.
- oauth2ResourceServer() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.oauth2ResourceServer(Customizer)
instead - oauth2ResourceServer() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.oauth2ResourceServer(Customizer)
instead - oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures OAuth 2.0 Resource Server support.
- oauth2ResourceServer(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures OAuth 2.0 Resource Server support.
- OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
-
An
AbstractHttpConfigurer
for OAuth 2.0 Resource Server Support. - OAuth2ResourceServerConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- OAuth2ResourceServerConfigurer.JwtConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
- OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
- OAuth2ResourceServerSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
- OAuth2Token - Interface in org.springframework.security.oauth2.core
-
Core interface representing an OAuth 2.0 Token.
- OAuth2TokenIntrospectionClaimAccessor - Interface in org.springframework.security.oauth2.core
-
A
ClaimAccessor
for the "claims" that may be contained in the Introspection Response. - OAuth2TokenIntrospectionClaimNames - Class in org.springframework.security.oauth2.core
-
The names of the "Introspection Claims" defined by an Introspection Response.
- OAuth2TokenValidator<T extends OAuth2Token> - Interface in org.springframework.security.oauth2.core
-
Implementations of this interface are responsible for "verifying" the validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
- OAuth2TokenValidatorResult - Class in org.springframework.security.oauth2.core
-
A result emitted from an
OAuth2TokenValidator
validation attempt - oauth2User(OAuth2User) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided
OAuth2User
as the authenticated user. - oauth2User(OAuth2User) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided
OAuth2User
as the authenticated user. - OAuth2User - Interface in org.springframework.security.oauth2.core.user
-
A representation of a user
Principal
that is registered with an OAuth 2.0 Provider. - OAuth2UserAuthority - Class in org.springframework.security.oauth2.core.user
-
A
GrantedAuthority
that may be associated to anOAuth2User
. - OAuth2UserAuthority(String, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
-
Constructs a
OAuth2UserAuthority
using the provided parameters. - OAuth2UserAuthority(String, Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
-
Constructs a
OAuth2UserAuthority
using the provided parameters. - OAuth2UserAuthority(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
-
Constructs a
OAuth2UserAuthority
using the provided parameters and defaultsOAuth2UserAuthority.getAuthority()
toOAUTH2_USER
. - OAuth2UserAuthority(Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
-
Constructs a
OAuth2UserAuthority
using the provided parameters and defaultsOAuth2UserAuthority.getAuthority()
toOAUTH2_USER
. - OAuth2UserCode - Class in org.springframework.security.oauth2.core
-
An implementation of an
AbstractOAuth2Token
representing a user code as part of the OAuth 2.0 Device Authorization Grant. - OAuth2UserCode(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2UserCode
-
Constructs an
OAuth2UserCode
using the provided parameters. - OAuth2UserRequest - Class in org.springframework.security.oauth2.client.userinfo
-
Represents a request the
OAuth2UserService
uses when initiating a request to the UserInfo Endpoint. - OAuth2UserRequest(ClientRegistration, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
-
Constructs an
OAuth2UserRequest
using the provided parameters. - OAuth2UserRequest(ClientRegistration, OAuth2AccessToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
-
Constructs an
OAuth2UserRequest
using the provided parameters. - OAuth2UserRequestEntityConverter - Class in org.springframework.security.oauth2.client.userinfo
-
A
Converter
that converts the providedOAuth2UserRequest
to aRequestEntity
representation of a request for the UserInfo Endpoint. - OAuth2UserRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter
- OAuth2UserService<R extends OAuth2UserRequest,
U extends OAuth2User> - Interface in org.springframework.security.oauth2.client.userinfo -
Implementations of this interface are responsible for obtaining the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using the
Access Token
granted to theClient
and returning anAuthenticatedPrincipal
in the form of anOAuth2User
. - ObjectIdentity - Interface in org.springframework.security.acls.model
-
Represents the identity of an individual domain object instance.
- ObjectIdentityGenerator - Interface in org.springframework.security.acls.model
-
Strategy which creates an
ObjectIdentity
from an object identifier (such as a primary key) and type information. - ObjectIdentityImpl - Class in org.springframework.security.acls.domain
-
Simple implementation of
ObjectIdentity
. - ObjectIdentityImpl(Class<?>, Serializable) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl
-
Constructor which uses the name of the supplied class as the type property.
- ObjectIdentityImpl(Object) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl
-
Creates the
ObjectIdentityImpl
based on the passed object instance. - ObjectIdentityImpl(String, Serializable) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl
- objectIdentityRetrievalStrategy - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- ObjectIdentityRetrievalStrategy - Interface in org.springframework.security.acls.model
-
Strategy interface that provides the ability to determine which
ObjectIdentity
will be returned for a particular domain object - ObjectIdentityRetrievalStrategyImpl - Class in org.springframework.security.acls.domain
-
Basic implementation of
ObjectIdentityRetrievalStrategy
and ObjectIdentityGenerator that uses the constructors ofObjectIdentityImpl
to create theObjectIdentity
. - ObjectIdentityRetrievalStrategyImpl() - Constructor for class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
- objectPostProcessor(AutowireCapableBeanFactory) - Method in class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
- objectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Specifies the
ObjectPostProcessor
to use. - ObjectPostProcessor<T> - Interface in org.springframework.security.config.annotation
-
Deprecated.please use
ObjectPostProcessor
instead - ObjectPostProcessor<T> - Interface in org.springframework.security.config
-
Allows initialization of Objects.
- ObjectPostProcessorConfiguration - Class in org.springframework.security.config.annotation.configuration
-
Spring
Configuration
that exports the defaultObjectPostProcessor
. - ObjectPostProcessorConfiguration() - Constructor for class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
- ObservationAuthenticationManager - Class in org.springframework.security.authentication
-
An
AuthenticationManager
that observes the authentication - ObservationAuthenticationManager(ObservationRegistry, AuthenticationManager) - Constructor for class org.springframework.security.authentication.ObservationAuthenticationManager
- ObservationAuthorizationManager<T> - Class in org.springframework.security.authorization
-
An
AuthorizationManager
that observes the authorization - ObservationAuthorizationManager(ObservationRegistry, AuthorizationManager<T>) - Constructor for class org.springframework.security.authorization.ObservationAuthorizationManager
- ObservationFilterChainDecorator - Class in org.springframework.security.web
-
A
FilterChainProxy.FilterChainDecorator
that wraps the chain in before and after observations - ObservationFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.ObservationFilterChainDecorator
- ObservationMarkingAccessDeniedHandler - Class in org.springframework.security.web.access
- ObservationMarkingAccessDeniedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler
- ObservationMarkingRequestRejectedHandler - Class in org.springframework.security.web.firewall
- ObservationMarkingRequestRejectedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler
- ObservationReactiveAuthenticationManager - Class in org.springframework.security.authentication
-
An
ReactiveAuthenticationManager
that observes the authentication - ObservationReactiveAuthenticationManager(ObservationRegistry, ReactiveAuthenticationManager) - Constructor for class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
- ObservationReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
-
An
ReactiveAuthorizationManager
that observes the authentication - ObservationReactiveAuthorizationManager(ObservationRegistry, ReactiveAuthorizationManager<T>) - Constructor for class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
- ObservationSecurityContextChangedListener - Class in org.springframework.security.core.context
-
A
SecurityContextChangedListener
that adds events to an existingObservation
If noObservation
is present when an event is fired, then the event is unrecorded. - ObservationSecurityContextChangedListener(ObservationRegistry) - Constructor for class org.springframework.security.core.context.ObservationSecurityContextChangedListener
- ObservationWebFilterChainDecorator - Class in org.springframework.security.web.server
-
A
WebFilterChainProxy.WebFilterChainDecorator
that wraps the chain in before and after observations - ObservationWebFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.server.ObservationWebFilterChainDecorator
- obtainArtifact(HttpServletRequest) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
-
If present, gets the artifact (CAS ticket) from the
HttpServletRequest
. - obtainPassword(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Enables subclasses to override the composition of the password, such as by including additional values and a separator.
- obtainSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- obtainSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
-
Deprecated.
- obtainSecurityMetadataSource() - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- obtainSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- obtainSubject(ServletRequest) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Obtains the
Subject
to run as ornull
if noSubject
is available. - obtainUsername(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Enables subclasses to override the composition of the username, such as by including additional values and a separator.
- of(int) - Static method in interface org.springframework.security.web.server.authentication.SessionLimit
-
Creates a
SessionLimit
that always returns the given value for any user - of(AuthorizationAdvisorProxyFactory.TargetVisitor...) - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
-
Compose a set of visitors.
- offset() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
-
Indicate additional offset in the ordering of the execution of the security interceptors when multiple advices are applied at a specific joinpoint.
- OID - Static variable in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
-
OID of the Password Policy Control
- OidcAuthorizationCodeAuthenticationProvider - Class in org.springframework.security.oauth2.client.oidc.authentication
-
An implementation of an
AuthenticationProvider
for the OpenID Connect Core 1.0 Authorization Code Grant Flow. - OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, OAuth2UserService<OidcUserRequest, OidcUser>) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
-
Constructs an
OidcAuthorizationCodeAuthenticationProvider
using the provided parameters. - OidcAuthorizationCodeReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.oidc.authentication
-
An implementation of an
AuthenticationProvider
for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow. - OidcAuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, ReactiveOAuth2UserService<OidcUserRequest, OidcUser>) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
- OidcBackChannelLogoutHandler - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
A
LogoutHandler
that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one. - OidcBackChannelLogoutHandler(OidcSessionRegistry) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
- OidcBackChannelServerLogoutHandler - Class in org.springframework.security.config.web.server
-
A
ServerLogoutHandler
that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one. - OidcBackChannelServerLogoutHandler(ReactiveOidcSessionRegistry) - Constructor for class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
- OidcClientInitiatedLogoutSuccessHandler - Class in org.springframework.security.oauth2.client.oidc.web.logout
-
A logout success handler for initiating OIDC logout through the user agent.
- OidcClientInitiatedLogoutSuccessHandler(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler
- OidcClientInitiatedServerLogoutSuccessHandler - Class in org.springframework.security.oauth2.client.oidc.web.server.logout
-
A reactive logout success handler for initiating OIDC logout through the user agent.
- OidcClientInitiatedServerLogoutSuccessHandler(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
-
Constructs an
OidcClientInitiatedServerLogoutSuccessHandler
with the provided parameters - OidcIdToken - Class in org.springframework.security.oauth2.core.oidc
-
An implementation of an
AbstractOAuth2Token
representing an OpenID Connect Core 1.0 ID Token. - OidcIdToken(String, Instant, Instant, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.OidcIdToken
-
Constructs a
OidcIdToken
using the provided parameters. - OidcIdToken.Builder - Class in org.springframework.security.oauth2.core.oidc
-
A builder for
OidcIdToken
s - OidcIdTokenDecoderFactory - Class in org.springframework.security.oauth2.client.oidc.authentication
- OidcIdTokenDecoderFactory() - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
- OidcIdTokenValidator - Class in org.springframework.security.oauth2.client.oidc.authentication
-
An
OAuth2TokenValidator
responsible for validating the claims in anID Token
. - OidcIdTokenValidator(ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
- oidcLogin() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that has aOAuth2AuthenticationToken
for theAuthentication
, aOidcUser
as the principal, and aOAuth2AuthorizedClient
in the session. - oidcLogout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- oidcLogout(Customizer<OidcLogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- oidcLogout(Customizer<ServerHttpSecurity.OidcLogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures OIDC Connect 1.0 Logout support.
- OidcLogoutConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
An
AbstractHttpConfigurer
for OIDC Logout flows - OidcLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
- OidcLogoutConfigurer.BackChannelLogoutConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
-
A configurer for configuring OIDC Back-Channel Logout
- OidcLogoutSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
- OidcLogoutToken - Class in org.springframework.security.oauth2.client.oidc.authentication.logout
-
An implementation of an
AbstractOAuth2Token
representing an OpenID Backchannel Logout Token. - OidcLogoutToken.Builder - Class in org.springframework.security.oauth2.client.oidc.authentication.logout
-
A builder for
OidcLogoutToken
s - OidcParameterNames - Class in org.springframework.security.oauth2.core.oidc.endpoint
-
Standard parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint and token endpoint.
- OidcReactiveOAuth2UserService - Class in org.springframework.security.oauth2.client.oidc.userinfo
-
An implementation of an
ReactiveOAuth2UserService
that supports OpenID Connect 1.0 Provider's. - OidcReactiveOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
- OidcScopes - Class in org.springframework.security.oauth2.core.oidc
-
The scope values defined by the OpenID Connect Core 1.0 specification that can be used to request
claims
. - OidcSessionInformation - Class in org.springframework.security.oauth2.client.oidc.session
-
A
SessionInformation
extension that enforces the principal be of typeOidcUser
. - OidcSessionInformation(String, Map<String, String>, OidcUser) - Constructor for class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
-
Construct an
OidcSessionInformation
- oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Configures the
ReactiveOidcSessionRegistry
to use when logins use OIDC. - oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
-
Configures the
ReactiveOidcSessionRegistry
. - oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the registry for managing the OIDC client-provider session link
- oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
-
Sets the registry for managing the OIDC client-provider session link
- OidcSessionRegistry - Interface in org.springframework.security.oauth2.client.oidc.session
-
A registry to record the tie between the OIDC Provider session and the Client session.
- oidcUser(OidcUser) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided
OidcUser
as the authenticated user. - oidcUser(OidcUser) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided
OidcUser
as the authenticated user. - OidcUser - Interface in org.springframework.security.oauth2.core.oidc.user
-
A representation of a user
Principal
that is registered with an OpenID Connect 1.0 Provider. - OidcUserAuthority - Class in org.springframework.security.oauth2.core.oidc.user
-
A
GrantedAuthority
that may be associated to anOidcUser
. - OidcUserAuthority(String, OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Constructs a
OidcUserAuthority
using the provided parameters. - OidcUserAuthority(String, OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Constructs a
OidcUserAuthority
using the provided parameters. - OidcUserAuthority(OidcIdToken) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Constructs a
OidcUserAuthority
using the provided parameters. - OidcUserAuthority(OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Constructs a
OidcUserAuthority
using the provided parameters and defaultsOAuth2UserAuthority.getAuthority()
toOIDC_USER
. - OidcUserAuthority(OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
-
Constructs a
OidcUserAuthority
using the provided parameters and defaultsOAuth2UserAuthority.getAuthority()
toOIDC_USER
. - OidcUserInfo - Class in org.springframework.security.oauth2.core.oidc
-
A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected Resource UserInfo Endpoint.
- OidcUserInfo(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.OidcUserInfo
-
Constructs a
OidcUserInfo
using the provided parameters. - OidcUserInfo.Builder - Class in org.springframework.security.oauth2.core.oidc
-
A builder for
OidcUserInfo
s - OidcUserRequest - Class in org.springframework.security.oauth2.client.oidc.userinfo
-
Represents a request the
OidcUserService
uses when initiating a request to the UserInfo Endpoint. - OidcUserRequest(ClientRegistration, OAuth2AccessToken, OidcIdToken) - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
-
Constructs an
OidcUserRequest
using the provided parameters. - OidcUserRequest(ClientRegistration, OAuth2AccessToken, OidcIdToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
-
Constructs an
OidcUserRequest
using the provided parameters. - oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
-
Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
- OidcUserService - Class in org.springframework.security.oauth2.client.oidc.userinfo
-
An implementation of an
OAuth2UserService
that supports OpenID Connect 1.0 Provider's. - OidcUserService() - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
- OKTA - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
- onApplicationEvent(ApplicationEvent) - Method in class org.springframework.security.context.DelegatingApplicationListener
- onApplicationEvent(AbstractAuthorizationEvent) - Method in class org.springframework.security.access.event.LoggerListener
-
Deprecated.
- onApplicationEvent(AbstractAuthenticationEvent) - Method in class org.springframework.security.authentication.event.LoggerListener
- onApplicationEvent(AbstractSessionEvent) - Method in class org.springframework.security.core.session.SessionRegistryImpl
- onApplicationEvent(SessionDestroyedEvent) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
-
Called when a user is newly authenticated.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
-
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
-
Performs Http session-related functionality when a new authentication occurs.
- onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.authentication.AuthenticationFailureHandler
-
Called when an authentication attempt fails.
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
- onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
Performs the redirect or forward to the
defaultFailureUrl
if set, otherwise returns a 401 error code. - onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
- onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
- onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler
-
Invoked when authentication attempt fails
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
-
Called when a user has been successfully authenticated.
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
-
Called when a user has been successfully authenticated.
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Calls the parent class
handle()
method to forward or redirect to the target URL, and then callsclearAuthenticationAttributes()
to remove any leftover session data. - onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter
- onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler
-
Invoked when the application authenticates successfully
- onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
- onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizationFailureHandler
-
Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the Authorization Server or Resource Server.
- onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationFailureHandler
-
Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the authorization server or resource server.
- onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
- onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
- onAuthorizationSuccess(OAuth2AuthorizedClient, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizationSuccessHandler
-
Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the Authorization Server.
- onAuthorizationSuccess(OAuth2AuthorizedClient, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationSuccessHandler
-
Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.
- OnCommittedResponseWrapper - Class in org.springframework.security.web.util
-
Base class for response wrappers which encapsulate the logic for handling an event when the
HttpServletResponse
is committed. - OnCommittedResponseWrapper(HttpServletResponse) - Constructor for class org.springframework.security.web.util.OnCommittedResponseWrapper
- ONE_TIME_TOKEN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- ONE_TIME_TOKEN_SUBMIT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- OneTimeToken - Interface in org.springframework.security.authentication.ott
-
Represents a one-time use token with an associated username and expiration time.
- OneTimeTokenAuthenticationConverter - Class in org.springframework.security.web.authentication.ott
-
An implementation of
AuthenticationConverter
that detects if the request contains atoken
parameter and constructs aOneTimeTokenAuthenticationToken
with it. - OneTimeTokenAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter
- OneTimeTokenAuthenticationProvider - Class in org.springframework.security.authentication.ott
-
An
AuthenticationProvider
responsible for authenticating users based on one-time tokens. - OneTimeTokenAuthenticationProvider(OneTimeTokenService, UserDetailsService) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider
- OneTimeTokenAuthenticationToken - Class in org.springframework.security.authentication.ott
-
Represents a One-Time Token authentication that can be authenticated or not.
- OneTimeTokenAuthenticationToken(Object, String) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
- OneTimeTokenAuthenticationToken(Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
- OneTimeTokenAuthenticationToken(String) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
- OneTimeTokenGenerationSuccessHandler - Interface in org.springframework.security.web.authentication.ott
-
Defines a strategy to handle generated one-time tokens.
- oneTimeTokenLogin(Customizer<OneTimeTokenLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures One-Time Token Login Support.
- oneTimeTokenLogin(Customizer<ServerHttpSecurity.OneTimeTokenLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures One-Time Token Login Support.
- OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.ott
- OneTimeTokenLoginConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
- OneTimeTokenLoginSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
- OneTimeTokenReactiveAuthenticationManager - Class in org.springframework.security.authentication.ott.reactive
-
A
ReactiveAuthenticationManager
for one time tokens. - OneTimeTokenReactiveAuthenticationManager(ReactiveOneTimeTokenService, ReactiveUserDetailsService) - Constructor for class org.springframework.security.authentication.ott.reactive.OneTimeTokenReactiveAuthenticationManager
- OneTimeTokenService - Interface in org.springframework.security.authentication.ott
-
Interface for generating and consuming one-time tokens.
- OneTimeTokenSubmitPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
-
Creates a default one-time token submit page.
- OneTimeTokenSubmitPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter
- onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in interface org.springframework.security.web.session.SessionInformationExpiredStrategy
- onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
- onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.session.InvalidSessionStrategy
- onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
- onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
- onLoginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Called from loginSuccess when a remember-me login has been requested.
- onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
-
Creates a new persistent login token with a new series number, stores the data in the persistent token repository and adds the corresponding cookie to the response.
- onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler
-
Produce and send a SAML 2.0 Logout Response based on the SAML 2.0 Logout Request received from the asserting party
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutSuccessHandler
- onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
- onLogoutSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler
-
Invoked after log out was successful
- onResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.Calls
saveContext()
with the current contents of the SecurityContextHolder as long as()
was not invoked. - onResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Implement the logic for handling the
HttpServletResponse
being committed - onSessionChange(String, HttpSession, Authentication) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
-
Called when the session has been changed and the old attributes have been migrated to the new session.
- onStartup(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
- onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Called if a remember-me token is presented and successfully authenticated by the
RememberMeServices
autoLogin
method and theAuthenticationManager
. - onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Called if the
AuthenticationManager
rejects the authentication object returned from theRememberMeServices
autoLogin
method. - onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- OPAQUE_TOKEN - Static variable in class org.springframework.security.config.Elements
- opaqueToken() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2ResourceServerConfigurer.opaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - opaqueToken() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer)
oropaqueToken(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - opaqueToken() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that has aBearerTokenAuthentication
for theAuthentication
and aOAuth2AuthenticatedPrincipal
for theAuthentication.getPrincipal()
. - opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
-
Enables opaque bearer token support.
- opaqueToken(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Enables Opaque Token Resource Server support.
- OpaqueTokenAuthenticationConverter - Interface in org.springframework.security.oauth2.server.resource.introspection
-
Convert a successful introspection result into an authentication result.
- OpaqueTokenAuthenticationProvider - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
AuthenticationProvider
implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes. - OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
-
Creates a
OpaqueTokenAuthenticationProvider
with the provided parameters - OpaqueTokenIntrospector - Interface in org.springframework.security.oauth2.server.resource.introspection
-
A contract for introspecting and verifying an OAuth 2.0 token.
- OpaqueTokenReactiveAuthenticationManager - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
ReactiveAuthenticationManager
implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes. - OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
-
Creates a
OpaqueTokenReactiveAuthenticationManager
with the provided parameters - OPENER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
- OPENID - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
-
The
openid
scope is required for OpenID Connect Authentication Requests. - OpenSamlAssertingPartyDetails - Class in org.springframework.security.saml2.provider.service.registration
-
A
RelyingPartyRegistration.AssertingPartyDetails
that contains OpenSAML-specific members - OpenSamlAssertingPartyDetails.Builder - Class in org.springframework.security.saml2.provider.service.registration
-
An OpenSAML version of
RelyingPartyRegistration.AssertingPartyDetails.Builder
that contains the underlyingEntityDescriptor
- OpenSamlInitializationService - Class in org.springframework.security.saml2.core
-
An initialization service for initializing OpenSAML.
- OpenSamlRelyingPartyRegistration - Class in org.springframework.security.saml2.provider.service.registration
-
Deprecated.This class no longer is needed in order to transmit the
EntityDescriptor
toOpenSamlAssertingPartyDetails
. Instead of doing:if (registration instanceof OpenSamlRelyingPartyRegistration openSamlRegistration) { EntityDescriptor descriptor = openSamlRegistration.getAssertingPartyDetails.getEntityDescriptor(); }
do instead:if (registration.getAssertingPartyMetadata() instanceof openSamlAssertingPartyDetails) { EntityDescriptor descriptor = openSamlAssertingPartyDetails.getEntityDescriptor(); }
- OpenSamlRelyingPartyRegistration.Builder - Class in org.springframework.security.saml2.provider.service.registration
-
Deprecated.An OpenSAML version of
RelyingPartyRegistration.AssertingPartyDetails.Builder
that contains the underlyingEntityDescriptor
- OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter - Class in org.springframework.security.saml2.provider.service.registration
-
An
HttpMessageConverter
that takes anIDPSSODescriptor
in an HTTP response and converts it into aRelyingPartyRegistration.Builder
. - OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter() - Constructor for class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
-
Deprecated.Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
- order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
-
Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
- ORDERED - Static variable in class org.springframework.security.crypto.codec.Base64
-
Deprecated.Encode using the special "ordered" dialect of Base64.
- org.springframework.security.access - package org.springframework.security.access
-
Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central
AccessDecisionManager
interface. - org.springframework.security.access.annotation - package org.springframework.security.access.annotation
-
Support for JSR-250 and Spring Security
@Secured
annotations. - org.springframework.security.access.event - package org.springframework.security.access.event
-
Authorization event and listener classes.
- org.springframework.security.access.expression - package org.springframework.security.access.expression
-
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize
,@PreFilter
,@PostAuthorize
and@PostFilter
annotations. - org.springframework.security.access.expression.method - package org.springframework.security.access.expression.method
-
Implementation of expression-based method security.
- org.springframework.security.access.hierarchicalroles - package org.springframework.security.access.hierarchicalroles
-
Role hierarchy implementation.
- org.springframework.security.access.intercept - package org.springframework.security.access.intercept
-
Abstract level security interception classes which are responsible for enforcing the configured security constraints for a secure object.
- org.springframework.security.access.intercept.aopalliance - package org.springframework.security.access.intercept.aopalliance
-
Enforces security for AOP Alliance
MethodInvocation
s, such as via Spring AOP. - org.springframework.security.access.intercept.aspectj - package org.springframework.security.access.intercept.aspectj
-
Enforces security for AspectJ
JointPoint
s, delegating secure object callbacks to the calling aspect. - org.springframework.security.access.method - package org.springframework.security.access.method
-
Provides
SecurityMetadataSource
implementations for securing Java method invocations via different AOP libraries. - org.springframework.security.access.prepost - package org.springframework.security.access.prepost
-
Contains the infrastructure classes for handling the
@PreAuthorize
,@PreFilter
,@PostAuthorize
and@PostFilter
annotations. - org.springframework.security.access.vote - package org.springframework.security.access.vote
-
Implements a vote-based approach to authorization decisions.
- org.springframework.security.acls - package org.springframework.security.acls
-
The Spring Security ACL package which implements instance-based security for domain objects.
- org.springframework.security.acls.afterinvocation - package org.springframework.security.acls.afterinvocation
-
After-invocation providers for collection and array filtering.
- org.springframework.security.acls.domain - package org.springframework.security.acls.domain
-
Basic implementation of access control lists (ACLs) interfaces.
- org.springframework.security.acls.jdbc - package org.springframework.security.acls.jdbc
-
JDBC-based persistence of ACL information
- org.springframework.security.acls.model - package org.springframework.security.acls.model
-
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
- org.springframework.security.aot.hint - package org.springframework.security.aot.hint
- org.springframework.security.authentication - package org.springframework.security.authentication
-
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
- org.springframework.security.authentication.dao - package org.springframework.security.authentication.dao
-
An
AuthenticationProvider
which relies upon a data access object. - org.springframework.security.authentication.event - package org.springframework.security.authentication.event
-
Authentication success and failure events which can be published to the Spring application context.
- org.springframework.security.authentication.jaas - package org.springframework.security.authentication.jaas
-
An authentication provider for JAAS.
- org.springframework.security.authentication.jaas.event - package org.springframework.security.authentication.jaas.event
-
JAAS authentication events which can be published to the Spring application context by the JAAS authentication provider.
- org.springframework.security.authentication.jaas.memory - package org.springframework.security.authentication.jaas.memory
-
An in memory JAAS implementation.
- org.springframework.security.authentication.ott - package org.springframework.security.authentication.ott
- org.springframework.security.authentication.ott.reactive - package org.springframework.security.authentication.ott.reactive
- org.springframework.security.authentication.password - package org.springframework.security.authentication.password
- org.springframework.security.authorization - package org.springframework.security.authorization
- org.springframework.security.authorization.event - package org.springframework.security.authorization.event
- org.springframework.security.authorization.method - package org.springframework.security.authorization.method
- org.springframework.security.cas - package org.springframework.security.cas
-
Spring Security support for Apereo's Central Authentication Service (CAS).
- org.springframework.security.cas.authentication - package org.springframework.security.cas.authentication
-
An
AuthenticationProvider
that can process CAS service tickets and proxy tickets. - org.springframework.security.cas.jackson2 - package org.springframework.security.cas.jackson2
- org.springframework.security.cas.userdetails - package org.springframework.security.cas.userdetails
- org.springframework.security.cas.web - package org.springframework.security.cas.web
-
Authenticates standard web browser users via CAS.
- org.springframework.security.cas.web.authentication - package org.springframework.security.cas.web.authentication
-
Authentication processing mechanisms which respond to the submission of authentication credentials using CAS.
- org.springframework.security.concurrent - package org.springframework.security.concurrent
- org.springframework.security.config - package org.springframework.security.config
-
Support classes for the Spring Security namespace.
- org.springframework.security.config.annotation - package org.springframework.security.config.annotation
- org.springframework.security.config.annotation.authentication - package org.springframework.security.config.annotation.authentication
- org.springframework.security.config.annotation.authentication.builders - package org.springframework.security.config.annotation.authentication.builders
- org.springframework.security.config.annotation.authentication.configuration - package org.springframework.security.config.annotation.authentication.configuration
- org.springframework.security.config.annotation.authentication.configurers.ldap - package org.springframework.security.config.annotation.authentication.configurers.ldap
- org.springframework.security.config.annotation.authentication.configurers.provisioning - package org.springframework.security.config.annotation.authentication.configurers.provisioning
- org.springframework.security.config.annotation.authentication.configurers.userdetails - package org.springframework.security.config.annotation.authentication.configurers.userdetails
- org.springframework.security.config.annotation.configuration - package org.springframework.security.config.annotation.configuration
- org.springframework.security.config.annotation.method.configuration - package org.springframework.security.config.annotation.method.configuration
- org.springframework.security.config.annotation.rsocket - package org.springframework.security.config.annotation.rsocket
- org.springframework.security.config.annotation.web - package org.springframework.security.config.annotation.web
- org.springframework.security.config.annotation.web.builders - package org.springframework.security.config.annotation.web.builders
- org.springframework.security.config.annotation.web.configuration - package org.springframework.security.config.annotation.web.configuration
- org.springframework.security.config.annotation.web.configurers - package org.springframework.security.config.annotation.web.configurers
- org.springframework.security.config.annotation.web.configurers.oauth2.client - package org.springframework.security.config.annotation.web.configurers.oauth2.client
- org.springframework.security.config.annotation.web.configurers.oauth2.server.resource - package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
- org.springframework.security.config.annotation.web.configurers.ott - package org.springframework.security.config.annotation.web.configurers.ott
- org.springframework.security.config.annotation.web.configurers.saml2 - package org.springframework.security.config.annotation.web.configurers.saml2
- org.springframework.security.config.annotation.web.messaging - package org.springframework.security.config.annotation.web.messaging
- org.springframework.security.config.annotation.web.reactive - package org.springframework.security.config.annotation.web.reactive
- org.springframework.security.config.annotation.web.servlet.configuration - package org.springframework.security.config.annotation.web.servlet.configuration
- org.springframework.security.config.annotation.web.socket - package org.springframework.security.config.annotation.web.socket
- org.springframework.security.config.authentication - package org.springframework.security.config.authentication
-
Parsing of <authentication-manager> and related elements.
- org.springframework.security.config.core - package org.springframework.security.config.core
- org.springframework.security.config.core.userdetails - package org.springframework.security.config.core.userdetails
- org.springframework.security.config.crypto - package org.springframework.security.config.crypto
- org.springframework.security.config.debug - package org.springframework.security.config.debug
- org.springframework.security.config.http - package org.springframework.security.config.http
-
Parsing of the <http> namespace element.
- org.springframework.security.config.ldap - package org.springframework.security.config.ldap
-
Security namespace support for LDAP authentication.
- org.springframework.security.config.method - package org.springframework.security.config.method
-
Support for parsing of the <global-method-security> and <intercept-methods> elements.
- org.springframework.security.config.oauth2.client - package org.springframework.security.config.oauth2.client
- org.springframework.security.config.observation - package org.springframework.security.config.observation
- org.springframework.security.config.provisioning - package org.springframework.security.config.provisioning
- org.springframework.security.config.saml2 - package org.springframework.security.config.saml2
- org.springframework.security.config.web.server - package org.springframework.security.config.web.server
- org.springframework.security.config.websocket - package org.springframework.security.config.websocket
- org.springframework.security.context - package org.springframework.security.context
- org.springframework.security.converter - package org.springframework.security.converter
- org.springframework.security.core - package org.springframework.security.core
-
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of a security context.
- org.springframework.security.core.annotation - package org.springframework.security.core.annotation
- org.springframework.security.core.authority - package org.springframework.security.core.authority
-
The default implementation of the
GrantedAuthority
interface. - org.springframework.security.core.authority.mapping - package org.springframework.security.core.authority.mapping
-
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
GrantedAuthority
s. - org.springframework.security.core.context - package org.springframework.security.core.context
-
Classes related to the establishment of a security context for the duration of a request (such as an HTTP or RMI invocation).
- org.springframework.security.core.parameters - package org.springframework.security.core.parameters
- org.springframework.security.core.session - package org.springframework.security.core.session
-
Session abstraction which is provided by the
org.springframework.security.core.session.SessionInformation SessionInformation
class. - org.springframework.security.core.token - package org.springframework.security.core.token
-
A service for building secure random tokens.
- org.springframework.security.core.userdetails - package org.springframework.security.core.userdetails
-
The standard interfaces for implementing user data DAOs.
- org.springframework.security.core.userdetails.cache - package org.springframework.security.core.userdetails.cache
-
Implementations of
UserCache
. - org.springframework.security.core.userdetails.jdbc - package org.springframework.security.core.userdetails.jdbc
-
Exposes a JDBC-based authentication repository, implementing
org.springframework.security.core.userdetails.UserDetailsService UserDetailsService
. - org.springframework.security.core.userdetails.memory - package org.springframework.security.core.userdetails.memory
-
Exposes an in-memory authentication repository.
- org.springframework.security.crypto.argon2 - package org.springframework.security.crypto.argon2
- org.springframework.security.crypto.bcrypt - package org.springframework.security.crypto.bcrypt
- org.springframework.security.crypto.codec - package org.springframework.security.crypto.codec
-
Internal codec classes.
- org.springframework.security.crypto.encrypt - package org.springframework.security.crypto.encrypt
- org.springframework.security.crypto.factory - package org.springframework.security.crypto.factory
- org.springframework.security.crypto.keygen - package org.springframework.security.crypto.keygen
- org.springframework.security.crypto.password - package org.springframework.security.crypto.password
- org.springframework.security.crypto.scrypt - package org.springframework.security.crypto.scrypt
- org.springframework.security.crypto.util - package org.springframework.security.crypto.util
- org.springframework.security.data.aot.hint - package org.springframework.security.data.aot.hint
- org.springframework.security.data.repository.query - package org.springframework.security.data.repository.query
- org.springframework.security.jackson2 - package org.springframework.security.jackson2
-
Mix-in classes to add Jackson serialization support.
- org.springframework.security.ldap - package org.springframework.security.ldap
-
Spring Security's LDAP module.
- org.springframework.security.ldap.authentication - package org.springframework.security.ldap.authentication
-
The LDAP authentication provider package.
- org.springframework.security.ldap.authentication.ad - package org.springframework.security.ldap.authentication.ad
- org.springframework.security.ldap.jackson2 - package org.springframework.security.ldap.jackson2
- org.springframework.security.ldap.ppolicy - package org.springframework.security.ldap.ppolicy
-
Implementation of password policy functionality based on the Password Policy for LDAP Directories.
- org.springframework.security.ldap.search - package org.springframework.security.ldap.search
-
LdapUserSearch
implementations. - org.springframework.security.ldap.server - package org.springframework.security.ldap.server
-
Embedded Apache Directory Server implementation, as used by the configuration namespace.
- org.springframework.security.ldap.userdetails - package org.springframework.security.ldap.userdetails
-
LDAP-focused
UserDetails
implementations which map from a ubset of the data contained in some of the standard LDAP types (such asInetOrgPerson
). - org.springframework.security.messaging.access.expression - package org.springframework.security.messaging.access.expression
- org.springframework.security.messaging.access.intercept - package org.springframework.security.messaging.access.intercept
- org.springframework.security.messaging.context - package org.springframework.security.messaging.context
- org.springframework.security.messaging.handler.invocation.reactive - package org.springframework.security.messaging.handler.invocation.reactive
- org.springframework.security.messaging.util.matcher - package org.springframework.security.messaging.util.matcher
- org.springframework.security.messaging.web.csrf - package org.springframework.security.messaging.web.csrf
- org.springframework.security.messaging.web.socket.server - package org.springframework.security.messaging.web.socket.server
- org.springframework.security.oauth2.client - package org.springframework.security.oauth2.client
-
Core classes and interfaces providing support for OAuth 2.0 Client.
- org.springframework.security.oauth2.client.annotation - package org.springframework.security.oauth2.client.annotation
- org.springframework.security.oauth2.client.authentication - package org.springframework.security.oauth2.client.authentication
-
Support classes and interfaces for authenticating and authorizing a client with an OAuth 2.0 Authorization Server using a specific authorization grant flow.
- org.springframework.security.oauth2.client.endpoint - package org.springframework.security.oauth2.client.endpoint
-
Classes and interfaces providing support to the client for initiating requests to the Authorization Server's Protocol Endpoints.
- org.springframework.security.oauth2.client.http - package org.springframework.security.oauth2.client.http
- org.springframework.security.oauth2.client.jackson2 - package org.springframework.security.oauth2.client.jackson2
- org.springframework.security.oauth2.client.oidc.authentication - package org.springframework.security.oauth2.client.oidc.authentication
-
Support classes and interfaces for authenticating and authorizing a client with an OpenID Connect 1.0 Provider using a specific authorization grant flow.
- org.springframework.security.oauth2.client.oidc.authentication.logout - package org.springframework.security.oauth2.client.oidc.authentication.logout
- org.springframework.security.oauth2.client.oidc.server.session - package org.springframework.security.oauth2.client.oidc.server.session
- org.springframework.security.oauth2.client.oidc.session - package org.springframework.security.oauth2.client.oidc.session
- org.springframework.security.oauth2.client.oidc.userinfo - package org.springframework.security.oauth2.client.oidc.userinfo
-
Classes and interfaces providing support to the client for initiating requests to the OpenID Connect 1.0 Provider's UserInfo Endpoint.
- org.springframework.security.oauth2.client.oidc.web.logout - package org.springframework.security.oauth2.client.oidc.web.logout
- org.springframework.security.oauth2.client.oidc.web.server.logout - package org.springframework.security.oauth2.client.oidc.web.server.logout
- org.springframework.security.oauth2.client.registration - package org.springframework.security.oauth2.client.registration
-
Classes and interfaces that provide support for
ClientRegistration
. - org.springframework.security.oauth2.client.userinfo - package org.springframework.security.oauth2.client.userinfo
-
Classes and interfaces providing support to the client for initiating requests to the OAuth 2.0 Authorization Server's UserInfo Endpoint.
- org.springframework.security.oauth2.client.web - package org.springframework.security.oauth2.client.web
-
OAuth 2.0 Client
Filter
's and supporting classes and interfaces. - org.springframework.security.oauth2.client.web.client - package org.springframework.security.oauth2.client.web.client
- org.springframework.security.oauth2.client.web.method.annotation - package org.springframework.security.oauth2.client.web.method.annotation
- org.springframework.security.oauth2.client.web.reactive.function.client - package org.springframework.security.oauth2.client.web.reactive.function.client
- org.springframework.security.oauth2.client.web.reactive.result.method.annotation - package org.springframework.security.oauth2.client.web.reactive.result.method.annotation
- org.springframework.security.oauth2.client.web.server - package org.springframework.security.oauth2.client.web.server
- org.springframework.security.oauth2.client.web.server.authentication - package org.springframework.security.oauth2.client.web.server.authentication
- org.springframework.security.oauth2.core - package org.springframework.security.oauth2.core
-
Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.
- org.springframework.security.oauth2.core.authorization - package org.springframework.security.oauth2.core.authorization
- org.springframework.security.oauth2.core.converter - package org.springframework.security.oauth2.core.converter
- org.springframework.security.oauth2.core.endpoint - package org.springframework.security.oauth2.core.endpoint
-
Support classes that model the OAuth 2.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.
- org.springframework.security.oauth2.core.http.converter - package org.springframework.security.oauth2.core.http.converter
- org.springframework.security.oauth2.core.oidc - package org.springframework.security.oauth2.core.oidc
-
Core classes and interfaces providing support for OpenID Connect Core 1.0.
- org.springframework.security.oauth2.core.oidc.endpoint - package org.springframework.security.oauth2.core.oidc.endpoint
-
Support classes that model the OpenID Connect Core 1.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.
- org.springframework.security.oauth2.core.oidc.user - package org.springframework.security.oauth2.core.oidc.user
-
Provides a model for an OpenID Connect Core 1.0 representation of a user
Principal
. - org.springframework.security.oauth2.core.user - package org.springframework.security.oauth2.core.user
-
Provides a model for an OAuth 2.0 representation of a user
Principal
. - org.springframework.security.oauth2.core.web.reactive.function - package org.springframework.security.oauth2.core.web.reactive.function
- org.springframework.security.oauth2.jose - package org.springframework.security.oauth2.jose
- org.springframework.security.oauth2.jose.jws - package org.springframework.security.oauth2.jose.jws
-
Core classes and interfaces providing support for JSON Web Signature (JWS).
- org.springframework.security.oauth2.jwt - package org.springframework.security.oauth2.jwt
-
Core classes and interfaces providing support for JSON Web Token (JWT).
- org.springframework.security.oauth2.server.resource - package org.springframework.security.oauth2.server.resource
-
OAuth 2.0 Resource Server core classes and interfaces providing support.
- org.springframework.security.oauth2.server.resource.authentication - package org.springframework.security.oauth2.server.resource.authentication
-
OAuth 2.0 Resource Server
Authentication
s and supporting classes and interfaces. - org.springframework.security.oauth2.server.resource.introspection - package org.springframework.security.oauth2.server.resource.introspection
-
OAuth 2.0 Introspection supporting classes and interfaces.
- org.springframework.security.oauth2.server.resource.web - package org.springframework.security.oauth2.server.resource.web
-
OAuth 2.0 Resource Server
Filter
's and supporting classes and interfaces. - org.springframework.security.oauth2.server.resource.web.access - package org.springframework.security.oauth2.server.resource.web.access
-
OAuth 2.0 Resource Server access denial classes and interfaces.
- org.springframework.security.oauth2.server.resource.web.access.server - package org.springframework.security.oauth2.server.resource.web.access.server
- org.springframework.security.oauth2.server.resource.web.authentication - package org.springframework.security.oauth2.server.resource.web.authentication
- org.springframework.security.oauth2.server.resource.web.reactive.function.client - package org.springframework.security.oauth2.server.resource.web.reactive.function.client
- org.springframework.security.oauth2.server.resource.web.server - package org.springframework.security.oauth2.server.resource.web.server
- org.springframework.security.oauth2.server.resource.web.server.authentication - package org.springframework.security.oauth2.server.resource.web.server.authentication
- org.springframework.security.provisioning - package org.springframework.security.provisioning
-
Contains simple user and authority group account provisioning interfaces together with a a JDBC-based implementation.
- org.springframework.security.rsocket.api - package org.springframework.security.rsocket.api
- org.springframework.security.rsocket.authentication - package org.springframework.security.rsocket.authentication
- org.springframework.security.rsocket.authorization - package org.springframework.security.rsocket.authorization
- org.springframework.security.rsocket.core - package org.springframework.security.rsocket.core
- org.springframework.security.rsocket.metadata - package org.springframework.security.rsocket.metadata
- org.springframework.security.rsocket.util.matcher - package org.springframework.security.rsocket.util.matcher
- org.springframework.security.saml2 - package org.springframework.security.saml2
- org.springframework.security.saml2.core - package org.springframework.security.saml2.core
- org.springframework.security.saml2.jackson2 - package org.springframework.security.saml2.jackson2
- org.springframework.security.saml2.provider.service.authentication - package org.springframework.security.saml2.provider.service.authentication
- org.springframework.security.saml2.provider.service.authentication.logout - package org.springframework.security.saml2.provider.service.authentication.logout
- org.springframework.security.saml2.provider.service.metadata - package org.springframework.security.saml2.provider.service.metadata
- org.springframework.security.saml2.provider.service.registration - package org.springframework.security.saml2.provider.service.registration
- org.springframework.security.saml2.provider.service.web - package org.springframework.security.saml2.provider.service.web
- org.springframework.security.saml2.provider.service.web.authentication - package org.springframework.security.saml2.provider.service.web.authentication
- org.springframework.security.saml2.provider.service.web.authentication.logout - package org.springframework.security.saml2.provider.service.web.authentication.logout
- org.springframework.security.saml2.provider.service.web.metadata - package org.springframework.security.saml2.provider.service.web.metadata
- org.springframework.security.scheduling - package org.springframework.security.scheduling
- org.springframework.security.taglibs - package org.springframework.security.taglibs
-
Security related tag libraries that can be used in JSPs and templates.
