| Package | Description |
|---|---|
| org.springframework.security.access |
Core access-control related code, including security metadata related classes, interception code, access control
annotations, EL support and voter-based implementations of the central
AccessDecisionManager interface. |
| org.springframework.security.access.annotation |
Support for JSR-250 and Spring Security
@Secured annotations. |
| org.springframework.security.access.event |
Authorization event and listener classes.
|
| org.springframework.security.access.expression |
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize, @PreFilter,
@PostAuthorize and @PostFilter annotations. |
| org.springframework.security.access.expression.method |
Implementation of expression-based method security.
|
| org.springframework.security.access.hierarchicalroles |
Role hierarchy implementation.
|
| org.springframework.security.access.intercept |
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
|
| org.springframework.security.access.intercept.aopalliance |
Enforces security for AOP Alliance
MethodInvocations, such as via Spring AOP. |
| org.springframework.security.access.intercept.aspectj |
Enforces security for AspectJ
JointPoints, delegating secure object callbacks to the calling aspect. |
| org.springframework.security.access.method |
Provides
SecurityMetadataSource implementations for securing Java method invocations via different
AOP libraries. |
| org.springframework.security.access.prepost |
Contains the infrastructure classes for handling the
@PreAuthorize, @PreFilter, @PostAuthorize
and @PostFilter annotations. |
| org.springframework.security.access.vote |
Implements a vote-based approach to authorization decisions.
|
| org.springframework.security.authentication |
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
|
| org.springframework.security.authentication.dao |
An
AuthenticationProvider which relies upon a data access object. |
| org.springframework.security.authentication.encoding |
Password encoding implementations.
|
| org.springframework.security.authentication.event |
Authentication success and failure events which can be published to the Spring application context.
|
| org.springframework.security.authentication.jaas |
An authentication provider for JAAS.
|
| org.springframework.security.authentication.jaas.event |
JAAS authentication events which can be published to the Spring application context by the JAAS authentication
provider.
|
| org.springframework.security.authentication.jaas.memory |
An in memory JAAS implementation.
|
| org.springframework.security.authentication.rcp |
Allows remote clients to authenticate and obtain a populated
Authentication object. |
| org.springframework.security.core |
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of
a security context.
|
| org.springframework.security.core.annotation | |
| org.springframework.security.core.authority |
The default implementation of the
GrantedAuthority interface. |
| org.springframework.security.core.authority.mapping |
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
GrantedAuthoritys. |
| org.springframework.security.core.context |
Classes related to the establishment of a security context for the duration of a request (such as
an HTTP or RMI invocation).
|
| org.springframework.security.core.parameters | |
| org.springframework.security.core.session |
Session abstraction which is provided by the
org.springframework.security.core.session.SessionInformation
SessionInformation class. |
| org.springframework.security.core.token |
A service for building secure random tokens.
|
| org.springframework.security.core.userdetails |
The standard interfaces for implementing user data DAOs.
|
| org.springframework.security.core.userdetails.cache |
Implementations of
UserCache. |
| org.springframework.security.core.userdetails.jdbc |
Exposes a JDBC-based authentication repository, implementing
org.springframework.security.core.userdetails.UserDetailsService UserDetailsService. |
| org.springframework.security.core.userdetails.memory |
Exposes an in-memory authentication repository.
|
| org.springframework.security.provisioning |
Contains simple user and authority group account provisioning interfaces together with a a
JDBC-based implementation.
|
| org.springframework.security.remoting.dns |
DNS resolution.
|
| org.springframework.security.remoting.httpinvoker |
Enables use of Spring's
HttpInvoker extension points to
present the principal and credentials located
in the ContextHolder via BASIC authentication. |
| org.springframework.security.remoting.rmi |
Enables use of Spring's RMI remoting extension points to propagate the
SecurityContextHolder (which
should contain an Authentication request token) from one JVM to the remote JVM. |
| org.springframework.security.util |
General utility classes used throughout the Spring Security framework.
|
| Package | Description |
|---|---|
| org.springframework.security.web |
Spring Security's web security module.
|
| org.springframework.security.web.access |
Access-control related classes and packages.
|
| org.springframework.security.web.access.channel |
Classes that ensure web requests are received over required transport channels.
|
| org.springframework.security.web.access.expression |
Implementation of web security expressions.
|
| org.springframework.security.web.access.intercept |
Enforcement of security for HTTP requests, typically by the URL requested.
|
| org.springframework.security.web.authentication |
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
|
| org.springframework.security.web.authentication.logout |
Logout functionality based around a filter which handles a specific logout URL.
