|
|||||||||
PREV NEXT | FRAMES NO FRAMES |
Authentication
.
AccessDecisionManager
.AfterInvocationProvider
which provides commonly-used ACL-related services.AuthenticationManager
.Authentication
objects.MethodSecurityMetadataSource
that supports both Spring AOP and AspectJ and
performs attribute resolution from: 1.ContextSource
provided.
Permission
implementations.AbstractPreAuthenticatedAuthenticationDetailsSource.buildDetails(Object)
.AuthenticationProvider
that allows subclasses to override and work with UserDetails
objects.Acl
.AccessControlEntry
.Tag
that allows its body through if some authorizations are granted to the request's
principal.Authentication
object does not hold a
required authority.AccessDeniedException
with the specified
message.
AccessDeniedException
with the specified
message and root cause.
ExceptionTranslationFilter
to handle an
AccessDeniedException
.AccessDeniedHandler
.AccountExpiredException
with the specified
message.
AccountExpiredException
with the specified
message and root cause.
AclImpl
to determine whether a principal is permitted to call
adminstrative methods on the AclImpl
.AclAuthorizationStrategy
.JdbcAclService
.AclDataAccessException
with the specified
message and root cause.
AclDataAccessException
with the specified
message and no root cause.
Collection
of domain object instances returned from a secure object invocation, remove
any Collection
elements the principal does not have appropriate permission to access as defined by the
AclService
.AclService
.AclService
.Acl
.MutableAclService.createAcl(ObjectIdentity)
.
Acl
instances.UserDetails
for a given authentication request.
AccessDecisionManager
that grants access if any
AccessDecisionVoter
returns an affirmative response.Object
returned from a secure object invocation,
being able to modify the Object
or throw an AccessDeniedException
.AfterInvocationProviderManager
decision.AfterInvocationManager
.Token
.
Acl
entry already exists for the object.AlreadyExistsException
with the specified message.
AlreadyExistsException
with the specified message
and root cause.
Authentication
object in the SecurityContextHolder
, and
populates it with one if needed.AuthenticationProvider
implementation that validates AnonymousAuthenticationToken
s.Authentication
.AspectJSecurityInterceptor
when it wishes for the
AspectJ processing to continue.JoinPoint
security interceptor which wraps the JoinPoint
in a MethodInvocation
adapter to make it compatible with security infrastructure classes which only support MethodInvocation
s.AclImpl
to log audit events.authenticate
method that calls the abstract method
doAuthenticatation
to do its work.
Authentication
object, returning a fully populated
Authentication
object (including granted authorities) if successful.
AuthenticationManager.authenticate(Authentication)
.
ConfigAttribute.getAttribute()
of IS_AUTHENTICATED_FULLY
or
IS_AUTHENTICATED_REMEMBERED
or IS_AUTHENTICATED_ANONYMOUSLY
is present.AuthenticationManager.authenticate(Authentication)
method.Authentication
could not be obtained from
the SecurityContextHolder
.Authentication
object in the SecurityContext
.AuthenticationCredentialsNotFoundException
with the specified message.
AuthenticationCredentialsNotFoundException
with the specified message and root cause.
Authentication.getDetails()
object for
a given web request.AuthenticationDetailsSource
.ExceptionTranslationFilter
to commence an authentication scheme.Authentication
object being invalid for whatever
reason.AuthenticationException
with the specified message and root cause.
AuthenticationException
with the specified message and no root cause.
AuthenticationProvider
that can process the request.AuthenticationManager
.Authentication
request.Authentication
implementation.AuthenticationServiceException
with the
specified message.
AuthenticationServiceException
with the
specified message and root cause.
SimpleHttpInvokerRequestExecutor
.Tag
implementation that allows convenient access to the current
Authentication
object.Authentication
tokensAuthenticationTrustResolver
.AuthorizationServiceException
with the
specified message.
AuthorizationServiceException
with the
specified message and root cause.
SecurityContextHolder
does not contain an
Authentication
object and Spring Security wishes to provide an implementation with an
opportunity to authenticate the request using remember-me capabilities.
BadCredentialsException
with the specified
message.
BadCredentialsException
with the specified
message and root cause.
ExceptionTraslationFilter
to commence authentication via the BasicAuthenticationFilter
.SecurityContextHolder
.BaseLdapPathContextSource
provided.