- org.springframework.security.taglibs.authz - package org.springframework.security.taglibs.authz
-
JSP Security tag library implementation.
- org.springframework.security.taglibs.csrf - package org.springframework.security.taglibs.csrf
- org.springframework.security.task - package org.springframework.security.task
- org.springframework.security.test.context - package org.springframework.security.test.context
- org.springframework.security.test.context.annotation - package org.springframework.security.test.context.annotation
- org.springframework.security.test.context.support - package org.springframework.security.test.context.support
- org.springframework.security.test.web.reactive.server - package org.springframework.security.test.web.reactive.server
- org.springframework.security.test.web.servlet.request - package org.springframework.security.test.web.servlet.request
- org.springframework.security.test.web.servlet.response - package org.springframework.security.test.web.servlet.response
- org.springframework.security.test.web.servlet.setup - package org.springframework.security.test.web.servlet.setup
- org.springframework.security.test.web.support - package org.springframework.security.test.web.support
- org.springframework.security.util - package org.springframework.security.util
-
General utility classes used throughout the Spring Security framework.
- org.springframework.security.web - package org.springframework.security.web
-
Spring Security's web security module.
- org.springframework.security.web.access - package org.springframework.security.web.access
-
Access-control related classes and packages.
- org.springframework.security.web.access.channel - package org.springframework.security.web.access.channel
-
Classes that ensure web requests are received over required transport channels.
- org.springframework.security.web.access.expression - package org.springframework.security.web.access.expression
-
Implementation of web security expressions.
- org.springframework.security.web.access.intercept - package org.springframework.security.web.access.intercept
-
Enforcement of security for HTTP requests, typically by the URL requested.
- org.springframework.security.web.authentication - package org.springframework.security.web.authentication
-
Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
- org.springframework.security.web.authentication.logout - package org.springframework.security.web.authentication.logout
-
Logout functionality based around a filter which handles a specific logout URL.
- org.springframework.security.web.authentication.ott - package org.springframework.security.web.authentication.ott
- org.springframework.security.web.authentication.password - package org.springframework.security.web.authentication.password
- org.springframework.security.web.authentication.preauth - package org.springframework.security.web.authentication.preauth
-
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.
- org.springframework.security.web.authentication.preauth.j2ee - package org.springframework.security.web.authentication.preauth.j2ee
-
Pre-authentication support for container-authenticated requests.
- org.springframework.security.web.authentication.preauth.websphere - package org.springframework.security.web.authentication.preauth.websphere
-
Websphere-specific pre-authentication classes.
- org.springframework.security.web.authentication.preauth.x509 - package org.springframework.security.web.authentication.preauth.x509
-
X.509 client certificate authentication support.
- org.springframework.security.web.authentication.rememberme - package org.springframework.security.web.authentication.rememberme
-
Support for remembering a user between different web sessions.
- org.springframework.security.web.authentication.session - package org.springframework.security.web.authentication.session
-
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
- org.springframework.security.web.authentication.switchuser - package org.springframework.security.web.authentication.switchuser
-
Provides HTTP-based "switch user" (su) capabilities.
- org.springframework.security.web.authentication.ui - package org.springframework.security.web.authentication.ui
-
Authentication user-interface rendering code.
- org.springframework.security.web.authentication.www - package org.springframework.security.web.authentication.www
-
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
- org.springframework.security.web.bind.annotation - package org.springframework.security.web.bind.annotation
- org.springframework.security.web.bind.support - package org.springframework.security.web.bind.support
- org.springframework.security.web.context - package org.springframework.security.web.context
-
Classes which are responsible for maintaining the security context between HTTP requests.
- org.springframework.security.web.context.request.async - package org.springframework.security.web.context.request.async
- org.springframework.security.web.context.support - package org.springframework.security.web.context.support
- org.springframework.security.web.csrf - package org.springframework.security.web.csrf
- org.springframework.security.web.debug - package org.springframework.security.web.debug
- org.springframework.security.web.firewall - package org.springframework.security.web.firewall
- org.springframework.security.web.header - package org.springframework.security.web.header
- org.springframework.security.web.header.writers - package org.springframework.security.web.header.writers
- org.springframework.security.web.header.writers.frameoptions - package org.springframework.security.web.header.writers.frameoptions
- org.springframework.security.web.http - package org.springframework.security.web.http
- org.springframework.security.web.jaasapi - package org.springframework.security.web.jaasapi
-
Makes a JAAS Subject available as the current Subject.
- org.springframework.security.web.jackson2 - package org.springframework.security.web.jackson2
-
Mix-in classes to provide Jackson serialization support.
- org.springframework.security.web.method.annotation - package org.springframework.security.web.method.annotation
- org.springframework.security.web.reactive.result.method.annotation - package org.springframework.security.web.reactive.result.method.annotation
- org.springframework.security.web.reactive.result.view - package org.springframework.security.web.reactive.result.view
- org.springframework.security.web.savedrequest - package org.springframework.security.web.savedrequest
-
Classes related to the caching of an
HttpServletRequest
which requires authentication. - org.springframework.security.web.server - package org.springframework.security.web.server
- org.springframework.security.web.server.authentication - package org.springframework.security.web.server.authentication
- org.springframework.security.web.server.authentication.logout - package org.springframework.security.web.server.authentication.logout
- org.springframework.security.web.server.authentication.ott - package org.springframework.security.web.server.authentication.ott
- org.springframework.security.web.server.authorization - package org.springframework.security.web.server.authorization
- org.springframework.security.web.server.context - package org.springframework.security.web.server.context
- org.springframework.security.web.server.csrf - package org.springframework.security.web.server.csrf
- org.springframework.security.web.server.firewall - package org.springframework.security.web.server.firewall
- org.springframework.security.web.server.header - package org.springframework.security.web.server.header
- org.springframework.security.web.server.jackson2 - package org.springframework.security.web.server.jackson2
- org.springframework.security.web.server.savedrequest - package org.springframework.security.web.server.savedrequest
- org.springframework.security.web.server.transport - package org.springframework.security.web.server.transport
- org.springframework.security.web.server.ui - package org.springframework.security.web.server.ui
- org.springframework.security.web.server.util.matcher - package org.springframework.security.web.server.util.matcher
- org.springframework.security.web.servlet.support.csrf - package org.springframework.security.web.servlet.support.csrf
- org.springframework.security.web.servlet.util.matcher - package org.springframework.security.web.servlet.util.matcher
- org.springframework.security.web.servletapi - package org.springframework.security.web.servletapi
-
Populates a Servlet request with a new Spring Security compliant
HttpServletRequestWrapper
. - org.springframework.security.web.session - package org.springframework.security.web.session
-
Session management filters,
HttpSession
events and publisher classes. - org.springframework.security.web.util - package org.springframework.security.web.util
-
Web utility classes.
- org.springframework.security.web.util.matcher - package org.springframework.security.web.util.matcher
- org.springframework.security.web.webauthn.api - package org.springframework.security.web.webauthn.api
- org.springframework.security.web.webauthn.authentication - package org.springframework.security.web.webauthn.authentication
- org.springframework.security.web.webauthn.jackson - package org.springframework.security.web.webauthn.jackson
- org.springframework.security.web.webauthn.management - package org.springframework.security.web.webauthn.management
- org.springframework.security.web.webauthn.registration - package org.springframework.security.web.webauthn.registration
- ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- OrMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher
-
MessageMatcher
that will return true if any of the passed inMessageMatcher
instances match. - OrMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.OrMessageMatcher
-
Creates a new instance
- OrMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.OrMessageMatcher
-
Creates a new instance
- OrRequestMatcher - Class in org.springframework.security.web.util.matcher
-
RequestMatcher
that will return true if any of the passed inRequestMatcher
instances match. - OrRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher
-
Creates a new instance
- OrRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher
-
Creates a new instance
- OrServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if any of the provided
ServerWebExchangeMatcher
match - OrServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- OrServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- OwnershipAcl - Interface in org.springframework.security.acls.model
-
A mutable ACL that provides ownership capabilities.
P
- P - Annotation Interface in org.springframework.security.access.method
-
Deprecated.use @{code org.springframework.security.core.parameters.P}
- P - Annotation Interface in org.springframework.security.core.parameters
-
An annotation that can be used along with
AnnotationParameterNameDiscoverer
to specify parameter names. - pageContext - Variable in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- ParameterRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A
RequestMatcher
for matching on a request parameter and its value. - ParameterRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ParameterRequestMatcher
- ParameterRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.ParameterRequestMatcher
- parameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Consumer
to be provided access to all the parameters allowing the ability to add, replace, or remove. - parameters(Consumer<Map<String, String>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this
Consumer
to modify the set of query parameters No parameter should be URL-encoded as this will be done when the request is sent - parameters(Consumer<Map<String, String>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this
Consumer
to modify the set of query parameters No parameter should be URL-encoded as this will be done when the response is sent, though any signature specified should be Base64-encoded - parametersQuery(Function<Map<String, String>, String>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this strategy for converting parameters into an encoded query string.
- parametersQuery(Function<Map<String, String>, String>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this strategy for converting parameters into an encoded query string.
- parentAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Allows providing a parent
AuthenticationManager
that will be tried if thisAuthenticationManager
was unable to attempt to authenticate the providedAuthentication
. - parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.DebugBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CsrfBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterChainBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser
-
Deprecated.
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HeadersBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser
-
The aim of this method is to build the list of filters which have been defined by the namespace elements and attributes within the <http> configuration, along with any custom-filter's linked to user-defined filter beans.
- parse(Element, ParserContext) - Method in class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser
-
Deprecated.
- parse(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
- parse(Element, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
- parse(Element, ParserContext) - Method in class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
- parseCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Parser cache.
- parseDate(String, DateFormat[]) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
-
Tries to parse the given date as an HTTP date.
- parseInternal(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser
-
Deprecated.
- parseRootDnFromUrl(String) - Static method in class org.springframework.security.ldap.LdapUtils
-
Works out the root DN for an LDAP URL.
- password() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- password() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- password() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
The password to be used.
- password(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the password.
- password(String) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the password.
- password(String) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the password to use.
- password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
The value of the password parameter.
- password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
-
Configures the password to use
- password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
-
Populates the user's password.
- password(String, String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
Specify both the password parameter name and the password.
- password(Consumer<OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- password(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- PASSWORD - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- PASSWORD - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
password
- used in Access Token Request. - PASSWORD_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
The name of the
attribute
in the context associated to the value for the resource owner's password. - PASSWORD_ENCODER - Static variable in class org.springframework.security.config.Elements
- PASSWORD_EXPIRED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- PASSWORD_IN_HISTORY - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- PASSWORD_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
- PASSWORD_MOD_NOT_ALLOWED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- PASSWORD_TOO_SHORT - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- PASSWORD_TOO_YOUNG - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- passwordAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
-
The attribute in the directory which contains the user password.
- passwordCompare() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
- PasswordComparisonAuthenticator - Class in org.springframework.security.ldap.authentication
-
An
LdapAuthenticator
which compares the login password with the value stored in the directory using a remote LDAP "compare" operation. - PasswordComparisonAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
- passwordEncoder(Function<String, String>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Encodes the current password (if non-null) and any future passwords supplied to
User.UserBuilder.password(String)
. - passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
-
Allows specifying the
PasswordEncoder
to use. - passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the
PasswordEncoder
to be used when authenticating with password comparison. - passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
-
Allows specifying the
PasswordEncoder
to use with theDaoAuthenticationProvider
. - PasswordEncoder - Interface in org.springframework.security.crypto.password
-
Service interface for encoding passwords.
- PasswordEncoderFactories - Class in org.springframework.security.crypto.factory
-
Used for creating
PasswordEncoder
instances - PasswordEncoderParser - Class in org.springframework.security.config.authentication
-
Stateful parser for the <password-encoder> element.
- PasswordEncoderParser(Element, ParserContext) - Constructor for class org.springframework.security.config.authentication.PasswordEncoderParser
- passwordManagement() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.passwordManagement(Customizer)
orpasswordManagement(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds support for the password management.
- passwordManagement(Customizer<ServerHttpSecurity.PasswordManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures password management.
- PasswordManagementConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds password management support.
- PasswordManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
- PasswordOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- PasswordOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
-
Deprecated.
- passwordParam(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
The HTTP parameter to place the password.
- passwordParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
-
The HTTP parameter to look for the password when performing authentication.
- PasswordPolicyAwareContextSource - Class in org.springframework.security.ldap.ppolicy
-
Extended version of the DefaultSpringSecurityContextSource which adds support for the use of
PasswordPolicyControl
to make use of user account data stored in the directory. - PasswordPolicyAwareContextSource(String) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource
- PasswordPolicyControl - Class in org.springframework.security.ldap.ppolicy
-
A Password Policy request control.
- PasswordPolicyControl() - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
-
Creates a non-critical (request) control.
- PasswordPolicyControl(boolean) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
-
Creates a (request) control.
- PasswordPolicyControlExtractor - Class in org.springframework.security.ldap.ppolicy
-
Obtains the PasswordPolicyControl from a context for use by other classes.
- PasswordPolicyControlFactory - Class in org.springframework.security.ldap.ppolicy
-
Transforms a control object to a PasswordPolicyResponseControl object, if appropriate.
- PasswordPolicyControlFactory() - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControlFactory
- PasswordPolicyData - Interface in org.springframework.security.ldap.ppolicy
- PasswordPolicyErrorStatus - Enum Class in org.springframework.security.ldap.ppolicy
-
Defines status codes for use with PasswordPolicyException, with error codes (for message source lookup) and default messages.
- PasswordPolicyException - Exception in org.springframework.security.ldap.ppolicy
-
Generic exception raised by the ppolicy package.
- PasswordPolicyException(PasswordPolicyErrorStatus) - Constructor for exception org.springframework.security.ldap.ppolicy.PasswordPolicyException
- PasswordPolicyResponseControl - Class in org.springframework.security.ldap.ppolicy
-
Represents the response control received when a PasswordPolicyControl is used when binding to a directory.
- PasswordPolicyResponseControl(byte[]) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Decodes the Ber encoded control data.
- PasswordReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- PasswordReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
-
Deprecated.
- pathMatchers(String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Maps a
List
ofPathPatternParserServerWebExchangeMatcher
instances that do not care whichHttpMethod
is used. - pathMatchers(String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that matches on any of the provided patterns.
- pathMatchers(HttpMethod) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Maps a
List
ofPathPatternParserServerWebExchangeMatcher
instances. - pathMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Maps a
List
ofPathPatternParserServerWebExchangeMatcher
instances. - pathMatchers(HttpMethod, String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that matches on the specific method and any of the provided patterns.
- pathMatchers(HttpMethod, PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that matches on the specific method and any of the provided
PathPattern
s. - pathMatchers(PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Creates a matcher that matches on any of the provided
PathPattern
s. - PathPatternParserServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if the
PathPattern
matches the path within the application. - PathPatternParserServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PathPatternParserServerWebExchangeMatcher(String, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PathPatternParserServerWebExchangeMatcher(PathPattern) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- PathPatternParserServerWebExchangeMatcher(PathPattern, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- pattern(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
-
Creates an
MvcRequestMatcher
that uses the provided pattern to match - pattern(HttpMethod, String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
-
Creates an
MvcRequestMatcher
that uses the provided pattern and HTTP method to match - PAYLOAD - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
A Payload exchange.
- PayloadExchange - Interface in org.springframework.security.rsocket.api
-
Contract for a Payload interaction.
- PayloadExchangeAuthenticationConverter - Interface in org.springframework.security.rsocket.authentication
-
Converts from a
PayloadExchange
to anAuthentication
- PayloadExchangeAuthorizationContext - Class in org.springframework.security.rsocket.util.matcher
- PayloadExchangeAuthorizationContext(PayloadExchange) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
- PayloadExchangeAuthorizationContext(PayloadExchange, Map<String, Object>) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
- PayloadExchangeMatcher - Interface in org.springframework.security.rsocket.util.matcher
-
An interface for determining if a
PayloadExchangeMatcher
matches. - PayloadExchangeMatcher.MatchResult - Class in org.springframework.security.rsocket.util.matcher
-
The result of matching
- PayloadExchangeMatcherEntry<T> - Class in org.springframework.security.rsocket.util.matcher
- PayloadExchangeMatcherEntry(PayloadExchangeMatcher, T) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry
- PayloadExchangeMatcherReactiveAuthorizationManager - Class in org.springframework.security.rsocket.authorization
-
Maps a @{code List} of
PayloadExchangeMatcher
instances to - PayloadExchangeMatcherReactiveAuthorizationManager.Builder - Class in org.springframework.security.rsocket.authorization
- PayloadExchangeMatchers - Class in org.springframework.security.rsocket.util.matcher
- PayloadExchangeType - Enum Class in org.springframework.security.rsocket.api
-
The
PayloadExchange
type - PayloadInterceptor - Interface in org.springframework.security.rsocket.api
-
Contract for interception-style, chained processing of Payloads that may be used to implement cross-cutting, application-agnostic requirements such as security, timeouts, and others.
- PayloadInterceptorChain - Interface in org.springframework.security.rsocket.api
-
Contract to allow a
PayloadInterceptor
to delegate to the next in the chain. - PayloadInterceptorOrder - Enum Class in org.springframework.security.config.annotation.rsocket
-
The standard order for
PayloadInterceptor
to be sorted. - PayloadSocketAcceptorInterceptor - Class in org.springframework.security.rsocket.core
-
A
SocketAcceptorInterceptor
that applies thePayloadInterceptor
s - PayloadSocketAcceptorInterceptor(List<PayloadInterceptor>) - Constructor for class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
- Pbkdf2PasswordEncoder - Class in org.springframework.security.crypto.password
-
A
PasswordEncoder
implementation that uses PBKDF2 with : a configurable random salt value length (default is 16 bytes) a configurable number of iterations (default is 310000) a configurable key derivation function (seePbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
) a configurable secret appended to the random salt (default is empty) The algorithm is invoked on the concatenated bytes of the salt, secret and password. - Pbkdf2PasswordEncoder(CharSequence, int, int, int) - Constructor for class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-
Deprecated.
- Pbkdf2PasswordEncoder(CharSequence, int, int, Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) - Constructor for class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-
Constructs a PBKDF2 password encoder with a secret value as well as salt length, iterations and algorithm.
- Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm - Enum Class in org.springframework.security.crypto.password
-
The Algorithm used for creating the
SecretKeyFactory
- PBKDF2WithHmacSHA1 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
- PBKDF2WithHmacSHA256 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
- PBKDF2WithHmacSHA512 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
- performBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Subclasses must implement this method to build the object that is being returned.
- performBuild() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
- performBuild() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- performBuild() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
- Permission - Interface in org.springframework.security.acls.model
-
Represents a permission granted to a Sid for a given domain object.
- PermissionCacheOptimizer - Interface in org.springframework.security.access
-
Allows permissions to be pre-cached when using pre or post filtering with expressions
- PermissionEvaluator - Interface in org.springframework.security.access
-
Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object.
- PermissionFactory - Interface in org.springframework.security.acls.domain
-
Provides a simple mechanism to retrieve
Permission
instances from integer masks. - PermissionGrantingStrategy - Interface in org.springframework.security.acls.model
-
Allow customization of the logic for determining whether a permission or permissions are granted to a particular sid or sids by an
Acl
. - PERMISSIONS_POLICY - Static variable in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
- permissionsPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.permissionsPolicyHeader(Customizer)
orpermissionsPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - permissionsPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer)
instead. - permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.permissionsPolicyHeader(Customizer)
instead - permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures
Permissions-Policy
response header. - permissionsPolicyHeader(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Permissions Policy.
- PermissionsPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Permisisons Policy.
- PermissionsPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
-
Create a new instance of
PermissionsPolicyHeaderWriter
. - PermissionsPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
-
Create a new instance of
PermissionsPolicyHeaderWriter
with supplied security policy. - PermissionsPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Permissions-Policy
response header with configured policy directives. - PermissionsPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
- PERMIT_ALL_ATTRIBUTE - Static variable in class org.springframework.security.access.annotation.Jsr250SecurityConfig
-
Deprecated.
- permitAll - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
-
Allows "permitAll" expression
- permitAll() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
-
Always grants access.
- permitAll() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- permitAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Equivalent of invoking permitAll(true)
- permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by anyone.
- permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by anyone.
- permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
A shortcut for
LogoutConfigurer.permitAll(boolean)
withtrue
as an argument. - permitAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by anyone.
- permitAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Allow access for anyone
- permitAll() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by anyone.
- permitAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specify that URLs are allowed by anyone.
- permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Ensures the urls for
AbstractAuthenticationFilterConfigurer.failureUrl(String)
as well as for theHttpSecurityBuilder
, theAbstractAuthenticationFilterConfigurer.getLoginPage()
andAbstractAuthenticationFilterConfigurer.getLoginProcessingUrl()
are granted access to any user. - permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Grants access to the
LogoutConfigurer.logoutSuccessUrl(String)
and theLogoutConfigurer.logoutUrl(String)
for every user. - PersistentRememberMeToken - Class in org.springframework.security.web.authentication.rememberme
- PersistentRememberMeToken(String, String, String, Date) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
- PersistentTokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
RememberMeServices
implementation based on Barry Jaspan's Improved Persistent Login Cookie Best Practice. - PersistentTokenBasedRememberMeServices(String, UserDetailsService, PersistentTokenRepository) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- PersistentTokenRepository - Interface in org.springframework.security.web.authentication.rememberme
-
The abstraction used by
PersistentTokenBasedRememberMeServices
to store the persistent login tokens for a user. - Person - Class in org.springframework.security.ldap.userdetails
-
UserDetails implementation whose properties are based on the LDAP schema for Person.
- Person() - Constructor for class org.springframework.security.ldap.userdetails.Person
- PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- Person.Essence - Class in org.springframework.security.ldap.userdetails
- PersonContextMapper - Class in org.springframework.security.ldap.userdetails
- PersonContextMapper() - Constructor for class org.springframework.security.ldap.userdetails.PersonContextMapper
- PHONE - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
-
The
phone
scope requests access to thephone_number
andphone_number_verified
claims. - PHONE_NUMBER - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
phone_number
- the user's preferred phone number - PHONE_NUMBER_VERIFIED - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
phone_number_verified
-true
if the user's phone number has been verified, otherwisefalse
- phoneNumber(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this phone number in the resulting
OidcUserInfo
- phoneNumberVerified(Boolean) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this verified-phone-number indicator in the resulting
OidcUserInfo
- picture(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this picture in the resulting
OidcUserInfo
- PICTURE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
picture
- the URL of the user's profile picture - PkceParameterNames - Class in org.springframework.security.oauth2.core.endpoint
-
Standard parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint and token endpoint.
- pkcs8() - Static method in class org.springframework.security.converter.RsaKeyConverters
-
Construct a
Converter
for converting a PEM-encoded PKCS#8 RSA Private Key into aRSAPrivateKey
. - PLATFORM - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment
-
Indicates platform attachment.
- policy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig
-
Sets the policy to be used in the response header.
- policy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
-
Sets the policy to be used in the response header.
- policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
-
Sets the policy to be used in the
Cross-Origin-Embedder-Policy
header - policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
-
Sets the policy to be used in the
Cross-Origin-Opener-Policy
header - policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
-
Sets the policy to be used in the
Cross-Origin-Resource-Policy
header - policy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
-
Sets the policy to be used in the response header.
- policy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec
-
Sets the value to be used in the `Cross-Origin-Embedder-Policy` header
- policy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec
-
Sets the value to be used in the `Cross-Origin-Opener-Policy` header
- policy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec
-
Sets the value to be used in the `Cross-Origin-Resource-Policy` header
- policy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
-
Sets the policy to be used in the response header.
- policyDirectives(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
-
Sets the security policy directive(s) to be used in the response header.
- policyDirectives(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
-
Sets the security policy directive(s) to be used in the response header.
- populateContext(DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
- populateContext(DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.Person
- port(int) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
- PORT_MAPPING - Static variable in class org.springframework.security.config.Elements
- PORT_MAPPINGS - Static variable in class org.springframework.security.config.Elements
- portMapper() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.portMapper(Customizer)
orportMapper(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - portMapper(Customizer<PortMapperConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring a
PortMapper
that is available fromAbstractConfiguredSecurityBuilder.getSharedObject(Class)
. - portMapper(PortMapper) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
-
Allows specifying the
PortMapper
instance. - portMapper(PortMapper) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
-
Configures a custom HTTPS port to redirect to
- PortMapper - Interface in org.springframework.security.web
-
PortMapper
implementations provide callers with information about which HTTP ports are associated with which HTTPS ports on the system, and vice versa. - PortMapperConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Allows configuring a shared
PortMapper
instance used to determine the ports when redirecting between HTTP and HTTPS. - PortMapperConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
-
Creates a new instance
- PortMapperConfigurer.HttpPortMapping - Class in org.springframework.security.config.annotation.web.configurers
-
Allows specifying the HTTPS port for a given HTTP port when redirecting between HTTP and HTTPS.
- PortMapperImpl - Class in org.springframework.security.web
-
Concrete implementation of
PortMapper
that obtains HTTP:HTTPS pairs from the application context. - PortMapperImpl() - Constructor for class org.springframework.security.web.PortMapperImpl
- PortResolver - Interface in org.springframework.security.web
-
A
PortResolver
determines the port a web request was received on. - PortResolverImpl - Class in org.springframework.security.web
-
Concrete implementation of
PortResolver
that obtains the port from ServletRequest.getServerPort(). - PortResolverImpl() - Constructor for class org.springframework.security.web.PortResolverImpl
- POST - Enum constant in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
- POST_AUTHORIZE - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- POST_FILTER - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- POST_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
- postalCode(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the zip code or postal code.
- postAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Creates an interceptor for the
PostAuthorize
annotation - postAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
-
Creates an instance for the
PostAuthorize
annotation. - postAuthorize(AuthorizationManager<MethodInvocationResult>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Creates an interceptor for the
PostAuthorize
annotation - postAuthorize(PostAuthorizeAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Creates an interceptor for the
PostAuthorize
annotation - postAuthorize(ReactiveAuthorizationManager<MethodInvocationResult>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
-
Creates an instance for the
PostAuthorize
annotation. - PostAuthorize - Annotation Interface in org.springframework.security.access.prepost
-
Annotation for specifying a method access-control expression which will be evaluated after a method has been invoked.
- PostAuthorizeAuthorizationManager - Class in org.springframework.security.authorization.method
-
An
AuthorizationManager
which can determine if anAuthentication
may return the result from an invokedMethodInvocation
by evaluating an expression from thePostAuthorize
annotation. - PostAuthorizeAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
- PostAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
- PostAuthorizeReactiveAuthorizationManager - Class in org.springframework.security.authorization.method
-
A
ReactiveAuthorizationManager
which can determine if anAuthentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation. - PostAuthorizeReactiveAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- PostAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- postBuildAction(Runnable) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Executes the Runnable immediately after the build takes place
- PostFilter - Annotation Interface in org.springframework.security.access.prepost
-
Annotation for specifying a method filtering expression which will be evaluated after a method has been invoked.
- PostFilterAuthorizationMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which filters areturnedObject
from theMethodInvocation
by evaluating an expression from thePostFilter
annotation. - PostFilterAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
-
Creates a
PostFilterAuthorizationMethodInterceptor
using the provided parameters - PostFilterAuthorizationReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which filters the returned object from theMethodInvocation
by evaluating an expression from thePostFilter
annotation. - PostFilterAuthorizationReactiveMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
-
Creates an instance.
- PostFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
-
Creates an instance.
- PostInvocationAdviceProvider - Class in org.springframework.security.access.prepost
-
Deprecated.Use
AuthorizationManagerAfterMethodInterceptor
instead - PostInvocationAdviceProvider(PostInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PostInvocationAdviceProvider
-
Deprecated.
- PostInvocationAttribute - Interface in org.springframework.security.access.prepost
-
Deprecated.Use
AuthorizationManagerAfterMethodInterceptor
instead - PostInvocationAuthorizationAdvice - Interface in org.springframework.security.access.prepost
-
Deprecated.Use
AuthorizationManagerAfterMethodInterceptor
instead - postProcess(O) - Method in interface org.springframework.security.config.annotation.ObjectPostProcessor
-
Deprecated.Initialize the object possibly returning a modified instance that should be used instead.
- postProcess(O) - Method in interface org.springframework.security.config.ObjectPostProcessor
-
Initialize the object possibly returning a modified instance that should be used instead.
- postProcess(NativeWebRequest, Callable<T>, Object) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- postProcess(P) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Performs post processing of an object.
- postProcess(T) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Performs post processing of an object.
- postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
- postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
- postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
- postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
- postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
- postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
- postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
- postReceive(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- postReceive(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
- postSend(Message<?>, MessageChannel, boolean) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- PRAGMA_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for pragma value
- PRE_AUTHORIZE - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- PRE_FILTER - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- PRE_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
- PreAuthenticatedAuthenticationProvider - Class in org.springframework.security.web.authentication.preauth
-
Processes a pre-authenticated authentication request.
- PreAuthenticatedAuthenticationProvider() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
- PreAuthenticatedAuthenticationToken - Class in org.springframework.security.web.authentication.preauth
-
Authentication
implementation for pre-authenticated authentication. - PreAuthenticatedAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Constructor used for an authentication request.
- PreAuthenticatedAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
-
Constructor used for an authentication response.
- PreAuthenticatedCredentialsNotFoundException - Exception in org.springframework.security.web.authentication.preauth
- PreAuthenticatedCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
- PreAuthenticatedCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
- PreAuthenticatedGrantedAuthoritiesUserDetailsService - Class in org.springframework.security.web.authentication.preauth
-
This AuthenticationUserDetailsService implementation creates a UserDetails object based solely on the information contained in the given PreAuthenticatedAuthenticationToken.
- PreAuthenticatedGrantedAuthoritiesUserDetailsService() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
- PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails - Class in org.springframework.security.web.authentication.preauth
-
This WebAuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities.
- PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
- preAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the
PreAuthorize
annotation - preAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
-
Creates an instance for the
PreAuthorize
annotation. - preAuthorize(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the
PreAuthorize
annotation - preAuthorize(PreAuthorizeAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the
PreAuthorize
annotation - preAuthorize(ReactiveAuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
-
Creates an instance for the
PreAuthorize
annotation. - PreAuthorize - Annotation Interface in org.springframework.security.access.prepost
-
Annotation for specifying a method access-control expression which will be evaluated to decide whether a method invocation is allowed or not.
- PreAuthorizeAuthorizationManager - Class in org.springframework.security.authorization.method
-
An
AuthorizationManager
which can determine if anAuthentication
may invoke theMethodInvocation
by evaluating an expression from thePreAuthorize
annotation. - PreAuthorizeAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
- PreAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
- PreAuthorizeReactiveAuthorizationManager - Class in org.springframework.security.authorization.method
-
A
ReactiveAuthorizationManager
which can determine if anAuthentication
has access to theMethodInvocation
by evaluating an expression from thePreAuthorize
annotation. - PreAuthorizeReactiveAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
- PreAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
- preCommence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
Template method for you to do your own pre-processing before the redirect occurs.
- PREFERRED - Static variable in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement
-
The preferred requirement indicates that the Relying Party strongly prefers creating a client-side discoverable credential, but will accept a server-side credential.
- PREFERRED - Static variable in class org.springframework.security.web.webauthn.api.UserVerificationRequirement
-
The preferred value indicates that the Relying Party prefers user verification for the operation if possible, but will not fail the operation if the response does not have the UV flag set.
- PREFERRED_USERNAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
preferred_username
- the preferred username that the user wishes to be referred to - preferredUsername(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this preferred username in the resulting
OidcUserInfo
- prefersShortLivedTasks() - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
- PreFilter - Annotation Interface in org.springframework.security.access.prepost
-
Annotation for specifying a method filtering expression which will be evaluated before a method has been invoked.
- PreFilterAuthorizationMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which filters a method argument by evaluating an expression from thePreFilter
annotation. - PreFilterAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
-
Creates a
PreFilterAuthorizationMethodInterceptor
using the provided parameters - PreFilterAuthorizationReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which filters a reactive method argument by evaluating an expression from thePreFilter
annotation. - PreFilterAuthorizationReactiveMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
- PreFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
-
Creates an instance.
- PreInvocationAttribute - Interface in org.springframework.security.access.prepost
-
Deprecated.Use
AuthorizationManagerBeforeMethodInterceptor
instead - preInvocationAuthorizationAdvice() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Creates the
PreInvocationAuthorizationAdvice
to be used. - PreInvocationAuthorizationAdvice - Interface in org.springframework.security.access.prepost
-
Deprecated.Use
AuthorizationManagerBeforeMethodInterceptor
instead - PreInvocationAuthorizationAdviceVoter - Class in org.springframework.security.access.prepost
-
Deprecated.Use
AuthorizationManagerBeforeMethodInterceptor
instead - PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
-
Deprecated.
- preload(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
If true, preload will be included in HSTS Header.
- preload(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
-
Configures if preload should be included.
- prepareTestInstance(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- PrePostAdviceReactiveMethodInterceptor - Class in org.springframework.security.access.prepost
- PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource, PreInvocationAuthorizationAdvice, PostInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor
-
Deprecated.Creates a new instance
- PrePostAnnotationSecurityMetadataSource - Class in org.springframework.security.access.prepost
-
Deprecated.Use
PreAuthorizeAuthorizationManager
andPostAuthorizeAuthorizationManager
instead - PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory) - Constructor for class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
-
Deprecated.
- PrePostAuthorizeExpressionBeanHintsRegistrar - Class in org.springframework.security.aot.hint
-
A
SecurityHintsRegistrar
that scans all provided classes for methods that usePreAuthorize
orPostAuthorize
and registers hints for the beans used within the security expressions. - PrePostAuthorizeExpressionBeanHintsRegistrar(Class<?>...) - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar
- PrePostAuthorizeExpressionBeanHintsRegistrar(List<Class<?>>) - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar
- PrePostAuthorizeHintsRegistrar - Class in org.springframework.security.aot.hint
-
A
SecurityHintsRegistrar
that scans all beans for methods that usePreAuthorize
orPostAuthorize
and registers appropriate hints for the annotations. - PrePostAuthorizeHintsRegistrar() - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeHintsRegistrar
- prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
-
Deprecated.Determines if Spring Security's pre post annotations should be enabled.
- prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
-
Determines if Spring Security's
PreAuthorize
,PostAuthorize
,PreFilter
, andPostFilter
annotations should be enabled. - PrePostInvocationAttributeFactory - Interface in org.springframework.security.access.prepost
-
Deprecated.Use delegation with
AuthorizationManager
- PrePostTemplateDefaults - Class in org.springframework.security.authorization.method
-
Deprecated.Please use
AnnotationTemplateExpressionDefaults
instead - PrePostTemplateDefaults() - Constructor for class org.springframework.security.authorization.method.PrePostTemplateDefaults
-
Deprecated.
- preProcess(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- preReceive(MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
- preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
- preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor
- preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.web.csrf.XorCsrfChannelInterceptor
- PreventLoginServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication
-
Returns a
Mono
that terminates withSessionAuthenticationException
when the maximum number of sessions for a user has been reached. - PreventLoginServerMaximumSessionsExceededHandler() - Constructor for class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler
- principal(Object) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the principal for
Authentication
objects of anonymous users - principal(Object) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the principal for
Authentication
objects of anonymous users - principal(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Sets the name of the
Principal
(to be) associated to the authorized client. - principal(String) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver
- principal(Authentication) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Sets the
Principal
(to be) associated to the authorized client. - principal(Authentication) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Sets the
Principal
(to be) associated to the authorized client. - principal(Authentication) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver
- principal(OAuth2AuthenticatedPrincipal) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Use the provided principal
- principal(OAuth2AuthenticatedPrincipal) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Use the provided principal
- principalChanged(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Determines if the current principal has changed.
- principalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
- principalName(String) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this as the resource owner's principal name
- principalName(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this as the resource owner's principal name
- PrincipalSid - Class in org.springframework.security.acls.domain
-
Represents an
Authentication.getPrincipal()
as aSid
. - PrincipalSid(String) - Constructor for class org.springframework.security.acls.domain.PrincipalSid
- PrincipalSid(Authentication) - Constructor for class org.springframework.security.acls.domain.PrincipalSid
- printBinary(int) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
-
Returns a representation of the active bits in the presented mask, with each active bit being denoted by character '*'.
- printBinary(int, char) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
-
Returns a representation of the active bits in the presented mask, with each active bit being denoted by the passed character.
- PRIVATE_KEY_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- privilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
-
Creates the
WebInvocationPrivilegeEvaluator
that is necessary to evaluate privileges for a given web URI - privilegeEvaluator(WebInvocationPrivilegeEvaluator) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Set the
WebInvocationPrivilegeEvaluator
to be used. - proceed() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
-
Deprecated.
- proceed() - Method in class org.springframework.security.util.SimpleMethodInvocation
- proceedWithObject() - Method in interface org.springframework.security.access.intercept.aspectj.AspectJCallback
-
Deprecated.
- processAction(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processAction(HttpServletRequest, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processAction(ServerWebExchange, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Called from autoLogin to process the submitted persistent login cookie.
- processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
-
Locates the presented cookie data in the token repository, using the series id.
- processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- processConfigAttribute - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- processDomainObjectClass - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- processFormFieldValue(HttpServletRequest, String, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processFormFieldValue(ServerWebExchange, String, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- processUrl(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
- processUrl(ServerWebExchange, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
- profile(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this profile in the resulting
OidcUserInfo
- PROFILE - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
-
The
profile
scope requests access to the default profile claims, which are:name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at
. - PROFILE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
profile
- the URL of the user's profile page - PROTECT - Static variable in class org.springframework.security.config.Elements
- PROTECT_POINTCUT - Static variable in class org.springframework.security.config.Elements
- provider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures an
OAuth2AuthorizedClientProvider
to be composed with theDelegatingOAuth2AuthorizedClientProvider
. - provider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures a
ReactiveOAuth2AuthorizedClientProvider
to be composed with theDelegatingReactiveOAuth2AuthorizedClientProvider
. - providerConfigurationMetadata(Map<String, Object>) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the metadata describing the provider's configuration.
- ProviderManager - Class in org.springframework.security.authentication
-
Iterates an
Authentication
request through a list ofAuthenticationProvider
s. - ProviderManager(List<AuthenticationProvider>) - Constructor for class org.springframework.security.authentication.ProviderManager
-
Construct a
ProviderManager
using the givenAuthenticationProvider
s - ProviderManager(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.authentication.ProviderManager
-
Construct a
ProviderManager
using the provided parameters - ProviderManager(AuthenticationProvider...) - Constructor for class org.springframework.security.authentication.ProviderManager
-
Construct a
ProviderManager
using the givenAuthenticationProvider
s - ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> - Interface in org.springframework.security.config.annotation.authentication
-
Interface for operating on a SecurityBuilder that creates a
ProviderManager
- ProviderNotFoundException - Exception in org.springframework.security.authentication
-
Thrown by
ProviderManager
if noAuthenticationProvider
could be found that supports the presentedAuthentication
object. - ProviderNotFoundException(String) - Constructor for exception org.springframework.security.authentication.ProviderNotFoundException
-
Constructs a
ProviderNotFoundException
with the specified message. - proxy(Object) - Method in interface org.springframework.security.authorization.AuthorizationProxyFactory
-
Wrap the given
object
in authorization-related advice. - proxy(Object) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Proxy an object to enforce authorization advice.
- proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
-
Deprecated.Indicate whether subclass-based (CGLIB) proxies are to be created (
true
) as opposed to standard Java interface-based proxies (false
). - proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
-
Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
- proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
-
Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
- PS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)
- PS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)
- PS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)
- PS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)
- PS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)
- PS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)
- pubKeyCredParams(List<PublicKeyCredentialParameters>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getPubKeyCredParams()
property. - pubKeyCredParams(PublicKeyCredentialParameters...) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getPubKeyCredParams()
property. - PUBLIC_KEY - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialType
-
The only credential type that currently exists.
- PublicInvocationEvent - Class in org.springframework.security.access.event
-
Deprecated.Only used by now-deprecated classes. Consider
EventObject.getSource()
to deduce public invocations. - PublicInvocationEvent(Object) - Constructor for class org.springframework.security.access.event.PublicInvocationEvent
-
Deprecated.Construct the event, passing in the public secure object.
- publicKey(RSAPublicKey) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
-
Configures a
ReactiveJwtDecoder
that leverages the providedRSAPublicKey
- publicKey(PublicKeyCose) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- PublicKeyCose - Interface in org.springframework.security.web.webauthn.api
- PublicKeyCredential<R extends AuthenticatorResponse> - Class in org.springframework.security.web.webauthn.api
-
PublicKeyCredential contains the attributes that are returned to the caller when a new credential is created, or a new assertion is requested.
- PublicKeyCredential.PublicKeyCredentialBuilder<R extends AuthenticatorResponse> - Class in org.springframework.security.web.webauthn.api
- PublicKeyCredentialCreationOptions - Class in org.springframework.security.web.webauthn.api
-
Represents the PublicKeyCredentialCreationOptions which is an argument to creating a new credential.
- PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder - Class in org.springframework.security.web.webauthn.api
-
Used to build
PublicKeyCredentialCreationOptions
. - PublicKeyCredentialCreationOptionsFilter - Class in org.springframework.security.web.webauthn.registration
- PublicKeyCredentialCreationOptionsFilter(WebAuthnRelyingPartyOperations) - Constructor for class org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsFilter
-
Creates a new instance.
- PublicKeyCredentialCreationOptionsRepository - Interface in org.springframework.security.web.webauthn.registration
-
Saves
PublicKeyCredentialCreationOptions
between a request to generate an assertion and the validation of the assertion. - PublicKeyCredentialCreationOptionsRequest - Interface in org.springframework.security.web.webauthn.management
-
A request to create a new
PublicKeyCredentialCreationOptions
. - PublicKeyCredentialDescriptor - Class in org.springframework.security.web.webauthn.api
-
PublicKeyCredentialDescriptor identifies a specific public key credential.
- PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder - Class in org.springframework.security.web.webauthn.api
-
Used to create
PublicKeyCredentialDescriptor
- PublicKeyCredentialParameters - Class in org.springframework.security.web.webauthn.api
-
The PublicKeyCredentialParameters is used to supply additional parameters when creating a new credential.
- PublicKeyCredentialRequestOptions - Class in org.springframework.security.web.webauthn.api
-
PublicKeyCredentialRequestOptions contains the information to create an assertion used for authentication.
- PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder - Class in org.springframework.security.web.webauthn.api
-
Used to build a
PublicKeyCredentialCreationOptions
. - PublicKeyCredentialRequestOptionsFilter - Class in org.springframework.security.web.webauthn.authentication
- PublicKeyCredentialRequestOptionsFilter(WebAuthnRelyingPartyOperations) - Constructor for class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter
-
Creates a new instance with the provided
WebAuthnRelyingPartyOperations
. - PublicKeyCredentialRequestOptionsRepository - Interface in org.springframework.security.web.webauthn.authentication
-
Saves
PublicKeyCredentialRequestOptions
between a request to generate an assertion and the validation of the assertion. - PublicKeyCredentialRequestOptionsRequest - Interface in org.springframework.security.web.webauthn.management
- PublicKeyCredentialRpEntity - Class in org.springframework.security.web.webauthn.api
-
The PublicKeyCredentialRpEntity dictionary is used to supply additional Relying Party attributes when creating a new credential.
- PublicKeyCredentialRpEntity.PublicKeyCredentialRpEntityBuilder - Class in org.springframework.security.web.webauthn.api
-
Used to create a
PublicKeyCredentialRpEntity
. - PublicKeyCredentialType - Class in org.springframework.security.web.webauthn.api
-
The PublicKeyCredentialType defines the credential types.
- PublicKeyCredentialUserEntity - Interface in org.springframework.security.web.webauthn.api
-
PublicKeyCredentialUserEntity is used to supply additional user account attributes when creating a new credential.
