| Package | Description |
|---|---|
| org.springframework.security.access |
Core access-control related code, including security metadata related classes, interception code, access control
annotations, EL support and voter-based implementations of the central
AccessDecisionManager interface. |
| org.springframework.security.access.annotation |
Support for JSR-250 and Spring Security
@Secured annotations. |
| org.springframework.security.access.event |
Authorization event and listener classes.
|
| org.springframework.security.access.expression |
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize, @PreFilter,
@PostAuthorize and @PostFilter annotations. |
| org.springframework.security.access.expression.method |
Implementation of expression-based method security.
|
| org.springframework.security.access.hierarchicalroles |
Role hierarchy implementation.
|
| org.springframework.security.access.intercept |
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
|
| org.springframework.security.access.intercept.aopalliance |
Enforces security for AOP Alliance
MethodInvocations, such as via Spring AOP. |
| org.springframework.security.access.intercept.aspectj |
Enforces security for AspectJ
JointPoints, delegating secure object callbacks to the calling aspect. |
| org.springframework.security.access.method |
Provides
SecurityMetadataSource implementations for securing Java method invocations via different
AOP libraries. |
| org.springframework.security.access.prepost |
Contains the infrastructure classes for handling the
@PreAuthorize, @PreFilter, @PostAuthorize
and @PostFilter annotations. |
| org.springframework.security.access.vote |
Implements a vote-based approach to authorization decisions.
|
| org.springframework.security.authentication |
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
|
| org.springframework.security.authentication.dao |
An
AuthenticationProvider which relies upon a data access object. |
| org.springframework.security.authentication.encoding |
Password encoding implementations.
|
| org.springframework.security.authentication.event |
Authentication success and failure events which can be published to the Spring application context.
|
| org.springframework.security.authentication.jaas |
An authentication provider for JAAS.
|
| org.springframework.security.authentication.jaas.event |
JAAS authentication events which can be published to the Spring application context by the JAAS authentication
provider.
|
| org.springframework.security.authentication.jaas.memory |
An in memory JAAS implementation.
|
| org.springframework.security.authentication.rcp |
Allows remote clients to authenticate and obtain a populated
Authentication object. |
| org.springframework.security.core |
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of
a security context.
|
| org.springframework.security.core.annotation | |
| org.springframework.security.core.authority |
The default implementation of the
GrantedAuthority interface. |
| org.springframework.security.core.authority.mapping |
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
GrantedAuthoritys. |
| org.springframework.security.core.context |
Classes related to the establishment of a security context for the duration of a request (such as
an HTTP or RMI invocation).
|
| org.springframework.security.core.parameters | |
| org.springframework.security.core.session |
Session abstraction which is provided by the
org.springframework.security.core.session.SessionInformation
SessionInformation class. |
| org.springframework.security.core.token |
A service for building secure random tokens.
|
| org.springframework.security.core.userdetails |
The standard interfaces for implementing user data DAOs.
|
| org.springframework.security.core.userdetails.cache |
Implementations of
UserCache. |
| org.springframework.security.core.userdetails.jdbc |
Exposes a JDBC-based authentication repository, implementing
org.springframework.security.core.userdetails.UserDetailsService UserDetailsService. |
| org.springframework.security.core.userdetails.memory |
Exposes an in-memory authentication repository.
|
| org.springframework.security.provisioning |
Contains simple user and authority group account provisioning interfaces together with a a
JDBC-based implementation.
|
| org.springframework.security.remoting.dns |
DNS resolution.
|
| org.springframework.security.remoting.httpinvoker |
Enables use of Spring's
HttpInvoker extension points to
present the principal and credentials located
in the ContextHolder via BASIC authentication. |
| org.springframework.security.remoting.rmi |
Enables use of Spring's RMI remoting extension points to propagate the
SecurityContextHolder (which
should contain an Authentication request token) from one JVM to the remote JVM. |
| org.springframework.security.util |
General utility classes used throughout the Spring Security framework.
|
| Package | Description |
|---|---|
| org.springframework.security.ldap |
Spring Security's LDAP module.
|
| org.springframework.security.ldap.authentication |
The LDAP authentication provider package.
|
| org.springframework.security.ldap.authentication.ad | |
| org.springframework.security.ldap.ppolicy |
Implementation of password policy functionality based on the
Password Policy for LDAP Directories.
|
| org.springframework.security.ldap.search |
LdapUserSearch implementations. |
| org.springframework.security.ldap.server |
Embedded Apache Directory Server implementation, as used by the configuration namespace.
|
| org.springframework.security.ldap.userdetails |
LDAP-focused
UserDetails implementations which map from a ubset of the data
contained in some of the standard LDAP types (such as InetOrgPerson). |
| Package | Description |
|---|---|
| org.springframework.security.openid |
Authenticates standard web browser users via OpenID.
|
| Package | Description |
|---|---|
| org.springframework.security.cas |
Spring Security support for Jasig's Central Authentication Service (CAS).
|
| org.springframework.security.cas.authentication |
An
AuthenticationProvider that can process CAS service tickets and proxy tickets. |
| org.springframework.security.cas.jackson2 | |
| org.springframework.security.cas.userdetails | |
| org.springframework.security.cas.web |
Authenticates standard web browser users via CAS.
|
| org.springframework.security.cas.web.authentication |
Authentication processing mechanisms which respond to the submission of authentication
credentials using CAS.
|
| Package | Description |
|---|---|
| org.springframework.security.acls |
The Spring Security ACL package which implements instance-based security for domain objects.
|
| org.springframework.security.acls.afterinvocation |
After-invocation providers for collection and array filtering.
|
| org.springframework.security.acls.domain |
Basic implementation of access control lists (ACLs) interfaces.
|
| org.springframework.security.acls.jdbc |
JDBC-based persistence of ACL information
|
| org.springframework.security.acls.model |
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
|
| Package | Description |
|---|---|
| org.springframework.security.taglibs |
Security related tag libraries that can be used in JSPs and templates.
|
| org.springframework.security.taglibs.authz |
JSP Security tag library implementation.
|
| org.springframework.security.taglibs.csrf |