Skip navigation links
A B C D E F G H I J K L M N O P Q R S T U V W X Z _ 

A

abort() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Abort the authentication process by forgetting the Spring Security Authentication.
AbstractAccessDecisionManager - Class in org.springframework.security.access.vote
Abstract implementation of AccessDecisionManager.
AbstractAccessDecisionManager(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AbstractAccessDecisionManager
 
AbstractAclProvider - Class in org.springframework.security.acls.afterinvocation
Abstract AfterInvocationProvider which provides commonly-used ACL-related services.
AbstractAclProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
AbstractAclVoter - Class in org.springframework.security.access.vote
Provides helper methods for writing domain object ACL voters.
AbstractAclVoter() - Constructor for class org.springframework.security.access.vote.AbstractAclVoter
 
AbstractAuthenticationEvent - Class in org.springframework.security.authentication.event
Represents an application authentication event.
AbstractAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationEvent
 
AbstractAuthenticationFailureEvent - Class in org.springframework.security.authentication.event
Abstract application event which indicates authentication failure for some reason.
AbstractAuthenticationFailureEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent
 
AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers
Base class for configuring AbstractAuthenticationFilterConfigurer.
AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Creates a new instance with minimal defaults
AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Creates a new instance
AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication
Abstract processor of browser-based HTTP-based authentication requests.
AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Creates a new instance
AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Creates a new instance with a default filterProcessesUrl and an AuthenticationManager
AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Creates a new instance with a RequestMatcher and an AuthenticationManager
AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication
Base class containing the logic used by strategies which handle redirection to a URL and are passed an Authentication object as part of the contract.
AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
 
AbstractAuthenticationToken - Class in org.springframework.security.authentication
Base class for Authentication objects.
AbstractAuthenticationToken(Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AbstractAuthenticationToken
Creates a token with the supplied array of authorities.
AbstractAuthorizationEvent - Class in org.springframework.security.access.event
Abstract superclass for all security interception related events.
AbstractAuthorizationEvent(Object) - Constructor for class org.springframework.security.access.event.AbstractAuthorizationEvent
Construct the event, passing in the secure object being intercepted.
AbstractAuthorizeTag - Class in org.springframework.security.taglibs.authz
A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets).
AbstractAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
AbstractCasAssertionUserDetailsService - Class in org.springframework.security.cas.userdetails
Abstract class for using the provided CAS assertion to construct a new User object.
AbstractCasAssertionUserDetailsService() - Constructor for class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
 
AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers
A base class for registering RequestMatcher's.
AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
 
AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation
A base SecurityBuilder that allows SecurityConfigurer to be applied to it.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Creates a new instance with the provided ObjectPostProcessor.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Creates a new instance with the provided ObjectPostProcessor.
AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails
Allows configuring a DaoAuthenticationProvider
AbstractFallbackMethodSecurityMetadataSource - Class in org.springframework.security.access.method
Abstract implementation of MethodSecurityMetadataSource that supports both Spring AOP and AspectJ and performs attribute resolution from: 1.
AbstractFallbackMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
 
AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers
Adds a convenient base class for SecurityConfigurer instances that operate on HttpSecurity.
AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
 
AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>,H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
A base class for configuring the FilterSecurityInterceptor.
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R,T>,T> - Class in org.springframework.security.config.annotation.web.configurers
 
AbstractJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
AbstractJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
AbstractLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication
Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.
AbstractLdapAuthenticationProvider() - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
AbstractLdapAuthenticator - Class in org.springframework.security.ldap.authentication
Base class for the authenticator implementations.
AbstractLdapAuthenticator(ContextSource) - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
Create an initialized instance with the ContextSource provided.
AbstractMessageMatcherComposite<T> - Class in org.springframework.security.messaging.util.matcher
Abstract MessageMatcher containing multiple MessageMatcher
AbstractMethodSecurityMetadataSource - Class in org.springframework.security.access.method
Abstract implementation of MethodSecurityMetadataSource which resolves the secured object type to a MethodInvocation.
AbstractMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
 