- PublicKeyCredentialUserEntityRepository - Interface in org.springframework.security.web.webauthn.management
-
A repository for managing
PublicKeyCredentialUserEntity
instances. - publishAuthenticationFailure(AuthenticationException, Authentication) - Method in interface org.springframework.security.authentication.AuthenticationEventPublisher
- publishAuthenticationFailure(AuthenticationException, Authentication) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
- publishAuthenticationSuccess(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationEventPublisher
- publishAuthenticationSuccess(Authentication) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
- publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationDecision) - Method in interface org.springframework.security.authorization.AuthorizationEventPublisher
-
Deprecated.
- publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationDecision) - Method in class org.springframework.security.authorization.SpringAuthorizationEventPublisher
-
Publish the given details in the form of an event, typically
AuthorizationGrantedEvent
orAuthorizationDeniedEvent
. - publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationResult) - Method in interface org.springframework.security.authorization.AuthorizationEventPublisher
-
Publish the given details in the form of an event, typically
AuthorizationGrantedEvent
orAuthorizationDeniedEvent
. - publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationResult) - Method in class org.springframework.security.authorization.SpringAuthorizationEventPublisher
- publishEvent(Object) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
- publishEvent(ApplicationEvent) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
- publishFailureEvent(UsernamePasswordAuthenticationToken, AuthenticationException) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Publishes the
JaasAuthenticationFailedEvent
. - publishFailureEvent(UsernamePasswordAuthenticationToken, AuthenticationException) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
-
Publishes the
JaasAuthenticationFailedEvent
. - publishSuccessEvent(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Publishes the
JaasAuthenticationSuccessEvent
. - putInCache(MutableAcl) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- putInCache(MutableAcl) - Method in interface org.springframework.security.acls.model.AclCache
- putTicketInCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
-
This is a no-op since we are not storing tickets.
- putTicketInCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
- putTicketInCache(CasAuthenticationToken) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
-
Adds the specified
CasAuthenticationToken
to the cache. - putUserInCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache
- putUserInCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
- putUserInCache(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserCache
-
Places a
UserDetails
in the cache.
Q
- QUERY - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod
R
- R2dbcReactiveOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
-
A R2DBC implementation of
ReactiveOAuth2AuthorizedClientService
that uses aDatabaseClient
forOAuth2AuthorizedClient
persistence. - R2dbcReactiveOAuth2AuthorizedClientService(DatabaseClient, ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
-
Constructs a
R2dbcReactiveOAuth2AuthorizedClientService
using the provided parameters. - R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder - Class in org.springframework.security.oauth2.client
-
A holder for
OAuth2AuthorizedClient
data and End-UserAuthentication
(Resource Owner). - R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper - Class in org.springframework.security.oauth2.client
-
The default
Function
that mapsR2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
to aMap
ofString
andParameter
. - R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper - Class in org.springframework.security.oauth2.client
-
The default
BiFunction
that maps the currentio.r2dbc.spi.Row
to aR2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
. - random() - Static method in class org.springframework.security.web.webauthn.api.Bytes
-
Creates a secure random
Bytes
with random bytes and sufficient entropy. - rawId(Bytes) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Sets the
PublicKeyCredential.getRawId()
property. - ReactiveAuthenticationManager - Interface in org.springframework.security.authentication
-
Determines if the provided
Authentication
can be authenticated. - ReactiveAuthenticationManagerAdapter - Class in org.springframework.security.authentication
-
Adapts an AuthenticationManager to the reactive APIs.
- ReactiveAuthenticationManagerAdapter(AuthenticationManager) - Constructor for class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
- ReactiveAuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication
-
An interface for resolving a
ReactiveAuthenticationManager
based on the provided context - ReactiveAuthorizationManager<T> - Interface in org.springframework.security.authorization
-
A reactive authorization manager which can determine if an
Authentication
has access to a specific object. - ReactiveClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration
-
A reactive repository for OAuth 2.0 / OpenID Connect 1.0
ClientRegistration
(s). - ReactiveCompromisedPasswordChecker - Interface in org.springframework.security.authentication.password
-
A Reactive API for checking if a password has been compromised.
- ReactiveJwtAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication
-
Reactive version of
JwtAuthenticationConverter
for converting aJwt
to aMono<AbstractAuthenticationToken>
. - ReactiveJwtAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
- ReactiveJwtAuthenticationConverterAdapter - Class in org.springframework.security.oauth2.server.resource.authentication
-
A reactive
Converter
for adapting a non-blocking imperativeConverter
- ReactiveJwtAuthenticationConverterAdapter(Converter<Jwt, AbstractAuthenticationToken>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
- ReactiveJwtDecoder - Interface in org.springframework.security.oauth2.jwt
-
Implementations of this interface are responsible for "decoding" a JSON Web Token (JWT) from it's compact claims representation format to a
Jwt
. - ReactiveJwtDecoderFactory<C> - Interface in org.springframework.security.oauth2.jwt
-
A factory for
ReactiveJwtDecoder
(s). - ReactiveJwtDecoders - Class in org.springframework.security.oauth2.jwt
-
Allows creating a
ReactiveJwtDecoder
from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked. - ReactiveJwtGrantedAuthoritiesConverterAdapter - Class in org.springframework.security.oauth2.server.resource.authentication
-
Adapts a
Converter<Jwt, Collection<GrantedAuthority>>
to aConverter<Jwt, Flux<GrantedAuthority>>
. - ReactiveJwtGrantedAuthoritiesConverterAdapter(Converter<Jwt, Collection<GrantedAuthority>>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter
- ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Interface in org.springframework.security.oauth2.client.endpoint
-
A reactive strategy for "exchanging" an authorization grant credential (e.g.
- ReactiveOAuth2AuthorizationFailureHandler - Interface in org.springframework.security.oauth2.client
-
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the authorization server or resource server.
- ReactiveOAuth2AuthorizationSuccessHandler - Interface in org.springframework.security.oauth2.client
-
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.
- ReactiveOAuth2AuthorizedClientManager - Interface in org.springframework.security.oauth2.client
-
Implementations of this interface are responsible for the overall management of
Authorized Client(s)
. - ReactiveOAuth2AuthorizedClientProvider - Interface in org.springframework.security.oauth2.client
-
A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
- ReactiveOAuth2AuthorizedClientProviderBuilder - Class in org.springframework.security.oauth2.client
-
A builder that builds a
DelegatingReactiveOAuth2AuthorizedClientProvider
composed of one or moreReactiveOAuth2AuthorizedClientProvider
(s) that implement specific authorization grants. - ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
authorization_code
grant. - ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
client_credentials
grant. - ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
password
grant. - ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder - Class in org.springframework.security.oauth2.client
-
A builder for the
refresh_token
grant. - ReactiveOAuth2AuthorizedClientService - Interface in org.springframework.security.oauth2.client
-
Implementations of this interface are responsible for the management of
Authorized Client(s)
, which provide the purpose of associating anAccess Token
credential to aClient
and Resource Owner, who is thePrincipal
that originally granted the authorization. - ReactiveOAuth2UserService<R extends OAuth2UserRequest,
U extends OAuth2User> - Interface in org.springframework.security.oauth2.client.userinfo -
Implementations of this interface are responsible for obtaining the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using the
Access Token
granted to theClient
and returning anAuthenticatedPrincipal
in the form of anOAuth2User
. - ReactiveOidcIdTokenDecoderFactory - Class in org.springframework.security.oauth2.client.oidc.authentication
- ReactiveOidcIdTokenDecoderFactory() - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
- ReactiveOidcSessionRegistry - Interface in org.springframework.security.oauth2.client.oidc.server.session
-
A registry to record the tie between the OIDC Provider session and the Client session.
- ReactiveOneTimeTokenService - Interface in org.springframework.security.authentication.ott.reactive
-
Reactive interface for generating and consuming one-time tokens.
- ReactiveOpaqueTokenAuthenticationConverter - Interface in org.springframework.security.oauth2.server.resource.introspection
-
Convert a successful introspection result into an authentication result.
- ReactiveOpaqueTokenIntrospector - Interface in org.springframework.security.oauth2.server.resource.introspection
-
A contract for introspecting and verifying an OAuth 2.0 token.
- ReactivePreAuthenticatedAuthenticationManager - Class in org.springframework.security.web.server.authentication
-
Reactive version of
PreAuthenticatedAuthenticationProvider
This manager receives aPreAuthenticatedAuthenticationToken
, checks that associated account is not disabled, expired, or blocked, and returns new authenticatedPreAuthenticatedAuthenticationToken
. - ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService, UserDetailsChecker) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- ReactiveSecurityContextHolder - Class in org.springframework.security.core.context
-
Allows getting and setting the Spring
SecurityContext
into aContext
. - ReactiveSessionInformation - Class in org.springframework.security.core.session
- ReactiveSessionInformation(Object, String, Instant) - Constructor for class org.springframework.security.core.session.ReactiveSessionInformation
- ReactiveSessionRegistry - Interface in org.springframework.security.core.session
-
Maintains a registry of
ReactiveSessionInformation
instances. - ReactiveUserDetailsPasswordService - Interface in org.springframework.security.core.userdetails
-
An API for changing a
UserDetails
password. - ReactiveUserDetailsService - Interface in org.springframework.security.core.userdetails
-
An API for finding the
UserDetails
by username. - ReactiveUserDetailsServiceResourceFactoryBean - Class in org.springframework.security.config.core.userdetails
-
Constructs an
MapReactiveUserDetailsService
from a resource usingUserDetailsResourceFactoryBean
. - ReactiveUserDetailsServiceResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
- REACTOR_CONTEXT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- ReactorContextTestExecutionListener - Class in org.springframework.security.test.context.support
-
Sets up the Reactor Context with the Authentication from the TestSecurityContextHolder and then clears the Reactor Context at the end of the tests.
- ReactorContextTestExecutionListener() - Constructor for class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- ReactorContextWebFilter - Class in org.springframework.security.web.server.context
-
Uses a
ServerSecurityContextRepository
to provide theSecurityContext
to initialize theReactiveSecurityContextHolder
. - ReactorContextWebFilter(ServerSecurityContextRepository) - Constructor for class org.springframework.security.web.server.context.ReactorContextWebFilter
- read - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- read(Class<? extends RelyingPartyRegistration.Builder>, HttpInputMessage) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- READ - Static variable in class org.springframework.security.acls.domain.BasePermission
- readAclById(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- readAclById(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclService
-
Same as
AclService.readAclsById(List)
except it returns only a single Acl. - readAclById(ObjectIdentity, List<Sid>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- readAclById(ObjectIdentity, List<Sid>) - Method in interface org.springframework.security.acls.model.AclService
-
Same as
AclService.readAclsById(List, List)
except it returns only a single Acl. - readAclsById(List<ObjectIdentity>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- readAclsById(List<ObjectIdentity>) - Method in interface org.springframework.security.acls.model.AclService
-
Obtains all the Acls that apply for the passed Objects.
- readAclsById(List<ObjectIdentity>, List<Sid>) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
The main method.
- readAclsById(List<ObjectIdentity>, List<Sid>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- readAclsById(List<ObjectIdentity>, List<Sid>) - Method in interface org.springframework.security.acls.jdbc.LookupStrategy
-
Perform database-specific optimized lookup.
- readAclsById(List<ObjectIdentity>, List<Sid>) - Method in interface org.springframework.security.acls.model.AclService
-
Obtains all the Acls that apply for the passed Objects, but only for the security identifies passed.
- readInternal(Class<? extends OAuth2AccessTokenResponse>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
- readInternal(Class<? extends OAuth2DeviceAuthorizationResponse>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
- readInternal(Class<? extends OAuth2Error>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
- realm(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
-
Configures the realm to use
- realmName(String) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
Allows easily changing the realm, but leaving the remaining defaults in place.
- REDIRECT - Enum constant in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
- REDIRECT_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
redirect_uri
- used in Authorization Request and Access Token Request. - redirectionEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.redirectionEndpoint(Customizer)
instead - redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Configures the Client's Redirection Endpoint.
- RedirectOneTimeTokenGenerationSuccessHandler - Class in org.springframework.security.web.authentication.ott
-
A
OneTimeTokenGenerationSuccessHandler
that performs a redirect to a specific location - RedirectOneTimeTokenGenerationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ott.RedirectOneTimeTokenGenerationSuccessHandler
-
Constructs an instance of this class that redirects to the specified URL.
- RedirectServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication
-
Performs a redirect to a specified location.
- RedirectServerAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
-
Creates an instance
- RedirectServerAuthenticationFailureHandler - Class in org.springframework.security.web.server.authentication
-
Performs a redirect to a specified location.
- RedirectServerAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
-
Creates an instance
- RedirectServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Performs a redirect on authentication success.
- RedirectServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Creates a new instance with location of "/"
- RedirectServerAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Creates a new instance with the specified location
- RedirectServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout
-
Performs a redirect on log out success.
- RedirectServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
- redirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
- RedirectStrategy - Interface in org.springframework.security.web
-
Encapsulates the redirection logic for all classes in the framework which perform redirects.
- redirectToHttps() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.redirectToHttps(Customizer)
orredirectToHttps(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - redirectToHttps(Customizer<ServerHttpSecurity.HttpsRedirectSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures HTTPS redirection rules.
- redirectUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the uri (or uri template) for the redirection endpoint.
- redirectUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the uri for the redirection endpoint.
- redirectUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the uri where the response was redirected to.
- RedirectUrlBuilder - Class in org.springframework.security.web.util
-
Internal class for building redirect URLs.
- RedirectUrlBuilder() - Constructor for class org.springframework.security.web.util.RedirectUrlBuilder
- REFERRER_POLICY - Static variable in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
- referrerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - referrerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead. - referrerPolicy(Customizer<HeadersConfigurer.ReferrerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Referrer Policy.
- referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures
Referrer-Policy
response header. - referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.referrerPolicy(Customizer)
orreferrerPolicy(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer)
instead. - ReferrerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Referrer Policy.
- ReferrerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
-
Creates a new instance.
- ReferrerPolicyHeaderWriter(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
-
Creates a new instance.
- ReferrerPolicyHeaderWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.header.writers
- ReferrerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Referrer-Policy
response header. - ReferrerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
- ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.server.header
- refresh() - Method in class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
-
Does nothing, but required for JDK5
- REFRESH_TOKEN - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- REFRESH_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
refresh_token
- used in Access Token Request and Access Token Response. - refreshLastRequest() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- refreshLastRequest() - Method in class org.springframework.security.core.session.SessionInformation
-
Refreshes the internal lastRequest to the current date and time.
- refreshLastRequest(String) - Method in interface org.springframework.security.core.session.SessionRegistry
-
Updates the given
sessionId
so its last request time is equal to the present date and time. - refreshLastRequest(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl
- refreshToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
refresh_token
grant. - refreshToken() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
refresh_token
grant. - refreshToken(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Sets the refresh token associated to the access token.
- refreshToken(Consumer<OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
refresh_token
grant. - refreshToken(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
refresh_token
grant. - RefreshTokenOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for therefresh_token
grant. - RefreshTokenOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
- RefreshTokenReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
for therefresh_token
grant. - RefreshTokenReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
- regex - Enum constant in enum class org.springframework.security.config.http.MatcherType
- regexMatcher(String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Creates a case-sensitive
Pattern
instance to match against the request. - regexMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Creates an instance that matches to all requests with the same
HttpMethod
. - regexMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Creates a case-sensitive
Pattern
instance to match against the request. - RegExpAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- RegExpAllowFromStrategy(String) - Constructor for class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
-
Deprecated.Creates a new instance
- RegexRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Uses a regular expression to decide whether a supplied the URL of a supplied
HttpServletRequest
. - RegexRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
Creates a case-sensitive
Pattern
instance to match against the request. - RegexRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher
-
As above, but allows setting of whether case-insensitive matching should be used.
- region(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the state, province, prefecture, or region.
- registerAuthenticationEntryPoint(B, AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- registerCredential(RelyingPartyRegistrationRequest) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
- registerCredential(RelyingPartyRegistrationRequest) - Method in interface org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations
- registerDefaultAuthenticationEntryPoint(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- RegisteredOAuth2AuthorizedClient - Annotation Interface in org.springframework.security.oauth2.client.annotation
-
This annotation may be used to resolve a method parameter to an argument value of type
OAuth2AuthorizedClient
. - registerExtractor(Class<? extends Throwable>, ThrowableCauseExtractor) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Registers a
ThrowableCauseExtractor
for the specified type. - registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.AuthorizeReturnObjectCoreHintsRegistrar
-
Register hints after preparing them through Security's infrastructural beans
- registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar
-
Register hints after preparing them through Security's infrastructural beans
- registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar
- registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.PrePostAuthorizeHintsRegistrar
- registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in interface org.springframework.security.aot.hint.SecurityHintsRegistrar
-
Register hints after preparing them through Security's infrastructural beans
- registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar
- registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Subclasses should implement this method for returning the object that is chained to the creation of the
ServerWebExchangeMatcher
instances. - registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
- registerNewSession(String, Object) - Method in interface org.springframework.security.core.session.SessionRegistry
-
Registers a new session for the specified principal.
- registerNewSession(String, Object) - Method in class org.springframework.security.core.session.SessionRegistryImpl
- registerPermission(Permission, String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- registerPublicPermissions(Class<? extends Permission>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
-
Registers the public static fields of type
Permission
for a give class. - RegisterSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Strategy used to register a user with the
SessionRegistry
after successfulAuthentication
. - RegisterSessionAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
- RegisterSessionServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
An implementation of
ServerAuthenticationSuccessHandler
that will register aReactiveSessionInformation
with the providedReactiveSessionRegistry
. - RegisterSessionServerAuthenticationSuccessHandler(ReactiveSessionRegistry) - Constructor for class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler
- registerStompEndpoints(StompEndpointRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- REGISTRATION_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
Non-standard parameter (used internally).
- registrationId() - Element in annotation interface org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient
-
Sets the client registration identifier.
- registrationId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the registration id.
- registrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- registrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Sets the
registrationId
template. - RELAY_STATE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
-
RelayState
- used to communicate shared state between the relying and asserting party - relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Sets the
RelayState
parameter that will accompany this AuthNRequest - relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this value for the relay state when sending the Logout Request to the asserting party It should not be URL-encoded as this will be done when the request is sent
- relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this value for the relay state when sending the Logout Request to the asserting party It should not be URL-encoded as this will be done when the response is sent
- release() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- RELYING_PARTY_REGISTRATION_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The relying party registration was not found.
- RELYING_PARTY_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
- RelyingPartyAuthenticationRequest - Class in org.springframework.security.web.webauthn.management
-
The data object used to provide the information necessary to authenticate a user with WebAuthn.
- RelyingPartyAuthenticationRequest(PublicKeyCredentialRequestOptions, PublicKeyCredential<AuthenticatorAssertionResponse>) - Constructor for class org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest
-
Creates a new instance.
- RelyingPartyPublicKey - Class in org.springframework.security.web.webauthn.management
-
Submitted by a client to request registration of a new credential.
- RelyingPartyPublicKey(PublicKeyCredential<AuthenticatorAttestationResponse>, String) - Constructor for class org.springframework.security.web.webauthn.management.RelyingPartyPublicKey
-
Creates a new instance.
- RelyingPartyRegistration - Class in org.springframework.security.saml2.provider.service.registration
-
Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.
- RelyingPartyRegistration(String, String, String, Saml2MessageBinding, String, String, Collection<Saml2MessageBinding>, RelyingPartyRegistration.AssertingPartyDetails, String, boolean, Collection<Saml2X509Credential>, Collection<Saml2X509Credential>) - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
- RelyingPartyRegistration.AssertingPartyDetails - Class in org.springframework.security.saml2.provider.service.registration
-
The configuration metadata of the Asserting party
- RelyingPartyRegistration.AssertingPartyDetails.Builder - Class in org.springframework.security.saml2.provider.service.registration
- RelyingPartyRegistration.Builder - Class in org.springframework.security.saml2.provider.service.registration
- RelyingPartyRegistrationPlaceholderResolvers - Class in org.springframework.security.saml2.provider.service.web
-
A factory for creating placeholder resolvers for
RelyingPartyRegistration
templates. - RelyingPartyRegistrationPlaceholderResolvers.UriResolver - Class in org.springframework.security.saml2.provider.service.web
-
A class for resolving
RelyingPartyRegistration
URIs - relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Sets the
RelyingPartyRegistrationRepository
of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other. - relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Sets the
RelyingPartyRegistrationRepository
of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other. - RelyingPartyRegistrationRepository - Interface in org.springframework.security.saml2.provider.service.registration
-
A repository for
RelyingPartyRegistration
s - RelyingPartyRegistrationRequest - Interface in org.springframework.security.web.webauthn.management
- RelyingPartyRegistrationResolver - Interface in org.springframework.security.saml2.provider.service.web
-
A contract for resolving a
RelyingPartyRegistration
from the HTTP request - RelyingPartyRegistrations - Class in org.springframework.security.saml2.provider.service.registration
-
A utility class for constructing instances of
RelyingPartyRegistration
- RelyingPartyRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.saml2
- RelyingPartyRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
- REMEMBER_ME - Static variable in class org.springframework.security.config.Elements
- rememberMe() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance of
AuthenticatedAuthorizationManager
that determines if theAuthentication
is authenticated using remember me. - rememberMe() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.rememberMe(Customizer)
orrememberMe(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by users that have been remembered.
- rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by users that have been remembered.
- rememberMe() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by users that have been remembered.
- rememberMe() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by users that have been remembered.
- rememberMe() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
-
Specify that URLs are allowed by users that have been remembered.
- rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring of Remember Me authentication.
- RememberMeAuthenticationException - Exception in org.springframework.security.web.authentication.rememberme
-
This exception is thrown when an
Authentication
exception occurs while using the remember-me authentication. - RememberMeAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException
-
Constructs an
RememberMeAuthenticationException
with the specified message and no root cause. - RememberMeAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException
-
Constructs a
RememberMeAuthenticationException
with the specified message and root cause. - RememberMeAuthenticationFilter - Class in org.springframework.security.web.authentication.rememberme
-
Detects if there is no
Authentication
object in theSecurityContext
, and populates the context with a remember-me authentication token if aRememberMeServices
implementation so requests. - RememberMeAuthenticationFilter(AuthenticationManager, RememberMeServices) - Constructor for class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- RememberMeAuthenticationProvider - Class in org.springframework.security.authentication
-
An
AuthenticationProvider
implementation that validatesRememberMeAuthenticationToken
s. - RememberMeAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.RememberMeAuthenticationProvider
- RememberMeAuthenticationToken - Class in org.springframework.security.authentication
-
Represents a remembered
Authentication
. - RememberMeAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.RememberMeAuthenticationToken
-
Constructor.
- RememberMeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Configures Remember Me authentication.
- RememberMeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Creates a new instance
- rememberMeCookieDomain(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
The domain name within which the remember me cookie is visible.
- rememberMeCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
The name of cookie which store the token for remember me authentication.
- rememberMeParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
The HTTP parameter used to indicate to remember the user at time of login.
- rememberMeRequested(HttpServletRequest, String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Allows customization of whether a remember-me login has been requested.
- rememberMeServices(RememberMeServices) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Specify the
RememberMeServices
to use. - RememberMeServices - Interface in org.springframework.security.web.authentication
-
Implement by a class that is capable of providing a remember-me service.
- removeAuthenticationRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
- removeAuthenticationRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository
-
Removes the authentication request using the
HttpServletRequest
andHttpServletResponse
- removeAuthorities(LdapName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- removeAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Deprecated.
- removeAuthorizationRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
-
Removes and returns the
OAuth2AuthorizationRequest
associated to the providedHttpServletRequest
andHttpServletResponse
or if not available returnsnull
. - removeAuthorizationRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
- removeAuthorizationRequest(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository
-
Removes and returns the
OAuth2AuthorizationRequest
associated to the providedHttpServletRequest
or if not available returnsnull
. - removeAuthorizationRequest(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
- removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
- removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
- removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- removeAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
-
Removes the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-User'sPrincipal
name. - removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- removeAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
-
Removes the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-User'sPrincipal
name. - removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
- removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
- removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
-
Removes the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-UserAuthentication
(Resource Owner). - removeAuthorizedClient(String, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover
-
Removes the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-UserAuthentication
(Resource Owner). - removeAuthorizedClient(String, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover
-
Removes the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-UserAuthentication
(Resource Owner). - removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
- removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository
-
Removes the
OAuth2AuthorizedClient
associated to the provided client registration identifier and End-UserAuthentication
(Resource Owner). - removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
- RemoveAuthorizedClientOAuth2AuthorizationFailureHandler - Class in org.springframework.security.oauth2.client
-
An
OAuth2AuthorizationFailureHandler
that removes anOAuth2AuthorizedClient
when theOAuth2Error.getErrorCode()
matches one of the configuredOAuth 2.0 error codes
. - RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
-
Constructs a
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
using the provided parameters. - RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover, Set<String>) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
-
Constructs a
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
using the provided parameters. - RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover - Interface in org.springframework.security.oauth2.client
-
Removes an
OAuth2AuthorizedClient
from anOAuth2AuthorizedClientRepository
orOAuth2AuthorizedClientService
. - RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler - Class in org.springframework.security.oauth2.client
-
A
ReactiveOAuth2AuthorizationFailureHandler
that removes anOAuth2AuthorizedClient
when theOAuth2Error.getErrorCode()
matches one of the configuredOAuth 2.0 error codes
. - RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
-
Constructs a
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
using the provided parameters. - RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover, Set<String>) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
-
Constructs a
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
using the provided parameters. - RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover - Interface in org.springframework.security.oauth2.client
- removeConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Removes and returns the
SecurityConfigurer
by its class name ornull
if not found. - removeConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Removes the
SecurityConfigurer
by its class name ornull
if not found. - removeConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Removes all the
SecurityConfigurer
instances by its class name or an empty List if not found. - removeGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager
-
Deletes an authority from those assigned to a group
- removeGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- removeLogoutRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
-
Removes and returns the
Saml2LogoutRequest
associated to the providedHttpServletRequest
andHttpServletResponse
or if not available returnsnull
. - removeLogoutRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
-
Removes and returns the
Saml2LogoutRequest
associated to the providedHttpServletRequest
andHttpServletResponse
or if not available returnsnull
. - removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- removeMatchingRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
-
If the provided
ServerWebExchange
matches the savedServerHttpRequest
gets the savedServerHttpRequest
- removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- removeRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Removes the cached request.
- removeSessionInformation(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- removeSessionInformation(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
-
Removes the specified session from the registry.
- removeSessionInformation(String) - Method in interface org.springframework.security.core.session.SessionRegistry
-
Deletes all the session information being maintained for the specified
sessionId
. - removeSessionInformation(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl
- removeSessionInformation(String) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
- removeSessionInformation(String) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry
-
Deregister the OIDC Provider session tied to the provided client session.
- removeSessionInformation(String) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
- removeSessionInformation(String) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry
-
Deregister the OIDC Provider session tied to the provided client session.
- removeSessionInformation(OidcLogoutToken) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
- removeSessionInformation(OidcLogoutToken) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry
-
Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token by its session id or its subject.
- removeSessionInformation(OidcLogoutToken) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
- removeSessionInformation(OidcLogoutToken) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry
-
Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token by its session id or its subject.
- removeTicketFromCache(String) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
-
This is a no-op since we are not storing tickets.
- removeTicketFromCache(String) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
- removeTicketFromCache(String) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
-
Removes the specified ticket from the cache, meaning that future calls will require a new service ticket.
- removeTicketFromCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
-
This is a no-op since we are not storing tickets.
- removeTicketFromCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
- removeTicketFromCache(CasAuthenticationToken) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
-
Removes the specified ticket from the cache, as per
StatelessTicketCache.removeTicketFromCache(String)
. - removeUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache
- removeUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
- removeUserFromCache(String) - Method in interface org.springframework.security.core.userdetails.UserCache
-
Removes the specified user from the cache.
- removeUserFromCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
- removeUserFromGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Deletes a user's membership of a group.
- removeUserFromGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- removeUserTokens(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- renameGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Changes the name of a group without altering the assigned authorities or members.
- renameGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- reportOnly() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
-
Enables (includes) the Content-Security-Policy-Report-Only header in the response.
- reportOnly(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.If true, the browser should not terminate the connection with the server.
- reportOnly(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
-
Whether to include the
Content-Security-Policy-Report-Only
header in the response. - reportUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Sets the URI to which the browser should report pin validation failures.
- reportUri(URI) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Sets the URI to which the browser should report pin validation failures.
- request - Variable in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
-
Allows direct access to the request object
- REQUEST_CACHE - Static variable in class org.springframework.security.config.Elements
- REQUEST_CHANNEL - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
A Request Channel exchange.
- REQUEST_RESPONSE - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
A Request Response exchange.
- REQUEST_SCOPE_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
The name of the
attribute
in the context associated to the value for the "request scope(s)". - REQUEST_STREAM - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
A Request Stream exchange.
- RequestAttributeAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth
-
A simple pre-authenticated filter which obtains the username from request attributes, for use with SSO systems such as Stanford WebAuth or Shibboleth.
- RequestAttributeAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
- RequestAttributeClientRegistrationIdResolver - Class in org.springframework.security.oauth2.client.web.client
-
A strategy for resolving a
clientRegistrationId
from an intercepted request usingattributes
. - RequestAttributeClientRegistrationIdResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver
- RequestAttributePrincipalResolver - Class in org.springframework.security.oauth2.client.web.client
-
A strategy for resolving a
principal
from an intercepted request usingattributes
. - RequestAttributePrincipalResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver
- RequestAttributeSecurityContextRepository - Class in org.springframework.security.web.context
-
Stores the
SecurityContext
on aServletRequest.setAttribute(String, Object)
so that it can be restored when different dispatch types occur. - RequestAttributeSecurityContextRepository() - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
-
Creates a new instance using
RequestAttributeSecurityContextRepository.DEFAULT_REQUEST_ATTR_NAME
. - RequestAttributeSecurityContextRepository(String) - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
-
Creates a new instance with the specified request attribute name.
- RequestAuthorizationContext - Class in org.springframework.security.web.access.intercept
-
An
HttpServletRequest
authorization context. - RequestAuthorizationContext(HttpServletRequest) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Creates an instance.
- RequestAuthorizationContext(HttpServletRequest, Map<String, String>) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext
-
Creates an instance.
- requestCache() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - requestCache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.requestCache(Customizer)
orrequestCache(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring the Request Cache.
- requestCache(Customizer<ServerHttpSecurity.RequestCacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures the request cache which is used when a flow is interrupted (i.e.
- requestCache(RequestCache) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
-
Allows explicit configuration of the
RequestCache
to be used. - requestCache(ServerRequestCache) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
-
Configures the cache used
- RequestCache - Interface in org.springframework.security.web.savedrequest
-
Implements "saved request" logic, allowing a single request to be retrieved and restarted after redirecting to an authentication mechanism.
- RequestCacheAwareFilter - Class in org.springframework.security.web.savedrequest
-
Responsible for reconstituting the saved request if one is cached and it matches the current request.
- RequestCacheAwareFilter() - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
- RequestCacheAwareFilter(RequestCache) - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
- RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds request cache for Spring Security.
- RequestCacheConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
- requestDataValueProcessor() - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
-
Deprecated.
- REQUESTED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
requested_token_type
- used in Token Exchange Access Token Request. - RequestedUrlRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session
-
Performs a redirect to the original request URL when an invalid requested session is detected by the
SessionManagementFilter
. - RequestedUrlRedirectInvalidSessionStrategy() - Constructor for class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
- RequestHeaderAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth
-
A simple pre-authenticated filter which obtains the username from a request header, for use with systems such as CA Siteminder.
- RequestHeaderAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
- RequestHeaderRequestMatcher - Class in org.springframework.security.web.util.matcher
-
A
RequestMatcher
that can be used to match request that contain a header with an expected header name and an expected value. - RequestHeaderRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
-
Creates a new instance that will match if a header by the name of
RequestHeaderRequestMatcher.expectedHeaderName
is present. - RequestHeaderRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
-
Creates a new instance that will match if a header by the name of
RequestHeaderRequestMatcher.expectedHeaderName
is present and if theRequestHeaderRequestMatcher.expectedHeaderValue
is non-null the first value is the same. - RequestKey - Class in org.springframework.security.web.access.intercept
- RequestKey(String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
- RequestKey(String, String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
- requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
Sets the
RequestMatcher
used to determine if the "Strict-Transport-Security" should be added. - RequestMatcher - Interface in org.springframework.security.web.util.matcher
-
Simple strategy to match an HttpServletRequest.
- RequestMatcher.MatchResult - Class in org.springframework.security.web.util.matcher
-
The result of matching against an HttpServletRequest Contains the status, true or false, of the match and if present, any variables extracted from the match
- RequestMatcherDelegatingAccessDeniedHandler - Class in org.springframework.security.web.access
-
An
AccessDeniedHandler
that delegates to otherAccessDeniedHandler
instances based upon the type ofHttpServletRequest
passed intoRequestMatcherDelegatingAccessDeniedHandler.handle(HttpServletRequest, HttpServletResponse, AccessDeniedException)
. - RequestMatcherDelegatingAccessDeniedHandler(LinkedHashMap<RequestMatcher, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
-
Creates a new instance
- RequestMatcherDelegatingAuthenticationManagerResolver - Class in org.springframework.security.web.authentication
-
An
AuthenticationManagerResolver
that returns aAuthenticationManager
instances based upon the type ofHttpServletRequest
passed intoRequestMatcherDelegatingAuthenticationManagerResolver.resolve(HttpServletRequest)
. - RequestMatcherDelegatingAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.authentication
-
A builder for
RequestMatcherDelegatingAuthenticationManagerResolver
. - RequestMatcherDelegatingAuthorizationManager - Class in org.springframework.security.web.access.intercept
-
An
AuthorizationManager
which delegates to a specificAuthorizationManager
based on aRequestMatcher
evaluation. - RequestMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.web.access.intercept
-
A builder for
RequestMatcherDelegatingAuthorizationManager
. - RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl - Class in org.springframework.security.web.access.intercept
-
An object that allows configuring the
AuthorizationManager
forRequestMatcher
s. - RequestMatcherDelegatingWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
A
WebInvocationPrivilegeEvaluator
which delegates to a list ofWebInvocationPrivilegeEvaluator
based on aRequestMatcher
evaluation - RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>>) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
- RequestMatcherEditor - Class in org.springframework.security.web.util.matcher
-
PropertyEditor which creates ELRequestMatcher instances from Strings This allows to use a String in a BeanDefinition instead of an (inner) bean if a RequestMatcher is required, e.g.
- RequestMatcherEditor() - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEditor
- RequestMatcherEntry<T> - Class in org.springframework.security.web.util.matcher
-
A rich object for associating a
RequestMatcher
to another object. - RequestMatcherEntry(RequestMatcher, T) - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEntry
- RequestMatcherMetadataResponseResolver - Class in org.springframework.security.saml2.provider.service.metadata
-
Deprecated.Please use
RequestMatcherMetadataResponseResolver
- RequestMatcherMetadataResponseResolver - Class in org.springframework.security.saml2.provider.service.web.metadata
-
An implementation of
Saml2MetadataResponseResolver
that identifies whichRelyingPartyRegistration
s to use with aRequestMatcher
- RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.metadata.RequestMatcherMetadataResponseResolver
-
Deprecated.Construct a
RequestMatcherMetadataResponseResolver
- RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
-
Construct a
RequestMatcherMetadataResponseResolver
- RequestMatcherRedirectFilter - Class in org.springframework.security.web
-
Filter that redirects requests that match
RequestMatcher
to the specified URL. - RequestMatcherRedirectFilter(RequestMatcher, String) - Constructor for class org.springframework.security.web.RequestMatcherRedirectFilter
-
Create and initialize an instance of the filter.
- requestMatchers - Variable in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
- requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
If the
HandlerMappingIntrospector
is available in the classpath, maps to anMvcRequestMatcher
that does not care whichHttpMethod
is used. - requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
If the
HandlerMappingIntrospector
is available in the classpath, maps to anMvcRequestMatcher
that matches on a specificHttpMethod
. - requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
If the
HandlerMappingIntrospector
is available in the classpath, maps to anMvcRequestMatcher
that also specifies a specificHttpMethod
to match on. - requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Associates a list of
RequestMatcher
instances with theAbstractConfigAttributeRequestMatcherRegistry
- requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- requestMatchers(RequestMatcher...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Maps
RequestMatcher
s toAuthorizationManager
. - RequestMatchers - Class in org.springframework.security.web.util.matcher
-
A factory class to create
RequestMatcher
instances. - RequestRejectedException - Exception in org.springframework.security.web.firewall
- RequestRejectedException(String) - Constructor for exception org.springframework.security.web.firewall.RequestRejectedException
- requestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Sets the handler to handle
RequestRejectedException
- RequestRejectedHandler - Interface in org.springframework.security.web.firewall
-
Used by
FilterChainProxy
to handle anRequestRejectedException
. - RequestVariablesExtractor - Interface in org.springframework.security.web.util.matcher
-
Deprecated.
- REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
- REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
- requireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Configures the
ServerWebExchangeMatcher
used to determine when CSRF protection is enabled. - requireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Specify the
RequestMatcher
to use for determining when CSRF should be applied. - REQUIRED - Static variable in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement
-
The required value indicates that the Relying Party requires a client-side discoverable credential.
- REQUIRED - Static variable in class org.springframework.security.web.webauthn.api.UserVerificationRequirement
-
The required value indicates that the Relying Party requires user verification for the operation and will fail the overall ceremony if the response does not have the UV flag set.
- requireExplicitAuthenticationStrategy(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Setting this means that explicit invocation of
SessionAuthenticationStrategy
is required. - requireExplicitSave(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
- requireInitialize(Consumer<XMLObjectProviderRegistry>) - Static method in class org.springframework.security.saml2.core.OpenSamlInitializationService
-
Ready OpenSAML for use, configure it with reasonable defaults, and modify the
XMLObjectProviderRegistry
using the providedConsumer
. - requirePermission - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- requires(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
- requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
-
Overridden to provide proxying capabilities.
- requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
- requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Indicates whether this filter should attempt to process a login request for the current invocation.
- requiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Configures when authentication is performed.
- requiresChannel() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.requiresChannel(Customizer)
orrequiresChannel(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures channel security.
- requiresExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Checks the request URI for the presence of exitUserUrl.
- requiresInsecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
- requiresLogout(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
-
Allow subclasses to modify when a logout should take place.
- requiresLogout(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
-
Configures when the log out will be triggered.
- requiresSecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
- requiresSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Checks the request URI for the presence of switchUserUrl.
- requireUnique(Class<A>) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners
-
Create a
SecurityAnnotationScanner
that requires synthesized annotations to be unique on the givenAnnotatedElement
. - requireUnique(Class<A>, AnnotationTemplateExpressionDefaults) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners
-
Create a
SecurityAnnotationScanner
that requires synthesized annotations to be unique on the givenAnnotatedElement
. - requireUnique(List<Class<? extends Annotation>>) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners
-
Create a
SecurityAnnotationScanner
that requires synthesized annotations to be unique on the givenAnnotatedElement
. - RESERVED_OFF - Static variable in interface org.springframework.security.acls.model.Permission
- RESERVED_ON - Static variable in interface org.springframework.security.acls.model.Permission
- reset() - Method in class org.springframework.security.web.firewall.FirewalledRequest
-
This method will be called once the request has passed through the security filter chain, when it is about to proceed to the application proper.
- residentKey(ResidentKeyRequirement) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder
-
Sets the
AuthenticatorSelectionCriteria.getResidentKey()
property. - ResidentKeyRequirement - Class in org.springframework.security.web.webauthn.api
-
The ResidentKeyRequirement describes the Relying Partys requirements for client-side discoverable credentials.
- resolve(C) - Method in interface org.springframework.security.authentication.AuthenticationManagerResolver
-
Resolve an
AuthenticationManager
from a provided context - resolve(C) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManagerResolver
- resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
- resolve(HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
-
Returns the
OAuth2AuthorizationRequest
resolved from the providedHttpServletRequest
ornull
if not available. - resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
-
Return an
AuthenticationManager
based off of the `iss` claim found in the request's bearer token - resolve(HttpServletRequest) - Method in interface org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
-
Resolve any Bearer Token value from the request.
- resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
- resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver
- resolve(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver
-
Construct and serialize a relying party's SAML 2.0 metadata based on the given
HttpServletRequest
- resolve(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver
- resolve(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
-
Construct and serialize a relying party's SAML 2.0 metadata based on the given
HttpServletRequest
. - resolve(HttpServletRequest) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
-
Resolve an
AuthenticationManager
from a provided context - resolve(HttpServletRequest, String) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
- resolve(HttpServletRequest, String) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
-
Returns the
OAuth2AuthorizationRequest
resolved from the providedHttpServletRequest
ornull
if not available. - resolve(HttpServletRequest, String) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
-
Resolve a
RelyingPartyRegistration
from the HTTP request, using therelyingPartyRegistrationId
, if it is provided - resolve(HttpServletRequest, String) - Method in interface org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver
-
Resolve a
RelyingPartyRegistration
from the HTTP request, using therelyingPartyRegistrationId
, if it is provided - resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver
-
Prepare to create, sign, and serialize a SAML 2.0 Logout Request.
- resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestValidatorParametersResolver
-
Resolve any SAML 2.0 Logout Request and associated
RelyingPartyRegistration
- resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver
-
Prepare to create, sign, and serialize a SAML 2.0 Logout Response.
- resolve(Iterable<RelyingPartyRegistration>) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
- resolve(String) - Method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver
- resolve(HttpRequest) - Method in interface org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver
-
Resolve the
clientRegistrationId
from the current request, which is used to obtain anOAuth2AuthorizedClient
. - resolve(HttpRequest) - Method in interface org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.PrincipalResolver
-
Resolve the
principal
from the current request, which is used to obtain anOAuth2AuthorizedClient
. - resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver
- resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.RequestAttributePrincipalResolver
- resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver
- resolve(RelyingPartyRegistration) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
-
Resolve the given relying party's metadata
- resolve(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
- resolve(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver
-
Returns the
OAuth2AuthorizationRequest
resolved from the providedHttpServletRequest
ornull
if not available. - resolve(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
-
Return an
AuthenticationManager
based off of the `iss` claim found in the request's bearer token - resolve(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
- resolve(ServerWebExchange, String) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
- resolve(ServerWebExchange, String) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver
-
Returns the
OAuth2AuthorizationRequest
resolved from the providedHttpServletRequest
ornull
if not available. - resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
- resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
- resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
- resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
- resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
- resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
- resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler
- resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestResolver
-
Returns the token value resolved from the provided
HttpServletRequest
andCsrfToken
ornull
if not available. - resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
- resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
- resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
- resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestResolver
-
Returns the token value resolved from the provided
ServerWebExchange
andCsrfToken
orMono.empty()
if not available. - resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
- resolveException(LoginException) - Method in class org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver
- resolveException(LoginException) - Method in interface org.springframework.security.authentication.jaas.LoginExceptionResolver
-
Translates a Jaas LoginException to an SpringSecurityException.
- RESOURCE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
resource
- used in Token Exchange Access Token Request. - RESOURCE_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
- response(R) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Sets the
PublicKeyCredential.getResponse()
property. - RESPONSE_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
response_type
- used in Authorization Request. - RestClientAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of
OAuth2AccessTokenResponseClient
that "exchanges" an authorization code for an access token at the Authorization Server's Token Endpoint. - RestClientAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientAuthorizationCodeTokenResponseClient
- RestClientClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of
OAuth2AccessTokenResponseClient
that "exchanges" client credentials for an access token at the Authorization Server's Token Endpoint. - RestClientClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientClientCredentialsTokenResponseClient
- RestClientJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of
OAuth2AccessTokenResponseClient
that "exchanges" a JWT for an access token at the Authorization Server's Token Endpoint. - RestClientJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientJwtBearerTokenResponseClient
- RestClientRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of
OAuth2AccessTokenResponseClient
that "exchanges" a refresh token for an access token at the Authorization Server's Token Endpoint. - RestClientRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient
- RestClientTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of
OAuth2AccessTokenResponseClient
that "exchanges" a subject token (and optionally an actor token) for an access token at the Authorization Server's Token Endpoint. - RestClientTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientTokenExchangeTokenResponseClient
- restOperations(RestOperations) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
- retrieveEntry(String, String[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Composes an object from the attributes of the given DN.
