Skip navigation links
Package Description
Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central AccessDecisionManager interface.
Support for JSR-250 and Spring Security @Secured annotations.
Authorization event and listener classes.
Expression handling code to support the use of Spring-EL based expressions in @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.
Implementation of expression-based method security.
Role hierarchy implementation.
Abstract level security interception classes which are responsible for enforcing the configured security constraints for a secure object.
Enforces security for AOP Alliance MethodInvocations, such as via Spring AOP.
Enforces security for AspectJ JointPoints, delegating secure object callbacks to the calling aspect.
Provides SecurityMetadataSource implementations for securing Java method invocations via different AOP libraries.
Contains the infrastructure classes for handling the @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.
Implements a vote-based approach to authorization decisions.
The Spring Security ACL package which implements instance-based security for domain objects.
After-invocation providers for collection and array filtering.
Basic implementation of access control lists (ACLs) interfaces.
JDBC-based persistence of ACL information
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
An AuthenticationProvider which relies upon a data access object.
Password encoding implementations.
Authentication success and failure events which can be published to the Spring application context.
An authentication provider for JAAS.
JAAS authentication events which can be published to the Spring application context by the JAAS authentication provider.
An in memory JAAS implementation.
Allows remote clients to authenticate and obtain a populated Authentication object.
Spring Security support for Jasig's Central Authentication Service (CAS).
An AuthenticationProvider that can process CAS service tickets and proxy tickets.
Authenticates standard web browser users via CAS.
Authentication processing mechanisms which respond to the submission of authentication credentials using CAS.
Support classes for the Spring Security namespace.
Parsing of <authentication-manager> and related elements.
Parsing of the <http> namespace element.
Security namespace support for LDAP authentication.
Support for parsing of the <global-method-security> and <intercept-methods> elements.
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of a security context.
The default implementation of the GrantedAuthority interface.
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of GrantedAuthoritys.
Classes related to the establishment of a security context for the duration of a request (such as an HTTP or RMI invocation).
Session abstraction which is provided by the SessionInformation class.
A service for building secure random tokens.
The standard interfaces for implementing user data DAOs.
Implementations of UserCache.
Exposes a JDBC-based authentication repository, implementing UserDetailsService.
Exposes an in-memory authentication repository.
Internal codec classes.
Mix-in classes to add Jackson serialization support.
Spring Security's LDAP module.
The LDAP authentication provider package.
Implementation of password policy functionality based on the Password Policy for LDAP Directories.
LdapUserSearch implementations.
Embedded Apache Directory Server implementation, as used by the configuration namespace.
LDAP-focused UserDetails implementations which map from a ubset of the data contained in some of the standard LDAP types (such as InetOrgPerson).
Support classes/interfaces for authenticating an end-user with an authorization server using a specific authorization grant flow.
Classes and interfaces related to ClientRegistration.
Support classes and interfaces related to an OAuth 2.0 User.
Support classes for converting OAuth 2.0 Protocol Endpoint Messages.
Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.
Support classes that model the request/response messages from the Authorization Endpoint and Token Endpoint.
Provides a model for an OAuth 2.0 representation of a user Principal.
Core classes and interfaces providing support for OpenID Connect Core 1.0.
Provides a model for an OpenID Connect Core 1.0 representation of a user Principal.
Authenticates standard web browser users via OpenID.
Contains simple user and authority group account provisioning interfaces together with a a JDBC-based implementation.
DNS resolution.
Enables use of Spring's HttpInvoker extension points to present the principal and credentials located in the ContextHolder via BASIC authentication.
Enables use of Spring's RMI remoting extension points to propagate the SecurityContextHolder (which should contain an Authentication request token) from one JVM to the remote JVM.
Security related tag libraries that can be used in JSPs and templates.
JSP Security tag library implementation.
General utility classes used throughout the Spring Security framework.
Spring Security's web security module.
Access-control related classes and packages.
Classes that ensure web requests are received over required transport channels.
Implementation of web security expressions.
Enforcement of security for HTTP requests, typically by the URL requested.
Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
Logout functionality based around a filter which handles a specific logout URL.
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.
Pre-authentication support for container-authenticated requests.
Websphere-specific pre-authentication classes.
X.509 client certificate authentication support.
Support for remembering a user between different web sessions.
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
Provides HTTP-based "switch user" (su) capabilities.
Authentication user-interface rendering code.
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
Classes which are responsible for maintaining the security context between HTTP requests.
Makes a JAAS Subject available as the current Subject.
Mix-in classes to provide Jackson serialization support.
Classes related to the caching of an HttpServletRequest which requires authentication.
Populates a Servlet request with a new Spring Security compliant HttpServletRequestWrapper.
Session management filters, HttpSession events and publisher classes.
Web utility classes.  
Skip navigation links