AbstractOAuth2AuthorizationGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
Base implementation of an OAuth 2.0 Authorization Grant request that holds an authorization grant credential and is used when initiating a request to the Authorization Server's Token Endpoint.
AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType) - Constructor for class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
Sub-class constructor.
AbstractOAuth2Token - Class in org.springframework.security.oauth2.core
Base class for OAuth 2.0 Token implementations.
AbstractOAuth2Token(String) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
Sub-class constructor.
AbstractOAuth2Token(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
Sub-class constructor.
AbstractOAuth2TokenAuthenticationToken<T extends AbstractOAuth2Token> - Class in org.springframework.security.oauth2.server.resource.authentication
Base class for AbstractAuthenticationToken implementations that expose common attributes between different OAuth 2.0 Access Token Formats.
AbstractOAuth2TokenAuthenticationToken(T) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
Sub-class constructor.
AbstractOAuth2TokenAuthenticationToken(T, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
Sub-class constructor.
AbstractOAuth2TokenAuthenticationToken(T, Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
 
AbstractPasswordEncoder - Class in org.springframework.security.crypto.password
Abstract base class for password encoders
AbstractPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.AbstractPasswordEncoder
 
AbstractPermission - Class in org.springframework.security.acls.domain
Provides an abstract superclass for Permission implementations.
AbstractPermission(int) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
Sets the permission mask and uses the '*' character to represent active bits when represented as a bit pattern string.
AbstractPermission(int, char) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
Sets the permission mask and uses the specified character for active bits.
AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth
Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.
AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 
AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
Base class for RememberMeServices implementations.
AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web
A base class for registering RequestMatcher's.
AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
 
AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel
 
AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
AbstractSaml2AuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
Data holder for AuthNRequest parameters to be sent using either the Saml2MessageBinding.POST or Saml2MessageBinding.REDIRECT binding.
AbstractSaml2AuthenticationRequest.Builder<T extends AbstractSaml2AuthenticationRequest.Builder<T>> - Class in org.springframework.security.saml2.provider.service.authentication
A builder for AbstractSaml2AuthenticationRequest and its subclasses.
AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation
A base SecurityBuilder that ensures the object being built is only built one time.
AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder
 
AbstractSecurityExpressionHandler<T> - Class in org.springframework.security.access.expression
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
AbstractSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
AbstractSecurityInterceptor - Class in org.springframework.security.access.intercept
Abstract class that implements security interception for secure objects.
AbstractSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.AbstractSecurityInterceptor
 
AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context
Registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.
AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.
AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Creates a new instance that will instantiate the ContextLoaderListener with the specified classes.
AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket
Allows configuring WebSocket Authorization.
AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
 
AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server
 
AbstractSessionEvent - Class in org.springframework.security.core.session
Abstract superclass for all session related events.
AbstractSessionEvent(Object) - Constructor for class org.springframework.security.core.session.AbstractSessionEvent
 
AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
A base class for performing session fixation protection.
AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session
 
AbstractUserDetailsAuthenticationProvider - Class in org.springframework.security.authentication.dao
A base AuthenticationProvider that allows subclasses to override and work with UserDetails objects.
AbstractUserDetailsAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
AbstractUserDetailsReactiveAuthenticationManager - Class in org.springframework.security.authentication
A base ReactiveAuthenticationManager that allows subclasses to override and work with UserDetails objects.
AbstractUserDetailsReactiveAuthenticationManager() - Constructor for class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
 
AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
Abstract base class for all of the WebClientReactive*TokenResponseClients that communicate to the Authorization Server's Token Endpoint.
acceptMediaType(MediaType) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
Specify a media type to set as the Accept header in the request.
access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Allows specifying that URLs are secured by an arbitrary expression
access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Specifies that the user must have the specified ConfigAttribute's
access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Allows specifying that Messages are secured by an arbitrary expression
Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
 
access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Allows plugging in a custom authorization strategy
ACCESS_ABSTAIN - Static variable in interface org.springframework.security.access.AccessDecisionVoter
 