- retrieveObjectIdentityPrimaryKey(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity.
- retrievePassword(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- retrieveUser(String) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
-
Allows subclasses to retrieve the
UserDetails
from an implementation-specific location. - retrieveUser(String) - Method in class org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager
- retrieveUser(String, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
Allows subclasses to actually retrieve the
UserDetails
from an implementation-specific location, with the option of throwing anAuthenticationException
immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate aUserDetails
). - retrieveUser(String, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- retrieveUserName(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- RetryWithHttpEntryPoint - Class in org.springframework.security.web.access.channel
-
Commences an insecure channel by retrying the original request using HTTP.
- RetryWithHttpEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
- RetryWithHttpsEntryPoint - Class in org.springframework.security.web.access.channel
-
Commences a secure channel by retrying the original request using HTTPS.
- RetryWithHttpsEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
- role(String) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder
-
Creates a new hierarchy branch to define a role and its child roles.
- ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
- RoleHierarchy - Interface in org.springframework.security.access.hierarchicalroles
-
The simple interface of a role hierarchy.
- RoleHierarchyAuthoritiesMapper - Class in org.springframework.security.access.hierarchicalroles
- RoleHierarchyAuthoritiesMapper(RoleHierarchy) - Constructor for class org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
- roleHierarchyFromMap(Map<String, List<String>>) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyUtils
-
Converts the supplied
Map
of role name to implied role name(s) to a string representation understood byRoleHierarchyImpl.setHierarchy(String)
. - RoleHierarchyImpl - Class in org.springframework.security.access.hierarchicalroles
-
This class defines a role hierarchy for use with various access checking components.
- RoleHierarchyImpl() - Constructor for class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
-
Deprecated.
- RoleHierarchyImpl.Builder - Class in org.springframework.security.access.hierarchicalroles
-
Builder class for constructing a
RoleHierarchyImpl
based on a hierarchical role structure. - RoleHierarchyImpl.Builder.ImpliedRoles - Class in org.springframework.security.access.hierarchicalroles
-
Builder class for constructing child roles within a role hierarchy branch.
- RoleHierarchyUtils - Class in org.springframework.security.access.hierarchicalroles
-
Utility methods for
RoleHierarchy
. - RoleHierarchyVoter - Class in org.springframework.security.access.vote
- RoleHierarchyVoter(RoleHierarchy) - Constructor for class org.springframework.security.access.vote.RoleHierarchyVoter
-
Deprecated.
- rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
A non-empty string prefix that will be added as a prefix to the existing roles.
- rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
A non-empty string prefix that will be added to role strings loaded from persistent storage (default is "").
- rolePrefix(String) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
- roles() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
The roles to use.
- roles(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the roles.
- roles(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the roles.
- roles(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the roles to use.
- roles(String...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
-
Specify the roles of the user to authenticate as.
- RoleVoter - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorityAuthorizationManager
instead - RoleVoter() - Constructor for class org.springframework.security.access.vote.RoleVoter
-
Deprecated.
- root(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
Optional root suffix for the embedded LDAP server.
- route(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- RoutePayloadExchangeMatcher - Class in org.springframework.security.rsocket.util.matcher
- RoutePayloadExchangeMatcher(MetadataExtractor, RouteMatcher, String) - Constructor for class org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher
- rp(PublicKeyCredentialRpEntity) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getRp()
property. - rpId(String) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
-
The Relying Party id.
- rpId(String) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Sets the
PublicKeyCredentialRequestOptions.getRpId()
property. - rpName(String) - Method in class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
-
Sets the relying party name
- RS1 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- RS1 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- RS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)
- RS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)
- RS256 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- RS256 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- RS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
RSASSA-PKCS1-v1_5 using SHA-384 (Optional)
- RS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
RSASSA-PKCS1-v1_5 using SHA-384 (Optional)
- RS384 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- RS384 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- RS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
RSASSA-PKCS1-v1_5 using SHA-512 (Optional)
- RS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
-
RSASSA-PKCS1-v1_5 using SHA-512 (Optional)
- RS512 - Static variable in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- RS512 - Static variable in class org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters
- RsaAlgorithm - Enum Class in org.springframework.security.crypto.encrypt
- RsaKeyConversionServicePostProcessor - Class in org.springframework.security.config.crypto
- RsaKeyConversionServicePostProcessor() - Constructor for class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
- RsaKeyConverters - Class in org.springframework.security.converter
-
Used for creating
Key
converter instances - RsaKeyHolder - Interface in org.springframework.security.crypto.encrypt
- RsaRawEncryptor - Class in org.springframework.security.crypto.encrypt
- RsaRawEncryptor() - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(String) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(String, PublicKey, PrivateKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(KeyPair) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(KeyPair, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(PublicKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaRawEncryptor(RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
- RsaSecretEncryptor - Class in org.springframework.security.crypto.encrypt
- RsaSecretEncryptor() - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(String, PublicKey, PrivateKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(String, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(String, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(KeyPair) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(KeyPair, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(KeyPair, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(KeyPair, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(PublicKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(PublicKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(PublicKey, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(PublicKey, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(RsaAlgorithm, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RsaSecretEncryptor(RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
- RSocketSecurity - Class in org.springframework.security.config.annotation.rsocket
-
Allows configuring RSocket based security.
- RSocketSecurity() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- RSocketSecurity.AuthorizePayloadsSpec - Class in org.springframework.security.config.annotation.rsocket
- RSocketSecurity.AuthorizePayloadsSpec.Access - Class in org.springframework.security.config.annotation.rsocket
- RSocketSecurity.BasicAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
- RSocketSecurity.JwtSpec - Class in org.springframework.security.config.annotation.rsocket
- RSocketSecurity.SimpleAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
- run() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
- RunAsImplAuthenticationProvider - Class in org.springframework.security.access.intercept
-
Deprecated.Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
- RunAsImplAuthenticationProvider() - Constructor for class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- runAsManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provide a custom
RunAsManager
for the default implementation ofGlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource)
. - RunAsManager - Interface in org.springframework.security.access.intercept
-
Deprecated.Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
- RunAsManagerImpl - Class in org.springframework.security.access.intercept
-
Deprecated.Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
- RunAsManagerImpl() - Constructor for class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- RunAsUserToken - Class in org.springframework.security.access.intercept
-
Deprecated.Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
- RunAsUserToken(String, Object, Object, Collection<? extends GrantedAuthority>, Class<? extends Authentication>) - Constructor for class org.springframework.security.access.intercept.RunAsUserToken
-
Deprecated.
S
- SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
- SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
- SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
- SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
- SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
- SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
- SAME_SITE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
- SAME_SITE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
- sameOrigin() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
-
Specify to allow any request that comes from the same origin to frame this application.
- SAMEORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
- SAMEORIGIN - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
A browser receiving content with this header field MUST NOT display this content in any frame from a page of different origin than the content itself.
- sameOriginDisabled() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.Determines if a CSRF token is required for connecting.
- SAML_REQUEST - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
-
SAMLRequest
- used to request authentication or request logout - SAML_RESPONSE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
-
SAMLResponse
- used to respond to an authentication or logout request - SAML2_LOGIN - Static variable in class org.springframework.security.config.Elements
- SAML2_LOGOUT - Static variable in class org.springframework.security.config.Elements
- Saml2AuthenticatedPrincipal - Interface in org.springframework.security.saml2.provider.service.authentication
-
Saml2 representation of an
AuthenticatedPrincipal
. - Saml2Authentication - Class in org.springframework.security.saml2.provider.service.authentication
-
An implementation of an
AbstractAuthenticationToken
that represents an authenticated SAML 2.0Authentication
. - Saml2Authentication(AuthenticatedPrincipal, String, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
-
Construct a
Saml2Authentication
using the provided parameters - Saml2AuthenticationException - Exception in org.springframework.security.saml2.provider.service.authentication
-
This exception is thrown for all SAML 2.0 related
Authentication
errors. - Saml2AuthenticationException(Saml2Error) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
-
Constructs a
Saml2AuthenticationException
using the provided parameters. - Saml2AuthenticationException(Saml2Error, String) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
-
Constructs a
Saml2AuthenticationException
using the provided parameters. - Saml2AuthenticationException(Saml2Error, String, Throwable) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
-
Constructs a
Saml2AuthenticationException
using the provided parameters. - Saml2AuthenticationException(Saml2Error, Throwable) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
-
Constructs a
Saml2AuthenticationException
using the provided parameters. - Saml2AuthenticationRequestRepository<T extends AbstractSaml2AuthenticationRequest> - Interface in org.springframework.security.saml2.provider.service.web
-
A repository for
AbstractSaml2AuthenticationRequest
- Saml2AuthenticationRequestResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication
-
A strategy for resolving a SAML 2.0 Authentication Request from the
HttpServletRequest
. - Saml2AuthenticationToken - Class in org.springframework.security.saml2.provider.service.authentication
-
Represents an incoming SAML 2.0 response containing an assertion that has not been validated.
- Saml2AuthenticationToken(RelyingPartyRegistration, String) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Creates a
Saml2AuthenticationToken
with the provided parameters Note that the givenRelyingPartyRegistration
should have all its templates resolved at this point. - Saml2AuthenticationToken(RelyingPartyRegistration, String, AbstractSaml2AuthenticationRequest) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
Creates a
Saml2AuthenticationToken
with the provided parameters. - Saml2AuthenticationTokenConverter - Class in org.springframework.security.saml2.provider.service.web
-
An
AuthenticationConverter
that generates aSaml2AuthenticationToken
appropriate for authenticated a SAML 2.0 Assertion against anAuthenticationManager
. - Saml2AuthenticationTokenConverter(RelyingPartyRegistrationResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
-
Constructs a
Saml2AuthenticationTokenConverter
given a strategy for resolvingRelyingPartyRegistration
s - Saml2Error - Class in org.springframework.security.saml2.core
-
A representation of an SAML 2.0 Error.
- Saml2Error(String, String) - Constructor for class org.springframework.security.saml2.core.Saml2Error
-
Constructs a
Saml2Error
using the provided parameters. - Saml2ErrorCodes - Class in org.springframework.security.saml2.core
-
A list of SAML known 2 error codes used during SAML authentication.
- Saml2Exception - Exception in org.springframework.security.saml2
- Saml2Exception(String) - Constructor for exception org.springframework.security.saml2.Saml2Exception
- Saml2Exception(String, Throwable) - Constructor for exception org.springframework.security.saml2.Saml2Exception
- Saml2Exception(Throwable) - Constructor for exception org.springframework.security.saml2.Saml2Exception
- Saml2Jackson2Module - Class in org.springframework.security.saml2.jackson2
-
Jackson module for saml2-service-provider.
- Saml2Jackson2Module() - Constructor for class org.springframework.security.saml2.jackson2.Saml2Jackson2Module
- saml2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.saml2Login(Customizer)
orsaml2Login(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures authentication support using an SAML 2.0 Service Provider.
- Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.saml2
-
An
AbstractHttpConfigurer
for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow. - Saml2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
- saml2Logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.saml2Logout(Customizer)
orsaml2Logout(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures logout support for an SAML 2.0 Relying Party.
- Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2
-
Adds SAML 2.0 logout support.
- Saml2LogoutConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Creates a new instance
- Saml2LogoutConfigurer.LogoutRequestConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2
-
A configurer for SAML 2.0 LogoutRequest components
- Saml2LogoutConfigurer.LogoutResponseConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2
- Saml2LogoutRequest - Class in org.springframework.security.saml2.provider.service.authentication.logout
-
A class that represents a signed and serialized SAML 2.0 Logout Request
- Saml2LogoutRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout
- Saml2LogoutRequestFilter - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
-
A filter for handling logout requests in the form of a <saml2:LogoutRequest> sent from the asserting party.
- Saml2LogoutRequestFilter(Saml2LogoutRequestValidatorParametersResolver, Saml2LogoutRequestValidator, Saml2LogoutResponseResolver, LogoutHandler...) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
- Saml2LogoutRequestFilter(RelyingPartyRegistrationResolver, Saml2LogoutRequestValidator, Saml2LogoutResponseResolver, LogoutHandler...) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
-
Constructs a
Saml2LogoutResponseFilter
for accepting SAML 2.0 Logout Requests from the asserting party - Saml2LogoutRequestRepository - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
-
Implementations of this interface are responsible for the persistence of
Saml2LogoutRequest
between requests. - Saml2LogoutRequestResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
-
Creates a signed SAML 2.0 Logout Request based on information from the
HttpServletRequest
and currentAuthentication
. - Saml2LogoutRequestValidator - Interface in org.springframework.security.saml2.provider.service.authentication.logout
-
Validates SAML 2.0 Logout Requests
- Saml2LogoutRequestValidatorParameters - Class in org.springframework.security.saml2.provider.service.authentication.logout
-
A holder of the parameters needed to invoke
Saml2LogoutRequestValidator
- Saml2LogoutRequestValidatorParameters(Saml2LogoutRequest, RelyingPartyRegistration, Authentication) - Constructor for class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
-
Construct a
Saml2LogoutRequestValidatorParameters
- Saml2LogoutRequestValidatorParametersResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
-
Resolved a SAML 2.0 Logout Request and associated validation parameters from the given
HttpServletRequest
and currentAuthentication
. - Saml2LogoutResponse - Class in org.springframework.security.saml2.provider.service.authentication.logout
-
A class that represents a signed and serialized SAML 2.0 Logout Response
- Saml2LogoutResponse.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout
- Saml2LogoutResponseFilter - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
-
A filter for handling a <saml2:LogoutResponse> sent from the asserting party.
- Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository, Saml2LogoutResponseValidator, LogoutSuccessHandler) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
- Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver, Saml2LogoutResponseValidator, LogoutSuccessHandler) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
-
Constructs a
Saml2LogoutResponseFilter
for accepting SAML 2.0 Logout Responses from the asserting party - Saml2LogoutResponseResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
-
Creates a signed SAML 2.0 Logout Response based on information from the
HttpServletRequest
and currentAuthentication
. - Saml2LogoutResponseValidator - Interface in org.springframework.security.saml2.provider.service.authentication.logout
-
Validates SAML 2.0 Logout Responses
- Saml2LogoutResponseValidatorParameters - Class in org.springframework.security.saml2.provider.service.authentication.logout
-
A holder of the parameters needed to invoke
Saml2LogoutResponseValidator
- Saml2LogoutResponseValidatorParameters(Saml2LogoutResponse, Saml2LogoutRequest, RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
-
Construct a
Saml2LogoutRequestValidatorParameters
- Saml2LogoutValidatorResult - Class in org.springframework.security.saml2.provider.service.authentication.logout
-
A result emitted from a SAML 2.0 Logout validation attempt
- Saml2LogoutValidatorResult.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout
- Saml2MessageBinding - Enum Class in org.springframework.security.saml2.provider.service.registration
-
The type of bindings that messages are exchanged using Supported bindings are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
andurn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
. - saml2Metadata() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.saml2Metadata(Customizer)
orsaml2Metadata(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - saml2Metadata(Customizer<Saml2MetadataConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures a SAML 2.0 metadata endpoint that presents relying party configurations in an
<md:EntityDescriptor>
payload. - Saml2MetadataConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2
-
An
AbstractHttpConfigurer
for SAML 2.0 Metadata. - Saml2MetadataConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
- Saml2MetadataFilter - Class in org.springframework.security.saml2.provider.service.web
-
A
Filter
that returns the metadata for a Relying Party - Saml2MetadataFilter(Saml2MetadataResponseResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
-
Constructs an instance of
Saml2MetadataFilter
- Saml2MetadataFilter(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
-
Constructs an instance of
Saml2MetadataFilter
using the provided parameters. - Saml2MetadataFilter(RelyingPartyRegistrationResolver, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
- Saml2MetadataResolver - Interface in org.springframework.security.saml2.provider.service.metadata
-
Resolves the SAML 2.0 Relying Party Metadata for a given
RelyingPartyRegistration
- Saml2MetadataResponse - Class in org.springframework.security.saml2.provider.service.metadata
- Saml2MetadataResponse(String, String) - Constructor for class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse
- Saml2MetadataResponseResolver - Interface in org.springframework.security.saml2.provider.service.metadata
-
Resolves Relying Party SAML 2.0 Metadata given details from the
HttpServletRequest
. - Saml2ParameterNames - Class in org.springframework.security.saml2.core
-
Standard parameter names defined in the SAML 2.0 Specification and used by the Authentication Request, Assertion Consumer Response, Logout Request, and Logout Response endpoints.
- Saml2PostAuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
-
Data holder for information required to send an
AuthNRequest
over a POST binding from the service provider to the identity provider https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031) - Saml2PostAuthenticationRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication
-
Builder class for a
Saml2PostAuthenticationRequest
object. - Saml2RedirectAuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
-
Data holder for information required to send an
AuthNRequest
over a REDIRECT binding from the service provider to the identity provider https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031) - Saml2RedirectAuthenticationRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication
-
Builder class for a
Saml2RedirectAuthenticationRequest
object. - Saml2RelyingPartyInitiatedLogoutSuccessHandler - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
-
A success handler for issuing a SAML 2.0 Logout Request to the SAML 2.0 Asserting Party
- Saml2RelyingPartyInitiatedLogoutSuccessHandler(Saml2LogoutRequestResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler
-
Constructs a
Saml2RelyingPartyInitiatedLogoutSuccessHandler
using the provided parameters - Saml2ResponseValidatorResult - Class in org.springframework.security.saml2.core
-
A result emitted from a SAML 2.0 Response validation attempt
- Saml2WebSsoAuthenticationFilter - Class in org.springframework.security.saml2.provider.service.web.authentication
- Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
-
Creates a
Saml2WebSsoAuthenticationFilter
authentication filter that is configured to use theSaml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI
processing URL - Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository, String) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
-
Creates a
Saml2WebSsoAuthenticationFilter
authentication filter - Saml2WebSsoAuthenticationFilter(AuthenticationConverter) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
-
Creates a
Saml2WebSsoAuthenticationFilter
that is configured to use theSaml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI
processing URL - Saml2WebSsoAuthenticationFilter(AuthenticationConverter, String) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
-
Creates a
Saml2WebSsoAuthenticationFilter
given the provided parameters - Saml2WebSsoAuthenticationRequestFilter - Class in org.springframework.security.saml2.provider.service.web
-
This
Filter
formulates a SAML 2.0 AuthnRequest (line 1968) and redirects to a configured asserting party. - Saml2WebSsoAuthenticationRequestFilter(Saml2AuthenticationRequestResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter
-
Construct a
Saml2WebSsoAuthenticationRequestFilter
with the strategy for resolving theAuthnRequest
- Saml2X509Credential - Class in org.springframework.security.saml2.core
-
An object for holding a public certificate, any associated private key, and its intended usages (Line 584, Section 4.3 Credentials).
- Saml2X509Credential(X509Certificate, Saml2X509Credential.Saml2X509CredentialType...) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential
-
Creates a
Saml2X509Credential
using the provided parameters - Saml2X509Credential(PrivateKey, X509Certificate, Set<Saml2X509Credential.Saml2X509CredentialType>) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential
-
Creates a
Saml2X509Credential
using the provided parameters - Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509Credential.Saml2X509CredentialType...) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential
-
Creates a
Saml2X509Credential
using the provided parameters - Saml2X509Credential.Saml2X509CredentialType - Enum Class in org.springframework.security.saml2.core
- samlRequest(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Sets the
SAMLRequest
parameter that will accompany this AuthNRequest - samlRequest(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this signed and serialized and Base64-encoded <saml2:LogoutRequest> Note that if using the Redirect binding, the value should be
deflated
and then Base64-encoded. - samlResponse(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this signed and serialized and Base64-encoded <saml2:LogoutResponse> Note that if using the Redirect binding, the value should be
deflated
and then Base64-encoded. - SamlServiceProperties - Class in org.springframework.security.cas
-
Sets the appropriate parameters for CAS's implementation of SAML (which is not guaranteed to be actually SAML compliant).
- SamlServiceProperties() - Constructor for class org.springframework.security.cas.SamlServiceProperties
- save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialCreationOptions) - Method in class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository
- save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialCreationOptions) - Method in interface org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsRepository
-
Saves the provided
PublicKeyCredentialCreationOptions
or clears an existingPublicKeyCredentialCreationOptions
ifoptions
is null. - save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialRequestOptions) - Method in class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository
- save(HttpServletRequest, HttpServletResponse, PublicKeyCredentialRequestOptions) - Method in interface org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsRepository
-
Saves the provided
PublicKeyCredentialRequestOptions
or clears an existingPublicKeyCredentialRequestOptions
ifoptions
is null. - save(CredentialRecord) - Method in class org.springframework.security.web.webauthn.management.MapUserCredentialRepository
- save(CredentialRecord) - Method in interface org.springframework.security.web.webauthn.management.UserCredentialRepository
-
Saves a
CredentialRecord
- save(PublicKeyCredentialUserEntity) - Method in class org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository
- save(PublicKeyCredentialUserEntity) - Method in interface org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository
-
Saves the
PublicKeyCredentialUserEntity
to the associated username. - save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
- save(ServerWebExchange, SecurityContext) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository
-
Saves the SecurityContext
- save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- saveAuthenticationRequest(AbstractSaml2AuthenticationRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
- saveAuthenticationRequest(T, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository
-
Saves the current authentication request using the
HttpServletRequest
andHttpServletResponse
- saveAuthorizationRequest(OAuth2AuthorizationRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
- saveAuthorizationRequest(OAuth2AuthorizationRequest, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
- saveAuthorizationRequest(T, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
-
Persists the
OAuth2AuthorizationRequest
associating it to the providedHttpServletRequest
and/orHttpServletResponse
. - saveAuthorizationRequest(T, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository
-
Persists the
OAuth2AuthorizationRequest
associating it to the providedHttpServletRequest
and/orHttpServletResponse
. - saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
-
Saves the
OAuth2AuthorizedClient
associating it to the provided End-UserAuthentication
(Resource Owner). - saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
-
Saves the
OAuth2AuthorizedClient
associating it to the provided End-UserAuthentication
(Resource Owner). - saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
-
Saves the
OAuth2AuthorizedClient
associating it to the provided End-UserAuthentication
(Resource Owner). - saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
- saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository
-
Saves the
OAuth2AuthorizedClient
associating it to the provided End-UserAuthentication
(Resource Owner). - saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
- saveContext(SecurityContext) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.Implements the logic for storing the security context.
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
- saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Stores the security context on completion of a request.
- SaveContextOnUpdateOrErrorResponseWrapper - Class in org.springframework.security.web.context
-
Deprecated.
- SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse, boolean) - Constructor for class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.
- SavedCookie - Class in org.springframework.security.web.savedrequest
-
Stores off the values of a cookie in a serializable holder
- SavedCookie(Cookie) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
- SavedCookie(String, String, String, int, String, boolean) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
- SavedCookie(String, String, String, String, int, String, boolean, int) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
-
Deprecated, for removal: This API element is subject to removal in a future version.
- SavedRequest - Interface in org.springframework.security.web.savedrequest
-
Encapsulates the functionality required of a cached request for both an authentication mechanism (typically form-based login) to redirect to the original URL and for a RequestCache to build a wrapped request, reproducing the original request data.
- SavedRequestAwareAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
An authentication success strategy which can make use of the
DefaultSavedRequest
which may have been stored in the session by theExceptionTranslationFilter
. - SavedRequestAwareAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- saveException(HttpServletRequest, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
Caches the
AuthenticationException
for use in view rendering. - saveLogoutRequest(Saml2LogoutRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
-
Persists the
Saml2LogoutRequest
associating it to the providedHttpServletRequest
and/orHttpServletResponse
. - saveLogoutRequest(Saml2LogoutRequest, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
-
Persists the
Saml2LogoutRequest
associating it to the providedHttpServletRequest
and/orHttpServletResponse
. - saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
- saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
Stores the current request, provided the configuration properties allow it.
- saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
- saveRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
-
Caches the current request for later retrieval, once authentication has taken place.
- saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
- saveRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
-
Save the
ServerHttpRequest
- saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- saveSessionInformation(ReactiveSessionInformation) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- saveSessionInformation(ReactiveSessionInformation) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
-
Saves the
ReactiveSessionInformation
- saveSessionInformation(OidcSessionInformation) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
- saveSessionInformation(OidcSessionInformation) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry
-
Register a OIDC Provider session with the provided client session.
- saveSessionInformation(OidcSessionInformation) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
- saveSessionInformation(OidcSessionInformation) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry
-
Register a OIDC Provider session with the provided client session.
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Deprecated.Does nothing if the
CsrfToken
is not null. - saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- saveToken(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
-
Saves the
CsrfToken
using theServerWebExchange
. - saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- scan(Method, Class<?>) - Method in interface org.springframework.security.core.annotation.SecurityAnnotationScanner
-
Scan for an annotation of type
A
, starting from the given method. - scan(Parameter) - Method in interface org.springframework.security.core.annotation.SecurityAnnotationScanner
-
Scan for an annotation of type
A
, starting from the given method parameter. - schedule(Runnable, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
- schedule(Runnable, Instant) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- schedule(Runnable, Date) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- schedule(Runnable, Trigger) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- schedule(Callable<V>, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
- scheduleAtFixedRate(Runnable, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleAtFixedRate(Runnable, long, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
- scheduleAtFixedRate(Runnable, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleAtFixedRate(Runnable, Instant, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleAtFixedRate(Runnable, Date, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleWithFixedDelay(Runnable, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleWithFixedDelay(Runnable, long, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
- scheduleWithFixedDelay(Runnable, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleWithFixedDelay(Runnable, Instant, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scheduleWithFixedDelay(Runnable, Date, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
- scope(String...) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the scope(s) used for the client.
- scope(String...) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the scope(s).
- scope(Collection<String>) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the scope(s) used for the client.
- SCOPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
scope
- used in Authorization Request, Authorization Response, Access Token Request and Access Token Response. - SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
scope
- The scopes for the token - scopes(Set<String>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Sets the scope(s) associated to the access token.
- scopes(Set<String>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the scope(s).
- SCryptPasswordEncoder - Class in org.springframework.security.crypto.scrypt
-
Implementation of PasswordEncoder that uses the SCrypt hashing function.
- SCryptPasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
-
Constructs a SCrypt password encoder with the provided parameters.
- searchForMultipleAttributeValues(String, String, Object[], String[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Performs a search using the supplied filter and returns the values of each named attribute found in all entries matched by the search.
- searchForSingleAttributeValues(String, String, Object[], String) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Performs a search using the supplied filter and returns the union of the values of the named attribute found in all entries matched by the search.
- searchForSingleEntry(String, String, Object[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Performs a search, with the requirement that the search shall return a single directory entry, and uses the supplied mapper to create the object from that entry.
- searchForSingleEntryInternal(DirContext, SearchControls, String, String, Object[]) - Static method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Internal method extracted to avoid code duplication in AD search.
- searchForUser(String) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
-
Return the LdapUserDetails containing the user's information
- searchForUser(String) - Method in interface org.springframework.security.ldap.search.LdapUserSearch
-
Locates a single user in the directory and returns the LDAP information for that user.
- SECURE_RESULT - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- SecureChannelProcessor - Class in org.springframework.security.web.access.channel
-
Ensures channel security is active by review of
HttpServletRequest.isSecure()
responses. - SecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.SecureChannelProcessor
- secured() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the
Secured
annotation - secured(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the
Secured
annotation - secured(SecuredAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an interceptor for the
Secured
annotation - Secured - Annotation Interface in org.springframework.security.access.annotation
-
Java 5 annotation for describing service layer security attributes.
- SECURED - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
- SecuredAnnotationSecurityMetadataSource - Class in org.springframework.security.access.annotation
-
Deprecated.
- SecuredAnnotationSecurityMetadataSource() - Constructor for class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
-
Deprecated.
- SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtractor) - Constructor for class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
-
Deprecated.
- SecuredAuthorizationManager - Class in org.springframework.security.authorization.method
-
An
AuthorizationManager
which can determine if anAuthentication
may invoke theMethodInvocation
by evaluating if theAuthentication
contains a specified authority from the Spring Security'sSecured
annotation. - SecuredAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.SecuredAuthorizationManager
- SecuredAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
- securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
-
Deprecated.Determines if Spring Security's
Secured
annotations should be enabled. - securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
-
Determines if Spring Security's
Secured
annotation should be enabled. - secureRandom() - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
-
Create a
BytesKeyGenerator
that uses aSecureRandom
to generate keys of 8 bytes in length. - secureRandom(int) - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
-
Create a
BytesKeyGenerator
that uses aSecureRandom
to generate keys of a custom length. - SecureRandomFactoryBean - Class in org.springframework.security.core.token
-
Creates a
SecureRandom
instance. - SecureRandomFactoryBean() - Constructor for class org.springframework.security.core.token.SecureRandomFactoryBean
- SECURITY_CONTEXT_SERVER_WEB_EXCHANGE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- SecurityAnnotationScanner<A extends Annotation> - Interface in org.springframework.security.core.annotation
-
An interface to scan for and synthesize an annotation on a type, method, or method parameter into an annotation of type
<A>
. - SecurityAnnotationScanners - Class in org.springframework.security.core.annotation
-
Factory for creating
SecurityAnnotationScanner
instances. - SecurityBuilder<O> - Interface in org.springframework.security.config.annotation
-
Interface for building an Object
- securityCheck(Acl, int) - Method in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- securityCheck(Acl, int) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
- SecurityConfig - Class in org.springframework.security.access
-
Stores a
ConfigAttribute
as aString
. - SecurityConfig(String) - Constructor for class org.springframework.security.access.SecurityConfig
- SecurityConfigurer<O,
B extends SecurityBuilder<O>> - Interface in org.springframework.security.config.annotation -
Allows for configuring a
SecurityBuilder
. - SecurityConfigurerAdapter<O,
B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation -
A base class for
SecurityConfigurer
that allows subclasses to only implement the methods they are interested in. - SecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.SecurityConfigurerAdapter
- securityContext() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.securityContext(Customizer)
orsecurityContext(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Sets up management of the
SecurityContext
on theSecurityContextHolder
betweenHttpServletRequest
's. - securityContext(SecurityContext) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish the specified
SecurityContext
to be used. - SecurityContext - Interface in org.springframework.security.core.context
-
Interface defining the minimum security information associated with the current thread of execution.
- SecurityContextCallableProcessingInterceptor - Class in org.springframework.security.web.context.request.async
-
Allows for integration with Spring MVC's
Callable
support. - SecurityContextCallableProcessingInterceptor() - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
-
Create a new
SecurityContextCallableProcessingInterceptor
that uses theSecurityContext
from theSecurityContextHolder
at the timeSecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(NativeWebRequest, Callable)
is invoked. - SecurityContextCallableProcessingInterceptor(SecurityContext) - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
-
Creates a new
SecurityContextCallableProcessingInterceptor
with the specifiedSecurityContext
. - securityContextChanged(SecurityContextChangedEvent) - Method in class org.springframework.security.core.context.ObservationSecurityContextChangedListener
- securityContextChanged(SecurityContextChangedEvent) - Method in interface org.springframework.security.core.context.SecurityContextChangedListener
- SecurityContextChangedEvent - Class in org.springframework.security.core.context
-
An event that represents a change in
SecurityContext
- SecurityContextChangedEvent(Supplier<SecurityContext>, Supplier<SecurityContext>) - Constructor for class org.springframework.security.core.context.SecurityContextChangedEvent
-
Construct an event
- SecurityContextChangedEvent(SecurityContext, SecurityContext) - Constructor for class org.springframework.security.core.context.SecurityContextChangedEvent
-
Construct an event
- SecurityContextChangedListener - Interface in org.springframework.security.core.context
-
A listener for
SecurityContextChangedEvent
s - securityContextChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- SecurityContextChannelInterceptor - Class in org.springframework.security.messaging.context
-
Creates a
ExecutorChannelInterceptor
that will obtain theAuthentication
from the specifiedMessage.getHeaders()
. - SecurityContextChannelInterceptor() - Constructor for class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
-
Creates a new instance using the header of the name
SimpMessageHeaderAccessor.USER_HEADER
. - SecurityContextChannelInterceptor(String) - Constructor for class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
-
Creates a new instance that uses the specified header to obtain the
Authentication
. - SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Allows persisting and restoring of the
SecurityContext
found on theSecurityContextHolder
for each request by configuring theSecurityContextPersistenceFilter
. - SecurityContextConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
-
Creates a new instance
- SecurityContextHolder - Class in org.springframework.security.core.context
-
Associates a given
SecurityContext
with the current execution thread. - SecurityContextHolder() - Constructor for class org.springframework.security.core.context.SecurityContextHolder
- SecurityContextHolderAwareRequestFilter - Class in org.springframework.security.web.servletapi
-
A
Filter
which populates theServletRequest
with a request wrapper which implements the servlet API security methods. - SecurityContextHolderAwareRequestFilter() - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- SecurityContextHolderAwareRequestWrapper - Class in org.springframework.security.web.servletapi
-
A Spring Security-aware
HttpServletRequestWrapper
, which uses theSecurityContext
-definedAuthentication
object to implement the servlet API security methods:SecurityContextHolderAwareRequestWrapper.getUserPrincipal()
SecurityContextHolderAwareRequestWrapper.isUserInRole(String)
HttpServletRequestWrapper.getRemoteUser()
. - SecurityContextHolderAwareRequestWrapper(HttpServletRequest, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Creates a new instance with
AuthenticationTrustResolverImpl
. - SecurityContextHolderAwareRequestWrapper(HttpServletRequest, AuthenticationTrustResolver, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Creates a new instance
- SecurityContextHolderFilter - Class in org.springframework.security.web.context
-
A
Filter
that uses theSecurityContextRepository
to obtain theSecurityContext
and set it on theSecurityContextHolder
. - SecurityContextHolderFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextHolderFilter
-
Creates a new instance.
- SecurityContextHolderPrincipalResolver - Class in org.springframework.security.oauth2.client.web.client
-
A strategy for resolving a
principal
from an intercepted request using theSecurityContextHolder
. - SecurityContextHolderPrincipalResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver
-
Constructs a
SecurityContextHolderPrincipalResolver
. - SecurityContextHolderPrincipalResolver(SecurityContextHolderStrategy) - Constructor for class org.springframework.security.oauth2.client.web.client.SecurityContextHolderPrincipalResolver
-
Constructs a
SecurityContextHolderPrincipalResolver
using the provided parameters. - SecurityContextHolderStrategy - Interface in org.springframework.security.core.context
-
A strategy for storing security context information against a thread.
- SecurityContextImpl - Class in org.springframework.security.core.context
-
Base implementation of
SecurityContext
. - SecurityContextImpl() - Constructor for class org.springframework.security.core.context.SecurityContextImpl
- SecurityContextImpl(Authentication) - Constructor for class org.springframework.security.core.context.SecurityContextImpl
- SecurityContextLoginModule - Class in org.springframework.security.authentication.jaas
-
An implementation of
LoginModule
that uses a Spring SecuritySecurityContext
to provide authentication. - SecurityContextLoginModule() - Constructor for class org.springframework.security.authentication.jaas.SecurityContextLoginModule
- SecurityContextLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
Performs a logout by modifying the
SecurityContextHolder
. - SecurityContextLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
- SecurityContextPersistenceFilter - Class in org.springframework.security.web.context
-
Deprecated.
- SecurityContextPersistenceFilter() - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter
-
Deprecated.
- SecurityContextPersistenceFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter
-
Deprecated.
- SecurityContextPropagationChannelInterceptor - Class in org.springframework.security.messaging.context
-
An
ExecutorChannelInterceptor
that takes anAuthentication
from the currentSecurityContext
(if any) in theSecurityContextPropagationChannelInterceptor.preSend(Message, MessageChannel)
callback and stores it into anSecurityContextPropagationChannelInterceptor.authenticationHeaderName
message header. - SecurityContextPropagationChannelInterceptor() - Constructor for class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
-
Create a new instance using the header of the name
SimpMessageHeaderAccessor.USER_HEADER
. - SecurityContextPropagationChannelInterceptor(String) - Constructor for class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
-
Create a new instance that uses the specified header to populate the
Authentication
. - securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
Specifies a custom
SecurityContextRepository
to use for basic authentication. - securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
-
Specifies the shared
SecurityContextRepository
that is to be used - securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
The
ServerSecurityContextRepository
used to save theAuthentication
. - securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
The
ServerSecurityContextRepository
used to save theAuthentication
. - securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
The
ServerSecurityContextRepository
used to save theAuthentication
. - securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
The
ServerSecurityContextRepository
used to save theAuthentication
. - securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
The strategy used with
ReactorContextWebFilter
. - SecurityContextRepository - Interface in org.springframework.security.web.context
-
Strategy used for persisting a
SecurityContext
between requests. - SecurityContextServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
A
ServerLogoutHandler
which removes the SecurityContext using the providedServerSecurityContextRepository
- SecurityContextServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
- SecurityContextServerWebExchange - Class in org.springframework.security.web.server.context
-
Overrides the
ServerWebExchange.getPrincipal()
with the provided SecurityContext - SecurityContextServerWebExchange(ServerWebExchange, Mono<SecurityContext>) - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchange
- SecurityContextServerWebExchangeWebFilter - Class in org.springframework.security.web.server.context
-
Override the
ServerWebExchange.getPrincipal()
to be looked up usingReactiveSecurityContextHolder
. - SecurityContextServerWebExchangeWebFilter() - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
- SecurityDebugBeanFactoryPostProcessor - Class in org.springframework.security.config.debug
- SecurityDebugBeanFactoryPostProcessor() - Constructor for class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
- SecurityEvaluationContextExtension - Class in org.springframework.security.data.repository.query
-
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.
- SecurityEvaluationContextExtension() - Constructor for class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Creates a new instance that uses the current
Authentication
found on theSecurityContextHolder
. - SecurityEvaluationContextExtension(Authentication) - Constructor for class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Creates a new instance that always uses the same
Authentication
object. - SecurityExpressionHandler<T> - Interface in org.springframework.security.access.expression
-
Facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects
- SecurityExpressionOperations - Interface in org.springframework.security.access.expression
-
Standard interface for expression root objects used with expression-based security.
- SecurityExpressionRoot - Class in org.springframework.security.access.expression
-
Base root object for use in Spring Security expression evaluations.
- SecurityExpressionRoot(Supplier<Authentication>) - Constructor for class org.springframework.security.access.expression.SecurityExpressionRoot
-
Creates a new instance that uses lazy initialization of the
Authentication
object. - SecurityExpressionRoot(Authentication) - Constructor for class org.springframework.security.access.expression.SecurityExpressionRoot
-
Creates a new instance
- SecurityFilterChain - Interface in org.springframework.security.web
-
Defines a filter chain which is capable of being matched against an
HttpServletRequest
. - SecurityHeaders - Class in org.springframework.security.web.http
-
Utilities for interacting with
HttpHeaders
- SecurityHintsRegistrar - Interface in org.springframework.security.aot.hint
-
An interface for registering AOT hints.
- SecurityJackson2Modules - Class in org.springframework.security.jackson2
-
This utility class will find all the SecurityModules in classpath.
- securityMatcher(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring the
HttpSecurity
to only be invoked when matching the provided pattern. - securityMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
- securityMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring the
HttpSecurity
to only be invoked when matching the providedRequestMatcher
. - securityMatchers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.securityMatchers(Customizer)
orsecurityMatchers(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - securityMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows specifying which
HttpServletRequest
instances thisHttpSecurity
will be invoked on. - SecurityMetadataSource - Interface in org.springframework.security.access
-
Implemented by classes that store and can identify the
ConfigAttribute
s that applies to a given secure object invocation. - SecurityMockMvcConfigurers - Class in org.springframework.security.test.web.servlet.setup
-
Provides Security related
MockMvcConfigurer
implementations. - SecurityMockMvcRequestBuilders - Class in org.springframework.security.test.web.servlet.request
-
Contains Spring Security related
MockMvc
RequestBuilder
s. - SecurityMockMvcRequestBuilders.FormLoginRequestBuilder - Class in org.springframework.security.test.web.servlet.request
-
Creates a form based login request including any necessary
CsrfToken
. - SecurityMockMvcRequestBuilders.LogoutRequestBuilder - Class in org.springframework.security.test.web.servlet.request
-
Creates a logout request (including any necessary
CsrfToken
) - SecurityMockMvcRequestPostProcessors - Class in org.springframework.security.test.web.servlet.request
-
Contains
MockMvc
RequestPostProcessor
implementations for Spring Security. - SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
-
Populates a valid
CsrfToken
into the request. - SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
- SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
- SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
- SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
- SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
- SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
- SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
-
Creates a
UsernamePasswordAuthenticationToken
and sets the principal to be aUser
and associates it to theMockHttpServletRequest
. - SecurityMockMvcResultHandlers - Class in org.springframework.security.test.web.servlet.response
-
Security related
MockMvc
ResultHandler
s - SecurityMockMvcResultMatchers - Class in org.springframework.security.test.web.servlet.response
-
Security related
MockMvc
ResultMatcher
s. - SecurityMockMvcResultMatchers.AuthenticatedMatcher - Class in org.springframework.security.test.web.servlet.response
-
A
MockMvc
ResultMatcher
that verifies a specific user is associated to theMvcResult
. - SecurityMockServerConfigurers - Class in org.springframework.security.test.web.reactive.server
-
Test utilities for working with Spring Security and
WebTestClient.Builder.apply(WebTestClientConfigurer)
. - SecurityMockServerConfigurers.CsrfMutator - Class in org.springframework.security.test.web.reactive.server
- SecurityMockServerConfigurers.JwtMutator - Class in org.springframework.security.test.web.reactive.server
-
Updates the WebServerExchange using
{@link SecurityMockServerConfigurers#mockAuthentication(Authentication)}
. - SecurityMockServerConfigurers.OAuth2ClientMutator - Class in org.springframework.security.test.web.reactive.server
- SecurityMockServerConfigurers.OAuth2LoginMutator - Class in org.springframework.security.test.web.reactive.server
- SecurityMockServerConfigurers.OidcLoginMutator - Class in org.springframework.security.test.web.reactive.server
- SecurityMockServerConfigurers.OpaqueTokenMutator - Class in org.springframework.security.test.web.reactive.server
- SecurityMockServerConfigurers.UserExchangeMutator - Class in org.springframework.security.test.web.reactive.server
-
Updates the WebServerExchange using
{@link SecurityMockServerConfigurers#mockUser(UserDetails)}
. - SecurityNamespaceHandler - Class in org.springframework.security.config
-
Parses elements from the "security" namespace (http://www.springframework.org/schema/security).
- SecurityNamespaceHandler() - Constructor for class org.springframework.security.config.SecurityNamespaceHandler
- SecurityObservationSettings - Class in org.springframework.security.config.observation
-
An
ObservationPredicate
that can be used to change which Spring Security observations are made with Micrometer. - SecurityObservationSettings.Builder - Class in org.springframework.security.config.observation
-
A builder for configuring a
SecurityObservationSettings
- SecuritySocketAcceptorInterceptor - Class in org.springframework.security.rsocket.core
-
A SocketAcceptorInterceptor that applies Security through a delegate
SocketAcceptorInterceptor
. - SecuritySocketAcceptorInterceptor(SocketAcceptorInterceptor) - Constructor for class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor
- SecurityTestExecutionListeners - Annotation Interface in org.springframework.security.test.context.annotation
-
There are many times a user may want to use Spring Security's test support (i.e.
- SecurityWebApplicationContextUtils - Class in org.springframework.security.web.context.support
-
Spring Security extension to Spring's
WebApplicationContextUtils
. - SecurityWebApplicationContextUtils() - Constructor for class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils
- SecurityWebFilterChain - Interface in org.springframework.security.web.server
-
Defines a filter chain which is capable of being matched against a
ServerWebExchange
in order to decide whether it applies to that request. - SecurityWebFiltersOrder - Enum Class in org.springframework.security.config.web.server
- SELF_SIGNED_TLS_CLIENT_AUTH - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- sendError(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclasssendError()
- sendError(int, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclasssendError()
- sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
Redirects the response to the supplied URL.
- sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in interface org.springframework.security.web.RedirectStrategy
-
Performs a redirect to the supplied URL
- sendRedirect(String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
-
Makes sure
OnCommittedResponseWrapper.onResponseCommitted()
is invoked before calling the superclasssendRedirect()
- sendRedirect(ServerWebExchange, URI) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
- sendRedirect(ServerWebExchange, URI) - Method in interface org.springframework.security.web.server.ServerRedirectStrategy
-
Performs a redirect based upon the provided
ServerWebExchange
andURI
- sendStartAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, AuthenticationException) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- SERIAL_VERSION_UID - Static variable in class org.springframework.security.core.SpringSecurityCoreVersion
-
Global Serialization value for Spring Security classes.
- SERVER_ERROR - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
server_error
- The authorization server encountered an unexpected condition that prevented it from fulfilling the request. - SERVER_REQUEST_CACHE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- ServerAccessDeniedHandler - Interface in org.springframework.security.web.server.authorization
- ServerAuthenticationConverter - Interface in org.springframework.security.web.server.authentication
-
A strategy used for converting from a
ServerWebExchange
to anAuthentication
used for authenticating with a providedReactiveAuthenticationManager
. - ServerAuthenticationEntryPoint - Interface in org.springframework.security.web.server
-
Used to request authentication
- ServerAuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.server.authentication
-
Adapts a
ServerAuthenticationEntryPoint
into aServerAuthenticationFailureHandler
- ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
- ServerAuthenticationFailureHandler - Interface in org.springframework.security.web.server.authentication
-
Handles authentication failure
- ServerAuthenticationSuccessHandler - Interface in org.springframework.security.web.server.authentication
-
Handles authentication success
- ServerAuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web.server
-
Implementations of this interface are responsible for the persistence of
OAuth2AuthorizationRequest
between requests. - ServerBearerExchangeFilterFunction - Class in org.springframework.security.oauth2.server.resource.web.reactive.function.client
-
An
ExchangeFilterFunction
that adds the Bearer Token from an existingOAuth2Token
tied to the currentAuthentication
. - ServerBearerExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServerBearerExchangeFilterFunction
- ServerBearerTokenAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.web.server.authentication
-
A strategy for resolving Bearer Tokens from the
ServerWebExchange
. - ServerBearerTokenAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
- ServerCsrfTokenRepository - Interface in org.springframework.security.web.server.csrf
-
An API to allow changing the method in which the expected
CsrfToken
is associated to theServerWebExchange
. - ServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf
-
An implementation of the
ServerCsrfTokenRequestHandler
interface that is capable of making theCsrfToken
available as an exchange attribute and resolving the token value as either a form data value or header of the request. - ServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
- ServerCsrfTokenRequestHandler - Interface in org.springframework.security.web.server.csrf
-
A callback interface that is used to make the
CsrfToken
created by theServerCsrfTokenRepository
available as an exchange attribute. - ServerCsrfTokenRequestResolver - Interface in org.springframework.security.web.server.csrf
-
Implementations of this interface are capable of resolving the token value of a
CsrfToken
from the providedServerWebExchange
. - ServerExchangeRejectedException - Exception in org.springframework.security.web.server.firewall
-
Thrown when a
ServerWebExchange
is rejected. - ServerExchangeRejectedException(String) - Constructor for exception org.springframework.security.web.server.firewall.ServerExchangeRejectedException
- ServerExchangeRejectedHandler - Interface in org.springframework.security.web.server.firewall
-
Handles
ServerExchangeRejectedException
thrown byServerWebExchangeFirewall
. - ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form data HTTP parameters.
- ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server
-
Deprecated.use
ServerFormLoginAuthenticationConverter
instead. - ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
- ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.
- ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
Converts from a
ServerWebExchange
to anAuthentication
that can be authenticated. - ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server
-
Deprecated.Use
ServerHttpBasicAuthenticationConverter
instead. - ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
- ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- ServerHttpHeadersWriter - Interface in org.springframework.security.web.server.header
-
Interface for writing headers just before the response is committed.
- ServerHttpSecurity - Class in org.springframework.security.config.web.server
-
A
ServerHttpSecurity
is similar to Spring Security'sHttpSecurity
but for WebFlux. - ServerHttpSecurity() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity
- ServerHttpSecurity.AnonymousSpec - Class in org.springframework.security.config.web.server
-
Configures anonymous authentication
- ServerHttpSecurity.AuthorizeExchangeSpec - Class in org.springframework.security.config.web.server
-
Configures authorization
- ServerHttpSecurity.AuthorizeExchangeSpec.Access - Class in org.springframework.security.config.web.server
-
Configures the access for a particular set of exchanges.
- ServerHttpSecurity.CorsSpec - Class in org.springframework.security.config.web.server
-
Configures CORS support within Spring Security.
- ServerHttpSecurity.CsrfSpec - Class in org.springframework.security.config.web.server
-
Configures CSRF Protection
- ServerHttpSecurity.ExceptionHandlingSpec - Class in org.springframework.security.config.web.server
-
Configures exception handling
- ServerHttpSecurity.FormLoginSpec - Class in org.springframework.security.config.web.server
-
Configures Form Based authentication
- ServerHttpSecurity.HeaderSpec - Class in org.springframework.security.config.web.server
-
Configures HTTP Response Headers.
- ServerHttpSecurity.HeaderSpec.CacheSpec - Class in org.springframework.security.config.web.server
-
Configures cache control headers
- ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec - Class in org.springframework.security.config.web.server
-
Configures
Content-Security-Policy
response header. - ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec - Class in org.springframework.security.config.web.server
-
The content type headers
- ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec - Class in org.springframework.security.config.web.server
-
Configures the Cross-Origin-Embedder-Policy header
- ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec - Class in org.springframework.security.config.web.server
-
Configures the Cross-Origin-Opener-Policy header
- ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec - Class in org.springframework.security.config.web.server
-
Configures the Cross-Origin-Resource-Policy header
- ServerHttpSecurity.HeaderSpec.FeaturePolicySpec - Class in org.springframework.security.config.web.server
-
Configures
Feature-Policy
response header. - ServerHttpSecurity.HeaderSpec.FrameOptionsSpec - Class in org.springframework.security.config.web.server
-
Configures frame options response header
- ServerHttpSecurity.HeaderSpec.HstsSpec - Class in org.springframework.security.config.web.server
-
Configures Strict Transport Security response header
- ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec - Class in org.springframework.security.config.web.server
-
Configures
Permissions-Policy
response header. - ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec - Class in org.springframework.security.config.web.server
-
Configures
Referrer-Policy
response header. - ServerHttpSecurity.HeaderSpec.XssProtectionSpec - Class in org.springframework.security.config.web.server
-
Configures x-xss-protection response header
- ServerHttpSecurity.HttpBasicSpec - Class in org.springframework.security.config.web.server
-
Configures HTTP Basic Authentication
- ServerHttpSecurity.HttpsRedirectSpec - Class in org.springframework.security.config.web.server
-
Configures HTTPS redirection rules
- ServerHttpSecurity.LogoutSpec - Class in org.springframework.security.config.web.server
-
Configures log out
- ServerHttpSecurity.OAuth2ClientSpec - Class in org.springframework.security.config.web.server
- ServerHttpSecurity.OAuth2LoginSpec - Class in org.springframework.security.config.web.server
- ServerHttpSecurity.OAuth2ResourceServerSpec - Class in org.springframework.security.config.web.server
-
Configures OAuth2 Resource Server Support
- ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec - Class in org.springframework.security.config.web.server
-
Configures JWT Resource Server Support
- ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec - Class in org.springframework.security.config.web.server
-
Configures Opaque Token Resource Server support
- ServerHttpSecurity.OidcLogoutSpec - Class in org.springframework.security.config.web.server
-
Configures OIDC 1.0 Logout support
- ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer - Class in org.springframework.security.config.web.server
-
A configurer for configuring OIDC Back-Channel Logout
- ServerHttpSecurity.OneTimeTokenLoginSpec - Class in org.springframework.security.config.web.server
-
Configures One-Time Token Login Support
- ServerHttpSecurity.PasswordManagementSpec - Class in org.springframework.security.config.web.server
-
Configures password management.
- ServerHttpSecurity.RequestCacheSpec - Class in org.springframework.security.config.web.server
-
Configures the request cache which is used when a flow is interrupted (i.e.
- ServerHttpSecurity.SessionManagementSpec - Class in org.springframework.security.config.web.server
-
Configures how sessions are managed.
- ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec - Class in org.springframework.security.config.web.server
-
Configures how many sessions are allowed for a given user.
- ServerHttpSecurity.X509Spec - Class in org.springframework.security.config.web.server
-
Configures X509 authentication
- ServerLogoutHandler - Interface in org.springframework.security.web.server.authentication.logout
-
Handles log out
- ServerLogoutSuccessHandler - Interface in org.springframework.security.web.server.authentication.logout
-
Strategy for when log out was successfully performed (typically after
ServerLogoutHandler
is invoked). - ServerMaximumSessionsExceededHandler - Interface in org.springframework.security.web.server.authentication
-
Strategy for handling the scenario when the maximum number of sessions for a user has been reached.
- ServerOAuth2AuthorizationCodeAuthenticationTokenConverter - Class in org.springframework.security.oauth2.client.web.server
-
Converts from a
ServerWebExchange
to anOAuth2AuthorizationCodeAuthenticationToken
that can be authenticated. - ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
- ServerOAuth2AuthorizationRequestResolver - Interface in org.springframework.security.oauth2.client.web.server
-
Implementations of this interface are capable of resolving an
OAuth2AuthorizationRequest
from the providedServerWebExchange
. - ServerOAuth2AuthorizedClientExchangeFilterFunction - Class in org.springframework.security.oauth2.client.web.reactive.function.client
-
Provides an easy mechanism for using an
OAuth2AuthorizedClient
to make OAuth2 requests by including the token as a Bearer Token. - ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Constructs a
ServerOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters. - ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Constructs a
ServerOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters. - ServerOAuth2AuthorizedClientRepository - Interface in org.springframework.security.oauth2.client.web.server
-
Implementations of this interface are responsible for the persistence of
Authorized Client(s)
between requests. - ServerOneTimeTokenAuthenticationConverter - Class in org.springframework.security.web.server.authentication.ott
-
An implementation of
ServerAuthenticationConverter
for resolvingOneTimeTokenAuthenticationToken
from token parameter. - ServerOneTimeTokenAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ott.ServerOneTimeTokenAuthenticationConverter
- ServerOneTimeTokenGenerationSuccessHandler - Interface in org.springframework.security.web.server.authentication.ott
-
Defines a reactive strategy to handle generated one-time tokens.
- ServerRedirectOneTimeTokenGenerationSuccessHandler - Class in org.springframework.security.web.server.authentication.ott
-
A
ServerOneTimeTokenGenerationSuccessHandler
that performs a redirect to a specific location - ServerRedirectOneTimeTokenGenerationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.ott.ServerRedirectOneTimeTokenGenerationSuccessHandler
- ServerRedirectStrategy - Interface in org.springframework.security.web.server
-
A strategy for performing redirects.
- ServerRequestCache - Interface in org.springframework.security.web.server.savedrequest
-
Saves a
ServerHttpRequest
so it can be "replayed" later. - ServerRequestCacheWebFilter - Class in org.springframework.security.web.server.savedrequest
-
A
WebFilter
that replays any matching request inServerRequestCache
- ServerRequestCacheWebFilter() - Constructor for class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
- ServerSecurityContextRepository - Interface in org.springframework.security.web.server.context
-
Strategy used for persisting a
SecurityContext
between requests. - serverWebExchange(ServerWebExchange) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theServerWebExchange
to be used for providing the Bearer Token. - ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver - Class in org.springframework.security.web.server.authentication
-
A
ReactiveAuthenticationManagerResolver
that returns aReactiveAuthenticationManager
instances based upon the type ofServerWebExchange
passed intoServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.resolve(ServerWebExchange)
. - ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.server.authentication
- ServerWebExchangeDelegatingServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization
-
A
ServerAccessDeniedHandler
which delegates to multipleServerAccessDeniedHandler
s based on aServerWebExchangeMatcher
- ServerWebExchangeDelegatingServerAccessDeniedHandler(List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry>) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
-
Creates a new instance
- ServerWebExchangeDelegatingServerAccessDeniedHandler(ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry...) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
-
Creates a new instance
- ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry - Class in org.springframework.security.web.server.authorization
- ServerWebExchangeDelegatingServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Delegates to a provided
ServerHttpHeadersWriter
ifServerWebExchangeMatcher.matches(ServerWebExchange)
returns a match. - ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcherEntry<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter
-
Creates a new instance
- ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcher, ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter
-
Creates a new instance
- ServerWebExchangeFirewall - Interface in org.springframework.security.web.server.firewall
-
Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.
- ServerWebExchangeMatcher - Interface in org.springframework.security.web.server.util.matcher
-
An interface for determining if a
ServerWebExchangeMatcher
matches. - ServerWebExchangeMatcher.MatchResult - Class in org.springframework.security.web.server.util.matcher
-
The result of matching
- ServerWebExchangeMatcherEntry<T> - Class in org.springframework.security.web.server.util.matcher
-
A rich object for associating a
ServerWebExchangeMatcher
to another object. - ServerWebExchangeMatcherEntry(ServerWebExchangeMatcher, T) - Constructor for class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
- ServerWebExchangeMatchers - Class in org.springframework.security.web.server.util.matcher
-
Provides factory methods for creating common
ServerWebExchangeMatcher
- ServerX509AuthenticationConverter - Class in org.springframework.security.web.server.authentication
-
Converts from a
SslInfo
provided by a request to anPreAuthenticatedAuthenticationToken
that can be authenticated. - ServerX509AuthenticationConverter(X509PrincipalExtractor) - Constructor for class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- ServiceAuthenticationDetails - Interface in org.springframework.security.cas.authentication
-
In order for the
CasAuthenticationProvider
to provide the correct service url to authenticate the ticket, the returned value ofAuthentication.getDetails()
should implement this interface when tickets can be sent to any URL rather than onlyServiceProperties.getService()
. - ServiceAuthenticationDetails - Interface in org.springframework.security.cas.web.authentication
-
Deprecated.Please use org.springframework.security.cas.authentication.ServiceAuthenticationDetails
- ServiceAuthenticationDetailsSource - Class in org.springframework.security.cas.web.authentication
-
The
AuthenticationDetailsSource
that is set on theCasAuthenticationFilter
should return a value that implementsServiceAuthenticationDetails
if the application needs to authenticate dynamic service urls. - ServiceAuthenticationDetailsSource(ServiceProperties) - Constructor for class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
-
Creates an implementation that uses the specified ServiceProperties and the default CAS artifactParameterName.
- ServiceAuthenticationDetailsSource(ServiceProperties, String) - Constructor for class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
-
Creates an implementation that uses the specified artifactParameterName
- ServiceProperties - Class in org.springframework.security.cas
-
Stores properties related to this CAS service.
- ServiceProperties() - Constructor for class org.springframework.security.cas.ServiceProperties
- servletApi() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.servletApi(Customizer)
orservletApi(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - servletApi(Customizer<ServletApiConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Integrates the
HttpServletRequest
methods with the values found on theSecurityContext
. - ServletApiConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Implements select methods from the
HttpServletRequest
using theSecurityContext
from theSecurityContextHolder
. - ServletApiConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
-
Creates a new instance
- ServletBearerExchangeFilterFunction - Class in org.springframework.security.oauth2.server.resource.web.reactive.function.client
-
An
ExchangeFilterFunction
that adds the Bearer Token from an existingOAuth2Token
tied to the currentAuthentication
. - ServletBearerExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction
- ServletOAuth2AuthorizedClientExchangeFilterFunction - Class in org.springframework.security.oauth2.client.web.reactive.function.client
-
Provides an easy mechanism for using an
OAuth2AuthorizedClient
to make OAuth 2.0 requests by including theaccess token
as a bearer token. - ServletOAuth2AuthorizedClientExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
- ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Constructs a
ServletOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters. - ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Constructs a
ServletOAuth2AuthorizedClientExchangeFilterFunction
using the provided parameters. - servletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
-
Sets the servlet path to be used by the
MvcRequestMatcher
generated by this builder - SESSION_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
- sessionAuthenticationErrorUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception.
- SessionAuthenticationException - Exception in org.springframework.security.web.authentication.session
-
Thrown by an
SessionAuthenticationStrategy
orServerSessionAuthenticationStrategy
to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently. - SessionAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.session.SessionAuthenticationException
- sessionAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Defines the
AuthenticationFailureHandler
which will be used when the SessionAuthenticationStrategy raises an exception. - sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
-
Specify the
SessionAuthenticationStrategy
to use. - sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Allows explicitly specifying the
SessionAuthenticationStrategy
. - SessionAuthenticationStrategy - Interface in org.springframework.security.web.authentication.session
-
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
- sessionConcurrency(Customizer<SessionManagementConfigurer.ConcurrencyControlConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Controls the maximum number of sessions for a user.
- sessionCreated(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
-
Handles the HttpSessionEvent by publishing a
HttpSessionCreatedEvent
to the application appContext. - SessionCreationEvent - Class in org.springframework.security.core.session
-
Generic session creation event which indicates that a session (potentially represented by a security context) has begun.
- SessionCreationEvent(Object) - Constructor for class org.springframework.security.core.session.SessionCreationEvent
- sessionCreationPolicy(SessionCreationPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Allows specifying the
SessionCreationPolicy
- SessionCreationPolicy - Enum Class in org.springframework.security.config.http
-
Specifies the various session creation policies for Spring Security.
- sessionDestroyed(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
-
Handles the HttpSessionEvent by publishing a
HttpSessionDestroyedEvent
to the application appContext. - SessionDestroyedEvent - Class in org.springframework.security.core.session
-
Generic "session termination" event which indicates that a session (potentially represented by a security context) has ended.
- SessionDestroyedEvent(Object) - Constructor for class org.springframework.security.core.session.SessionDestroyedEvent
- sessionFixation() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Allows changing the default
SessionFixationProtectionStrategy
. - sessionFixation(Customizer<SessionManagementConfigurer.SessionFixationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Allows configuring session fixation protection.
- SessionFixationConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
- SessionFixationProtectionEvent - Class in org.springframework.security.web.authentication.session
-
Indicates a session ID was changed for the purposes of session fixation protection.
- SessionFixationProtectionEvent(Authentication, String, String) - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
-
Constructs a new session fixation protection event.
- SessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
-
Uses
HttpServletRequest.invalidate()
to protect against session fixation attacks. - SessionFixationProtectionStrategy() - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
- sessionId(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this session id to correlate the OIDC Provider session
- sessionIdChanged(HttpSessionEvent, String) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
- SessionIdChangedEvent - Class in org.springframework.security.core.session
-
Generic "session ID changed" event which indicates that a session identifier (potentially represented by a security context) has changed.
- SessionIdChangedEvent(Object) - Constructor for class org.springframework.security.core.session.SessionIdChangedEvent
- SessionInformation - Class in org.springframework.security.core.session
-
Represents a record of a session within the Spring Security framework.
- SessionInformation(Object, String, Date) - Constructor for class org.springframework.security.core.session.SessionInformation
- SessionInformationExpiredEvent - Class in org.springframework.security.web.session
-
An event for when a
SessionInformation
is expired. - SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent
-
Creates a new instance
- SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse, FilterChain) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent
-
Creates a new instance
- SessionInformationExpiredStrategy - Interface in org.springframework.security.web.session
-
Determines the behaviour of the
ConcurrentSessionFilter
when an expired session is detected in theConcurrentSessionFilter
. - SessionLimit - Interface in org.springframework.security.web.server.authentication
-
Represents the maximum number of sessions allowed.
- sessionManagement() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.sessionManagement(Customizer)
orsessionManagement(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring of Session Management.
- sessionManagement(Customizer<ServerHttpSecurity.SessionManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures Session Management.
- SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Allows configuring session management.
- SessionManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-
Creates a new instance
- SessionManagementConfigurer.ConcurrencyControlConfigurer - Class in org.springframework.security.config.annotation.web.configurers
-
Allows configuring controlling of multiple sessions.
- SessionManagementConfigurer.SessionFixationConfigurer - Class in org.springframework.security.config.annotation.web.configurers
-
Allows configuring SessionFixation protection
- SessionManagementFilter - Class in org.springframework.security.web.session
-
Detects that a user has been authenticated since the start of the request and, if they have, calls the configured
SessionAuthenticationStrategy
to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins. - SessionManagementFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.session.SessionManagementFilter
- SessionManagementFilter(SecurityContextRepository, SessionAuthenticationStrategy) - Constructor for class org.springframework.security.web.session.SessionManagementFilter
- SessionManagementSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec
- sessionRegistry(ReactiveSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
-
Sets the
ReactiveSessionRegistry
to use. - sessionRegistry(SessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
Controls the
SessionRegistry
implementation used. - SessionRegistry - Interface in org.springframework.security.core.session
-
Maintains a registry of
SessionInformation
instances. - SessionRegistryImpl - Class in org.springframework.security.core.session
-
Default implementation of
SessionRegistry
which listens forSessionDestroyedEvent
s published in the Spring application context. - SessionRegistryImpl() - Constructor for class org.springframework.security.core.session.SessionRegistryImpl
- SessionRegistryImpl(ConcurrentMap<Object, Set<String>>, Map<String, SessionInformation>) - Constructor for class org.springframework.security.core.session.SessionRegistryImpl
- set(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission
- setAccess(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- setAccessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter
-
Specifies a
AccessDeniedHandler
that should be used when CSRF protection fails. - setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
-
Sets the access denied handler.
- setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- setAccessibleScopes(Set<String>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
-
Deprecated, for removal: This API element is subject to removal in a future version.Use
OidcUserService.setRetrieveUserInfo(Predicate)
instead - setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<JwtBearerGrantRequest>) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
jwt-bearer
grant. - setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
client_credentials
grant. - setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
-
Deprecated.Sets the client used when requesting an access token credential at the Token Endpoint for the
password
grant. - setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
refresh_token
grant. - setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
token-exchange
grant. - setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<JwtBearerGrantRequest>) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
jwt-bearer
grant. - setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
client_credentials
grant. - setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
-
Deprecated.Sets the client used when requesting an access token credential at the Token Endpoint for the
password
grant. - setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
refresh_token
grant. - setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
-
Sets the client used when requesting an access token credential at the Token Endpoint for the
token-exchange
grant. - setAccessTokenResponseConverter(Converter<Map<String, Object>, OAuth2AccessTokenResponse>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
-
Sets the
Converter
used for converting the OAuth 2.0 Access Token Response parameters to anOAuth2AccessTokenResponse
. - setAccessTokenResponseParametersConverter(Converter<OAuth2AccessTokenResponse, Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
-
Sets the
Converter
used for converting theOAuth2AccessTokenResponse
to aMap
representation of the OAuth 2.0 Access Token Response parameters. - setAccountNonExpired(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setAccountNonLocked(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setActorTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
-
Sets the resolver used for resolving the
actor token
. - setActorTokenResolver(Function<OAuth2AuthorizationContext, Mono<OAuth2Token>>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
-
Sets the resolver used for resolving the
actor token
. - setAdapterRegistry(ReactiveAdapterRegistry) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
-
Sets the
ReactiveAdapterRegistry
to be used. - setAdapterRegistry(ReactiveAdapterRegistry) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
-
Sets the
ReactiveAdapterRegistry
to be used. - setAdditionalExceptionMappings(Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>>) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
-
Sets additional exception to event mappings.
- setAdditionalExceptionMappings(Properties) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
- setAddPrefixIfAlreadyExisting(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
- setAdvisors(Collection<AuthorizationAdvisor>) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Deprecated.
- setAdvisors(AuthorizationAdvisor...) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Deprecated.
- setAfterInvocationManager(AfterInvocationManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setAlgorithm(String) - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
-
Allows the Pseudo Random Number Generator (PRNG) algorithm to be nominated.
- setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-
Sets the algorithm to use.
- setAllowBackSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.
- setAllowBackSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.
- setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which header names should be allowed.
- setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines which header names should be allowed.
- setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which header values should be allowed.
- setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines which header values should be allowed.
- setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which hostnames should be allowed.
- setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines which hostnames should be allowed.
- setAllowedHttpMethods(Collection<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which HTTP methods should be allowed.
- setAllowedHttpMethods(Collection<HttpMethod>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines which HTTP methods should be allowed.
- setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which parameter names should be allowed.
- setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines which parameter names should be allowed.
- setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines which parameter values should be allowed.
- setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines which parameter values should be allowed.
- setAllowFormEncodedBodyParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
-
Set if transport of access token using form-encoded body parameter is supported.
- setAllowFromParameterName(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.
- setAllowIfAllAbstainDecisions(boolean) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- setAllowIfEqualGrantedDeniedDecisions(boolean) - Method in class org.springframework.security.access.vote.ConsensusBased
-
Deprecated.
- setAllowNull(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.
- setAllowNull(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.
- setAllowSemicolon(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if semicolon is allowed in the URL (i.e.
- setAllowSemicolon(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if semicolon is allowed in the URL (i.e.
- setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
If set to true (the default), a session will be created (if required) to store the security context if it is determined that its contents are different from the default empty context value.
- setAllowUriQueryParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
-
Set if transport of access token using URI query parameter is supported.
- setAllowUriQueryParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
-
Set if transport of access token using URI query parameter is supported.
- setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded Carriage Return is allowed in the path or not.
- setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a URL encoded Carriage Return is allowed in the path or not.
- setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.
- setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.
- setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded Line Feed is allowed in the path or not.
- setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a URL encoded Line Feed is allowed in the path or not.
- setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded line separator is allowed in the path or not.
- setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a URL encoded line separator is allowed in the path or not.
- setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a URL encoded paragraph separator is allowed in the path or not.
- setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a URL encoded paragraph separator is allowed in the path or not.
- setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.
- setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.
- setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.
- setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.
- setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
-
Sets if the application should allow a URL encoded slash character.
- setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.
- setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.
- setAlsoHandleJavaxNamingBindExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
-
Set whether javax-based bind exceptions should also be delegated to
#handleBindException
(only Spring-based bind exceptions are handled by default) - setAlwaysCreateSession(boolean) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
- setAlwaysReauthenticate(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Indicates whether the
AbstractSecurityInterceptor
should ignore theAuthentication.isAuthenticated()
property. - setAlwaysRemember(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setAlwaysUseDefaultTargetUrl(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
If
true
, will always redirect to the value ofdefaultTargetUrl
(defaults tofalse
). - setAnonymousAuthentication(Authentication) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
-
Allows setting the Authentication used for anonymous authentication.
- setAnonymousAuthentication(Authentication) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
-
Configure an Authentication used for anonymous authentication.
- setAnonymousAuthorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
-
Sets the
OAuth2AuthorizedClientRepository
used for requests that are unauthenticated (or anonymous). - setAnonymousAuthorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
-
Sets the
ServerOAuth2AuthorizedClientRepository
used for requests that are unauthenticated (or anonymous). - setAnonymousClass(Class<? extends Authentication>) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
-
Invokes
PostAuthorizeExpressionAttributeRegistry.setApplicationContext(ApplicationContext)
with the providedApplicationContext
. - setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.UserDetailsServiceFactoryBean
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- setApplicationContext(ApplicationContext) - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
-
Sets the
ApplicationEventPublisher
to use for submittingSessionFixationProtectionEvent
. - setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setArtifactParameter(String) - Method in class org.springframework.security.cas.ServiceProperties
-
Configures the Request Parameter to look for when attempting to see if a CAS ticket was sent from the server.
- setAsText(String) - Method in class org.springframework.security.core.userdetails.memory.UserAttributeEditor
- setAsText(String) - Method in class org.springframework.security.web.util.matcher.RequestMatcherEditor
- setAttributeNames(Set<String>) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
-
Sets the attribute names to retrieve for each ldap groups.
- setAttributePrefix(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
- setAttributes2grantedAuthoritiesMap(Map<?, ?>) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
-
Use this strategy to adapt user attributes into a format understood by Spring Security; by default, the original attributes are preserved.
- setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
-
Use this strategy to adapt user attributes into a format understood by Spring Security; by default, the original attributes are preserved.
- setAttributesToRetrieve(String[]) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setAttrName(String) - Method in class org.springframework.security.web.webauthn.authentication.HttpSessionPublicKeyCredentialRequestOptionsRepository
- setAttrName(String) - Method in class org.springframework.security.web.webauthn.registration.HttpSessionPublicKeyCredentialCreationOptionsRepository
- setAuthenticateAllArtifacts(boolean) - Method in class org.springframework.security.cas.ServiceProperties
-
If true, then any non-null artifact (ticket) should be authenticated.
- setAuthenticated(boolean) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- setAuthenticated(boolean) - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
- setAuthenticated(boolean) - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- setAuthenticated(boolean) - Method in interface org.springframework.security.core.Authentication
-
See
Authentication.isAuthenticated()
for a full description. - setAuthenticated(boolean) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
-
The state of this object cannot be changed.
- setAuthenticated(boolean) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication
- setAuthenticated(boolean) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken
- setAuthentication(Authentication) - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Set the observed
Authentication
for this authorization - setAuthentication(Authentication) - Method in interface org.springframework.security.core.context.SecurityContext
-
Changes the currently authenticated principal, or removes the authentication information.
- setAuthentication(Authentication) - Method in class org.springframework.security.core.context.SecurityContextImpl
- setAuthentication(Authentication) - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
-
Creates a new
SecurityContext
with the givenAuthentication
. - setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Deprecated.As of 5.1 in favor of
AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)
- setAuthenticationConverter(Converter<OAuth2TokenIntrospectionClaimAccessor, ? extends OAuth2AuthenticatedPrincipal>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
-
Sets the
Converter<OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal>
to use. - setAuthenticationConverter(Converter<OAuth2TokenIntrospectionClaimAccessor, Mono<? extends OAuth2AuthenticatedPrincipal>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
-
Sets the
Converter<OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal>
to use. - setAuthenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
-
Provide with a custom bean to turn successful introspection result into an
Authentication
instance of your choice. - setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
-
Provide with a custom bean to turn successful introspection result into an
Authentication
instance of your choice. - setAuthenticationConverter(PayloadExchangeAuthenticationConverter) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
-
Sets the convert to be used
- setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Sets the
AuthenticationConverter
to use. - setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Set the
AuthenticationDetailsSource
to use. - setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Sets the
AuthenticationDetailsSource
to use. - setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setAuthenticationEntryPoint(DigestAuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Set the
AuthenticationEntryPoint
to use. - setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
AuthenticationEntryPoint
used when integratingHttpServletRequest
with Servlet 3 APIs. - setAuthenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
-
Sets the authentication entry point used when authentication is required
- setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.authentication.ProviderManager
- setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
-
Wraps the
AuthenticationFailureHandler
to distinguish between handling proxy ticket authentication failures and service ticket failures. - setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Sets the
AuthenticationFailureHandler
used to handle errors redirecting to the Authorization Server's Authorization Endpoint. - setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Set the
AuthenticationFailureHandler
to use. - setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the strategy used to handle a failed authentication.
- setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).
- setAuthenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the failure handler used when authentication fails.
- setAuthenticationFilter(F) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Sets the Authentication Filter
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
AuthenticationManager
used when integratingHttpServletRequest
with Servlet 3 APIs. - setAuthenticationManagerClass(Class<?>) - Method in class org.springframework.security.authentication.AuthenticationObservationContext
-
Set the
AuthenticationManager
class that processed the authentication - setAuthenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setAuthenticationRequest(Authentication) - Method in class org.springframework.security.authentication.AuthenticationObservationContext
-
Set the
Authentication
request that was observed - setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
-
Use the given
Saml2AuthenticationRequestRepository
to remove the saved authentication request. - setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
-
Use the given
Saml2AuthenticationRequestRepository
to load authentication request. - setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter
-
Use the given
Saml2AuthenticationRequestRepository
to save the authentication request - setAuthenticationResult(Authentication) - Method in class org.springframework.security.authentication.AuthenticationObservationContext
-
Set the
Authentication
result that was observed - setAuthenticationResultConverter(Converter<OAuth2LoginAuthenticationToken, OAuth2AuthenticationToken>) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
Sets the converter responsible for converting from
OAuth2LoginAuthenticationToken
toOAuth2AuthenticationToken
authentication result. - setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Sets the strategy used to handle a successful authentication.
- setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the strategy used to handle a successful authentication.
- setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
- setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the authentication success handler.
- setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
-
Sets the authentication trust resolver.
- setAuthenticationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setAuthenticationUserDetailsService(AuthenticationUserDetailsService<CasAssertionAuthenticationToken>) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setAuthorities(List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
-
Set all authorities for this user.
- setAuthoritiesAsString(List<String>) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
-
Set all authorities for this user from String values.
- setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>>) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
-
Sets an
AuthorizationManager
that accepts a collection of authority strings. - setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>>) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager
-
Sets an
AuthorizationManager
that accepts a collection of authority strings. - setAuthoritiesByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Allows the default query string used to retrieve authorities based on username to be overridden, if default table or column names need to be changed.
- setAuthoritiesClaimDelimiter(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
-
Sets the regex to use for splitting the value of the authorities claim into
authorities
. - setAuthoritiesClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
-
Sets the name of token claim to use for mapping
authorities
by this converter. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Sets the
GrantedAuthoritiesMapper
used for converting the authorities loaded from storage to a new set of authorities which will be associated to theUsernamePasswordAuthenticationToken
. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
-
Sets the
GrantedAuthoritiesMapper
used for converting the authorities loaded from storage to a new set of authorities which will be associated to theUsernamePasswordAuthenticationToken
. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
-
Sets the
GrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
-
Sets the
GrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
-
Sets the
GrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
} to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
-
Sets the
GrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
to a new set of authorities which will be associated to theOAuth2LoginAuthenticationToken
. - setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
-
Set the strategy for obtaining the authorities for a given user after they've been authenticated.
- setAuthorityGranters(AuthorityGranter[]) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
- setAuthorityMapper(Function<Map<String, List<String>>, GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Sets the mapping function which will be used to create instances of
GrantedAuthority
given the context record. - setAuthorityPrefix(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.ExpressionJwtGrantedAuthoritiesConverter
-
Sets the prefix to use for
authorities
mapped by this converter. - setAuthorityPrefix(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
-
Sets the prefix to use for
authorities
mapped by this converter. - setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Use this
AuthorizationEventPublisher
to publish theAuthorizationManager
result. - setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Use this
AuthorizationEventPublisher
to publish theAuthorizationManager
result. - setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
-
Use this
AuthorizationEventPublisher
to publish theAuthorizationManager
result. - setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Use this
AuthorizationEventPublisher
to publishAuthorizationDeniedEvent
s andAuthorizationGrantedEvent
s. - setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
-
Sets the
OAuth2AuthorizationFailureHandler
that handles authorization failures. - setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
-
Sets the
OAuth2AuthorizationFailureHandler
that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server. - setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
-
Sets the
OAuth2AuthorizationFailureHandler
that handles authorization failures. - setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Sets the
OAuth2AuthorizationFailureHandler
that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server. - setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
-
Sets the handler that handles authorization failures.
- setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
-
Sets the handler that handles authorization failures.
- setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Sets the handler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.
- setAuthorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- setAuthorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder>) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
-
Sets the
Consumer
to be provided theOAuth2AuthorizationRequest.Builder
allowing for further customizations. - setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder>) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
-
Sets the
Consumer
to be provided theOAuth2AuthorizationRequest.Builder
allowing for further customizations. - setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
-
Sets the repository for stored
OAuth2AuthorizationRequest
's. - setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
-
Sets the repository for stored
OAuth2AuthorizationRequest
's. - setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
-
Sets the
ServerAuthorizationRequestRepository
to be used. - setAuthorizationResult(AuthorizationResult) - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Set the observed
AuthorizationResult
- setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
-
Sets the
OAuth2AuthorizationSuccessHandler
that handles successful authorizations. - setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
-
Sets the
OAuth2AuthorizationSuccessHandler
that handles successful authorizations. - setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
-
Sets the handler that handles successful authorizations.
- setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
-
Sets the handler that handles successful authorizations.
- setAuthorizedClientParametersMapper(Function<JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder, List<SqlParameterValue>>) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
-
Sets the
Function
used for mappingJdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
to aList
ofSqlParameterValue
. - setAuthorizedClientParametersMapper(Function<R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder, Map<String, Parameter>>) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
-
Sets the
Function
used for mappingR2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
to aMap
ofString
andParameter
. - setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
-
Sets the
OAuth2AuthorizedClientProvider
used for authorizing (or re-authorizing) an OAuth 2.0 Client. - setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
-
Sets the
OAuth2AuthorizedClientProvider
used for authorizing (or re-authorizing) an OAuth 2.0 Client. - setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
-
Sets the
ReactiveOAuth2AuthorizedClientProvider
used for authorizing (or re-authorizing) an OAuth 2.0 Client. - setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
-
Sets the
ReactiveOAuth2AuthorizedClientProvider
used for authorizing (or re-authorizing) an OAuth 2.0 Client. - setAuthorizedClientRowMapper(BiFunction<Row, RowMetadata, R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder>) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
-
Sets the
BiFunction
used for mapping the currentio.r2dbc.spi.Row
toR2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
. - setAuthorizedClientRowMapper(RowMapper<OAuth2AuthorizedClient>) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
-
Sets the
RowMapper
used for mapping the current row injava.sql.ResultSet
toOAuth2AuthorizedClient
. - setBatchSize(int) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.
- setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- setBeanFactory(BeanFactory) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
-
Deprecated.
- setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.
- setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- setBeanFactory(BeanFactory) - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- setBeanName(String) - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- setBeanResolver(BeanResolver) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
-
Set the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
-
Sets the
BeanResolver
to be used on the expressions - setBearerTokenHeaderName(String) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
-
Set this value to configure what header is checked when resolving a Bearer Token.
- setBearerTokenHeaderName(String) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
-
Set this value to configure what header is checked when resolving a Bearer Token.
- setBearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Set the
BearerTokenResolver
to use. - setBodyExtractor(BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Sets the
BodyExtractor
that will be used to decode theOAuth2AccessTokenResponse
- setBuilder(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Sets the
SecurityBuilder
to be used. - setCache(Cache) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
-
Use this cache for the completed
RelyingPartyRegistration
instances. - setCacheSecurityContext(boolean) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
If set to true the result of
WebSessionServerSecurityContextRepository.load(ServerWebExchange)
will useMono.cache()
to prevent multiple lookups. - setCallbackHandlers(JaasAuthenticationCallbackHandler[]) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Set the JAASAuthenticationCallbackHandler array to handle callback objects generated by the LoginContext.login method.
- setCarLicense(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setCertificatePassord(String) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.Will set the certificate password on the underlying
LdapServer
. - setChangePasswordSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setChannelDecisionManager(ChannelDecisionManager) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- setChannelProcessors(List<?>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- setCheckForPrincipalChanges(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
If set, the pre-authenticated principal will be checked on each request and compared against the name of the current Authentication object.
- setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Use the following
Converter
for manipulating the JWT's claim set - setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the following
Converter
for manipulating the JWT's claim set - setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
-
Sets the factory that provides a
Converter
used for type conversion of claim values for anOidcIdToken
. - setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
-
Sets the factory that provides a
Converter
used for type conversion of claim values for anOidcIdToken
. - setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
-
Sets the factory that provides a
Converter
used for type conversion of claim values for anOidcUserInfo
. - setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
-
Sets the factory that provides a
Converter
used for type conversion of claim values for anOidcUserInfo
. - setClassIdentityQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.
- setClassPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setCleanupCron(String) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
-
Sets the chron expression used for cleaning up expired tokens.
- setClearAuthentication(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
If true, removes the
Authentication
from theSecurityContext
to prevent issues with concurrent requests. - setClientRegistrationIdResolver(OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
-
Sets the strategy for resolving a
clientRegistrationId
from an intercepted request. - setClock(Clock) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
-
Sets the
Clock
used when generating one-time token and checking token expiry. - setClock(Clock) - Method in class org.springframework.security.authentication.ott.JdbcOneTimeTokenService
-
Sets the
Clock
used when generating one-time token and checking token expiry. - setClock(Clock) - Method in class org.springframework.security.authentication.ott.reactive.InMemoryReactiveOneTimeTokenService
-
Sets the
Clock
used when generating one-time token and checking token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
- setClock(Clock) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
-
Deprecated.Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
-
Deprecated.Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - setClock(Clock) - Method in class org.springframework.security.oauth2.jwt.JwtTimestampValidator
-
Use this
Clock
withInstant.now()
for assessing timestamp validity - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
-
Sets the maximum acceptable clock skew.
- setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
-
Deprecated.Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
-
Deprecated.Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
-
Sets the maximum acceptable clock skew, which is used when checking the
access token
expiry. - setCn(String[]) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- setCompromisedPasswordChecker(CompromisedPasswordChecker) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
-
Sets the
CompromisedPasswordChecker
to be used before creating a successful authentication. - setCompromisedPasswordChecker(ReactiveCompromisedPasswordChecker) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
-
Sets the
ReactiveCompromisedPasswordChecker
to be used before creating a successful authentication. - setConfiguration(Configuration) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
-
Sets the Configuration to use for Authentication.
- setContentLength(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- setContentLengthLong(long) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- setContext(SecurityContext) - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Sets the current context.
- setContext(SecurityContext) - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Associates a new
SecurityContext
with the current thread of execution. - setContext(SecurityContext) - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Sets the current context.
- setContext(SecurityContext) - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
- setContext(SecurityContext) - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
-
Sets the
Function
used for mapping attribute(s) from theOAuth2AuthorizeRequest
to aMap
of attributes to be associated to theauthorization context
. - setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
-
Sets the
Function
used for mapping attribute(s) from theOAuth2AuthorizeRequest
to aMap
of attributes to be associated to theauthorization context
. - setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
-
Sets the
Function
used for mapping attribute(s) from theOAuth2AuthorizeRequest
to aMap
of attributes to be associated to theauthorization context
. - setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
-
Sets the
Function
used for mapping attribute(s) from theOAuth2AuthorizeRequest
to aMap
of attributes to be associated to theauthorization context
. - setContextEnvironmentProperties(Map<String, Object>) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
-
Allows a custom environment properties to be used to create initial LDAP context.
- setContextHolderStrategy(SecurityContextHolderStrategy) - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Use this
SecurityContextHolderStrategy
. - setContextPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setContextPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setContextRelative(boolean) - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).
- setContextRelative(boolean) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
-
Sets if the location is relative to the context.
- setContextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Sets the
BaseLdapPathContextSource
used to perform LDAP authentication. - setContinueChainBeforeSuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Indicates if the filter chain should be continued prior to delegation to
AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication)
, which may be useful in certain environment (such as Tapestry applications). - setContinueFilterChainOnUnsuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
If set to
true
(the default), anyAuthenticationException
raised by theAuthenticationManager
will be swallowed, and the request will be allowed to proceed, potentially using alternative authentication mechanisms. - setContinueOnError(boolean) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
-
Continue iterating when a delegate errors, defaults to
false
- setContinueOnError(boolean) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
-
Continue iterating when a delegate errors, defaults to
false
- setConversionService(ConversionService) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- setConversionService(ConversionService) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- setConvertAttributeToLowerCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
- setConvertAttributeToUpperCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
- setConverter(GenericHttpMessageConverter<Object>) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter
-
Sets the
GenericHttpMessageConverter
to use for writingPublicKeyCredential<AuthenticatorAssertionResponse>
to the response. - setConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler
-
Sets the
GenericHttpMessageConverter
to write to the response. - setConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter
-
Sets the
HttpMessageConverter
to use. - setConverter(HttpMessageConverter<Object>) - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter
-
Set the
HttpMessageConverter
to read theWebAuthnRegistrationFilter.WebAuthnRegistrationRequest
and write the response. - setConvertSubErrorCodesToExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
-
By default, a failed authentication (LDAP error 49) will result in a
BadCredentialsException
. - setConvertToLowerCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
-
Whether to convert the authority value to lower case in the mapping.
- setConvertToUpperCase(boolean) - Method in class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService
-
Converts the returned attribute values to uppercase values.
- setConvertToUpperCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
-
Whether to convert the authority value to upper case in the mapping.
- setConvertToUpperCase(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Convert the role to uppercase
- setConvertToUpperCase(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
Determines whether role field values will be converted to upper case when loaded.