CumulativePermission
or BasePermission
representing the
active bits in the passed mask.
Authentication
object for the current secure object invocation, or
null
if replacement not required.
ExceptionTranslationFilter
to commence authentication via the JA-SIG Central
Authentication Service (CAS).AuthenticationProvider
implementation that integrates with JA-SIG Central Authentication Service
(CAS).Authentication
.ChannelDecisionManager
.ChannelProcessor
to launch a web channel.Acl
cannot be deleted because children Acl
s exist.ChildrenExistException
with the specified
message.
ChildrenExistException
with the specified
message and root cause.
Subject
(phase two) by adding the Spring Security
Authentication
to the Subject
's principals.
AccessDecisionManager
that uses a
consensus-based approach.AuditLogger
.RemoteInvocation
that is passed from the client to the server.org.springframework.remoting.rmi.RmiProxyFactoryBean
when it
wishes to create a remote invocation.MethodInvocation
for specified methodName
on the passed object,
using the args
to locate the method.
Acl
object in the database.
MethodSecurityEvaluationContext
as the EvaluationContext implementation and
configures it with a MethodSecurityExpressionRoot
instance as the expression root object.
MethodInvocation
for the specified methodName
on the passed class.
MethodInvocation
for specified methodName
on the passed class,
using the args
to locate the method.
acl_class
, creating a new row if needed and the
allowCreate
property is true
.
Authentication
object.
eraseCredentials
method.CredentialsExpiredException
with the specified
message.
CredentialsExpiredException
with the specified
message and root cause.
Permission
that is constructed at runtime from other permissions.AuthenticationProvider
implementation that retrieves user details
from an UserDetailsService
.Object
, make an
access control decision or optionally modify the returned Object
.
AccessDecisionVoter
s and grants access
if any AccessDecisionVoter
voted affirmatively.
AccessDecisionVoter
s and upon
completion determines the consensus of granted against denied responses.
AccessDecisionVoter
s for each ConfigAttribute
and grants access if only grant (or abstain) votes were received.
FilterInvocation
provides the appropriate level of channel
security based on the requested list of ConfigAttributes.
FilterInvocation
provides the appropriate level of channel
security based on the requested list of ConfigAttributes.
Throwable
instances.
servletPath
and
pathInfo
, which do not contain path parameters (as defined in
RFC 2396).PermissionFactory
.HttpServletRequest
.Token
.String
created using
BasePasswordEncoder.mergePasswordAndSalt(String,Object,boolean)
.
Throwable
.
SecurityEnforcementFilter
to commence authentication via the DigestAuthenticationFilter
.SecurityContextHolder
.DisabledException
with the specified message.
DisabledException
with the specified message
and root cause.
Authentication
object.
DefaultSavedRequest
.
requiresAuthentication
method to determine whether the request is for authentication and should be handled by this filter.
AclCache
that delegates to EH-CACHE.User
objects using a Spring IoC defined EHCACHE.Enumeration
around a Java 2 collection Iterator
.java.lang.Object
documentation for the interface contract.
true
if the supplied object is a User
instance with the
same username
value.
credentials
, principal
and details
objects, invoking the
eraseCredentials
method on any which implement CredentialsContainer
.
AccessDeniedException
and AuthenticationException
thrown within the
filter chain.PrePostInvocationAttributeFactory
which interprets the annotation value as
an expression to be evaluated at runtime.Throwable
.
Filter
requests to a list of Spring-managed filter beans.SecurityMetadataSource
implementations
that are designed to perform lookups keyed on FilterInvocation
s.FilterInvocationSecurityMetadataSource
bean for use with a FilterSecurityInterceptor.HttpFirewall
interface.flushBuffer()
getDateHeader()
.
ConfigAttribute
s defined by the implementing class.
SessionRegistry
.
ConfigAttribute
can be represented as a String
and that
String
is sufficient in precision to be relied upon as a configuration parameter by a RunAsManager
, AccessDecisionManager
or AccessDecisionManager
delegate, this method should
return such a String
.
ConfigAttribute
s that apply to a given secure object.
Authentication
request that caused the event.
null
)
AuthenticationManager
to indicate the authorities that the principal has been
granted.