ACCESS_DENIED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
 
ACCESS_DENIED - Static variable in interface org.springframework.security.oauth2.core.OAuth2ErrorCodes
access_denied - The resource owner or authorization server denied the request.
ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes
Used to cache an AccessDeniedException in the request for rendering.
ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements
 
ACCESS_GRANTED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
 
ACCESS_TOKEN - Static variable in interface org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
access_token - used in Authorization Response and Access Token Response.
AccessControlEntry - Interface in org.springframework.security.acls.model
Represents an individual permission assignment within an Acl.
AccessControlEntryImpl - Class in org.springframework.security.acls.domain
An immutable default implementation of AccessControlEntry.
AccessControlEntryImpl(Serializable, Acl, Sid, Permission, boolean, boolean, boolean) - Constructor for class org.springframework.security.acls.domain.AccessControlEntryImpl
 
AccessControlListTag - Class in org.springframework.security.taglibs.authz
An implementation of Tag that allows its body through if all authorizations are granted to the request's principal.
AccessControlListTag() - Constructor for class org.springframework.security.taglibs.authz.AccessControlListTag
 
AccessDecisionManager - Interface in org.springframework.security.access
Makes a final access control (authorization) decision.
accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Allows subclasses to provide a custom AccessDecisionManager.
accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
Allows setting the AccessDecisionManager.
AccessDecisionVoter<S> - Interface in org.springframework.security.access
Indicates a class is responsible for voting on authorization decisions.
AccessDeniedException - Exception in org.springframework.security.access
Thrown if an Authentication object does not hold a required authority.
AccessDeniedException(String) - Constructor for exception org.springframework.security.access.AccessDeniedException
Constructs an AccessDeniedException with the specified message.
AccessDeniedException(String, Throwable) - Constructor for exception org.springframework.security.access.AccessDeniedException
Constructs an AccessDeniedException with the specified message and root cause.
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Specifies the AccessDeniedHandler to be used
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Configures the ServerAccessDeniedHandler used when a CSRF token is invalid.
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
Configures what to do when an authenticated user does not hold a required authority
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Configures the ServerAccessDeniedHandler to use for requests authenticating with Bearer Tokens.
AccessDeniedHandler - Interface in org.springframework.security.web.access
Used by ExceptionTranslationFilter to handle an AccessDeniedException.
AccessDeniedHandlerImpl - Class in org.springframework.security.web.access
Base implementation of AccessDeniedHandler.
AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl
 
accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Shortcut to specify the AccessDeniedHandler to be used is a specific error page
accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
accessTokenHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this access token hash in the resulting OidcIdToken
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the account is expired or not.
accountExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the account is expired or not.
accountExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
AccountExpiredException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the account has expired.
AccountExpiredException(String) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
Constructs a AccountExpiredException with the specified message.
AccountExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
Constructs a AccountExpiredException with the specified message and root cause.
accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the account is locked or not.
accountLocked(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the account is locked or not.
accountLocked(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
AccountStatusException - Exception in org.springframework.security.authentication
Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).
AccountStatusException(String) - Constructor for exception org.springframework.security.authentication.AccountStatusException
 
AccountStatusException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountStatusException
 
AccountStatusUserDetailsChecker - Class in org.springframework.security.authentication
 
AccountStatusUserDetailsChecker() - Constructor for class org.springframework.security.authentication.AccountStatusUserDetailsChecker
 
Acl - Interface in org.springframework.security.acls.model
Represents an access control list (ACL) for a domain object.
AclAuthorizationStrategy - Interface in org.springframework.security.acls.domain
Strategy used by AclImpl to determine whether a principal is permitted to call adminstrative methods on the AclImpl.
AclAuthorizationStrategyImpl - Class in org.springframework.security.acls.domain
Default implementation of AclAuthorizationStrategy.
AclAuthorizationStrategyImpl(GrantedAuthority...) - Constructor for class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
Constructor.
AclCache - Interface in org.springframework.security.acls.model
A caching layer for JdbcAclService.
AclDataAccessException - Exception in org.springframework.security.acls.model
Abstract base class for Acl data operations.
AclDataAccessException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
Constructs an AclDataAccessException with the specified message and root cause.
AclDataAccessException(String) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
Constructs an AclDataAccessException with the specified message and no root cause.
AclEntryAfterInvocationCollectionFilteringProvider - Class in org.springframework.security.acls.afterinvocation
Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the AclService.
AclEntryAfterInvocationCollectionFilteringProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
 