- setCookie(String[], int, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the cookie on the response.
- setCookieCustomizer(Consumer<Cookie>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the
Consumer
, allowing customization of cookie. - setCookieCustomizer(Consumer<Cookie>) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
-
Sets the
Consumer
, allowing customization of cookie. - setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Add a
Consumer
for aResponseCookieBuilder
that will be invoked for each cookie being built, just before the call tobuild()
. - setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Add a
Consumer
for aResponseCookieBuilder
that will be invoked for each cookie being built, just before the call tobuild()
. - setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
-
Sets the
Consumer
, allowing customization of cookie. - setCookieDomain(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setCookieDomain(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Deprecated.
- setCookieDomain(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Deprecated.
- setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Deprecated.
- setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Deprecated.
- setCookieMaxAge(int) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Deprecated.
- setCookieMaxAge(int) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Deprecated.
- setCookieName(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setCookieName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the name of the cookie that the expected CSRF token is saved to and read from.
- setCookieName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the cookie name
- setCookiePath(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Set the path that the Cookie will be created with.
- setCookiePath(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the cookie path
- setCookies(List<Cookie>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setCookies(List<SavedCookie>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setCreateAuthenticatedToken(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
-
If you set this property, the Authentication object, which is created after the successful digest authentication will be marked as authenticated and filled with the authorities loaded by the UserDetailsService.
- setCreateAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setCreateEmptySubject(boolean) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Sets
createEmptySubject
. - setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
-
Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).
- setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
-
Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).
- setCreateSessionAllowed(boolean) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
If
true
, indicates that it is permitted to store the target URL and exception information in a newHttpSession
(the default). - setCreateTableOnStartup(boolean) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Intended for convenience in debugging.
- setCreateUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setCreationOptionsRepository(PublicKeyCredentialCreationOptionsRepository) - Method in class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter
-
Sets the
PublicKeyCredentialCreationOptionsRepository
to use. - setCredentialsCharset(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Sets the charset to use when decoding credentials to
String
s. - setCredentialsCharset(Charset) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- setCredentialsCharset(Charset) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.Sets the
Charset
used to decode the Base64-encoded bytes of the basic authentication credentials. - setCredentialsEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
- setCredentialsNonExpired(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setCredentialsRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
- setCsrfRequestAttributeName(String) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
-
The
CsrfToken
is available as a request attribute namedCsrfToken.class.getName()
. - setCsrfTokenRepository(HttpServletRequest, CsrfTokenRepository) - Static method in class org.springframework.security.test.web.support.WebTestUtils
-
Sets the
CsrfTokenRepository
for the specifiedHttpServletRequest
. - setCsrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- setCustomizeCreationOptions(Consumer<PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
- setCustomizeRequestOptions(Consumer<PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder>) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
-
Sets a
Consumer
used to customize thePublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
forWebauthn4JRelyingPartyOperations.createCredentialRequestOptions(PublicKeyCredentialRequestOptionsRequest)
.The default values are always populated, but can be overridden with this property. - setDecision(AuthorizationDecision) - Method in class org.springframework.security.authorization.AuthorizationObservationContext
-
Deprecated.please use
AuthorizationObservationContext.setAuthorizationResult(AuthorizationResult)
instead - setDefaultAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
-
Use this
ServerAccessDeniedHandler
when noServerWebExchangeMatcher
matches. - setDefaultAuthenticationFailureEvent(Class<? extends AbstractAuthenticationFailureEvent>) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
-
Sets a default authentication failure event as a fallback event for any unmapped exceptions not mapped in the exception mappings.
- setDefaultAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
-
Set the default
AuthenticationManager
to use when a request does not match - setDefaultAuthenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
-
Set the default
ReactiveAuthenticationManager
to use when a request does not match - setDefaultAuthority(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
-
Sets a default authority to be assigned to all users
- setDefaultClientRegistrationId(String) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
If set, will be used as the default
ClientRegistration.getRegistrationId()
. - setDefaultClientRegistrationId(String) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
If set, will be used as the default
ClientRegistration.getRegistrationId()
. - setDefaultDataMimeType(MimeType) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
- setDefaultEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
-
EntryPoint which is used when no RequestMatcher returned true
- setDefaultEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
-
EntryPoint which is used when no RequestMatcher returned true
- setDefaultFailureUrl(String) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
The URL which will be used as the failure destination.
- setDefaultLogoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
-
Sets the default
LogoutSuccessHandler
if no other handlers available - setDefaultMetadataMimeType(MimeType) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
- setDefaultNameRequired(boolean) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
- setDefaultOAuth2AuthorizedClient(boolean) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
If true, a default
OAuth2AuthorizedClient
can be discovered from the current Authentication. - setDefaultOAuth2AuthorizedClient(boolean) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
If true, a default
OAuth2AuthorizedClient
can be discovered from the current Authentication. - setDefaultPasswordEncoderForMatches(PasswordEncoder) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
-
Sets the
PasswordEncoder
to delegate to forDelegatingPasswordEncoder.matches(CharSequence, String)
if the id is not mapped to aPasswordEncoder
. - setDefaultRole(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
The default role which will be assigned to all users.
- setDefaultRolePrefix(String) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
-
Deprecated.Sets the default prefix to be added to
RolesAllowed
. - setDefaultRolePrefix(String) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. - setDefaultRolePrefix(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
-
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. - setDefaultRolePrefix(String) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. - setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
-
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. - setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
-
Sets the default prefix to be added to
SecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. - setDefaultTargetUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Supplies the default target Url that will be used if no saved request is found in the session, or the
alwaysUseDefaultTargetUrl
property is set to true. - setDeferLoadToken(boolean) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
-
Deprecated.Determines if
LazyCsrfTokenRepository.loadToken(HttpServletRequest)
should be lazily loaded. - setDeferredContext(Supplier<SecurityContext>) - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Sets a
Supplier
that will return the current context. - setDeferredContext(Supplier<SecurityContext>) - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Sets a
Supplier
that will return the current context. - setDeferredContext(Supplier<SecurityContext>) - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Sets a
Supplier
that will return the current context. - setDeleteEntryByObjectIdentityForeignKeySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setDeleteGroupAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDeleteGroupAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDeleteGroupMemberSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDeleteGroupMembersSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDeleteGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDeleteObjectIdentityByPrimaryKeySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setDeleteUserAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDeleteUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setDepartmentNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setDerefLinkFlag(boolean) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
-
Sets the corresponding property on the
SearchControls
instance used in the search. - setDescription(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- setDestinationIndicator(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setDetails(HttpServletRequest, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Provided so that subclasses may configure what is put into the authentication request's details property.
- setDetails(Object) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- setDeviceAuthorizationResponseConverter(Converter<Map<String, Object>, OAuth2DeviceAuthorizationResponse>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
-
Sets the
Converter
used for converting the OAuth 2.0 Device Authorization Response parameters to anOAuth2DeviceAuthorizationResponse
. - setDeviceAuthorizationResponseParametersConverter(Converter<OAuth2DeviceAuthorizationResponse, Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
-
Sets the
Converter
used for converting theOAuth2DeviceAuthorizationResponse
to aMap
representation of the OAuth 2.0 Device Authorization Response parameters. - setDisableUrlRewriting(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Allows the use of session identifiers in URLs to be disabled.
- setDisplayName(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setDn(Name) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setDomainObject(Object) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
- setEmployeeNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setEnableAuthorities(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Enables loading of authorities (roles) from the authorities table.
- setEnabled(boolean) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- setEnabled(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setEnableGroups(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Enables support for group authorities.
- setEncodeClientCredentials(boolean) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter
-
Sets whether the client credentials of the
Authorization
header will be encoded using theapplication/x-www-form-urlencoded
encoding algorithm according to RFC 6749. - setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder
-
Deprecated.
- setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
-
Deprecated.
- setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
-
Sets if the resulting hash should be encoded as Base64.
- setEncodeServiceUrlWithSessionId(boolean) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
Sets whether to encode the service url with the session id or not.
- setEntriesInheriting(boolean) - Method in class org.springframework.security.acls.domain.AclImpl
- setEntriesInheriting(boolean) - Method in interface org.springframework.security.acls.model.MutableAcl
-
Change the value returned by
Acl.isEntriesInheriting()
. - setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.authentication.ProviderManager
-
If set to, a resulting
Authentication
which implements theCredentialsContainer
interface will have itseraseCredentials
method called before it is returned from theauthenticate()
method. - setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- setErrorConverter(Converter<Map<String, String>, OAuth2Error>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
-
Sets the
Converter
used for converting the OAuth 2.0 Error parameters to anOAuth2Error
. - setErrorConverter(HttpMessageConverter<OAuth2Error>) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
-
Sets the
HttpMessageConverter
for an OAuth 2.0 Error. - setErrorPage(String) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
-
The error page to use.
- setErrorParametersConverter(Converter<OAuth2Error, Map<String, String>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
-
Sets the
Converter
used for converting theOAuth2Error
to aMap
representation of the OAuth 2.0 Error parameters. - setExceptionIfHeaderMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
-
Defines whether an exception should be raised if the principal header is missing.
- setExceptionIfMaximumExceeded(boolean) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Sets the exceptionIfMaximumExceeded property, which determines whether the user should be prevented from opening more sessions than allowed.
- setExceptionIfVariableMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
-
Defines whether an exception should be raised if the principal variable is missing.
- setExceptionMappings(Map<?, ?>) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
-
Sets the map of exception types (by name) to URLs.
- setExchangeRejectedHandler(ServerExchangeRejectedHandler) - Method in class org.springframework.security.web.server.WebFilterChainProxy
-
Handles
ServerExchangeRejectedException
when theServerWebExchangeFirewall
rejects the providedServerWebExchange
. - setExitUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the matcher to respond to exit user processing.
- setExitUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the matcher to respond to exit user processing.
- setExitUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the URL to respond to exit user processing.
- setExitUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the URL to respond to exit user processing.
- setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
-
Deprecated.
- setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
-
Use this the
MethodSecurityExpressionHandler
. - setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
-
Use this
MethodSecurityExpressionHandler
. - setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
-
Sets the
MethodSecurityExpressionHandler
. - setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
-
Use this
MethodSecurityExpressionHandler
- setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
- setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
- setExpressionHandler(SecurityExpressionHandler<MethodInvocation>) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
-
Sets the
SecurityExpressionHandler
to be used. - setExpressionHandler(SecurityExpressionHandler<Message<T>>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
-
Deprecated.
- setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
-
Sets the
SecurityExpressionHandler
to be used. - setExpressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
-
Deprecated.
- setExpressionParser(ExpressionParser) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Used to define custom behaviour when a switch fails.
- setFailureUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setFilterAsyncDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
If set to true, the filter will be applied to the async dispatcher.
- setFilterChainDecorator(FilterChainProxy.FilterChainDecorator) - Method in class org.springframework.security.web.FilterChainProxy
-
Used to decorate the original
FilterChain
for each request - setFilterChainDecorator(WebFilterChainProxy.WebFilterChainDecorator) - Method in class org.springframework.security.web.server.WebFilterChainProxy
-
Used to decorate the original
WebFilterChain
for each request - setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object>, ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
-
Sets the
<SecurityConfigurer<FilterChainProxy, WebSecurityBuilder>
instances used to create the web configuration. - setFilterChainValidator(FilterChainProxy.FilterChainValidator) - Method in class org.springframework.security.web.FilterChainProxy
-
Used (internally) to specify a validation strategy for the filters in each configured chain.
- setFilterErrorDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
If set to true, the filter will be applied to error dispatcher.
- setFilterObject(Object) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
- setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Sets the URL that determines if authentication is required
- setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
- setFindAllGroupsSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setFindChildrenQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
-
Allows customization of the SQL query used to find child object identities.
- setFindGroupIdSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setFindUsersInGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setFirewall(HttpFirewall) - Method in class org.springframework.security.web.FilterChainProxy
-
Sets the "firewall" implementation which will be used to validate and wrap (or potentially reject) the incoming requests.
- setFirewall(ServerWebExchangeFirewall) - Method in class org.springframework.security.web.server.WebFilterChainProxy
-
Protects the application using the provided
StrictServerWebExchangeFirewall
. - setForceEagerSessionCreation(boolean) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
-
Deprecated.
- setForceHttps(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Set to true to force login form access to be via https.
- setForceLowerCasePrefix(boolean) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder
-
Deprecated.
- setForcePrincipalAsString(boolean) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- setForeignKeysInDatabase(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- setGatewayStorage(GatewayResolver) - Method in class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher
-
Sets the
GatewayResolver
to check if the request was already gatewayed. - setGenerateOneTimeTokenUrl(String) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
-
Specifies the URL that a One-Time Token generate request will be processed.
- setGivenName(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- setGraceLoginsRemaining(int) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setGroupAuthoritiesByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Allows the default query string used to retrieve group authorities based on username to be overridden, if default table or column names need to be changed.
- setGroupAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setGroupMemberAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
- setGroupRoleAttribute(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
- setGroupRoleAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setGroupSearchBase(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setGroupSearchFilter(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
- setHasPermission(String) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
- setHeaderName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the name of the HTTP header that should be used to provide the token.
- setHeaderName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
- setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the header name
- setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setHeadersConverter(Converter<TokenExchangeGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
-
Sets the
Converter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - setHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
-
Sets the
Converter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - setHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Sets the
Converter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - setHeaderValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
-
Sets the value of the X-XSS-PROTECTION header.
- setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
-
Sets the value of the X-XSS-PROTECTION header.
- setHideUserNotFoundExceptions(boolean) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
By default the
AbstractUserDetailsAuthenticationProvider
throws aBadCredentialsException
if a username is not found or the password is incorrect. - setHideUserNotFoundExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
- setHierarchy(String) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
-
Deprecated.
- setHomePhone(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setHomePostalAddress(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setHtmlEscape(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
-
Set HTML escaping for this tag, as boolean value.
- setHttpStatus(HttpStatus) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
-
The
HttpStatus
to use for the redirect. - setId(String) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
Set the
MediaType
to ignore from theContentNegotiationStrategy
. - setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
Set the
MediaType
to ignore from theContentNegotiationStrategy
. - setIgnorePartialResultException(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Sets the corresponding property on the underlying template, avoiding specific issues with Active Directory.
- setIgnoreUnknown(boolean) - Method in class org.springframework.security.authorization.method.PrePostTemplateDefaults
-
Deprecated.Configure template resolution to ignore unknown placeholders.
- setIgnoreUnknown(boolean) - Method in class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults
-
Configure template resolution to ignore unknown placeholders.
- setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Obtains the attributes from
EnableGlobalMethodSecurity
if this class was imported using theEnableGlobalMethodSecurity
annotation. - setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
- setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
If true, subdomains should be considered HSTS Hosts too.
- setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
-
Sets if subdomains should be included.
- setInitials(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setInsecureKeyword(String) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- setInsertClassSql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setInsertEntrySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setInsertGroupAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setInsertGroupMemberSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setInsertGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setInsertObjectIdentitySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setInsertSidSql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setInternalMethod(String) - Method in class org.springframework.security.acls.AclEntryVoter
- setInvalidateHttpSession(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
Causes the
HttpSession
to be invalidated when thisLogoutHandler
is invoked. - setInvalidateSessionOnPrincipalChange(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
If checkForPrincipalChanges is set, and a change of principal is detected, determines whether any existing session should be invalidated before proceeding to authenticate the new principal.
- setInvalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID.
- setIterations(int) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
-
Deprecated.Sets the number of iterations for which the calculated hash value should be "stretched".
- setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
-
Sets the resolver that provides the expected
JWS algorithm
used for the signature or MAC on theID Token
. - setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
-
Sets the resolver that provides the expected
JWS algorithm
used for the signature or MAC on theID Token
. - setJwtAssertionResolver(Function<OAuth2AuthorizationContext, Jwt>) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
-
Sets the resolver used for resolving the
Jwt
assertion. - setJwtAssertionResolver(Function<OAuth2AuthorizationContext, Mono<Jwt>>) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
Sets the resolver used for resolving the
Jwt
assertion. - setJwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
- setJwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
- setJwtClientAssertionCustomizer(Consumer<NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T>>) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
-
Sets the
Consumer
to be provided theNimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
, which contains theJwsHeader.Builder
andJwtClaimsSet.Builder
for further customization. - setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
-
Sets the
JwtDecoderFactory
used forOidcIdToken
signature verification. - setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
-
Sets the
ReactiveJwtDecoderFactory
used forOidcIdToken
signature verification. - setJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
-
Sets the
Converter<Jwt, Collection<GrantedAuthority>>
to use. - setJwtGrantedAuthoritiesConverter(Converter<Jwt, Flux<GrantedAuthority>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
-
Sets the
Converter<Jwt, Flux<GrantedAuthority>>
to use. - setJwtValidator(OAuth2TokenValidator<Jwt>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Use this
Jwt
Validator - setJwtValidator(OAuth2TokenValidator<Jwt>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the provided
OAuth2TokenValidator
to validate incomingJwt
s. - setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
-
Sets the factory that provides an
OAuth2TokenValidator
, which is used by theJwtDecoder
. - setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
-
Sets the factory that provides an
OAuth2TokenValidator
, which is used by theReactiveJwtDecoder
. - setKey(String) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- setKey(String) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- setKey(String) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setKey(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setKeyStoreFile(File) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.The keyStore must not be null and must be a valid file.
- setLastAccessTime(Instant) - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Sets the
LdapAuthoritiesPopulator
used to obtain a list of granted authorities for an LDAP user. - setLdapOverSslEnabled(boolean) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.If set to
true
will enable LDAP over SSL (LDAPs). - setLdif(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
-
Specifies an LDIF to load at startup for an embedded LDAP server.
- setLobHandler(LobHandler) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setLocation(URI) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Where the user is redirected to upon authentication success
- setLoginConfig(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
-
Set the JAAS login configuration file.
- setLoginContextName(String) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.
- setLoginExceptionResolver(LoginExceptionResolver) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- setLoginPageUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setLoginProcessingUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
-
Specifies the URL that the submit form should POST to.
- setLoginProcessingUrl(String) - Method in class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter
-
Specifies the URL that the submit form should POST to.
- setLogInteractiveAuthenticationSuccessEvents(boolean) - Method in class org.springframework.security.authentication.event.LoggerListener
- setLoginUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
- setLogoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
-
Sets the
ServerLogoutHandler
. - setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
LogoutHandler
s used when integrating withHttpServletRequest
with Servlet 3 APIs. - setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Set list of
LogoutHandler
- setLogoutHandlers(LogoutHandler[]) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
- setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
- setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
- setLogoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
-
Use this
Saml2LogoutRequestRepository
for retrieving the SAML 2.0 Logout Request associated with the request'sRelayState
- setLogoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler
-
Use this
Saml2LogoutRequestRepository
for saving the SAML 2.0 Logout Request - setLogoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
-
Sets the
ServerLogoutSuccessHandler
. - setLogoutSuccessUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setLogoutSuccessUrl(URI) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
-
The URL to redirect to after successfully logging out when not originally an OIDC login
- setLogoutSuccessUrl(URI) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
-
The URL to redirect to after successfully logging out.
- setLogoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
-
Use this logout URI for performing per-session logout.
- setLogoutUri(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
-
Use this logout URI for performing per-session logout.
- setLookupObjectIdentitiesWhereClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
The SQL for the where clause used in the lookupObjectIdentities method.
- setLookupPrimaryKeysWhereClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
The SQL for the where clause used in the lookupPrimaryKey method.
- setMail(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setManagerDn(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
-
Username (DN) of the "manager" user identity (i.e.
- setManagerPassword(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
-
The password for the manager DN.
- setMappableAttributes(Set<String>) - Method in class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever
- setMappableRolesRetriever(MappableAttributesRetriever) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- setMatchingAlgorithm(TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Sets the algorithm to be used to match the token signature
- setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
Specify the name of a query parameter that is added to the URL that specifies the request cache should be checked in
HttpSessionRequestCache.getMatchingRequest(HttpServletRequest, HttpServletResponse)
- setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
-
Specify the name of a query parameter that is added to the URL in
WebSessionServerRequestCache.getRedirectUri(ServerWebExchange)
and is required forWebSessionServerRequestCache.removeMatchingRequest(ServerWebExchange)
to look up theServerHttpRequest
. - setMaxAge(Duration) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
-
Sets the max age of the header.
- setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
- setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
- setMaximumSessions(int) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Sets the maxSessions property.
- setMaxSearchDepth(int) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
-
How far should a nested search go.
- setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- setMessageExpressionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- setMessageSource(MessageSource) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setMessageSource(MessageSource) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- setMessageSource(MessageSource) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- setMessageSource(MessageSource) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
- setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
- setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.ProviderManager
- setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- setMessageSource(MessageSource) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
-
Set the MessageSource that this object runs in.
- setMessageSource(MessageSource) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setMessageSource(MessageSource) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
- setMessageSource(MessageSource) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- setMessageSource(MessageSource) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Sets the
MessageSource
used for reporting errors back to the user when the user has exceeded the maximum number of authentications. - setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setMetadataFilename(String) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
-
Sets the metadata filename template.
- setMetadataFilename(String) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
-
Sets the metadata filename template containing the
{registrationId}
template variable. - setMethod(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- setMethod(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setMethod(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setMethod(HttpMethod) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.
- setMigrateSessionAttributes(boolean) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
-
Defines whether attributes should be migrated to a new session or not.
- setMobile(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setMode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
-
Sets the X-Frame-Options mode.
- setNonceValiditySeconds(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setO(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
- setOauth2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOauth2UserService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
-
Sets the
OAuth2UserService
used when requesting the user info resource. - setOauth2UserService(ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
- setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.AclPermissionEvaluator
- setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
- setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
- setObjectIdentityPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclEntryVoter
- setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
- setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionEvaluator
- setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated, for removal: This API element is subject to removal in a future version.
- setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.
- setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- setObservationConvention(ObservationConvention<AuthenticationObservationContext>) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager
-
Use the provided convention for reporting observation data
- setObservationConvention(ObservationConvention<AuthenticationObservationContext>) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
-
Use the provided convention for reporting observation data
- setObservationConvention(ObservationConvention<AuthorizationObservationContext<?>>) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
-
Use the provided convention for reporting observation data
- setObservationConvention(ObservationConvention<AuthorizationObservationContext<?>>) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
-
Use the provided convention for reporting observation data
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
- setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
- setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Sets whether this filter apply only once per request.
- setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- setOidcUserMapper(BiFunction<OidcUserRequest, OidcUserInfo, OidcUser>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
- setOidcUserMapper(BiFunction<OidcUserRequest, OidcUserInfo, Mono<OidcUser>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
- setOneTimeTokenEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOneTimeTokenEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
-
Set if one-time token login is supported.
- setOneTimeTokenGenerationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
- setOrder(int) - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
- setOrder(int) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
- setOrder(int) - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
- setOrder(int) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
- setOrder(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setOrderByClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
The SQL for the "order by" clause used in both queries.
- setOu(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setOwner(Sid) - Method in class org.springframework.security.acls.domain.AclImpl
- setOwner(Sid) - Method in interface org.springframework.security.acls.model.MutableAcl
-
Changes the present owner to a different owner.
- setOwner(Sid) - Method in interface org.springframework.security.acls.model.OwnershipAcl
- setPageContext(PageContext) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- setPageContext(PageContext) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- setParameter(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request.
- setParameterName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Sets the name of the HTTP request parameter that should be used to provide a token.
- setParameterName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
-
Sets the
HttpServletRequest
parameter name that theCsrfToken
is expected to appear on - setParameterName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Sets the parameter name
- setParameterName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
-
Sets the
HttpServletRequest
parameter name that theCsrfToken
is expected to appear on - setParameterNameDiscoverer(ParameterNameDiscoverer) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Sets the
ParameterNameDiscoverer
to use. - setParameterNameDiscoverer(ParameterNameDiscoverer) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
-
Sets the
ParameterNameDiscoverer
. - setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setParametersConverter(Converter<TokenExchangeGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
-
Sets the
Converter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
of the parameters used in the OAuth 2.0 Access Token Request body. - setParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
-
Sets the
Converter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
used in the OAuth 2.0 Access Token Request body. - setParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Sets the
Converter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
used in the OAuth 2.0 Access Token Request body. - setParametersCustomizer(Consumer<MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
-
Sets the
Consumer
used for customizing the OAuth 2.0 Access Token parameters, which allows for parameters to be added, overwritten or removed. - setParametersCustomizer(Consumer<MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Sets the
Consumer
used for customizing the OAuth 2.0 Access Token parameters, which allows for parameters to be added, overwritten or removed. - setParent(Tag) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- setParent(Acl) - Method in class org.springframework.security.acls.domain.AclImpl
- setParent(Acl) - Method in interface org.springframework.security.acls.model.MutableAcl
-
Changes the parent of this ACL.
- setPasskeysEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setPassword(String) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- setPassword(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setPasswordAlreadyEncoded(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setPasswordAttribute(String) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
-
The attribute in the directory which contains the user password.
- setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
- setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
The name of the attribute which contains the user's password.
- setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
-
The
PasswordEncoder
that is used for validating the password. - setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
-
Sets the PasswordEncoder instance to be used to encode and validate passwords.
- setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
-
Specifies the
PasswordEncoder
to be used when authenticating with password comparison. - setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
- setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Sets the parameter name which will be used to obtain the password from the login request..
- setPasswordParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.The parameter name of the form data to extract the password
- setPathInfo(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setPathInfo(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setPermissionCacheOptimizer(PermissionCacheOptimizer) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Sets the
PermissionEvaluator
to be used. - setPermissionFactory(PermissionFactory) - Method in class org.springframework.security.acls.AclPermissionEvaluator
- setPermissionFactory(PermissionFactory) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
Sets the
PermissionFactory
instance which will be used to convert loaded permission data values toPermission
s. - setPins(Map<String, String>) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Sets the value for the pin- directive of the Public-Key-Pins header.
- setPointcut(Pointcut) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
- setPolicy(String) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
-
Sets the policy to be used in the response header.
- setPolicy(String) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
-
Set the policy to be used in the response header.
- setPolicy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
-
Sets the
CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
value to be used in theCross-Origin-Embedder-Policy
header - setPolicy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
-
Sets the
CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
value to be used in theCross-Origin-Opener-Policy
header - setPolicy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
-
Sets the
CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
value to be used in theCross-Origin-Resource-Policy
header - setPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
-
Sets the policy to be used in the response header.
- setPolicy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
-
Sets the
CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
value to be used in theCross-Origin-Embedder-Policy
header - setPolicy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
-
Sets the
CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
value to be used in theCross-Origin-Opener-Policy
header - setPolicy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
-
Sets the
CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
value to be used in theCross-Origin-Embedder-Policy
header - setPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
-
Set the policy to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Sets the security policy directive(s) to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
-
Set the security policy directive(s) to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
-
Set the policy directive(s) to be used in the response header.
- setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
-
Set the policy directive(s) to be used in the response header.
- setPort(int) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
-
The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
- setPort(int) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- setPort(int) - Method in interface org.springframework.security.ldap.server.EmbeddedLdapServerContainer
-
The embedded LDAP server port to connect to.
- setPort(int) - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- setPort(int) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.PortResolverImpl
- setPortMapper(PortMapper) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
-
Use this
PortMapper
for mapping custom ports - setPortMappings(Map<String, String>) - Method in class org.springframework.security.web.PortMapperImpl
-
Set to override the default HTTP port to HTTPS port mappings of 80:443, and 8080:8443.
- setPortResolver(PortResolver) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- setPortResolver(PortResolver) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- setPortResolver(PortResolver) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
- setPostalAddress(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setPostalCode(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setPostAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
-
Sets the strategy which will be used to validate the loaded UserDetails object after authentication occurs.
- setPostAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- setPostLogoutRedirectUri(String) - Method in class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler
-
Set the post logout redirect uri template.
- setPostLogoutRedirectUri(String) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
-
Set the post logout redirect uri template.
- setPostOnly(boolean) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Defines whether only HTTP POST requests will be allowed by this filter.
- setPreAuthenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Set the AuthenticatedUserDetailsService to be used to load the
UserDetails
for the authenticated user. - setPreAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
Sets the policy will be used to verify the status of the loaded UserDetails before validation of the credentials takes place.
- setPrefix(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
-
Sets the prefix which should be added to the authority name (if it doesn't already exist)
- setPreload(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
If true, preload will be included in HSTS Header.
- setPreload(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
-
Sets if preload should be included.
- setPrincipalClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
-
Sets the principal claim name.
- setPrincipalClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
-
Sets the principal claim name.
- setPrincipalEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
- setPrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- setPrincipalRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
- setPrincipalResolver(OAuth2ClientHttpRequestInterceptor.PrincipalResolver) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
-
Sets the strategy for resolving a
principal
from an intercepted request. - setProcessConfigAttribute(String) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- setProcessDomainObjectClass(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAclVoter
-
Deprecated.
- setProcessDomainObjectClass(Class<?>) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- setProperty(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- setProtectedFieldValue(String, Object, Object) - Static method in class org.springframework.security.util.FieldUtils
- setProviders(List<?>) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- setProxyAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
-
Sets the
AuthenticationFailureHandler
for proxy requests. - setProxyGrantingTicketStorage(ProxyGrantingTicketStorage) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- setProxyReceptorUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- setPseudoRandomNumberBytes(int) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- setPublishAuthorizationSuccess(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Only
AuthorizationFailureEvent
will be published. - setQuery(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setQueryString(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setRealm(String) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
-
Sets the realm to be used
- setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
-
Set the default realm name to use in the bearer token error response
- setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
-
Set the default realm name to use in the bearer token error response
- setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
-
Set the default realm name to use in the bearer token error response
- setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
- setRealmName(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- setRealmName(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
-
Sets the
RedirectStrategy
to use - setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
-
Set the
RedirectStrategy
used to redirect to the saved request if there is one saved. - setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
-
Sets the strategy to be used for redirecting to the required channel URL.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
Allows overriding of the behaviour when redirecting to a target URL.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
Allows overriding of the behaviour when redirecting to a target URL.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
-
Sets the redirect strategy to use.
- setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
-
Sets the RedirectStrategy to use.
- setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
-
Sets the RedirectStrategy to use.
- setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
The RedirectStrategy to use.
- setRedirectUrl(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
- setRefreshConfigurationOnStartup(boolean) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
-
If set, a call to
Configuration#refresh()
will be made by#configureJaas(Resource)
method. - setRejectPublicInvocations(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.By rejecting public invocations (and setting this property to true), essentially you are ensuring that every secure object invocation advised by
AbstractSecurityInterceptor
has a configuration attribute defined. - setRelyingPartyRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
- setRememberMeClass(Class<? extends Authentication>) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
- setRememberMeParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- setRenameGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
If true, includes the Content-Security-Policy-Report-Only header in the response, otherwise, defaults to the Content-Security-Policy header.
- setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.To get a Public-Key-Pins header you should set this to false, otherwise the header will be Public-Key-Pins-Report-Only.
- setReportOnly(boolean) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
-
Set whether to include the
Content-Security-Policy-Report-Only
header in the response. - setReportUri(String) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Sets the URI to which the browser should report pin validation failures.
- setReportUri(URI) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Sets the URI to which the browser should report pin validation failures.
- setRequest(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
-
Deprecated.
- setRequestCache(RequestCache) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
-
The
RequestCache
used to retrieve the saved request in failed gateway authentication scenarios. - setRequestCache(RequestCache) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
-
Sets the
RequestCache
used to store the current request to be replayed after redirect from the CAS server. - setRequestCache(RequestCache) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
-
Sets the
RequestCache
used for loading a previously saved request (if available) and replaying it after completing the processing of the OAuth 2.0 Authorization Response. - setRequestCache(RequestCache) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
-
Sets the
RequestCache
used for storing the current request before redirecting the OAuth 2.0 Authorization Request. - setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler
-
Sets the
RequestCache
to use. - setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
- setRequestCache(ServerRequestCache) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
-
Sets the
ServerRequestCache
used for loading a previously saved request (if available) and replaying it after completing the processing of the OAuth 2.0 Authorization Response. - setRequestCache(ServerRequestCache) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
-
The request cache to use to save the request before sending a redirect.
- setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
-
The request cache to use to save the request before sending a redirect.
- setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
-
Sets the
ServerRequestCache
used to redirect to. - setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
- setRequestEntityConverter(Converter<String, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
-
Deprecated.Sets the
Converter
used for converting the OAuth 2.0 access token to aRequestEntity
representation of the OAuth 2.0 token introspection request. - setRequestEntityConverter(Converter<String, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
-
Sets the
Converter
used for converting the OAuth 2.0 access token to aRequestEntity
representation of the OAuth 2.0 token introspection request. - setRequestEntityConverter(Converter<JwtBearerGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
-
Deprecated.Sets the
Converter
used for converting theJwtBearerGrantRequest
to aRequestEntity
representation of the OAuth 2.0 Access Token Request. - setRequestEntityConverter(Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
-
Deprecated.Sets the
Converter
used for converting theOAuth2AuthorizationCodeGrantRequest
to aRequestEntity
representation of the OAuth 2.0 Access Token Request. - setRequestEntityConverter(Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
-
Deprecated.Sets the
Converter
used for converting theOAuth2ClientCredentialsGrantRequest
to aRequestEntity
representation of the OAuth 2.0 Access Token Request. - setRequestEntityConverter(Converter<OAuth2PasswordGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
-
Deprecated.Sets the
Converter
used for converting theOAuth2PasswordGrantRequest
to aRequestEntity
representation of the OAuth 2.0 Access Token Request. - setRequestEntityConverter(Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
-
Deprecated.Sets the
Converter
used for converting theOAuth2RefreshTokenGrantRequest
to aRequestEntity
representation of the OAuth 2.0 Access Token Request. - setRequestEntityConverter(Converter<TokenExchangeGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
-
Deprecated.Sets the
Converter
used for converting theTokenExchangeGrantRequest
to aRequestEntity
representation of the OAuth 2.0 Access Token Request. - setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
-
Sets the
Converter
used for converting theOAuth2UserRequest
to aRequestEntity
representation of the UserInfo Request. - setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
-
Specify a
CsrfTokenRequestHandler
to use for making theCsrfToken
available as a request attribute. - setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter
-
Specifies a
CsrfTokenRequestHandler
that is used to make theCsrfToken
available as a request attribute. - setRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
-
Specifies a
ServerCsrfTokenRequestHandler
that is used to make theCsrfToken
available as an exchange attribute. - setRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.ott.GenerateOneTimeTokenWebFilter
-
Use the given
ServerWebExchangeMatcher
to match the request. - setRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.ui.OneTimeTokenSubmitPageGeneratingWebFilter
-
Use this
ServerWebExchangeMatcher
to choose whether this filter will handle the request. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
-
Sets the
RequestMatcher
used to trigger this filter. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
-
Use this
RequestMatcher
to identity which requests to generate metadata for. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
-
Set the
RequestMatcher
that determines whether this filter should handle the incomingHttpServletRequest
- setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
-
Use the given
RequestMatcher
to match the request. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
-
Use this
RequestMatcher
to choose whether this filter will handle the request. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
-
Sets the
RequestMatcher
used to determine if the "Strict-Transport-Security" should be added. - setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
-
Allows selective use of saved requests for a subset of requests.
- setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
Allows selective use of saved requests for a subset of requests.
- setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter
-
Sets the
PublicKeyCredentialRequestOptionsRepository
to use. - setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter
-
Sets the
PublicKeyCredentialRequestOptionsRepository
to use. - setRequestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.web.FilterChainProxy
-
Sets the
RequestRejectedHandler
to be used for requests rejected by the firewall. - setRequestTransformer(AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
-
Set a
AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
to be used prior to passing to theAuthorizationManager
. - setRequestURI(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setRequestURL(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- setRequireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.web.csrf.CsrfFilter
-
Specifies a
RequestMatcher
that is used to determine if CSRF protection should be applied. - setRequiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the matcher used to determine when creating an
Authentication
fromAuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)
to be authentication. - setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the request matcher to check whether to proceed the request further.
- setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
-
Use this
ServerWebExchangeMatcher
to narrow which requests are redirected to HTTPS. - setRequiresLogoutMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
- setResolveHeaders(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
-
Sets a Function used to resolve a Map of the HTTP headers where the key is the name of the header and the value is the value of the header.
- setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
-
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
- setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
-
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
- setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
-
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
- setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
-
Sets a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
-
Sets a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - setResource(Resource) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
-
Sets a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
- setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
- setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
- setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
- setResourceLoader(ResourceLoader) - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
-
Sets the location of a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
-
Sets the location of a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - setResourceLocation(String) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
-
Sets the location of a Resource that is a Properties file in the format defined in
UserDetailsResourceFactoryBean
. - setResponse(HttpServletResponse) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
-
Deprecated.
- setRestClient(RestClient) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
-
Sets the
RestClient
used when requesting the OAuth 2.0 Access Token Response. - setRestClient(RestClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
-
Sets the
RestClient
to use when making requests to Have I Been Pwned REST API. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
-
Deprecated.Sets the
RestOperations
used when requesting the OAuth 2.0 Access Token Response. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
-
Deprecated.Sets the
RestOperations
used when requesting the OAuth 2.0 Access Token Response. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
-
Deprecated.Sets the
RestOperations
used when requesting the OAuth 2.0 Access Token Response. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
-
Deprecated.Sets the
RestOperations
used when requesting the OAuth 2.0 Access Token Response. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
-
Deprecated.Sets the
RestOperations
used when requesting the OAuth 2.0 Access Token Response. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
-
Deprecated.Sets the
RestOperations
used when requesting the OAuth 2.0 Access Token Response. - setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
-
Sets the
RestOperations
used when requesting the UserInfo resource. - setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
-
Set whether to rethrow
AuthenticationServiceException
s (defaults to true) - setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
-
Set whether to rethrow
AuthenticationServiceException
s (defaults to true) - setRetrieveUserInfo(Predicate<OidcUserRequest>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
-
Sets the
Predicate
used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner). - setRetrieveUserInfo(Predicate<OidcUserRequest>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
-
Sets the
Predicate
used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner). - setReturningAttributes(String[]) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
-
Specifies the attributes that will be returned as part of the search.
- setReturnObject(Object) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
- setReturnObject(Object, EvaluationContext) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- setReturnObject(Object, EvaluationContext) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
-
Used to inform the expression system of the return object for the given evaluation context.
- setRoleAttributes(String[]) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
The names of any attributes in the user's entry which represent application roles.
- setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
-
Sets the
RoleHierarchy
to use. - setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.authorization.AuthoritiesAuthorizationManager
-
Sets the
RoleHierarchy
to be used. - setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Sets the
RoleHierarchy
to be used. - setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Sets the
RoleHierarchy
to be used. - setRoleMapper(AttributesMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setRolePrefix(String) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.Allows the default role prefix of
ROLE_
to be overridden. - setRolePrefix(String) - Method in class org.springframework.security.access.vote.RoleVoter
-
Deprecated.Allows the default role prefix of
ROLE_
to be overridden. - setRolePrefix(String) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
-
Sets the role prefix.
- setRolePrefix(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Allows a default role prefix to be specified.
- setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
Sets the prefix which will be prepended to the values loaded from the directory.
- setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Sets the role prefix used when converting authorities.
- setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
The prefix that should be applied to the role names
- setRolePrefix(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- setRoomNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setRoot(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
-
Optional root suffix for the embedded LDAP server.
- setRunAsManager(RunAsManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setSaml2AuthenticationUrlToProviderName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setSaml2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
-
Sets the matcher to determine if the request should be saved.
- setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
-
Sets the matcher to determine if the request should be saved.
- setScheduler(Scheduler) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
-
Sets the
Scheduler
used by theUserDetailsRepositoryReactiveAuthenticationManager
. - setScheduler(Scheduler) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
-
Set a scheduler that will be published on to perform the authentication logic.
- setScheme(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setScheme(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setScope(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- setSearchControls(SearchControls) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Sets the search controls which will be used for search operations by the template.
- setSearchFilter(String) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
-
The LDAP filter string to search for the user being authenticated.
- setSearchSubtree(boolean) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
-
If true then searches the entire subtree as identified by context, if false (the default) then only searches the level identified by the context.
- setSearchSubtree(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
If set to true, a subtree scope search will be performed.
- setSearchTimeLimit(int) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
-
The time to wait before the search fails; the default is zero, meaning forever.
- setSecure(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Deprecated.
- setSecure(Boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Deprecated.
- setSecureKeyword(String) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- setSecureRandom(SecureRandom) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
-
Specifies the
SecureRandom
used to generate random bytes that are used to mask the value of theCsrfToken
on each request. - setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
-
Specifies the
SecureRandom
used to generate random bytes that are used to mask the value of theCsrfToken
on each request. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
- setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
-
Deprecated.Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
-
Deprecated.Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.FilterChainProxy
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter
-
Sets the
SecurityContextHolderStrategy
to use. - setSecurityContextRepository(HttpServletRequest, SecurityContextRepository) - Static method in class org.springframework.security.test.web.support.WebTestUtils
-
Sets the
SecurityContextRepository
for the specifiedHttpServletRequest
. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
-
Sets the
SecurityContextRepository
to use. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on switch user success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
-
Sets the
SecurityContextRepository
to save theSecurityContext
on authentication success. - setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
SecurityContextRepository
to use. - setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the repository for persisting the SecurityContext.
- setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
-
Sets the
ServerSecurityContextRepository
that should be used for logging out. - setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Sets the repository for persisting the SecurityContext.
- setSecurityInterceptor(AbstractSecurityInterceptor) - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
-
Deprecated.
- setSecurityMetadataSource(MethodSecurityMetadataSource) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
-
Deprecated.
- setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
-
Deprecated.
- setSeed(Resource) - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
-
Allows the user to specify a resource which will act as a seed for the
SecureRandom
instance. - setSelectClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
The SQL for the select clause.
- setSendRenew(boolean) - Method in class org.springframework.security.cas.ServiceProperties
- setSeriesLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- setServerAuthenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Sets the strategy used for converting from a
ServerWebExchange
to anAuthentication
used for authenticating with the providedReactiveAuthenticationManager
. - setServerInteger(Integer) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- setServerName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setServerName(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setServerPort(int) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setServerSecret(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- setService(String) - Method in class org.springframework.security.cas.ServiceProperties
- setServiceParameter(String) - Method in class org.springframework.security.cas.ServiceProperties
- setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
- setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- setServletContext(ServletContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
- setServletContext(ServletContext) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- setServletContext(ServletContext) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
-
Deprecated.
- setServletContext(ServletContext) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
- setServletPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- setServletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
-
The servlet path to match on.
- setServletPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
- setSessionAttributeName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
-
Sets the
HttpSession
attribute name that theCsrfToken
is stored in - setSessionAttributeName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
-
Sets the
HttpSession
attribute name that theCsrfToken
is stored in - setSessionAttrName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
-
If the
sessionAttrName
property is set, the request is stored in the session using this attribute name. - setSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager.
- setSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
-
The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager.
- setSessionCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
-
Use this cookie name for the session identifier.
- setSessionCookieName(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
-
Use this cookie name for the session identifier.
- setSessionLimit(SessionLimit) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
-
Sets the strategy used to resolve the maximum number of sessions that are allowed for a specific
Authentication
. - setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Sets an object that is shared by multiple
SecurityConfigurer
. - setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- setSharedObject(Class<C>, C) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Sets an object that is shared by multiple
SecurityConfigurer
. - setShouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Deprecated, for removal: This API element is subject to removal in a future version.Permit access to the
DispatcherType
instead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }
- setShouldWriteHeadersEagerly(boolean) - Method in class org.springframework.security.web.header.HeaderWriterFilter
-
Allow writing headers at the beginning of the request.
- setSidIdentityQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.
- setSidPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclEntryVoter
- setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
- setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionEvaluator
- setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
- setSn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- setSpringSecurityContextAttrName(String) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
-
Sets the session attribute name used to save and load the
SecurityContext
- setSpringSecurityContextKey(String) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Allows the session attribute name to be customized for this repository instance.
- setStatelessTicketCache(StatelessTicketCache) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setStatusCode(HttpStatus) - Method in class org.springframework.security.web.DefaultRedirectStrategy
-
Sets the HTTP status code to use.
- setStrategyName(String) - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Changes the preferred strategy.
- setStreet(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setStringSeparator(String) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- setSubjectDnRegex(String) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
-
Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.
- setSubjectTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
-
Sets the resolver used for resolving the
subject token
. - setSubjectTokenResolver(Function<OAuth2AuthorizationContext, Mono<OAuth2Token>>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
-
Sets the resolver used for resolving the
subject token
. - setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
- setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Used to define custom behaviour on a successful switch or exit user.
- setSwitchAuthorityRole(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Allows the role of the switchAuthority to be customized.
- setSwitchFailureUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the URL to which a user should be redirected if the switch fails.
- setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- setSwitchUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the matcher to respond to switch user processing.
- setSwitchUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the matcher to respond to switch user processing.
- setSwitchUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Set the URL to respond to switch user processing.
- setSwitchUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Set the URL to respond to switch user processing.
- setTargetUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the URL to go to after a successful switch / exit user request.
- setTargetUrlParameter(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present.
- setTargetVisitor(AuthorizationAdvisorProxyFactory.TargetVisitor) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Use this visitor to navigate the proxy target's hierarchy.
- setTelephoneNumber(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
-
Deprecated.
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
-
Deprecated.Please use
AnnotationTemplateExpressionDefaults
instead - setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
-
Deprecated.
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
-
Deprecated.
- setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
-
Configure pre/post-authorization template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
-
Configure AuthenticationPrincipal template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
-
Configure AuthenticationPrincipal template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
-
Configure CurrentSecurityContext template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
-
Configure AuthenticationPrincipal template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
-
Configure CurrentSecurityContext template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
-
Configure AuthenticationPrincipal template resolution
- setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
-
Configure CurrentSecurityContext template resolution
- setThrowableAnalyzer(ThrowableAnalyzer) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- setThrowExceptionWhenTokenRejected(boolean) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
If true, causes the provider to throw a BadCredentialsException if the presented authentication request is invalid (contains a null principal or credentials).
- setTicketValidator(TicketValidator) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setTimeBeforeExpiration(int) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setTitle(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setTokenFromMultipartDataEnabled(boolean) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
-
Specifies if the
ServerCsrfTokenRequestResolver
should try to resolve the actual CSRF token from the body of multipart data requests. - setTokenLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
- setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
- setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
- setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
-
Sets the
AuthenticationTrustResolver
to be used. - setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.session.SessionManagementFilter
-
Sets the
AuthenticationTrustResolver
to be used. - setUid(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
- setUnsafeAllowAnyHttpMethod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
-
Sets if any HTTP method is allowed.
- setUnsafeAllowAnyHttpMethod(boolean) - Method in class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
-
Sets if any HTTP method is allowed.
- setup() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- setup() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
- SETUP - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
The Setup.
- setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithAnonymousUser
-
Determines when the
SecurityContext
is setup. - setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
Determines when the
SecurityContext
is setup. - setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithSecurityContext
-
Determines when the
SecurityContext
is setup. - setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails
-
Determines when the
SecurityContext
is setup. - setUpdateObjectIdentity(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- setUpdateUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setupModule(Module.SetupContext) - Method in class org.springframework.security.cas.jackson2.CasJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.jackson2.CoreJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.ldap.jackson2.LdapJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.saml2.jackson2.Saml2Jackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebServletJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.server.jackson2.WebServerJackson2Module
- setupModule(Module.SetupContext) - Method in class org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module
- setUrl(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- setUseAuthenticationRequestCredentials(boolean) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
-
Determines whether the supplied password will be used as the credentials in the successful authentication token.
- setUseEquals(boolean) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
-
If set to true, matches on exact
MediaType
, else usesMediaType.isCompatibleWith(MediaType)
. - setUseEquals(boolean) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
-
If set to true, matches on exact
MediaType
, else usesMediaType.isCompatibleWith(MediaType)
. - setUseForward(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Tells if we are to do a forward to the
loginFormUrl
using theRequestDispatcher
, instead of a 302 redirect. - setUseForward(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
-
If set to true, performs a forward to the failure destination URL instead of a redirect.
- setUsePasswordAttrCompare(boolean) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
- setUsePasswordModifyExtensionOperation(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Sets the method by which a user's password gets modified.
- setUserAttributes(String[]) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
-
Sets the user attributes which will be retrieved from the directory.
- setUserCache(UserCache) - Method in class org.springframework.security.authentication.CachingUserDetailsService
- setUserCache(UserCache) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- setUserCache(UserCache) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
-
Optionally sets the UserCache if one is in use in the application.
- setUserCache(UserCache) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
-
Sets the UserDetailsChecker to be used for checking the status of retrieved user details.
- setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Sets the strategy which will be used to validate the loaded UserDetails object for the user.
- setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets the strategy to be used to validate the
UserDetails
object obtained for the user when processing a remember-me cookie to automatically log in a user. - setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the
UserDetailsChecker
that is called on the target user whenever the user is switched. - setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Sets a custom strategy to be used for creating the
UserDetails
which will be stored as the principal in theAuthentication
. - setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
-
Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the
AbstractLdapAuthenticationProvider.createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails)
method. - setUserDetailsMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setUserDetailsMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsService
- setUserDetailsPasswordService(ReactiveUserDetailsPasswordService) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
-
Sets the service to use for upgrading passwords on successful authentication.
- setUserDetailsPasswordService(UserDetailsPasswordService) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
-
Set the wrapped UserDetailsService implementation
- setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Sets the authentication data access object.
- setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- setUserDnPatterns(String...) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
If your users are at a fixed location in the directory (i.e.
- setUserDnPatterns(String[]) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
-
Sets the pattern which will be used to supply a DN for the user.
- setUseReferer(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
-
If set to
true
theReferer
header will be used (if available). - setUserExistsSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- setUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
- setUsernameBasedPrimaryKey(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
If
true
(the default), indicates theJdbcDaoImpl.getUsersByUsernameQuery()
returns a username in response to a query. - setUsernameMapper(LdapUsernameToDnMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Allows the parameter containing the username to be customized.
- setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
- setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-
Sets the parameter name which will be used to obtain the username from the login request.
- setUsernameParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.The parameter name of the form data to extract the username
- setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
- setUsersByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Allows the default query string used to retrieve users based on username to be overridden, if default table or column names need to be changed.
- setUserSearch(LdapUserSearch) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- setUserSearchBase(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Search base for user searches.
- setUserSearchFilter(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
The LDAP filter used to search for users (optional).
- setUseSecureCookie(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Whether the cookie should be flagged as secure or not.
- setValidateConfigAttributes(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- setVar(String) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
- setVar(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- setVar(String) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- setWebAuthnManager(WebAuthnManager) - Method in class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
-
Sets the
WebAuthnManager
to use. - setWebClient(WebClient) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Sets the
WebClient
used when requesting the OAuth 2.0 Access Token Response. - setWebClient(WebClient) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
-
Sets the
WebClient
used for retrieving the user endpoint - setWebClient(WebClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
-
Sets the
WebClient
to use when making requests to Have I Been Pwned REST API. - setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- setWorkingDirectory(File) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- sha(byte[]) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
-
Calculates the SHA digest and returns the value as a
byte[]
. - sha(String) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
-
Calculates the SHA digest and returns the value as a
byte[]
. - SHA256 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
- Sha512DigestUtils - Class in org.springframework.security.core.token
-
Provides SHA512 digest methods.
- Sha512DigestUtils() - Constructor for class org.springframework.security.core.token.Sha512DigestUtils
- shaHex(byte[]) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
-
Calculates the SHA digest and returns the value as a hex string.
- shaHex(String) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
-
Calculates the SHA digest and returns the value as a hex string.
- shared(int) - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
-
Create a
BytesKeyGenerator
that returns a single, sharedSecureRandom
key of a custom length. - shouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
-
Deprecated, for removal: This API element is subject to removal in a future version.Permit access to the
DispatcherType
instead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }
- shouldNotFilter(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CsrfFilter
- shouldObserveAuthentications() - Method in class org.springframework.security.config.observation.SecurityObservationSettings
- shouldObserveAuthentications(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
- shouldObserveAuthorizations() - Method in class org.springframework.security.config.observation.SecurityObservationSettings
- shouldObserveAuthorizations(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
- shouldObserveRequests() - Method in class org.springframework.security.config.observation.SecurityObservationSettings
- shouldObserveRequests(boolean) - Method in class org.springframework.security.config.observation.SecurityObservationSettings.Builder
- showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Configures whether the default one-time token submit page should be shown.
- showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Configures whether the default one-time token submit page should be shown.
- shutdown() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- shutdownNow() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- Sid - Interface in org.springframework.security.acls.model
-
A security identity recognised by the ACL system.
- SID - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
sid
- the session id for the OIDC provider - sidRetrievalStrategy - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- SidRetrievalStrategy - Interface in org.springframework.security.acls.model
-
Strategy interface that provides an ability to determine the
Sid
instances applicable for anAuthentication
. - SidRetrievalStrategyImpl - Class in org.springframework.security.acls.domain
-
Basic implementation of
SidRetrievalStrategy
that creates aSid
for the principal, as well as every granted authority the principal holds. - SidRetrievalStrategyImpl() - Constructor for class org.springframework.security.acls.domain.SidRetrievalStrategyImpl
- SidRetrievalStrategyImpl(RoleHierarchy) - Constructor for class org.springframework.security.acls.domain.SidRetrievalStrategyImpl
- SIG_ALG - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
-
SigAlg
- used to communicate which signature algorithm to use to verify signature - sigAlg(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
-
Sets the
SigAlg
parameter that will accompany this AuthNRequest - signature(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
-
Sets the
Signature
parameter that will accompany this AuthNRequest - signature(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder
-
Set the
AuthenticatorAssertionResponse.getSignature()
property - SIGNATURE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
-
Signature
- used to supply cryptographic signature on any SAML 2.0 payload - signatureAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
-
Use the given signing algorithm.
- signatureAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
-
Use the given signing algorithm.
- SignatureAlgorithm - Enum Class in org.springframework.security.oauth2.jose.jws
-
An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign the contents of the JWS Protected Header and JWS Payload.
- signatureCount(long) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- signing(PrivateKey, X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Create a
Saml2X509Credential
that can be used for signing. - SIGNING - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
- signingAlgorithms(Consumer<List<String>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Apply this
Consumer
to the list of SigningMethod Algorithms - signingAlgorithms(Consumer<List<String>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Apply this
Consumer
to the list of SigningMethod Algorithms - signingAlgorithms(Consumer<List<String>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Apply this
Consumer
to the list of SigningMethod Algorithms - signingX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- signingX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Apply this
Consumer
to theCollection
ofSaml2X509Credential
s for the purposes of modifying theCollection
- SimpDestinationMessageMatcher - Class in org.springframework.security.messaging.util.matcher
-
MessageMatcher which compares a pre-defined pattern against the destination of a
Message
. - SimpDestinationMessageMatcher(String) - Constructor for class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
-
Creates a new instance with the specified pattern, null
SimpMessageType
(matches any type), and aAntPathMatcher
created from the default constructor. - SimpDestinationMessageMatcher(String, PathMatcher) - Constructor for class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
-
Creates a new instance with the specified pattern and
PathMatcher
. - simpDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.
- simpDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- simpDestPathMatcher(Supplier<PathMatcher>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
The
PathMatcher
to be used with theMessageMatcherDelegatingAuthorizationManager.Builder.simpDestMatchers(String...)
. - simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.The
PathMatcher
to be used with theMessageSecurityMetadataSourceRegistry.simpDestMatchers(String...)
. - simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
The
PathMatcher
to be used with theMessageMatcherDelegatingAuthorizationManager.Builder.simpDestMatchers(String...)
. - SimpleAttributes2GrantedAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping
-
This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a one-to-one mapping from roles to Spring Security GrantedAuthorities.
- SimpleAttributes2GrantedAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
- simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
-
Adds support for validating a username and password using Simple Authentication
- SimpleAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
-
Encodes Simple Authentication.
- SimpleAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder
- SimpleAuthorityMapper - Class in org.springframework.security.core.authority.mapping
-
Simple one-to-one
GrantedAuthoritiesMapper
which allows for case conversion of the authority name and the addition of a string prefix (which defaults toROLE_
). - SimpleAuthorityMapper() - Constructor for class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
- SimpleGrantedAuthority - Class in org.springframework.security.core.authority
-
Basic concrete implementation of a
GrantedAuthority
. - SimpleGrantedAuthority(String) - Constructor for class org.springframework.security.core.authority.SimpleGrantedAuthority
- SimpleGrantedAuthorityMixin - Class in org.springframework.security.jackson2
-
Jackson Mixin class helps in serialize/deserialize
SimpleGrantedAuthority
. - SimpleGrantedAuthorityMixin(String) - Constructor for class org.springframework.security.jackson2.SimpleGrantedAuthorityMixin
-
Mixin Constructor.
- SimpleMappableAttributesRetriever - Class in org.springframework.security.core.authority.mapping
-
This class implements the MappableAttributesRetriever interface by just returning a list of mappable attributes as previously set using the corresponding setter method.
- SimpleMappableAttributesRetriever() - Constructor for class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever
- SimpleMethodInvocation - Class in org.springframework.security.util
-
Represents the AOP Alliance
MethodInvocation
. - SimpleMethodInvocation() - Constructor for class org.springframework.security.util.SimpleMethodInvocation
- SimpleMethodInvocation(Object, Method, Object...) - Constructor for class org.springframework.security.util.SimpleMethodInvocation
- SimpleRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session
-
Performs a redirect to a fixed URL when an invalid requested session is detected by the
SessionManagementFilter
. - SimpleRedirectInvalidSessionStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
- SimpleRedirectSessionInformationExpiredStrategy - Class in org.springframework.security.web.session
-
Performs a redirect to a fixed URL when an expired session is detected by the
ConcurrentSessionFilter
. - SimpleRedirectSessionInformationExpiredStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
- SimpleRedirectSessionInformationExpiredStrategy(String, RedirectStrategy) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
- SimpleSavedRequest - Class in org.springframework.security.web.savedrequest
-
A Bean implementation of SavedRequest
- SimpleSavedRequest() - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
- SimpleSavedRequest(String) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
- SimpleSavedRequest(SavedRequest) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
- SimpleUrlAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
-
AuthenticationFailureHandler which performs a redirect to the value of the
defaultFailureUrl
property when the onAuthenticationFailure method is called. - SimpleUrlAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- SimpleUrlAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
- SimpleUrlAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
-
AuthenticationSuccessHandler which can be configured with a default URL which users should be sent to upon successful authentication.
- SimpleUrlAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
- SimpleUrlAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Constructor which sets the defaultTargetUrl property of the base class.
- SimpleUrlLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
-
Handles the navigation on logout by delegating to the
AbstractAuthenticationTargetUrlRequestHandler
base class logic. - SimpleUrlLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
- simpMessageDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.
- simpMessageDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- SimpMessageTypeMatcher - Class in org.springframework.security.messaging.util.matcher
-
A
MessageMatcher
that matches if the providedMessage
has a type that is the same as theSimpMessageType
that was specified in the constructor. - SimpMessageTypeMatcher(SimpMessageType) - Constructor for class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
-
Creates a new instance
- simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.
- simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Maps a
List
ofSimpDestinationMessageMatcher
instances. - simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
Maps a
List
ofSimpDestinationMessageMatcher
instances. - singleLogoutServiceBinding(Saml2MessageBinding) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Set the SingleLogoutService Binding
- singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Set the SingleLogoutService Binding
- singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Set the SingleLogoutService Binding
- singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the SingleLogoutService Binding
- singleLogoutServiceBindings(Consumer<Collection<Saml2MessageBinding>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- singleLogoutServiceBindings(Consumer<Collection<Saml2MessageBinding>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Apply this
Consumer
to theCollection
ofSaml2MessageBinding
s for the purposes of modifying the SingleLogoutService BindingCollection
. - singleLogoutServiceLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Set the SingleLogoutService Location
- singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Set the SingleLogoutService Location
- singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Set the SingleLogoutService Location
- singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the SingleLogoutService Location
- singleLogoutServiceResponseLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
- singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
- singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
-
Deprecated.
- singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
- singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
- singleSignOnServiceBinding(Saml2MessageBinding) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Set the SingleSignOnService Binding.
- singleSignOnServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Set the SingleSignOnService Binding.
- singleSignOnServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Set the SingleSignOnService Binding.
- singleSignOnServiceLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Set the SingleSignOnService Location.
- singleSignOnServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Set the SingleSignOnService Location.
- singleSignOnServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Set the SingleSignOnService Location.
- skipExchange(ServerWebExchange) - Static method in class org.springframework.security.web.server.csrf.CsrfWebFilter
- skipRequest(HttpServletRequest) - Static method in class org.springframework.security.web.csrf.CsrfFilter
- SMART_CARD - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
smart-card indicates the respective authenticator can be contacted over ISO/IEC 7816 smart card with contacts.
- spliterator() - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
- SPRING_SECURITY_CONTEXT_KEY - Static variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
-
The default key under which the security context will be stored in the session.
- SPRING_SECURITY_FILTER_CHAIN - Static variable in class org.springframework.security.config.BeanIds
-
External alias for FilterChainProxy bean, for use in web.xml files
- SPRING_SECURITY_FORM_PASSWORD_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- SPRING_SECURITY_FORM_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
- SpringAuthorizationEventPublisher - Class in org.springframework.security.authorization
-
An implementation of
AuthorizationEventPublisher
that uses Spring's event publishing support. - SpringAuthorizationEventPublisher(ApplicationEventPublisher) - Constructor for class org.springframework.security.authorization.SpringAuthorizationEventPublisher
-
Construct this publisher using Spring's
ApplicationEventPublisher
- SpringCacheBasedAclCache - Class in org.springframework.security.acls.domain
-
Simple implementation of
AclCache
that delegates toCache
implementation. - SpringCacheBasedAclCache(Cache, PermissionGrantingStrategy, AclAuthorizationStrategy) - Constructor for class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- SpringCacheBasedTicketCache - Class in org.springframework.security.cas.authentication
-
Caches tickets using a Spring IoC defined
Cache
. - SpringCacheBasedTicketCache(Cache) - Constructor for class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
- SpringCacheBasedUserCache - Class in org.springframework.security.core.userdetails.cache
-
Caches
UserDetails
instances in a Spring definedCache
. - SpringCacheBasedUserCache(Cache) - Constructor for class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
- SpringOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
-
A Spring implementation of
OpaqueTokenIntrospector
that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint. - SpringOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
-
Creates a
OpaqueTokenAuthenticationProvider
with the provided parameters - SpringOpaqueTokenIntrospector(String, RestOperations) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
-
Creates a
OpaqueTokenAuthenticationProvider
with the provided parameters The givenRestOperations
should perform its own client authentication against the introspection endpoint. - SpringReactiveOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
-
A Spring implementation of
ReactiveOpaqueTokenIntrospector
that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint. - SpringReactiveOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
-
Creates a
OpaqueTokenReactiveAuthenticationManager
with the provided parameters - SpringReactiveOpaqueTokenIntrospector(String, WebClient) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
-
Creates a
OpaqueTokenReactiveAuthenticationManager
with the provided parameters - springSecurity() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
-
Sets up Spring Security's
WebTestClient
test support - springSecurity() - Static method in class org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
-
Configures the MockMvcBuilder for use with Spring Security.
- springSecurity(Filter) - Static method in class org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
-
Configures the MockMvcBuilder for use with Spring Security.
- SpringSecurityAuthenticationSource - Class in org.springframework.security.ldap.authentication
-
An AuthenticationSource to retrieve authentication information stored in Spring Security's
SecurityContextHolder
. - SpringSecurityAuthenticationSource() - Constructor for class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
- SpringSecurityCoreVersion - Class in org.springframework.security.core
-
Internal class used for checking version compatibility in a deployed application.
- springSecurityFilterChain() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
-
Creates the Spring Security Filter Chain
- SpringSecurityLdapTemplate - Class in org.springframework.security.ldap
-
Extension of Spring LDAP's LdapTemplate class which adds extra functionality required by Spring Security.
- SpringSecurityLdapTemplate(ContextSource) - Constructor for class org.springframework.security.ldap.SpringSecurityLdapTemplate
- SpringSecurityMessageSource - Class in org.springframework.security.core
-
The default
MessageSource
used by Spring Security. - SpringSecurityMessageSource() - Constructor for class org.springframework.security.core.SpringSecurityMessageSource
- standard(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
-
Creates a standard password-based bytes encryptor using 256 bit AES encryption.
- StandardClaimAccessor - Interface in org.springframework.security.oauth2.core.oidc
-
A
ClaimAccessor
for the "Standard Claims" that can be returned either in the UserInfo Response or the ID Token. - StandardClaimNames - Class in org.springframework.security.oauth2.core.oidc
-
The names of the "Standard Claims" defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.
- StandardPasswordEncoder - Class in org.springframework.security.crypto.password
-
Deprecated.Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure. - StandardPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.StandardPasswordEncoder
-
Deprecated.Constructs a standard password encoder with no additional secret value.
- StandardPasswordEncoder(CharSequence) - Constructor for class org.springframework.security.crypto.password.StandardPasswordEncoder
-
Deprecated.Constructs a standard password encoder with a secret value which is also included in the password hash.
- start() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- start() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- state(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the state.
- state(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the state.
- STATE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
state
- used in Authorization Request and Authorization Response. - stateful(Object) - Static method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- stateless(Object) - Static method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
- STATELESS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Spring Security will never create an
HttpSession
and it will never use it to obtain theSecurityContext
- StatelessTicketCache - Interface in org.springframework.security.cas.authentication
-
Caches CAS service tickets and CAS proxy tickets for stateless connections.
- StaticAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- StaticAllowFromStrategy(URI) - Constructor for class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
-
Deprecated.
- StaticHeadersWriter - Class in org.springframework.security.web.header.writers
-
HeaderWriter
implementation which writes the sameHeader
instance. - StaticHeadersWriter(String, String...) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter
-
Creates a new instance with a single header
- StaticHeadersWriter(List<Header>) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter
-
Creates a new instance
- StaticServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Allows specifying
HttpHeaders
that should be written to the response. - StaticServerHttpHeadersWriter(HttpHeaders) - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- StaticServerHttpHeadersWriter.Builder - Class in org.springframework.security.web.server.header
- statusError() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns
true
if the Authorization Request failed, otherwisefalse
. - statusOk() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns
true
if the Authorization Request succeeded, otherwisefalse
. - stop() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- stop() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- STORAGE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- STORAGE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- streetAddress(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the full street address, which may include house number, street name, P.O.
- STRICT_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- STRICT_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- STRICT_ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- STRICT_ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- STRICT_TRANSPORT_SECURITY - Static variable in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
- StrictHttpFirewall - Class in org.springframework.security.web.firewall
-
A strict implementation of
HttpFirewall
that rejects any suspicious requests with aRequestRejectedException
. - StrictHttpFirewall() - Constructor for class org.springframework.security.web.firewall.StrictHttpFirewall
- StrictServerWebExchangeFirewall - Class in org.springframework.security.web.server.firewall
-
A strict implementation of
ServerWebExchangeFirewall
that rejects any suspicious requests with aServerExchangeRejectedException
. - StrictServerWebExchangeFirewall() - Constructor for class org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall
- StrictTransportSecurityServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the Strict-Transport-Security if the request is secure.
- StrictTransportSecurityServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
- string() - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
-
Creates a
StringKeyGenerator
that hex-encodesSecureRandom
keys of 8 bytes in length. - StringKeyGenerator - Interface in org.springframework.security.crypto.keygen
-
A generator for unique string keys.
- stronger(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
-
Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).
- SUB - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
-
sub
- the Subject identifier - SUB - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
sub
- Usually a machine-readable identifier of the resource owner who authorized the token - SUB - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
sub
- the Subject identifier - SUB - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
sub
- the Subject identifier - SUB - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
sub
- the Subject claim identifies the principal that is the subject of the JWT - subArray(byte[], int, int) - Static method in class org.springframework.security.crypto.util.EncodingUtils
-
Extract a sub array of bytes out of the byte array.
- subject(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this subject in the resulting
OidcLogoutToken
- subject(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this subject in the resulting
OidcIdToken
- subject(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this subject in the resulting
OidcUserInfo
- subject(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this subject in the resulting
Jwt
- subject(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the subject
(sub)
claim, which identifies the principal that is the subject of the JWT. - SUBJECT_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The assertion did not contain a subject element.
- SUBJECT_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
subject_token
- used in Token Exchange Access Token Request. - SUBJECT_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
subject_token_type
- used in Token Exchange Access Token Request. - SubjectDnX509PrincipalExtractor - Class in org.springframework.security.web.authentication.preauth.x509
-
Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to
X509Certificate.getSubjectDN()
). - SubjectDnX509PrincipalExtractor() - Constructor for class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
- subjectPrincipalRegex(String) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Specifies the regex to extract the principal from the certificate.
- submit(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- submit(Runnable) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
- submit(Runnable, T) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- submit(Callable<T>) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- submit(Callable<T>) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
- success() - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
-
Construct a successful
OAuth2TokenValidatorResult
- success() - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Construct a successful
Saml2ResponseValidatorResult
- success() - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
-
Construct a successful
Saml2LogoutValidatorResult
- success(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
-
Returns a new
OAuth2AuthorizationResponse.Builder
, initialized with the authorization code. - successForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
-
Forward Authentication Success Handler
- successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
- successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Default behaviour for successful authentication.
- successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Puts the
Authentication
instance returned by the authentication manager into the secure context. - successHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies the
AuthenticationSuccessHandler
to be used. - SupplierClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration
-
A
ClientRegistrationRepository
that lazily calls to retrieveClientRegistration
(s) when requested. - SupplierClientRegistrationRepository(Supplier<T>) - Constructor for class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository
-
Constructs an
SupplierClientRegistrationRepository
using the provided parameters. - SupplierJwtDecoder - Class in org.springframework.security.oauth2.jwt
-
A
JwtDecoder
that lazily initializes anotherJwtDecoder
- SupplierJwtDecoder(Supplier<JwtDecoder>) - Constructor for class org.springframework.security.oauth2.jwt.SupplierJwtDecoder
- SupplierReactiveJwtDecoder - Class in org.springframework.security.oauth2.jwt
-
A
ReactiveJwtDecoder
that lazily initializes anotherReactiveJwtDecoder
- SupplierReactiveJwtDecoder(Supplier<ReactiveJwtDecoder>) - Constructor for class org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder
- supports(Class<?>) - Method in interface org.springframework.security.access.AccessDecisionManager
-
Deprecated.Indicates whether the
AccessDecisionManager
implementation is able to provide access control decisions for the indicated secured object type. - supports(Class<?>) - Method in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.Indicates whether the
AccessDecisionVoter
implementation is able to provide access control votes for the indicated secured object type. - supports(Class<?>) - Method in interface org.springframework.security.access.AfterInvocationProvider
-
Deprecated.Indicates whether the
AfterInvocationProvider
is able to provide "after invocation" processing for the indicated secured object type. - supports(Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250Voter
-
Deprecated.All classes are supported.
- supports(Class<?>) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
-
Deprecated.Indicates whether the
AfterInvocationManager
implementation is able to provide access control decisions for the indicated secured object type. - supports(Class<?>) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.Iterates through all
AfterInvocationProvider
s and ensures each can support the presented class. - supports(Class<?>) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- supports(Class<?>) - Method in interface org.springframework.security.access.intercept.RunAsManager
-
Deprecated.Indicates whether the
RunAsManager
implementation is able to provide run-as replacement for the indicated secure object type. - supports(Class<?>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.This implementation supports any type of class, because it does not query the presented secure object.
- supports(Class<?>) - Method in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
-
Deprecated.
- supports(Class<?>) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
-
Deprecated.
- supports(Class<?>) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
-
Deprecated.
- supports(Class<?>) - Method in interface org.springframework.security.access.SecurityMetadataSource
-
Indicates whether the
SecurityMetadataSource
implementation is able to provideConfigAttribute
s for the indicated secure object type. - supports(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.Iterates through all
AccessDecisionVoter
s and ensures each can support the presented class. - supports(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAclVoter
-
Deprecated.This implementation supports only
MethodSecurityInterceptor
, because it queries the presentedMethodInvocation
. - supports(Class<?>) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.This implementation supports any type of class, because it does not query the presented secure object.
- supports(Class<?>) - Method in class org.springframework.security.access.vote.RoleVoter
-
Deprecated.This implementation supports any type of class, because it does not query the presented secure object.
- supports(Class<?>) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
-
This implementation supports any type of class, because it does not query the presented secure object.
- supports(Class<?>) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
- supports(Class<?>) - Method in interface org.springframework.security.authentication.AuthenticationProvider
-
Returns
true
if thisAuthenticationProvider
supports the indicatedAuthentication
object. - supports(Class<?>) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
-
Deprecated.
- supports(Class<?>) - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
-
Deprecated.
- supports(Class<?>) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
- supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
- supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
- supports(Class<?>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
- supports(Class<?>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
-
Deprecated.
- supports(Class<?>) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
- supports(Class<?>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
- supports(Class<?>) - Method in class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider
- supports(ConfigAttribute) - Method in interface org.springframework.security.access.AccessDecisionManager
-
Deprecated.Indicates whether this
AccessDecisionManager
is able to process authorization requests presented with the passedConfigAttribute
. - supports(ConfigAttribute) - Method in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.Indicates whether this
AccessDecisionVoter
is able to vote on the passedConfigAttribute
. - supports(ConfigAttribute) - Method in interface org.springframework.security.access.AfterInvocationProvider
-
Deprecated.Indicates whether this
AfterInvocationProvider
is able to participate in a decision involving the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.access.annotation.Jsr250Voter
-
Deprecated.The specified config attribute is supported if its an instance of a
Jsr250SecurityConfig
. - supports(ConfigAttribute) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
-
Deprecated.Indicates whether this
AfterInvocationManager
is able to process "after invocation" requests presented with the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- supports(ConfigAttribute) - Method in interface org.springframework.security.access.intercept.RunAsManager
-
Deprecated.Indicates whether this
RunAsManager
is able to process the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- supports(ConfigAttribute) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
-
Deprecated.
- supports(ConfigAttribute) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
-
Deprecated.
- supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.RoleVoter
-
Deprecated.
- supports(ConfigAttribute) - Method in class org.springframework.security.acls.AclEntryVoter
- supports(ConfigAttribute) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- supports(ConfigAttribute) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
-
Deprecated.
- supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
-
Indicates whether this
ChannelDecisionManager
is able to process the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
-
Indicates whether this
ChannelProcessor
is able to process the passedConfigAttribute
. - supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- supports(ConfigAttribute) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
-
Deprecated.
- supportsContext(Observation.Context) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
- supportsContext(Observation.Context) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
- supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
- switchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Attempt to switch to another user.
- SwitchUserAuthorityChanger - Interface in org.springframework.security.web.authentication.switchuser
-
Allows subclasses to modify the
GrantedAuthority
list that will be assigned to the principal when they assume the identity of a different principal. - SwitchUserFilter - Class in org.springframework.security.web.authentication.switchuser
-
Switch User processing filter responsible for user context switching.
- SwitchUserFilter() - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- SwitchUserGrantedAuthority - Class in org.springframework.security.web.authentication.switchuser
-
Custom
GrantedAuthority
used bySwitchUserFilter
- SwitchUserGrantedAuthority(String, Authentication) - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- SwitchUserWebFilter - Class in org.springframework.security.web.server.authentication
-
Switch User processing filter responsible for user context switching.
- SwitchUserWebFilter(ReactiveUserDetailsService, String, String) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Creates a filter for the user context switching
- SwitchUserWebFilter(ReactiveUserDetailsService, ServerAuthenticationSuccessHandler, ServerAuthenticationFailureHandler) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter
-
Creates a filter for the user context switching
- SYSTEM_PROPERTY - Static variable in class org.springframework.security.core.context.SecurityContextHolder
T
- TagLibConfig - Class in org.springframework.security.taglibs
-
internal configuration class for taglibs.
- TEMPORARILY_UNAVAILABLE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
temporarily_unavailable
- The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. - TEST_EXECUTION - Enum constant in enum class org.springframework.security.test.context.support.TestExecutionEvent
-
Associated to
TestExecutionListener.beforeTestExecution(TestContext)
event. - TEST_METHOD - Enum constant in enum class org.springframework.security.test.context.support.TestExecutionEvent
-
Associated to
TestExecutionListener.beforeTestMethod(TestContext)
event. - TestExecutionEvent - Enum Class in org.springframework.security.test.context.support
-
Represents the events on the methods of
TestExecutionListener
- TestingAuthenticationProvider - Class in org.springframework.security.authentication
-
An
AuthenticationProvider
implementation for theTestingAuthenticationToken
. - TestingAuthenticationProvider() - Constructor for class org.springframework.security.authentication.TestingAuthenticationProvider
- TestingAuthenticationToken - Class in org.springframework.security.authentication
-
An
Authentication
implementation that is designed for use whilst unit testing. - TestingAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
- TestingAuthenticationToken(Object, Object, String...) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
- TestingAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
- TestingAuthenticationToken(Object, Object, List<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
- testSecurityContext() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Creates a
RequestPostProcessor
that can be used to ensure that the resulting request is ran with the user in theTestSecurityContextHolder
. - TestSecurityContextHolder - Class in org.springframework.security.test.context
-
The
TestSecurityContextHolder
is very similar toSecurityContextHolder
, but is necessary for testing. - TestSecurityContextHolderStrategyAdapter - Class in org.springframework.security.test.context
- TestSecurityContextHolderStrategyAdapter() - Constructor for class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- text(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
-
Creates a text encryptor that uses "standard" password-based encryption.
- TextEncryptor - Interface in org.springframework.security.crypto.encrypt
-
Service interface for symmetric encryption of text strings.
- TextEscapeUtils - Class in org.springframework.security.web.util
-
Internal utility for escaping characters in HTML strings.
- TextEscapeUtils() - Constructor for class org.springframework.security.web.util.TextEscapeUtils
- THIRTY_TWO_RESERVED_OFF - Static variable in interface org.springframework.security.acls.model.Permission
- ThrowableAnalyzer - Class in org.springframework.security.web.util
-
Handler for analyzing
Throwable
instances. - ThrowableAnalyzer() - Constructor for class org.springframework.security.web.util.ThrowableAnalyzer
-
Creates a new
ThrowableAnalyzer
instance. - ThrowableCauseExtractor - Interface in org.springframework.security.web.util
-
Interface for handlers extracting the cause out of a specific
Throwable
type. - ThrowingMethodAuthorizationDeniedHandler - Class in org.springframework.security.authorization.method
-
An implementation of
MethodAuthorizationDeniedHandler
that throwsAuthorizationDeniedException
- ThrowingMethodAuthorizationDeniedHandler() - Constructor for class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler
- timeout(Duration) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getTimeout()
property. - timeout(Duration) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Sets the
PublicKeyCredentialRequestOptions.getTimeout()
property. - TLS_CLIENT_AUTH - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- toAuthorizedTarget() - Method in interface org.springframework.security.authorization.method.AuthorizationProxy
-
Access underlying target object
- toBase64UrlString() - Method in class org.springframework.security.web.webauthn.api.Bytes
-
Gets the bytes as Base64 URL encoded String.
- Token - Interface in org.springframework.security.core.token
-
A token issued by
TokenService
. - TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
token
- used in Token Revocation Request. - TOKEN_EXCHANGE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
token_type
- used in Authorization Response and Access Token Response. - TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
token_type
- The type of the token, for examplebearer
. - TOKEN_TYPE_HINT - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
token_type_hint
- used in Token Revocation Request. - TokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
Identifies previously remembered users by a Base-64 encoded cookie.
- TokenBasedRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
- TokenBasedRememberMeServices(String, UserDetailsService, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Construct the instance with the parameters provided
- TokenBasedRememberMeServices.RememberMeTokenAlgorithm - Enum Class in org.springframework.security.web.authentication.rememberme
- tokenEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.tokenEndpoint(Customizer)
ortokenEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Configures the Authorization Server's Token Endpoint.
- TokenExchangeGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
A Token Exchange Grant request that holds the
subject token
and optionalactor token
. - TokenExchangeGrantRequest(ClientRegistration, OAuth2Token, OAuth2Token) - Constructor for class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest
-
Constructs a
TokenExchangeGrantRequest
using the provided parameters. - TokenExchangeGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.Use
DefaultOAuth2TokenRequestParametersConverter
instead - TokenExchangeGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
-
Deprecated.
- TokenExchangeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for thetoken-exchange
grant. - TokenExchangeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
- TokenExchangeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
ReactiveOAuth2AuthorizedClientProvider
for thetoken-exchange
grant. - TokenExchangeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
- tokenGeneratingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Specifies the URL that a One-Time Token generate request will be processed.
- tokenGeneratingUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Specifies the URL that a One-Time Token generate request will be processed.
- tokenGenerationSuccessHandler(OneTimeTokenGenerationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Specifies strategy to be used to handle generated one-time tokens.
- tokenGenerationSuccessHandler(ServerOneTimeTokenGenerationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Specifies strategy to be used to handle generated one-time tokens.
- tokenRepository(PersistentTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Specifies the
PersistentTokenRepository
to use. - tokenService(OneTimeTokenService) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
-
Configures the
OneTimeTokenService
used to generate and consumeOneTimeToken
- tokenService(ReactiveOneTimeTokenService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OneTimeTokenLoginSpec
-
Configures the
ReactiveOneTimeTokenService
used to generate and consumeOneTimeToken
- TokenService - Interface in org.springframework.security.core.token
-
Provides a mechanism to allocate and rebuild secure, randomised tokens.
- tokenType(OAuth2AccessToken.TokenType) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Sets the
token type
. - tokenUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the uri for the token endpoint.
- tokenValiditySeconds(int) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Allows specifying how long (in seconds) a token is valid for
- tokenValue(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
-
Use this token value in the resulting
OidcLogoutToken
- tokenValue(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this token value in the resulting
OidcIdToken
- tokenValue(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this token value in the resulting
Jwt
- toString() - Method in class org.springframework.security.access.intercept.RunAsUserToken
-
Deprecated.
- toString() - Method in class org.springframework.security.access.SecurityConfig
- toString() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- toString() - Method in class org.springframework.security.acls.domain.AbstractPermission
- toString() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
- toString() - Method in class org.springframework.security.acls.domain.AclImpl
- toString() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
- toString() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
- toString() - Method in class org.springframework.security.acls.domain.PrincipalSid
- toString() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
- toString() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
- toString() - Method in class org.springframework.security.authorization.AuthorityAuthorizationDecision
- toString() - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
- toString() - Method in class org.springframework.security.authorization.AuthorizationDecision
- toString() - Method in class org.springframework.security.authorization.ExpressionAuthorizationDecision
- toString() - Method in class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision
-
Deprecated.
- toString() - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
- toString() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
- toString() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
- toString() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
- toString() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
- toString() - Method in class org.springframework.security.core.context.SecurityContextHolder
- toString() - Method in class org.springframework.security.core.context.SecurityContextImpl
- toString() - Method in class org.springframework.security.core.token.DefaultToken
- toString() - Method in class org.springframework.security.core.userdetails.User
- toString() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- toString() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
-
Create a textual representation containing error and warning messages, if any are present.
- toString() - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
- toString() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
- toString() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
- toString() - Method in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
- toString() - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
- toString() - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
- toString() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
- toString() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- toString() - Method in class org.springframework.security.oauth2.core.OAuth2Error
- toString() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
- toString() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
- toString() - Method in class org.springframework.security.saml2.core.Saml2Error
- toString() - Method in exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
- toString() - Method in class org.springframework.security.util.SimpleMethodInvocation
- toString() - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
- toString() - Method in class org.springframework.security.web.access.intercept.RequestKey
- toString() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
- toString() - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- toString() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
- toString() - Method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
- toString() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
- toString() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
- toString() - Method in class org.springframework.security.web.FilterChainProxy
- toString() - Method in class org.springframework.security.web.FilterInvocation
- toString() - Method in class org.springframework.security.web.firewall.FirewalledRequest
- toString() - Method in class org.springframework.security.web.header.Header
- toString() - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
- toString() - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter
- toString() - Method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
- toString() - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
- toString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
- toString() - Method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
- toString() - Method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter
- toString() - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
- toString() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
- toString() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
- toString() - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
- toString() - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
- toString() - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment
- toString() - Method in class org.springframework.security.web.webauthn.api.Bytes
- toString() - Method in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- transform(HttpServletRequest) - Method in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
-
Return the
HttpServletRequest
that is passed into theAuthorizationManager
- transform(HttpServletRequest) - Method in class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer
- Transient - Annotation Interface in org.springframework.security.core
-
A marker for
Authentication
s that should never be stored across requests, for example a bearer token authentication - TransientSecurityContext - Class in org.springframework.security.core.context
-
A
SecurityContext
that is annotated with @Transient
and thus should never be stored across requests. - TransientSecurityContext() - Constructor for class org.springframework.security.core.context.TransientSecurityContext
- TransientSecurityContext(Authentication) - Constructor for class org.springframework.security.core.context.TransientSecurityContext
- transports(List<AuthenticatorTransport>) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder
-
Sets the
AuthenticatorAttestationResponse.getTransports()
property. - transports(Set<AuthenticatorTransport>) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- transports(Set<AuthenticatorTransport>) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder
-
Sets the
PublicKeyCredentialDescriptor.getTransports()
property. - transports(AuthenticatorTransport...) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.AuthenticatorAttestationResponseBuilder
-
Sets the
AuthenticatorAttestationResponse.getTransports()
property. - transports(AuthenticatorTransport...) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder
-
Sets the
PublicKeyCredentialDescriptor.getTransports()
property. - TWO_WEEKS_S - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- TYP - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
typ
- the type header is used by JWS/JWE applications to declare the media type of a JWS/JWE - type(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the type header that declares the media type of the JWS/JWE.
- type(PublicKeyCredentialType) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredential.PublicKeyCredentialBuilder
-
Sets the
PublicKeyCredential.getType()
property. - type(PublicKeyCredentialType) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.PublicKeyCredentialDescriptorBuilder
-
Sets the
PublicKeyCredentialDescriptor.getType()
property.
U
- UnanimousBased - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorizationManager
instead - UnanimousBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.UnanimousBased
-
Deprecated.
- unauthenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
-
ResultMatcher
that verifies that no user is authenticated. - unauthenticated(Object, Object) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
-
This factory method can be safely used by any code that wishes to create a unauthenticated
UsernamePasswordAuthenticationToken
. - unauthenticated(Object, String) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
-
Creates an unauthenticated token
- unauthenticated(String) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
-
Creates an unauthenticated token
- UNAUTHORIZED_CLIENT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
unauthorized_client
- The client is not authorized to request an authorization code or access token using this method. - UnboundIdContainer - Class in org.springframework.security.ldap.server
- UnboundIdContainer(String, String) - Constructor for class org.springframework.security.ldap.server.UnboundIdContainer
- UNKNOWN_RESPONSE_CLASS - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
SAML Data does not represent a SAML 2 Response object.
- UNLIMITED - Static variable in interface org.springframework.security.web.server.authentication.SessionLimit
-
Represents unlimited sessions.
- UnloadedSidException - Exception in org.springframework.security.acls.model
-
Thrown if an
Acl
cannot perform an operation because it only loaded a subset ofSid
s and the caller has requested details for an unloadedSid
. - UnloadedSidException(String) - Constructor for exception org.springframework.security.acls.model.UnloadedSidException
-
Constructs an
NotFoundException
with the specified message. - UnloadedSidException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.UnloadedSidException
-
Constructs an
NotFoundException
with the specified message and root cause. - UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
- UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
- UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
- UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
- UNSAFE_URL - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
- UNSAFE_URL - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
- unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Default behaviour for unsuccessful authentication.
- unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Ensures the authentication object in the secure context is set to null when authentication fails.
- UNSUPPORTED_GRANT_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
unsupported_grant_type
- The authorization grant type is not supported by the authorization server. - UNSUPPORTED_RESPONSE_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
unsupported_response_type
- The authorization server does not support obtaining an authorization code or access token using this method. - UNSUPPORTED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
unsupported_token_type
- The authorization server does not support the revocation of the presented token type. - updateAccessDefaults(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Updates the default values for access.
- updateAce(int, Permission) - Method in class org.springframework.security.acls.domain.AclImpl
- updateAce(int, Permission) - Method in interface org.springframework.security.acls.model.MutableAcl
- updateAcl(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method.