GrantedAuthority
can be represented as a String
and that
String
is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager
(or delegate), this method should return such a String
.
CasAuthenticationToken
associated with the
specified ticket.
SecurityContext
.
String
String
Class
that generated this event.
SecurityContextHolderStrategy
.
getOutputStream().close()
or
getOutputStream().flush()
String
representing this permission.
credentialsRequestHeader
is set, this
will be read and used as the credentials value.
principalRequestHeader
from the request.
Authentication
object, such as a String or UserDetails
instance
SecurityContextHolder
.
User
to obtain the salt.
ServletRequest
was received on.
HttpSession
id the authentication request was received from.
sessionId
.
UserDetails
from the cache.
Authentication
(which is a subclass of Principal
), or
null
if unavailable.
getWriter().close()
or
getWriter().flush()
Authentication
object.GrantedAuthority
s for a user by reading a list of attributes that were returned as
part of the CAS response.GrantedAuthority
.GrantedAuthority
as a Sid
.RedirectStrategy
with the URL returned by the determineTargetUrl
method.
java.lang.Object
documentation for the interface contract.
username
.
HttpFirewall
bean reference into the FilterChainProxy
.SecurityContextRepository.loadContext(HttpRequestResponseHolder)
,
allowing the method to swap the request for a wrapped version, as well as returning the SecurityContext
value.HttpSessionEventPublisher
when an HttpSession
is created by the containerHttpSessionEventPublisher
when a HttpSession is created in the containerSecurityContextRepository
implementation which stores the security context in the HttpSession
between requests.IdentityUnavailableException
with the specified message.
IdentityUnavailableException
with the specified message
and root cause.
Throwable
s and ThrowableCauseExtractor
s.
LoginModule
.
Resource
interface.HttpServletRequest.isSecure()
responses.InsufficientAuthenticationException
with the
specified message.
InsufficientAuthenticationException
with the
specified message and root cause.
AbstractSecurityInterceptor
subclasses.InvocationTargetException
instances.
MethodInvocation
.
JoinPoint
.
JoinPoint
.
Authentication
token represents an anonymous user.
AbstractSecurityInterceptor
whether it should present the
authentication token to the AuthenticationManager
.
saveContext()
because of this wrapper.
Acl.getParentAcl()
should flow down into the current
Acl.
Authentication
token represents user that has been remembered
(i.e.
renew
parameter should be sent to the CAS login URL and CAS
validation URL.
GrantedAuthority.getAuthority()
.
HttpServletRequest.isUserInRole(String)
) into GrantedAuthority
s and stores these in the authentication
details object.WebAuthenticationDetails
class to be used.
JaasAuthenticationProvider
.AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration.JaasAuthenticationProvider
after successfully logging the user into the LoginContext, handling all callbacks, and calling all
AuthorityGranters.AclService
.MutableAclService
.TokenService
that is compatible with clusters and across machine restarts,
without requiring database persistence.AuthenticationProvider
implementation that authenticates
against an LDAP server.ShaPasswordEncoder
which supports Ldap SHA and SSHA (salted-SHA) encodings.LdapUserSearch
and an LdapAuthoritiesPopulator
.Tag
that allows it's body through if some authorizations
are granted to the request's principal.UserDetails
via the supplied CAS
assertion.
LockedException
with the specified message.
LockedException
with the specified message and
root cause.
Subject
(phase one) by extracting the Spring Security
Authentication
from the current SecurityContext
.
ExceptionTranslationFilter
to commence a form login
authentication via the UsernamePasswordAuthenticationFilter
.Subject
.
LogoutFilter
, to handle redirection or
forwarding to the appropriate destination.FilterInvocation
.
AclService
.String
.
MethodInvocation
instances.MethodInvocation
s usable within Spring Security.SecurityMetadataSource
implementations
that are designed to perform lookups keyed on Method
s.MethodSecurityMetadataSource
, used to exclude a MethodSecurityInterceptor
from
public (non-secure) methods.Acl
instances.NonceExpiredException
with the specified
message.
NonceExpiredException
with the specified
message and root cause.
NotFoundException
with the specified message.
NotFoundException
with the specified message
and root cause.