|
| org.springframework.security.web.authentication.preauth |
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been
authenticated by some externally configured system.
|
| org.springframework.security.web.authentication.preauth.j2ee |
Pre-authentication support for container-authenticated requests.
|
| org.springframework.security.web.authentication.preauth.websphere |
Websphere-specific pre-authentication classes.
|
| org.springframework.security.web.authentication.preauth.x509 |
X.509 client certificate authentication support.
|
| org.springframework.security.web.authentication.rememberme |
Support for remembering a user between different web sessions.
|
| org.springframework.security.web.authentication.session |
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
|
| org.springframework.security.web.authentication.switchuser |
Provides HTTP-based "switch user" (su) capabilities.
|
| org.springframework.security.web.authentication.ui |
Authentication user-interface rendering code.
|
| org.springframework.security.web.authentication.www |
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
|
| org.springframework.security.web.bind.annotation | |
| org.springframework.security.web.bind.support | |
| org.springframework.security.web.context |
Classes which are responsible for maintaining the security context between HTTP requests.
|
| org.springframework.security.web.context.request.async | |
| org.springframework.security.web.context.support | |
| org.springframework.security.web.csrf | |
| org.springframework.security.web.debug | |
| org.springframework.security.web.firewall | |
| org.springframework.security.web.header | |
| org.springframework.security.web.header.writers | |
| org.springframework.security.web.header.writers.frameoptions | |
| org.springframework.security.web.jaasapi |
Makes a JAAS Subject available as the current Subject.
|
| org.springframework.security.web.method.annotation | |
| org.springframework.security.web.savedrequest |
Classes related to the caching of an
HttpServletRequest which requires authentication. |
| org.springframework.security.web.servlet.support.csrf | |
| org.springframework.security.web.servletapi |
Populates a Servlet request with a new Spring Security compliant
HttpServletRequestWrapper. |
| org.springframework.security.web.session |
Session management filters,
HttpSession events and publisher classes. |
| org.springframework.security.web.util |
Web utility classes.
|
| org.springframework.security.web.util.matcher |
| Package | Description |
|---|---|
| org.springframework.security.ldap |
Spring Security's LDAP module.
|
| org.springframework.security.ldap.authentication |
The LDAP authentication provider package.
|
| org.springframework.security.ldap.authentication.ad | |
| org.springframework.security.ldap.ppolicy |
Implementation of password policy functionality based on the
Password Policy for LDAP Directories.
|
| org.springframework.security.ldap.search |
LdapUserSearch implementations. |
| org.springframework.security.ldap.server |
Embedded Apache Directory Server implementation, as used by the configuration namespace.
|
| org.springframework.security.ldap.userdetails |
LDAP-focused
UserDetails implementations which map from a ubset of the data
contained in some of the standard LDAP types (such as InetOrgPerson). |
| Package | Description |
|---|---|
| org.springframework.security.crypto.bcrypt | |
| org.springframework.security.crypto.codec |
Internal codec classes.
|
| org.springframework.security.crypto.encrypt | |
| org.springframework.security.crypto.keygen | |
| org.springframework.security.crypto.password | |
| org.springframework.security.crypto.util |
| Package | Description |
|---|---|
| org.springframework.security.openid |
Authenticates standard web browser users via OpenID.
|
| Package | Description |
|---|---|
| org.springframework.security.cas |
Spring Security support for Jasig's Central Authentication Service (CAS).
|
| org.springframework.security.cas.authentication |
An
AuthenticationProvider that can process CAS service tickets and proxy tickets. |
| org.springframework.security.cas.userdetails | |
| org.springframework.security.cas.web |
Authenticates standard web browser users via CAS.
|
| org.springframework.security.cas.web.authentication |
Authentication processing mechanisms which respond to the submission of authentication
credentials using CAS.
|
| Package | Description |
|---|---|
| org.springframework.security.acls |
The Spring Security ACL package which implements instance-based security for domain objects.
|
| org.springframework.security.acls.afterinvocation |
After-invocation providers for collection and array filtering.
|
| org.springframework.security.acls.domain |
Basic implementation of access control lists (ACLs) interfaces.
|
| org.springframework.security.acls.jdbc |
JDBC-based persistence of ACL information
|
| org.springframework.security.acls.model |
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
|
| Package | Description |
|---|---|
| org.springframework.security.taglibs |
Security related tag libraries that can be used in JSPs and templates.
|
| org.springframework.security.taglibs.authz |
JSP Security tag library implementation.
|
| org.springframework.security.taglibs.csrf |