AclEntryAfterInvocationProvider - Class in org.springframework.security.acls.afterinvocation
Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclService.
AclEntryAfterInvocationProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
AclEntryAfterInvocationProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
AclEntryVoter - Class in org.springframework.security.acls
Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the AclService.
AclEntryVoter(AclService, String, Permission[]) - Constructor for class org.springframework.security.acls.AclEntryVoter
 
AclFormattingUtils - Class in org.springframework.security.acls.domain
Utility methods for displaying ACL information.
AclFormattingUtils() - Constructor for class org.springframework.security.acls.domain.AclFormattingUtils
 
AclImpl - Class in org.springframework.security.acls.domain
Base implementation of Acl.
AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.domain.AclImpl
Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity) .
AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, PermissionGrantingStrategy, Acl, List<Sid>, boolean, Sid) - Constructor for class org.springframework.security.acls.domain.AclImpl
Full constructor, which should be used by persistence tools that do not provide field-level access features.
AclPermissionCacheOptimizer - Class in org.springframework.security.acls
Batch loads ACLs for collections of objects to allow optimised filtering.
AclPermissionCacheOptimizer(AclService) - Constructor for class org.springframework.security.acls.AclPermissionCacheOptimizer
 
AclPermissionEvaluator - Class in org.springframework.security.acls
Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module.
AclPermissionEvaluator(AclService) - Constructor for class org.springframework.security.acls.AclPermissionEvaluator
 
aclService - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
AclService - Interface in org.springframework.security.acls.model
Provides retrieval of Acl instances.
ACR - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
acr - the Authentication Context Class Reference
ACTIVE - Static variable in interface org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames
active - Indicator whether or not the token is currently active
ActiveDirectoryAuthenticationException - Exception in org.springframework.security.ldap.authentication.ad
Thrown as a translation of an AuthenticationException when attempting to authenticate against Active Directory using ActiveDirectoryLdapAuthenticationProvider.
ActiveDirectoryLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication.ad
Specialized LDAP authentication provider which uses Active Directory configuration conventions.
ActiveDirectoryLdapAuthenticationProvider(String, String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
 
ActiveDirectoryLdapAuthenticationProvider(String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
 
add(PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
 
add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
 
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
Deprecated.
 
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
 
addAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
addAuthority(GrantedAuthority) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
addAuthority(GrantedAuthority) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
Adds the authority to the list, unless it is already there, in which case it is ignored
addCn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
addConverters(ConverterRegistry) - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService
Adds the converters that provide type conversion for claim values to the provided ConverterRegistry.
addCustomAuthorities(String, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Allows subclasses to add their own granted authorities to the list to be returned in the UserDetails.
addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.
addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding a Filter after one of the known Filter classes.
addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Adds a WebFilter after specific position.
addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds the Filter at the location of the specified Filter class.
addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Adds a WebFilter at a specific position.
addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding a Filter before one of the known Filter classes.
addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Adds a WebFilter before specific position.
addGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager
Assigns a new authority to a group.
addGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
 
addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Adds a HeaderWriter instance
additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request.
additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
Sets the additional parameters returned in the response.
additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the additional parameter(s) used in the request.
additionalParameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Consumer to be provided access to the additional parameter(s) allowing the ability to add, replace, or remove.
addListener(SmartApplicationListener) - Method in class org.springframework.security.context.DelegatingApplicationListener
Adds a new SmartApplicationListener to use.
addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Adds an ObjectPostProcessor to be used for this SecurityConfigurerAdapter.
addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
Adds a PayloadInterceptor to be used.
ADDRESS - Static variable in interface org.springframework.security.oauth2.core.oidc.OidcScopes
The address scope requests access to the address claim.
address(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this address in the resulting OidcUserInfo
ADDRESS - Static variable in interface org.springframework.security.oauth2.core.oidc.StandardClaimNames
address - the user's preferred postal address
AddressStandardClaim - Interface in org.springframework.security.oauth2.core.oidc
The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.
addSecureMethod(Class<?>, String, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Add configuration attributes for a secure method.
addSecureMethod(Class<?>, Method, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Adds configuration attributes for a specific method, for example where the method has been matched using a pointcut expression.
addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Adds builders to create SecurityFilterChain instances.
addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
addUserToGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
Makes a user a member of a particular group.
addUserToGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
admin - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
ADMINISTRATION - Static variable in class org.springframework.security.acls.domain.BasePermission
 
AesBytesEncryptor - Class in org.springframework.security.crypto.encrypt
Encryptor that uses AES encryption.
AesBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
 
AesBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
 
AesBytesEncryptor(String, CharSequence, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
 
AesBytesEncryptor(SecretKey, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
Constructs an encryptor that uses AES encryption.
AesBytesEncryptor.CipherAlgorithm - Enum in org.springframework.security.crypto.encrypt
 
AffirmativeBased - Class in org.springframework.security.access.vote
Simple concrete implementation of AccessDecisionManager that grants access if any AccessDecisionVoter returns an affirmative response.
AffirmativeBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AffirmativeBased
 
after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
 
after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in interface org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice
 
AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
afterHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Exception) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
 
afterInvocation(InterceptorStatusToken, Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
AfterInvocationManager - Interface in org.springframework.security.access.intercept
Reviews the Object returned from a secure object invocation, being able to modify the Object or throw an AccessDeniedException.
afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
AfterInvocationProvider - Interface in org.springframework.security.access
Indicates a class is responsible for participating in an AfterInvocationProviderManager decision.
AfterInvocationProviderManager - Class in org.springframework.security.access.intercept
Provider-based implementation of AfterInvocationManager.
AfterInvocationProviderManager() - Constructor for class org.springframework.security.access.intercept.AfterInvocationProviderManager
 
afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
 
afterPropertiesSet() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Validates the required properties are set.
afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.ProviderManager
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.rcp.RemoteAuthenticationManagerImpl
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.rcp.RemoteAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.cas.authentication.EhCacheBasedTicketCache
 
afterPropertiesSet() - Method in class org.springframework.security.cas.ServiceProperties
 
afterPropertiesSet() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
Check whether all properties have been set to correct values.
afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
 
afterPropertiesSet() - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
afterPropertiesSet() - Method in class org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache
 
afterPropertiesSet() - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
afterPropertiesSet() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
afterPropertiesSet() - Method in class org.springframework.security.openid.OpenIDAuthenticationFilter
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.openid.OpenIDAuthenticationProvider
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
Check that all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy
 
afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
 
afterReceiveCompletion(Message<?>, MessageChannel, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
 
afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
 
afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
 
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
 
afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Invoked after the springSecurityFilterChain is added.
afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
Clears out the TestSecurityContextHolder and the SecurityContextHolder after each test method.
allocateToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
allocateToken(String) - Method in interface org.springframework.security.core.token.TokenService
Forces the allocation of a new Token.
allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
Allows subclasses to customise behaviour when too many sessions are detected.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
Deprecated.
Method to be implemented by base classes, used to determine if the supplied origin is allowed.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
Deprecated.
 
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
Deprecated.
 
AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
AlreadyBuiltException - Exception in org.springframework.security.config.annotation
Thrown when AbstractSecurityBuilder.build() is two or more times.
AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException
 
AlreadyExistsException - Exception in org.springframework.security.acls.model
Thrown if an Acl entry already exists for the object.
AlreadyExistsException(String) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
Constructs an AlreadyExistsException with the specified message.
AlreadyExistsException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
Constructs an AlreadyExistsException with the specified message and root cause.
alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Whether the cookie should always be created even if the remember-me parameter is not set.
AMR - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
amr - the Authentication Methods References
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Gets the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
Allows obtaining a reference to the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Returns the UserDetailsManagerConfigurer for method chaining (i.e.
and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Return the SecurityBuilder when done using the SecurityConfigurer.
and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
Return the HttpSecurity for further customizations
and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
Returns the WebSecurity to be returned for chaining.
and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
Return the SecurityBuilder when done using the SecurityConfigurer.
and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
 
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig
Allows completing configuration of Cache Control and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
Allows completing configuration of Content Security Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig
Allows customizing the HeadersConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig
Allows completing configuration of Feature Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
Allows continuing customizing the headers configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Allows completing configuration of Public Key Pinning and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
Allows completing configuration of Strict Transport Security and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
 
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
Allows completing configuration of X-XSS-Protection and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Returns the OAuth2ClientConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
Returns the OAuth2LoginConfigurer for further configuration.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
 
and() - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer
Deprecated.
Get the OpenIDLoginConfigurer to customize the OpenID configuration further
and() - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer
Deprecated.
Gets the OpenIDLoginConfigurer.AttributeExchangeConfigurer for further customization of the attributes
and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
Used to chain back to the SessionManagementConfigurer
and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
 
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec
Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
Allows method chaining to continue configuring the ServerHttpSecurity.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
 
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
 
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
Allows method chaining to continue configuring the ServerHttpSecurity
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
 
AndMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher
MessageMatcher that will return true if all of the passed in MessageMatcher instances match.
AndMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
Creates a new instance
AndMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
Creates a new instance
AndRequestMatcher - Class in org.springframework.security.web.util.matcher
RequestMatcher that will return true if all of the passed in RequestMatcher instances match.
AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
Creates a new instance
AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
Creates a new instance
AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Matches if all the provided ServerWebExchangeMatcher match
AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
 
AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
 
AnnotationMetadataExtractor<A extends java.lang.annotation.Annotation> - Interface in org.springframework.security.access.annotation
Strategy to process a custom security annotation to extract the relevant ConfigAttributes for securing a method.
AnnotationParameterNameDiscoverer - Class in org.springframework.security.core.parameters
Allows finding parameter names using the value attribute of any number of Annotation instances.
AnnotationParameterNameDiscoverer(String...) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
 
AnnotationParameterNameDiscoverer(Set<String>) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
 
anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring how an anonymous user is represented.
anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring how an anonymous user is represented.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Specify that URLs are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Specifies that an anonymous user is allowed access
anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Specify that Messages are allowed by anonymous users.
ANONYMOUS - Static variable in class org.springframework.security.config.Elements
 
anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Enables and Configures anonymous authentication.
anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Enables and Configures anonymous authentication.
anonymous() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication
Detects if there is no Authentication object in the SecurityContextHolder, and populates it with one if needed.
AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
AnonymousAuthenticationProvider - Class in org.springframework.security.authentication
An AuthenticationProvider implementation that validates AnonymousAuthenticationTokens.
AnonymousAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
AnonymousAuthenticationToken - Class in org.springframework.security.authentication
Represents an anonymous Authentication.
AnonymousAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationToken
Constructor.
AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
Detects if there is no Authentication object in the ReactiveSecurityContextHolder, and populates it with one if needed.
AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
 
AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Configures Anonymous authentication (i.e.
AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Creates a new instance
AnonymousPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
If ReactiveSecurityContextHolder is empty populates an AnonymousAuthenticationToken
AnonymousPayloadInterceptor(String) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousPayloadInterceptor(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
 
antMatcher(String) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring the HttpSecurity to only be invoked when matching the provided ant pattern.
antMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Maps a List of AntPathRequestMatcher instances.
antMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Maps a List of AntPathRequestMatcher instances.
antMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Maps a List of AntPathRequestMatcher instances that do not care which HttpMethod is used.
AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher
Matcher which compares a pre-defined ant-style pattern against the URL ( servletPath + pathInfo) of an HttpServletRequest.
AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.
AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.
AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern which will match the specified Http method
AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern which will match the specified Http method
ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
ANY_MESSAGE - Static variable in interface org.springframework.security.messaging.util.matcher.MessageMatcher
Matches every Message
anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
Always matches
anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
Maps any request.
anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
Disables authorization.
anyExchange() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
 
anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Matches any exchange
anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Maps any Message to a security expression.
anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
Matches if PayloadExchangeType.isRequest() is true, else not a match
anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Maps any request.
anyRequest() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
 