NullRememberMeServices
that does nothing.StatelessTicketCache
that has no backing cache.ObjectIdentity
from an object identifier (such as a primary key)
and type information.ObjectIdentity
.ObjectIdentityImpl
based on the passed
object instance.
ObjectIdentity
will be returned for a particular domain objectObjectIdentityRetrievalStrategy
and ObjectIdentityGenerator
that uses the constructors of ObjectIdentityImpl
to create the ObjectIdentity
.Filter
instances registered in the map of
filter chains.
PlaintextPasswordEncoder.encodePassword(String, Object)
String
.
defaultFailureUrl
if set, otherwise returns a 401 error code.
handle()
method to forward or redirect to the target URL, and
then calls clearAuthenticationAttributes()
to remove any leftover session data.
AccessDecisionManager
interface.@Secured
annotations.@PreAuthorize
, @PreFilter
,
@PostAuthorize
and @PostFilter
annotations.MethodInvocation
s, such as via Spring AOP.JointPoint
s, delegating secure object callbacks to the calling aspect.SecurityMetadataSource
implementations for securing Java method invocations via different
AOP libraries.@PreAuthorize
, @PreFilter
, @PostAuthorize
and @PostFilter
annotations.AuthenticationProvider
which relies upon a data access object.Authentication
object.AuthenticationProvider
that can process CAS service tickets and proxy tickets.GrantedAuthority
interface.GrantedAuthority
s.org.springframework.security.core.session.SessionInformation
SessionInformation
class.UserCache
.org.springframework.security.core.userdetails.UserDetailsService UserDetailsService
.LdapUserSearch
implementations.UserDetails
implementations which map from a ubset of the data
contained in some of the standard LDAP types (such as InetOrgPerson
).HttpInvoker
extension points to
present the principal
and credentials
located
in the ContextHolder
via BASIC authentication.SecurityContextHolder
(which
should contain an Authentication
request token) from one JVM to the remote JVM.HttpServletRequest
which requires authentication.HttpServletRequestWrapper
.HttpSession
events and publisher classes.LdapAuthenticator
which compares the login
password with the value stored in the directory using a remote LDAP "compare" operation.PasswordPolicyControl
to make use of user account data stored in the directory.Permission
instances from integer masks.RememberMeServices
implementation based on Barry Jaspan's
Improved Persistent Login Cookie
Best Practice.PersistentTokenBasedRememberMeServices
to store the persistent
login tokens for a user.PortMapper
implementations provide callers with information
about which HTTP ports are associated with which HTTPS ports on the system,
and vice versa.PortMapper
that obtains HTTP:HTTPS pairs from the application context.PortResolver
determines the port a web request was received
on.PortResolver
that obtains the port from ServletRequest.getServerPort().PostInvocationAuthorizationAdvice
instance
passing it the PostInvocationAttribute created from @PostAuthorize and @PostFilter annotations.Authentication
implementation for pre-authenticated
authentication.Authentication.getPrincipal()
as a Sid
.Authentication
request through a list of AuthenticationProvider
s.ProviderManager
if no AuthenticationProvider
could be found that supports the
presented Authentication
object.ProviderNotFoundException
with the specified
message.
ProviderNotFoundException
with the specified
message and root cause.
JaasAuthenticationFailedEvent
.
JaasAuthenticationSuccessEvent
.
CasAuthenticationToken
to the cache.
UserDetails
in the cache.
AclService.readAclsById(List)
except it returns only a single Acl.
AclService.readAclsById(List, List)
except it returns only a single Acl.
User
object.sessionId
so its last request time is equal to the present date and time.
ThrowableCauseExtractor
for the specified type.
Permission
for a give class.
Authentication
object in the SecurityContext
, and populates it
with a remember-me authentication token if a RememberMeServices
implementation so requests.AuthenticationProvider
implementation that validates RememberMeAuthenticationToken
s.Authentication
.RemoteAuthenticationManager
cannot validate the presented authentication request.RemoteAuthenticationException
with the
specified message and no root cause.
RemoteAuthenticationManager
to validate an authentication request.sessionId
.
StatelessTicketCache.removeTicketFromCache(String)
.
UrlMatcher.pathMatchesUrl(Object, String)
.
UserDetails
from an implementation-specific
location, with the option of throwing an AuthenticationException
immediately if the presented
credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in
order to obtain or generate a UserDetails
).