- updateAcl(MutableAcl) - Method in interface org.springframework.security.acls.model.MutableAclService
-
Changes an existing
Acl
in the database. - updateAuditing(int, boolean, boolean) - Method in class org.springframework.security.acls.domain.AclImpl
- updateAuditing(int, boolean, boolean) - Method in interface org.springframework.security.acls.model.AuditableAcl
- updateAuthenticationDefaults() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Updates the default values for authentication.
- UPDATED_AT - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
updated_at
- the time the user's information was last updated - updatedAt(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this updated-at
Instant
in the resultingOidcUserInfo
- updateLastAccessTime(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
- updateLastAccessTime(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
-
Updates the last accessed time of the
ReactiveSessionInformation
- updateObjectIdentity(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object.
- updatePassword(UserDetails, String) - Method in class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
- updatePassword(UserDetails, String) - Method in interface org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService
-
Modify the specified user's password.
- updatePassword(UserDetails, String) - Method in interface org.springframework.security.core.userdetails.UserDetailsPasswordService
-
Modify the specified user's password.
- updatePassword(UserDetails, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- updateToken(String, String, Date) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- updateUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- updateUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- updateUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- updateUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager
-
Update the specified user.
- upgradeEncoding(String) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
- upgradeEncoding(String) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- upgradeEncoding(String) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
- upgradeEncoding(String) - Method in interface org.springframework.security.crypto.password.PasswordEncoder
-
Returns true if the encoded password should be encoded again for better security, else false.
- upgradeEncoding(String) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
- uriResolver(HttpServletRequest) - Static method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers
-
Create a resolver based on the given
HttpServletRequest
. - uriResolver(HttpServletRequest, RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers
-
Create a resolver based on the given
HttpServletRequest
. - url(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
Specifies the ldap server URL when not using the embedded LDAP server.
- URL_SAFE - Static variable in class org.springframework.security.crypto.codec.Base64
-
Deprecated.Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: https://tools.ietf.org/html/rfc3548.
- UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.Use
AuthorizeHttpRequestsConfigurer
instead - UrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
-
Deprecated.
- UrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.Maps the specified
RequestMatcher
instances toConfigAttribute
instances. - UrlAuthorizationConfigurer.StandardInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers
-
Deprecated.
- UrlUtils - Class in org.springframework.security.web.util
-
Provides static methods for composing URLs.
- USB - Static variable in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
usbc indicates the respective authenticator can be contacted over removable USB.
- useAuthorizationManager() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
-
Indicate whether
ReactiveAuthorizationManager
based Method Security to be used. - useInvalidToken() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
-
Populates an invalid token value on the request.
- user(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
The value of the username parameter.
- user(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that has aUsernamePasswordAuthenticationToken
for theAuthentication.getPrincipal()
and aUser
for theUsernamePasswordAuthenticationToken.getPrincipal()
. - user(String, String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
Specify both the password parameter name and the password.
- user(UserDetails) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that has aUsernamePasswordAuthenticationToken
for theAuthentication.getPrincipal()
and a customUserDetails
for theUsernamePasswordAuthenticationToken.getPrincipal()
. - user(PublicKeyCredentialUserEntity) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder
-
Sets the
PublicKeyCredentialCreationOptions.getUser()
property. - User - Class in org.springframework.security.core.userdetails
-
Models core user information retrieved by a
UserDetailsService
. - User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.core.userdetails.User
-
Construct the
User
with the details required byDaoAuthenticationProvider
. - User(String, String, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.core.userdetails.User
-
Calls the more complex constructor with all boolean arguments set to
true
. - USER_CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
user_code
- used in Device Authorization Response. - USER_DETAILS_SERVICE - Static variable in class org.springframework.security.config.BeanIds
- USER_DETAILS_SERVICE_FACTORY - Static variable in class org.springframework.security.config.BeanIds
- USER_SERVICE - Static variable in class org.springframework.security.config.Elements
- USER_VERIFICATION_OPTIONAL - Enum constant in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy
- USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST - Enum constant in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy
- USER_VERIFICATION_REQUIRED - Enum constant in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy
- User.UserBuilder - Class in org.springframework.security.core.userdetails
-
Builds the user to be added.
- UserAttribute - Class in org.springframework.security.core.userdetails.memory
-
Used by
InMemoryUserDetailsManager
to temporarily store the attributes associated with a user. - UserAttribute() - Constructor for class org.springframework.security.core.userdetails.memory.UserAttribute
- UserAttributeEditor - Class in org.springframework.security.core.userdetails.memory
-
Property editor that creates a
UserAttribute
from a comma separated list of values. - UserAttributeEditor() - Constructor for class org.springframework.security.core.userdetails.memory.UserAttributeEditor
- userAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
-
Sets the
GrantedAuthoritiesMapper
used for mappingOAuth2AuthenticatedPrincipal.getAuthorities()
. - userCache(UserCache) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
Defines the
UserCache
to use - UserCache - Interface in org.springframework.security.core.userdetails
-
Provides a cache of
UserDetails
objects. - UserCredentialRepository - Interface in org.springframework.security.web.webauthn.management
-
A repository for managing
CredentialRecord
s associated to a user. - UserDetails - Interface in org.springframework.security.core.userdetails
-
Provides core user information.
- UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>,
U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails -
Base class that allows access to the
UserDetailsService
for using as a default value withAuthenticationManagerBuilder
. - UserDetailsAwareConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer
- UserDetailsByNameServiceWrapper<T extends Authentication> - Class in org.springframework.security.core.userdetails
-
This implementation for AuthenticationUserDetailsService wraps a regular Spring Security UserDetailsService implementation, to retrieve a UserDetails object based on the user name contained in an Authentication object.
- UserDetailsByNameServiceWrapper() - Constructor for class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
-
Constructs an empty wrapper for compatibility with Spring Security 2.0.x's method of using a setter.
- UserDetailsByNameServiceWrapper(UserDetailsService) - Constructor for class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
-
Constructs a new wrapper using the supplied
UserDetailsService
as the service to delegate to. - UserDetailsChecker - Interface in org.springframework.security.core.userdetails
-
Called by classes which make use of a
UserDetailsService
to check the status of the loaded UserDetails object. - userDetailsContextMapper - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- userDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.
- UserDetailsContextMapper - Interface in org.springframework.security.ldap.userdetails
-
Operations to map a UserDetails object to and from a Spring LDAP
DirContextOperations
implementation. - UserDetailsManager - Interface in org.springframework.security.provisioning
-
An extension of the
UserDetailsService
which provides the ability to create new users and update existing ones. - UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>,
C extends UserDetailsManagerConfigurer<B, C>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning -
Base class for populating an
AuthenticationManagerBuilder
with aUserDetailsManager
. - UserDetailsManagerConfigurer(UserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
- UserDetailsManagerConfigurer.UserDetailsBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
-
Builds the user to be added.
- UserDetailsManagerResourceFactoryBean - Class in org.springframework.security.config.provisioning
-
Constructs an
InMemoryUserDetailsManager
from a resource usingUserDetailsResourceFactoryBean
. - UserDetailsManagerResourceFactoryBean() - Constructor for class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
- UserDetailsMapFactoryBean - Class in org.springframework.security.config.core.userdetails
-
Creates a
Collection<UserDetails>
from a @{code Map} in the format of - UserDetailsMapFactoryBean(Map<String, String>) - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
- userDetailsPasswordManager(UserDetailsPasswordService) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
- UserDetailsPasswordService - Interface in org.springframework.security.core.userdetails
-
An API for changing a
UserDetails
password. - UserDetailsRepositoryReactiveAuthenticationManager - Class in org.springframework.security.authentication
-
A
ReactiveAuthenticationManager
that uses aReactiveUserDetailsService
to validate the provided username and password. - UserDetailsRepositoryReactiveAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager
- UserDetailsResourceFactoryBean - Class in org.springframework.security.config.core.userdetails
-
Parses a Resource that is a Properties file in the format of:
username=password[,enabled|disabled],roles...
- UserDetailsResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
- userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Specifies the
UserDetailsService
used to look up theUserDetails
when a remember me token is valid. - userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Shortcut for invoking
X509Configurer.authenticationUserDetailsService(AuthenticationUserDetailsService)
with aUserDetailsByNameServiceWrapper
. - userDetailsService(UserDetailsService) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding an additional
UserDetailsService
to be used - userDetailsService(T) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Add authentication based upon the custom
UserDetailsService
that is passed in. - UserDetailsService - Interface in org.springframework.security.core.userdetails
-
Core interface which loads user-specific data.
- userDetailsServiceBeanName() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails
-
The bean name for the
UserDetailsService
to use. - UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>,
C extends UserDetailsServiceConfigurer<B, C, U>, U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails -
Allows configuring a
UserDetailsService
within aAuthenticationManagerBuilder
. - UserDetailsServiceConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
-
Creates a new instance
- UserDetailsServiceFactoryBean - Class in org.springframework.security.config.http
-
Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.
- UserDetailsServiceFactoryBean() - Constructor for class org.springframework.security.config.http.UserDetailsServiceFactoryBean
- UserDetailsServiceLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication
-
Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name which was supplied at login as the username.
- UserDetailsServiceLdapAuthoritiesPopulator(UserDetailsService) - Constructor for class org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
- userDnPatterns(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
If your users are at a fixed location in the directory (i.e.
- userEntityUserId(Bytes) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
- userExists(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- userExists(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- userExists(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- userExists(String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
-
Check if a user with the supplied login name exists in the system.
- userHandle(Bytes) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse.AuthenticatorAssertionResponseBuilder
-
Set the
AuthenticatorAssertionResponse.getUserHandle()
property - userInfoAuthenticationMethod(AuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the authentication method for the user info endpoint.
- userInfoEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
OAuth2LoginConfigurer.userInfoEndpoint(Customizer)
oruserInfoEndpoint(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Configures the Authorization Server's UserInfo Endpoint.
- userInfoToken(Consumer<OidcUserInfo.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided
OidcUserInfo
when constructing the authenticated user - userInfoToken(Consumer<OidcUserInfo.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided
OidcUserInfo
when constructing the authenticated user - userInfoUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the uri for the user info endpoint.
- username() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
The username to be used.
- username(String) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the username.
- USERNAME - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
username
- used in Access Token Request. - USERNAME - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
username
- A human-readable identifier for the resource owner that authorized the token - USERNAME_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
The name of the
attribute
in the context associated to the value for the resource owner's username. - USERNAME_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
-
The subject did not contain a user identifier The assertion contained a subject element, but the subject element did not have a
NameID
orEncryptedID
element https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18 - userNameAttributeName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the attribute name used to access the user's name from the user info response.
- UsernameNotFoundException - Exception in org.springframework.security.core.userdetails
-
Thrown if an
UserDetailsService
implementation cannot locate aUser
by its username. - UsernameNotFoundException(String) - Constructor for exception org.springframework.security.core.userdetails.UsernameNotFoundException
-
Constructs a
UsernameNotFoundException
with the specified message. - UsernameNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.core.userdetails.UsernameNotFoundException
-
Constructs a
UsernameNotFoundException
with the specified message and root cause. - usernameParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
-
The HTTP parameter to look for the username when performing authentication.
- UsernamePasswordAuthenticationFilter - Class in org.springframework.security.web.authentication
-
Processes an authentication form submission.
- UsernamePasswordAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- UsernamePasswordAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- UsernamePasswordAuthenticationToken - Class in org.springframework.security.authentication
-
An
Authentication
implementation that is designed for simple presentation of a username and password. - UsernamePasswordAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
-
This constructor can be safely used by any code that wishes to create a
UsernamePasswordAuthenticationToken
, as theAbstractAuthenticationToken.isAuthenticated()
will returnfalse
. - UsernamePasswordAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
-
This constructor should only be used by
AuthenticationManager
orAuthenticationProvider
implementations that are satisfied with producing a trusted (i.e. - UsernamePasswordMetadata - Class in org.springframework.security.rsocket.metadata
-
Represents a username and password that have been encoded into a
Payload.metadata()
. - UsernamePasswordMetadata(String, String) - Constructor for class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
- userParameter(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
The HTTP parameter to place the username.
- usersByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
Sets the query to be used for finding a user by their username.
- userSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Search base for user searches.
- userSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
The LDAP filter used to search for users (optional).
- userService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
-
Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
- UserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
- UserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
- userVerification(UserVerificationRequirement) - Method in class org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.AuthenticatorSelectionCriteriaBuilder
-
Sets the
AuthenticatorSelectionCriteria.getUserVerification()
property. - userVerification(UserVerificationRequirement) - Method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.PublicKeyCredentialRequestOptionsBuilder
-
Sets the
PublicKeyCredentialRequestOptions.getUserVerification()
property. - UserVerificationRequirement - Class in org.springframework.security.web.webauthn.api
-
UserVerificationRequirement is used by the Relying Party to indicate if user verification is needed.
- useSecureCookie(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Whether the cookie should be flagged as secure or not.
- Utf8 - Class in org.springframework.security.crypto.codec
-
UTF-8 Charset encoder/decoder.
- uvInitialized(boolean) - Method in class org.springframework.security.web.webauthn.api.ImmutableCredentialRecord.ImmutableCredentialRecordBuilder
V
- validate(Jwt) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
- validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtClaimValidator
- validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtIssuerValidator
- validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtTimestampValidator
- validate(Saml2LogoutRequestValidatorParameters) - Method in interface org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator
-
Authenticates the SAML 2.0 Logout Request received from the SAML 2.0 Asserting Party.
- validate(Saml2LogoutResponseValidatorParameters) - Method in interface org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator
-
Authenticates the SAML 2.0 Logout Response received from the SAML 2.0 Asserting Party.
- validate(FilterChainProxy) - Method in class org.springframework.security.config.http.DefaultFilterChainValidator
- validate(FilterChainProxy) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainValidator
- validate(T) - Method in class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
- validate(T) - Method in interface org.springframework.security.oauth2.core.OAuth2TokenValidator
-
Verify the validity and/or constraints of the provided OAuth 2.0 Token.
- value() - Element in annotation interface org.springframework.security.access.annotation.Secured
-
Returns the list of security configuration attributes (e.g. ROLE_USER, ROLE_ADMIN).
- value() - Element in annotation interface org.springframework.security.access.method.P
-
Deprecated.The parameter name
- value() - Element in annotation interface org.springframework.security.access.prepost.PostAuthorize
- value() - Element in annotation interface org.springframework.security.access.prepost.PostFilter
- value() - Element in annotation interface org.springframework.security.access.prepost.PreAuthorize
- value() - Element in annotation interface org.springframework.security.access.prepost.PreFilter
- value() - Element in annotation interface org.springframework.security.core.parameters.P
-
The parameter name
- value() - Element in annotation interface org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient
-
The default attribute for this annotation.
- value() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
Convenience mechanism for specifying the username.
- value() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails
-
The username to look up in the
UserDetailsService
- valueOf(String) - Static method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.config.http.MatcherType
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.test.context.support.TestExecutionEvent
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.AttestationConveyancePreference
-
Gets an instance of
AttestationConveyancePreference
- valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment
-
Gets an instance of
AuthenticatorAttachment
based upon the value passed in. - valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
-
Gets an instance of
AuthenticatorTransport
. - valueOf(String) - Static method in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy
-
Returns the enum constant of this class with the specified name.
- valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.PublicKeyCredentialType
- valueOf(String) - Static method in class org.springframework.security.web.webauthn.api.ResidentKeyRequirement
- values() - Static method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.config.http.MatcherType
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.rsocket.api.PayloadExchangeType
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.test.context.support.TestExecutionEvent
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
-
Returns an array containing the constants of this enum class, in the order they are declared.
- values() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorAttachment
- values() - Static method in class org.springframework.security.web.webauthn.api.AuthenticatorTransport
- values() - Static method in class org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier
- values() - Static method in enum class org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy
-
Returns an array containing the constants of this enum class, in the order they are declared.
- verification(X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
-
Create a
Saml2X509Credential
that can be used for verification. - VERIFICATION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
- VERIFICATION_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
verification_uri
- used in Device Authorization Response. - VERIFICATION_URI_COMPLETE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
verification_uri_complete
- used in Device Authorization Response. - verificationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
-
Sets the end-user verification URI.
- verificationUriComplete(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
-
Sets the end-user verification URI that includes the user code.
- verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Apply this
Consumer
to the list ofSaml2X509Credential
s - verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Apply this
Consumer
to the list ofSaml2X509Credential
s - verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Apply this
Consumer
to the list ofSaml2X509Credential
s - verify(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager
-
Determines if access should be granted for a specific authentication and object.
- verify(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
-
Determines if access should be granted for a specific authentication and object
- verifyThrowableHierarchy(Throwable, Class<? extends Throwable>) - Static method in class org.springframework.security.web.util.ThrowableAnalyzer
-
Verifies that the provided throwable is a valid subclass of the provided type (or of the type itself).
- verifyToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- verifyToken(String) - Method in interface org.springframework.security.core.token.TokenService
-
Permits verification the
Token.getKey()
was issued by thisTokenService
and reconstructs the correspondingToken
. - VirtualFilterChainDecorator() - Constructor for class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator
- visit(AuthorizationAdvisorProxyFactory, Object) - Method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
-
Visit and possibly proxy this object.
- vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.annotation.Jsr250Voter
-
Deprecated.Votes according to JSR 250.
- vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.RoleVoter
-
Deprecated.
- vote(Authentication, MethodInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
-
Deprecated.
- vote(Authentication, MethodInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.acls.AclEntryVoter
- vote(Authentication, Message<T>, Collection<ConfigAttribute>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
-
Deprecated.
- vote(Authentication, FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
-
Deprecated.
- vote(Authentication, S, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.Indicates whether or not access is granted.
W
- wantAuthnRequestsSigned(boolean) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
-
Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
- wantAuthnRequestsSigned(boolean) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
- wantAuthnRequestsSigned(boolean) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
- WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE - Static variable in class org.springframework.security.web.WebAttributes
-
Set as a request attribute to override the default
WebInvocationPrivilegeEvaluator
- WebAsyncManagerIntegrationFilter - Class in org.springframework.security.web.context.request.async
-
Provides integration between the
SecurityContext
and Spring Web'sWebAsyncManager
by using theSecurityContextCallableProcessingInterceptor.beforeConcurrentHandling(org.springframework.web.context.request.NativeWebRequest, Callable)
to populate theSecurityContext
on theCallable
. - WebAsyncManagerIntegrationFilter() - Constructor for class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
- WebAttributes - Class in org.springframework.security.web
-
Well-known keys which are used to store Spring Security information in request or session scope.
- WebAuthenticationDetails - Class in org.springframework.security.web.authentication
-
A holder of selected HTTP details related to a web authentication request.
- WebAuthenticationDetails(HttpServletRequest) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Records the remote address and will also set the session Id if a session already exists (it won't create one).
- WebAuthenticationDetails(String, String) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails
-
Constructor to add Jackson2 serialize/deserialize support
- WebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication
-
Implementation of
AuthenticationDetailsSource
which builds the details object from an HttpServletRequest object, creating aWebAuthenticationDetails
. - WebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
- webauthn() - Static method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
-
Create an instance of
DefaultResourcesFilter
serving Spring Security's default webauthn javascript. - webAuthn(Customizer<WebAuthnConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Specifies webAuthn/passkeys based authentication.
- Webauthn4JRelyingPartyOperations - Class in org.springframework.security.web.webauthn.management
-
A WebAuthn4j implementation of
WebAuthnRelyingPartyOperations
. - Webauthn4JRelyingPartyOperations(PublicKeyCredentialUserEntityRepository, UserCredentialRepository, PublicKeyCredentialRpEntity, Set<String>) - Constructor for class org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations
-
Creates a new instance.
- WebAuthnAuthentication - Class in org.springframework.security.web.webauthn.authentication
-
A
WebAuthnAuthentication
is used to represent successful authentication with WebAuthn. - WebAuthnAuthentication(PublicKeyCredentialUserEntity, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication
- WebAuthnAuthenticationFilter - Class in org.springframework.security.web.webauthn.authentication
-
Authenticates
PublicKeyCredential<AuthenticatorAssertionResponse>
that is parsed from the body of theHttpServletRequest
using theWebAuthnAuthenticationFilter.setConverter(GenericHttpMessageConverter)
. - WebAuthnAuthenticationFilter() - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter
- WebAuthnAuthenticationProvider - Class in org.springframework.security.web.webauthn.authentication
-
An
AuthenticationProvider
that usesWebAuthnRelyingPartyOperations
for authentication using anWebAuthnAuthenticationRequestToken
. - WebAuthnAuthenticationProvider(WebAuthnRelyingPartyOperations, UserDetailsService) - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider
-
Creates a new instance.
- WebAuthnAuthenticationRequestToken - Class in org.springframework.security.web.webauthn.authentication
-
An
Authentication
used inWebAuthnAuthenticationProvider
for authenticating via WebAuthn. - WebAuthnAuthenticationRequestToken(RelyingPartyAuthenticationRequest) - Constructor for class org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken
-
Creates a new instance.
- WebAuthnConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Configures WebAuthn for Spring Security applications
- WebAuthnConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer
- WebauthnJackson2Module - Class in org.springframework.security.web.webauthn.jackson
-
Adds Jackson support for Spring Security WebAuthn.
- WebauthnJackson2Module() - Constructor for class org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module
-
Creates a new instance.
- WebAuthnRegistrationFilter - Class in org.springframework.security.web.webauthn.registration
-
Authenticates
PublicKeyCredential<AuthenticatorAssertionResponse>
that is parsed from the body of theHttpServletRequest
using theWebAuthnRegistrationFilter.setConverter(HttpMessageConverter)
. - WebAuthnRegistrationFilter(UserCredentialRepository, WebAuthnRelyingPartyOperations) - Constructor for class org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter
- WebAuthnRegistrationFilter.SuccessfulUserRegistrationResponse - Class in org.springframework.security.web.webauthn.registration
- WebAuthnRelyingPartyOperations - Interface in org.springframework.security.web.webauthn.management
-
An API for WebAuthn Relying Party Operations
- webClient(WebClient) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
- WebClientReactiveAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of a
ReactiveOAuth2AccessTokenResponseClient
that "exchanges" an authorization code credential for an access token credential at the Authorization Server's Token Endpoint. - WebClientReactiveAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveAuthorizationCodeTokenResponseClient
- WebClientReactiveClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of a
ReactiveOAuth2AccessTokenResponseClient
that "exchanges" a client credential for an access token credential at the Authorization Server's Token Endpoint. - WebClientReactiveClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient
- WebClientReactiveJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
The default implementation of an
ReactiveOAuth2AccessTokenResponseClient
for thejwt-bearer
grant. - WebClientReactiveJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveJwtBearerTokenResponseClient
- WebClientReactivePasswordTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
Deprecated.The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
- WebClientReactivePasswordTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactivePasswordTokenResponseClient
-
Deprecated.
- WebClientReactiveRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
An implementation of a
ReactiveOAuth2AccessTokenResponseClient
for therefresh_token
grant. - WebClientReactiveRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient
- WebClientReactiveTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
-
The default implementation of an
ReactiveOAuth2AccessTokenResponseClient
for thetoken-exchange
grant. - WebClientReactiveTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveTokenExchangeTokenResponseClient
- WebExpressionAuthorizationManager - Class in org.springframework.security.web.access.expression
-
An expression-based
AuthorizationManager
that determines the access by evaluating the provided expression. - WebExpressionAuthorizationManager(String) - Constructor for class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
-
Creates an instance.
- WebExpressionVoter - Class in org.springframework.security.web.access.expression
-
Deprecated.Use
WebExpressionAuthorizationManager
instead - WebExpressionVoter() - Constructor for class org.springframework.security.web.access.expression.WebExpressionVoter
-
Deprecated.
- WebFilterChainProxy - Class in org.springframework.security.web.server
-
Used to delegate to a List of
SecurityWebFilterChain
instances. - WebFilterChainProxy(List<SecurityWebFilterChain>) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy
- WebFilterChainProxy(SecurityWebFilterChain...) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy
- WebFilterChainProxy.DefaultWebFilterChainDecorator - Class in org.springframework.security.web.server
-
A
WebFilterChainProxy.WebFilterChainDecorator
that uses theDefaultWebFilterChain
- WebFilterChainProxy.WebFilterChainDecorator - Interface in org.springframework.security.web.server
-
A strategy for decorating the provided filter chain with one that accounts for the
SecurityFilterChain
for a given request. - WebFilterChainServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
-
Success handler that continues the filter chain after authentication success.
- WebFilterChainServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
- WebFilterExchange - Class in org.springframework.security.web.server
-
A composite of the
ServerWebExchange
and theWebFilterChain
. - WebFilterExchange(ServerWebExchange, WebFilterChain) - Constructor for class org.springframework.security.web.server.WebFilterExchange
- WebInvocationPrivilegeEvaluator - Interface in org.springframework.security.web.access
-
Allows users to determine whether they have privileges for a given web URI.
- WebJackson2Module - Class in org.springframework.security.web.jackson2
-
Jackson module for spring-security-web.
- WebJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebJackson2Module
- WebMvcSecurityConfiguration - Class in org.springframework.security.config.annotation.web.servlet.configuration
-
Deprecated.This is applied internally using SpringWebMvcImportSelector
- WebMvcSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
-
Deprecated.
- WebSecurity - Class in org.springframework.security.config.annotation.web.builders
-
The
WebSecurity
is created byWebSecurityConfiguration
to create theFilterChainProxy
known as the Spring Security Filter Chain (springSecurityFilterChain). - WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.
- WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Creates a new instance
- WebSecurity.IgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders
-
Allows registering
RequestMatcher
instances that should be ignored by Spring Security. - WebSecurityConfiguration - Class in org.springframework.security.config.annotation.web.configuration
-
Uses a
WebSecurity
to create theFilterChainProxy
that performs the web based security for Spring Security. - WebSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- WebSecurityConfigurer<T extends SecurityBuilder<jakarta.servlet.Filter>> - Interface in org.springframework.security.config.annotation.web
-
Allows customization to the
WebSecurity
. - WebSecurityCustomizer - Interface in org.springframework.security.config.annotation.web.configuration
-
Callback interface for customizing
WebSecurity
. - webSecurityExpressionHandler() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- WebSecurityExpressionRoot - Class in org.springframework.security.web.access.expression
- WebSecurityExpressionRoot(Supplier<Authentication>, HttpServletRequest) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
- WebSecurityExpressionRoot(Authentication, FilterInvocation) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
- WebServerJackson2Module - Class in org.springframework.security.web.server.jackson2
-
Jackson module for spring-security-web-flux.
- WebServerJackson2Module() - Constructor for class org.springframework.security.web.server.jackson2.WebServerJackson2Module
- WebServletJackson2Module - Class in org.springframework.security.web.jackson2
-
Jackson module for spring-security-web related to servlet.
- WebServletJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebServletJackson2Module
- WebSessionOAuth2ServerAuthorizationRequestRepository - Class in org.springframework.security.oauth2.client.web.server
-
An implementation of an
ServerAuthorizationRequestRepository
that storesOAuth2AuthorizationRequest
in theWebSession
. - WebSessionOAuth2ServerAuthorizationRequestRepository() - Constructor for class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
- WebSessionServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
- WebSessionServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
- WebSessionServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
-
A
ServerLogoutHandler
which invalidates the activeWebSession
. - WebSessionServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler
- WebSessionServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server
-
An implementation of an
OAuth2AuthorizedClientRepository
that storesOAuth2AuthorizedClient
's in theHttpSession
. - WebSessionServerOAuth2AuthorizedClientRepository() - Constructor for class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
- WebSessionServerRequestCache - Class in org.springframework.security.web.server.savedrequest
- WebSessionServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
- WebSessionServerSecurityContextRepository - Class in org.springframework.security.web.server.context
-
Stores the
SecurityContext
in theWebSession
. - WebSessionServerSecurityContextRepository() - Constructor for class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
- website(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this website in the resulting
OidcUserInfo
- WEBSITE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
website
- the URL of the user's web page or blog - WEBSOCKET_MESSAGE_BROKER - Static variable in class org.springframework.security.config.Elements
- WebSocketMessageBrokerSecurityBeanDefinitionParser - Class in org.springframework.security.config.websocket
-
Parses Spring Security's websocket namespace support.
- WebSocketMessageBrokerSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
- WebSpherePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.websphere
-
This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere authentication.
- WebSpherePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
-
Public constructor which overrides the default AuthenticationDetails class to be used.
- WebSpherePreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.websphere
-
This AuthenticationDetailsSource implementation will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere user, mapped using the configured Attributes2GrantedAuthoritiesMapper.
- WebSpherePreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- WebSpherePreAuthenticatedWebAuthenticationDetailsSource(WASUsernameAndGroupsExtractor) - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- WebTestUtils - Class in org.springframework.security.test.web.support
-
A utility class for testing spring security
- WebXmlMappableAttributesRetriever - Class in org.springframework.security.web.authentication.preauth.j2ee
-
This MappableAttributesRetriever implementation reads the list of defined J2EE roles from a web.xml file and returns these from {
WebXmlMappableAttributesRetriever.getMappableAttributes()
. - WebXmlMappableAttributesRetriever() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
- WellKnownChangePasswordBeanDefinitionParser - Class in org.springframework.security.config.http
-
The bean definition parser for a Well-Known URL for Changing Passwords.
- WellKnownChangePasswordBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
- WhiteListedAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- WhiteListedAllowFromStrategy(Collection<String>) - Constructor for class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
-
Deprecated.Creates a new instance
- with(C, Customizer<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Applies a
SecurityConfigurerAdapter
to thisSecurityBuilder
and invokesSecurityConfigurerAdapter.setBuilder(SecurityBuilder)
. - with(String, String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns a new
OAuth2DeviceAuthorizationResponse.Builder
, initialized with the provided device code and user code values. - with(OAuth2DeviceCode, OAuth2UserCode) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
-
Returns a new
OAuth2DeviceAuthorizationResponse.Builder
, initialized with the provided device code and user code. - with(JwsAlgorithm) - Static method in class org.springframework.security.oauth2.jwt.JwsHeader
-
Returns a new
JwsHeader.Builder
, initialized with the providedJwsAlgorithm
. - WithAnonymousUser - Annotation Interface in org.springframework.security.test.context.support
-
When used with
WithSecurityContextTestExecutionListener
this annotation can be added to a test method to emulate running with an anonymous user. - withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withAssertingPartyEntityDescriptor(EntityDescriptor) - Static method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration
-
Deprecated.Create a
OpenSamlRelyingPartyRegistration.Builder
from an entity descriptor - withAssertingPartyMetadata(AssertingPartyMetadata) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Creates a
RelyingPartyRegistration
RelyingPartyRegistration.Builder
with aregistrationId
equivalent to the asserting party entity id. - withAuthentication(Consumer<Authentication>) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Allows for any validating the authentication with arbitrary assertions
- withAuthentication(Authentication) - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
-
A shortcut for
ReactiveSecurityContextHolder.withSecurityContext(Mono)
- withAuthentication(Authentication) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the expected
Authentication
- withAuthenticationName(String) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the expected
Principal.getName()
- withAuthenticationPrincipal(Object) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the expected principal
- withAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the
Authentication.getAuthorities()
- withAuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
Returns a new
OAuth2AuthorizationContext.Builder
initialized with theOAuth2AuthorizedClient
. - withAuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns a new
OAuth2AuthorizeRequest.Builder
initialized with theauthorized client
. - withClientRegistration(ClientRegistration) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
-
Returns a new
OAuth2AuthorizationContext.Builder
initialized with theClientRegistration
. - withClientRegistration(ClientRegistration) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns a new
ClientRegistration.Builder
, initialized with the providedClientRegistration
. - withClientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
-
Returns a new
OAuth2AuthorizeRequest.Builder
initialized with the identifier for theclient registration
. - withDefaultPasswordEncoder() - Static method in class org.springframework.security.core.userdetails.User
-
Deprecated.Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.
- withDefaultRolePrefix() - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
-
Factory method that creates a
RoleHierarchyImpl.Builder
instance with the default role prefix "ROLE_" - withDefaults() - Static method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Construct an
AuthorizationAdvisorProxyFactory
with the defaults needed for wrapping objects in Spring Security's pre-post method security support. - withDefaults() - Static method in interface org.springframework.security.config.Customizer
-
Returns a
Customizer
that does not alter the input argument. - withDefaults() - Static method in class org.springframework.security.config.observation.SecurityObservationSettings
-
Begin the configuration of a
SecurityObservationSettings
- withDefaults(Map<String, Converter<Object, ?>>) - Static method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
-
Construct a
MappedJwtClaimSetConverter
, overriding individual claim converters with the providedMap
ofConverter
s. - withDefaultSchema() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
Populates the default schema that allows users and authorities to be stored.
- withEntityDescriptor(EntityDescriptor) - Static method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails
-
Use this
EntityDescriptor
to begin building anRelyingPartyRegistration.AssertingPartyDetails
- withErrors(Saml2Error...) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
-
Construct a
Saml2LogoutValidatorResult.Builder
, starting with the givenerrors
. - withHttpOnlyFalse() - Static method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
-
Factory method to conveniently create an instance that creates cookies where
Cookie.isHttpOnly()
is set to false. - withHttpOnlyFalse() - Static method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
-
Factory method to conveniently create an instance that has creates cookies with
ResponseCookie.isHttpOnly()
set to false. - withIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.
- withIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.
- withJwkSetUri(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Use the given JWK Set uri.
- withJwkSetUri(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the given JWK Set uri to validate JWTs.
- withJwkSource(Function<SignedJWT, Flux<JWK>>) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the given
Function
to validate JWTs - WithMockUser - Annotation Interface in org.springframework.security.test.context.support
-
When used with
WithSecurityContextTestExecutionListener
this annotation can be added to a test method to emulate running with a mocked user. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Adds an
ObjectPostProcessor
for this class. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
-
Adds an
ObjectPostProcessor
for this class. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
- withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
-
Adds an
ObjectPostProcessor
for this class. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
-
Adds an
ObjectPostProcessor
for this class. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated.Adds an
ObjectPostProcessor
for this class. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.Adds an
ObjectPostProcessor
for this class. - withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
-
Deprecated.Adds an
ObjectPostProcessor
for this class. - withPins(Map<String, String>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Sets the value for the pin- directive of the Public-Key-Pins header.
- withPkce() - Static method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers
-
Returns a
Consumer
to be provided theOAuth2AuthorizationRequest.Builder
that adds thecode_challenge
and, usually,code_challenge_method
parameters to the OAuth 2.0 Authorization Request. - withPublicKey(RSAPublicKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Use the given public key to validate JWTs
- withPublicKey(RSAPublicKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the given public key to validate JWTs
- withReactiveDefaults() - Static method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
-
Construct an
AuthorizationAdvisorProxyFactory
with the defaults needed for wrapping objects in Spring Security's pre-post reactive method security support. - withRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistration
-
Returns a new
ClientRegistration.Builder
, initialized with the provided registration identifier. - withRegistrationId(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
- withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
-
Create a
Saml2LogoutRequest.Builder
instance from thisRelyingPartyRegistration
Specifically, this will pull the SingleLogoutService location and binding from theRelyingPartyRegistration
- withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
-
Create a
Saml2LogoutResponse.Builder
instance from thisRelyingPartyRegistration
Specifically, this will pull the SingleLogoutService response location and binding from theRelyingPartyRegistration
- withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest
-
Constructs a
Saml2PostAuthenticationRequest.Builder
from aRelyingPartyRegistration
object. - withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
-
Constructs a
Saml2PostAuthenticationRequest.Builder
from aRelyingPartyRegistration
object. - withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
-
Deprecated, for removal: This API element is subject to removal in a future version.Use
RelyingPartyRegistration.mutate()
instead - withResponse(OAuth2AccessTokenResponse) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
-
Returns a new
OAuth2AccessTokenResponse.Builder
, initialized with the provided response. - withRolePrefix(String) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
-
Factory method that creates a
RoleHierarchyImpl.Builder
instance with the specified role prefix. - withRoles(String...) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the
Authentication.getAuthorities()
- withSecretKey(SecretKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
-
Use the given
SecretKey
to validate the MAC on a JSON Web Signature (JWS). - withSecretKey(SecretKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
-
Use the given
SecretKey
to validate the MAC on a JSON Web Signature (JWS). - withSecurityContext(SecurityContext) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the expected
SecurityContext
- withSecurityContext(Mono<? extends SecurityContext>) - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
-
Creates a Reactor
Context
that contains theMono<SecurityContext>
that can be merged into anotherContext
- WithSecurityContext - Annotation Interface in org.springframework.security.test.context.support
-
An annotation to determine what
SecurityContext
to use. - WithSecurityContextFactory<A extends Annotation> - Interface in org.springframework.security.test.context.support
-
An API that works with WithUserTestExcecutionListener for creating a
SecurityContext
that is populated in theTestSecurityContextHolder
. - WithSecurityContextTestExecutionListener - Class in org.springframework.security.test.context.support
-
A
TestExecutionListener
that will find annotations that are annotated withWithSecurityContext
on a test method or at the class level. - WithSecurityContextTestExecutionListener() - Constructor for class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
- withSessionId(String) - Method in class org.springframework.security.core.session.ReactiveSessionInformation
- withSessionId(String) - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
-
Copy this
OidcSessionInformation
, using a new session identifier - withToken(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
-
Returns a new
OAuth2AccessTokenResponse.Builder
, initialized with the provided access token value. - withTokenValue(String) - Static method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken
-
Create a
OidcLogoutToken.Builder
based on the given token value - withTokenValue(String) - Static method in class org.springframework.security.oauth2.core.oidc.OidcIdToken
-
Create a
OidcIdToken.Builder
based on the given token value - withTokenValue(String) - Static method in class org.springframework.security.oauth2.jwt.Jwt
-
Return a
Jwt.Builder
- withUser(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
-
Allows adding a user to the
UserDetailsManager
that is being created. - withUser(User.UserBuilder) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
-
Allows adding a user to the
UserDetailsManager
that is being created. - withUser(UserDetails) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
-
Allows adding a user to the
UserDetailsManager
that is being created. - withUserDetails(UserDetails) - Static method in class org.springframework.security.core.userdetails.User
- WithUserDetails - Annotation Interface in org.springframework.security.test.context.support
-
When used with
WithSecurityContextTestExecutionListener
this annotation can be added to a test method to emulate running with aUserDetails
returned from theUserDetailsService
. - withUsername(String) - Static method in class org.springframework.security.core.userdetails.User
-
Creates a UserBuilder with a specified username
- withUsername(String) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
-
Specifies the expected username
- wrap(Runnable) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
- wrap(Callable<T>) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
- write - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- write(RelyingPartyRegistration.Builder, MediaType, HttpOutputMessage) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- WRITE - Static variable in class org.springframework.security.acls.domain.BasePermission
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.header.HeaderWriter
-
Create a
Header
instance. - writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CacheControlHeadersWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CompositeHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Writes the X-Frame-Options header value, overwritting any previous value.
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter
- writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in interface org.springframework.security.web.server.header.ServerHttpHeadersWriter
-
Write the headers to the response.
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
- writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
- writeInternal(OAuth2AccessTokenResponse, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
- writeInternal(OAuth2DeviceAuthorizationResponse, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
- writeInternal(OAuth2Error, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
- writeMessage(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
- writer(ServerHttpHeadersWriter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures custom headers writer
X
- X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- X_FRAME_OPTIONS - Static variable in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
- X_XSS_PROTECTION - Static variable in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
- x509() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - x509() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.x509(Customizer)
orx509(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - x509() - Static method in class org.springframework.security.converter.RsaKeyConverters
-
Construct a
Converter
for converting a PEM-encoded X.509 RSA Public Key or X.509 Certificate into aRSAPublicKey
. - x509(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Finds an X509Cetificate using a resoureName and populates it on the request.
- x509(X509Certificate...) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Populates the provided X509Certificate instances on the request.
- x509(Customizer<X509Configurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configures X509 based pre authentication.
- x509(Customizer<ServerHttpSecurity.X509Spec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures x509 authentication using a certificate provided by a client.
- X509 - Static variable in class org.springframework.security.config.Elements
- x509AuthenticationFilter(X509AuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Allows specifying the entire
X509AuthenticationFilter
. - X509AuthenticationFilter - Class in org.springframework.security.web.authentication.preauth.x509
- X509AuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
- x509CertificateChain(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
- X509Configurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds X509 based pre authentication to an application.
- X509Configurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Creates a new instance
- x509PrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Specifies the
X509PrincipalExtractor
- X509PrincipalExtractor - Interface in org.springframework.security.web.authentication.preauth.x509
-
Obtains the principal from an X509Certificate for use within the framework.
- x509SHA1Thumbprint(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a.
- x509SHA256Thumbprint(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.
- x509Url(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
- X5C - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
x5c
- the X.509 certificate chain header contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign a JWS or encrypt a JWE - X5T - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
x5t
- the X.509 certificate SHA-1 thumbprint header is a base64url-encoded SHA-1 thumbprint (a.k.a. - X5T_S256 - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
x5t#S256
- the X.509 certificate SHA-256 thumbprint header is a base64url-encoded SHA-256 thumbprint (a.k.a. - X5U - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
x5u
- the X.509 URL header is a URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign a JWS or encrypt a JWE - XContentTypeOptionsHeaderWriter - Class in org.springframework.security.web.header.writers
-
A
StaticHeadersWriter
that inserts headers to prevent content sniffing. - XContentTypeOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter
-
Creates a new instance
- XContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Adds X-Content-Type-Options: nosniff
- XContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
- XFRAME_OPTIONS_HEADER - Static variable in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
- XFrameOptionsHeaderWriter - Class in org.springframework.security.web.header.writers.frameoptions
-
HeaderWriter
implementation for the X-Frame-Options headers. - XFrameOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Creates an instance with
XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY
- XFrameOptionsHeaderWriter(AllowFromStrategy) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
-
Creates a new instance
- XFrameOptionsHeaderWriter.XFrameOptionsMode - Enum Class in org.springframework.security.web.header.writers.frameoptions
-
The possible values for the X-Frame-Options header.
- XFrameOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
ServerHttpHeadersWriter
implementation for the X-Frame-Options headers. - XFrameOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
- XFrameOptionsServerHttpHeadersWriter.Mode - Enum Class in org.springframework.security.web.server.header
-
The X-Frame-Options values.
- XorCsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf
-
ChannelInterceptor
that validates a CSRF token masked by theXorCsrfTokenRequestAttributeHandler
in the header of anySimpMessageType.CONNECT
message. - XorCsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.XorCsrfChannelInterceptor
- XorCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf
-
An implementation of the
CsrfTokenRequestHandler
interface that is capable of masking the value of theCsrfToken
on each request and resolving the raw token value from the masked value as either a header or parameter value of the request. - XorCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
- XorServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf
-
An implementation of the
ServerCsrfTokenRequestAttributeHandler
andServerCsrfTokenRequestResolver
interfaces that is capable of masking the value of theCsrfToken
on each request and resolving the raw token value from the masked value as either a form data value or header of the request. - XorServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
- xssProtection() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
HeadersConfigurer.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - xssProtection() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Deprecated, for removal: This API element is subject to removal in a future version.For removal in 7.0. Use
ServerHttpSecurity.HeaderSpec.xssProtection(Customizer)
orxssProtection(Customizer.withDefaults())
to stick with defaults. See the documentation for more details. - xssProtection(Customizer<HeadersConfigurer.XXssConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Note this is not comprehensive XSS protection!
- xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures x-xss-protection response header.
- XXssProtectionHeaderWriter - Class in org.springframework.security.web.header.writers
-
Renders the X-XSS-Protection header.
- XXssProtectionHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
-
Create a new instance
- XXssProtectionHeaderWriter.HeaderValue - Enum Class in org.springframework.security.web.header.writers
-
The value of the x-xss-protection header.
- XXssProtectionServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Add the x-xss-protection header.
- XXssProtectionServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
-
Creates a new instance
- XXssProtectionServerHttpHeadersWriter.HeaderValue - Enum Class in org.springframework.security.web.server.header
-
The value of the x-xss-protection header.
Z
- zoneinfo(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this zoneinfo in the resulting
OidcUserInfo
- ZONEINFO - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
zoneinfo
- the user's time zone
_
- _this() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Casting the return as the generic subtype, when returning itself
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form
AuthorizationManager
instead