AnyRequestMatcher - Class in org.springframework.security.web.util.matcher
Matches any supplied request.
ApacheDSContainer - Class in org.springframework.security.ldap.server
Deprecated.
Use UnboundIdContainer instead because ApacheDS 1.x is no longer supported with no GA version to replace it.
ApacheDSContainer(String, String) - Constructor for class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Applies a SecurityConfigurer to this SecurityBuilder overriding any SecurityConfigurer of the exact same class.
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
 
apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor
 
apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
Deprecated.
apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Deprecated.
Argon2PasswordEncoder - Class in org.springframework.security.crypto.argon2
Implementation of PasswordEncoder that uses the Argon2 hashing function.
Argon2PasswordEncoder() - Constructor for class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
 
Argon2PasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
 
asHeader() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
Instead of using the CsrfToken as a request parameter (default) will populate the CsrfToken as a header.
AspectJCallback - Interface in org.springframework.security.access.intercept.aspectj
Called by the AspectJMethodSecurityInterceptor when it wishes for the AspectJ processing to continue.
AspectJMethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aspectj
AspectJ JoinPoint security interceptor which wraps the JoinPoint in a MethodInvocation adapter to make it compatible with security infrastructure classes which only support MethodInvocations.
AspectJMethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
 
assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Apply this Consumer to further configure the Asserting Party details
assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Set the AssertionConsumerService Binding.
assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Set the AssertionConsumerService Location.
assertionConsumerServiceUrl(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest.Builder
Deprecated.
Sets the assertionConsumerServiceURL for the authentication request.
assertionConsumerServiceUrl(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext.Builder
Sets the assertionConsumerServiceURL for the authentication request.
assertionConsumerServiceUrlTemplate(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
AT_HASH - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
at_hash - the Access Token hash value
ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser
 
ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
Optionally defines an ldif resource to be loaded.
ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
Defines the port the LDAP_PROVIDER server should run on
ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
sets the configuration suffix (default is "dc=springframework,dc=org").
ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
attemptAuthentication(String, String) - Method in interface org.springframework.security.authentication.rcp.RemoteAuthenticationManager
Attempts to authenticate the remote client using the presented username and password.
attemptAuthentication(String, String) - Method in class org.springframework.security.authentication.rcp.RemoteAuthenticationManagerImpl
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.openid.OpenIDAuthenticationFilter
Deprecated.
Authentication has two phases.
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Performs actual authentication.
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Attempt to exit from an already switched user.
attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Attempt to switch to another user.
attribute(OpenIDAttribute) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer
Deprecated.
Adds an OpenIDAttribute to be obtained for the configured OpenID pattern.
attribute(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer
Deprecated.
Adds an OpenIDAttribute with the given name
attribute(Customizer<OpenIDLoginConfigurer<H>.AttributeExchangeConfigurer.AttributeConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer
Deprecated.
Adds an OpenIDAttribute named "default-attribute".
attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
Sets an attribute associated to the context.
attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
Sets an attribute associated to the request.
attributeExchange(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
Sets up OpenID attribute exchange for OpenID's matching the specified pattern.
attributeExchange(Customizer<OpenIDLoginConfigurer<H>.AttributeExchangeConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
Sets up OpenID attribute exchange for OpenIDs matching the specified pattern.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
Provides a Consumer access to the attributes associated to the context.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
Provides a Consumer access to the attributes associated to the request.
attributes(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the attributes associated to the request.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Consumer to be provided access to the attribute(s) allowing the ability to add, replace, or remove.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Mutate the attributes using the given Consumer
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Mutate the attributes using the given Consumer
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Mutate the attributes using the given Consumer
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Mutate the attributes using the given Consumer
Attributes2GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping
Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security GrantedAuthoritys.
AUD - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
aud - the Audience(s) that the ID Token is intended for
AUD - Static variable in interface org.springframework.security.oauth2.jwt.JwtClaimNames
aud - the Audience claim identifies the recipient(s) that the JWT is intended for
audience(Collection<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this audience in the resulting OidcIdToken
audience(Collection<String>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this audience in the resulting Jwt
AUDIENCE - Static variable in interface org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames
aud - The intended audience for the token
AuditableAccessControlEntry - Interface in org.springframework.security.acls.model
Represents an ACE that provides auditing information.
AuditableAcl - Interface in org.springframework.security.acls.model
A mutable ACL that provides audit capabilities.
AuditLogger - Interface in org.springframework.security.acls.domain
Used by AclImpl to log audit events.
AUTH_TIME - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
auth_time - the time when the End-User authentication occurred
authenticate(Authentication) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationManager
Attempts to authenticate the passed Authentication object, returning a fully populated Authentication object (including granted authorities) if successful.
authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationProvider
Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
authenticate(Authentication) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Attempts to login the user given the Authentication objects principal and credential
authenticate(Authentication) - Method in class org.springframework.security.authentication.ProviderManager
Attempts to authenticate the passed Authentication object.
authenticate(Authentication) - Method in class org.springframework.security.authentication.rcp.RemoteAuthenticationProvider
 