RoleHierarchy
definition to determine the
roles allocated to the current user before voting.ConfigAttribute.getAttribute()
starts with a prefix
indicating that it is a role.AuthenticationProvider
implementation that can authenticate a RunAsUserToken
.Authentication
object for the current secure
object invocation only.RunAsManager
.Authentication
implementation that supports RunAsManagerImpl
.SecurityContext
when a sendError()
, sendRedirect
,
getOutputStream().close()
, getOutputStream().flush()
, getWriter().close()
, or
getWriter().flush()
happens.DefaultSavedRequest
which may have been stored in
the session by the ExceptionTranslationFilter
.AuthenticationException
for use in view rendering.
HttpServletRequest.isSecure()
responses.Secured
annotation.SecureRandom
instance.ConfigAttribute
as a String
.SecurityContext
with the current execution thread.Filter
which populates the ServletRequest
with a request wrapper
which implements the servlet API security methods.HttpServletRequestWrapper
, which uses the
SecurityContext
-defined Authentication
object to implement the servlet API security
methods SecurityContextHolderAwareRequestWrapper.isUserInRole(String)
and HttpServletRequestWrapper.getRemoteUser()
.SecurityContext
.LoginModule
that uses a Spring Security SecurityContext
to provide authentication.SecurityContextHolder
.SecurityContextHolder
with information obtained from
the configured SecurityContextRepository
prior to the request and stores it back in the repository
once the request has completed and clearing the context holder.SecurityContext
between requests.ConfigAttribute
s that applies to a given secure object
invocation.sendError()
sendError()
sendRedirect()
HttpSessionCreatedEvent
to the application
appContext.
HttpSessionDestroyedEvent
to the application
appContext.
SessionAuthenticationStrategy
.Authentication.getDetails()
implementations that are capable of returning a session ID.SessionAuthenticationStrategy
to perform any session-related activity such as
activating session-fixation protection mechanisms or checking for multiple concurrent logins.SessionInformation
instances.SessionRegistry
which listens for SessionDestroyedEvent
s
published in the Spring application context.AbstractSecurityInterceptor
should
ignore the Authentication.isAuthenticated()
property.
true
, will always redirect to the value of defaultTargetUrl
(defaults to false
).
Authentication.isAuthenticated()
for a full description.
Authentication
from the SecurityContext
to prevent issues with concurrent
requests.
extraInformation
property is deprecated
loadContext
method and copy the created context instead.
SecurityContext
with the current thread of execution.
AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse,
Authentication)
, which may be useful in certain environment (such as
Tapestry applications).
true
, indicates that it is permitted to store the target
URL and exception information in a new HttpSession
(the default).
SearchControls
instance used in the search.
Acl.isEntriesInheriting()
.
Authentication
which implements the CredentialsContainer
interface
will have its eraseCredentials
method called before it is returned
from the authenticate()
method.
AbstractUserDetailsAuthenticationProvider
throws a
BadCredentialsException
if a username is not found or the password is incorrect.
AbstractAuthenticationManager.setClearExtraInformation(boolean)
HttpSession
to be invalidated when this LogoutHandler
is invoked.
true
, will only use DefaultSavedRequest
to determine the target URL on successful
authentication if the request that caused the authentication request was a GET.
UsernamePasswordAuthenticationFilter
login
page can be found.
PermissionFactory
instance which will be used to convert loaded permission
data values to Permission
s.
AuthenticationProvider
objects to be used for authentication.
Configuration#refresh()
will be made by #configureJaas(Resource)
method.
AbstractSecurityInterceptor
has a configuration
attribute defined.
return_to
URL which is assembled by OpenIDAuthenticationFilter.buildReturnToUrl(javax.servlet.http.HttpServletRequest)
.
ROLE_
to be overridden.
ROLE_
to be overridden.
SecureRandom
instance.
loginFormUrl
using the RequestDispatcher,
instead of a 302 redirect.
LdapAuthenticationProvider.createSuccessfulAuthentication(UsernamePasswordAuthenticationToken, UserDetails)
method.
true
(the default), indicates the JdbcDaoImpl.getUsersByUsernameQuery()
returns a username
in response to a query.
UserMap
to reflect the Properties
instance passed.
UserMap
.
byte[]
.
byte[]
.
ShaPasswordEncoder encoder = new ShaPasswordEncoder(256);
initializes with SHA-256
Sid
instances applicable
for an Authentication
.SidRetrievalStrategy
that creates a Sid
for the principal, as well as
every granted authority the principal holds.MethodInvocation
.defaultFailureUrl
property when the onAuthenticationFailure method is called.AbstractAuthenticationTargetUrlRequestHandler
base class logic.WebAttributes
directly.
WebAttributes
directly.
WebAttributes
directly.
SecurityContextHolder
.MessageSource
used by Spring Security.X509Certificate.getSubjectDN()
).Authentication
instance returned by the
authentication manager into the secure context.
AccessDecisionManager
is able to process authorization requests
presented with the passed ConfigAttribute
.
AccessDecisionManager
implementation is able to provide access
control decisions for the indicated secured object type.
AccessDecisionVoter
is able to vote on the passed
ConfigAttribute
.
AccessDecisionVoter
implementation is able to provide access control
votes for the indicated secured object type.
AfterInvocationProvider
is able to participate in a decision
involving the passed ConfigAttribute
.
AfterInvocationProvider
is able to provide "after invocation"
processing for the indicated secured object type.
Jsr250SecurityConfig
.
AfterInvocationManager
is able to process "after invocation"
requests presented with the passed ConfigAttribute
.
AfterInvocationManager
implementation is able to provide access
control decisions for the indicated secured object type.
AfterInvocationProvider
s and ensures each can support the presented
class.
RunAsManager
is able to process the passed
ConfigAttribute
.
RunAsManager
implementation is able to provide run-as replacement for
the indicated secure object type.
SecurityMetadataSource
implementation is able to provide
ConfigAttribute
s for the indicated secure object type.
AccessDecisionVoter
s and ensures each can support the presented class.
MethodSecurityInterceptor
, because it queries the
presented MethodInvocation
.
true
if this AuthenticationProvider
supports the indicated
Authentication
object.
ChannelDecisionManager
is able to process the passed
ConfigAttribute
.
ChannelProcessor
is able to process the passed
ConfigAttribute
.
GrantedAuthority
list that will be assigned to the principal
when they assume the identity of a different principal.GrantedAuthority
used by SwitchUserFilter
String
as the salt.AuthenticationProvider
implementation for the TestingAuthenticationToken
.Authentication
implementation that is designed for use whilst unit testing.Throwable
instances.ThrowableAnalyzer
instance.
Throwable
type.TokenService
.AccessDecisionManager
that requires all
voters to abstain or grant access.Acl
cannot perform an operation because it only loaded a subset of Sid
s and
the caller has requested details for an unloaded Sid
.NotFoundException
with the specified message.
NotFoundException
with the specified message
and root cause.
Acl
in the database.
UserDetailsService
.User
with the details required by
DaoAuthenticationProvider
.
InMemoryDaoImpl
to temporarily store the attributes associated with a user.UserAttribute
from a comma separated list of values.UserDetails
objects.UserDetailsService
as the service to delegate to.
UserDetailsService
to check the status of the loaded
UserDetails object.UserDetailsService
which provides the ability
to create new users and update existing ones.HttpSecurityBeanDefinitionParser
to inject a UserDetailsService into
the X509Provider, RememberMeServices and OpenIDAuthenticationProvider instances created by
the namespace.RoleHierarchyVoter
instead of populating the user Authentication object
with the additional authorities.RoleHierarchyVoter
instead.UserMap
.UserDetailsService
implementation cannot locate a User
by its username.UsernameNotFoundException
with the specified
message.
UsernameNotFoundException
with the specified message and root cause.
Authentication
implementation that is designed for simple presentation
of a username and password.UsernamePasswordAuthenticationToken
, as the AbstractAuthenticationToken.isAuthenticated()
will return false
.
AuthenticationManager
or AuthenticationProvider
implementations that are satisfied with producing a trusted (i.e.
Token.getKey()
was issued by this TokenService
and
reconstructs the corresponding Token
.
AuthenticationDetailsSource
which builds the details object from
an HttpServletRequest object.WebXmlMappableAttributesRetriever.getMappableAttributes()
.
|
|||||||||
PREV NEXT | FRAMES NO FRAMES |