authenticate(Authentication) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManager
Attempts to authenticate the provided Authentication
authenticate(Authentication) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
 
authenticate(Authentication) - Method in interface org.springframework.security.ldap.authentication.LdapAuthenticator
Authenticates as a user and obtains additional user information from the directory.
authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
Decode and validate the Bearer Token.
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
Introspect and validate the opaque Bearer Token.
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.openid.OpenIDAuthenticationProvider
Deprecated.
 
authenticate(Authentication) - Method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Authenticate the given PreAuthenticatedAuthenticationToken.
authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
 
authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Specify that URLs are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Specify that Messages are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require an authenticated user
authenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
ResultMatcher that verifies that a specified user is authenticated.
AuthenticatedPrincipal - Interface in org.springframework.security.core
Representation of an authenticated Principal once an Authentication request has been successfully authenticated by the AuthenticationManager.authenticate(Authentication) method.
AuthenticatedPrincipalOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web
An implementation of an OAuth2AuthorizedClientRepository that delegates to the provided OAuth2AuthorizedClientService if the current Principal is authenticated, otherwise, to the default (or provided) OAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous).
AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
Constructs a AuthenticatedPrincipalOAuth2AuthorizedClientRepository using the provided parameters.
AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server
An implementation of an ServerOAuth2AuthorizedClientRepository that delegates to the provided ServerOAuth2AuthorizedClientRepository if the current Principal is authenticated, otherwise, to the default (or provided) ServerOAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous).
AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
Creates an instance
AuthenticatedReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
A ReactiveAuthorizationManager that determines if the current user is authenticated.
authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
AuthenticatedVoter - Class in org.springframework.security.access.vote
Votes if a ConfigAttribute.getAttribute() of IS_AUTHENTICATED_FULLY or IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY is present.
AuthenticatedVoter() - Constructor for class org.springframework.security.access.vote.AuthenticatedVoter
 
authentication - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
Authentication - Interface in org.springframework.security.core
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the AuthenticationManager.authenticate(Authentication) method.
authentication(Authentication) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the Authentication used to look up and save the OAuth2AuthorizedClient.
authentication(Authentication) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails.
AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes
Used to cache an authentication-failure exception in the session.
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds
The "global" AuthenticationManager instance, registered by the <authentication-manager> element
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements
 
AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
 
AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
AuthenticationCancelledException - Exception in org.springframework.security.openid
Deprecated.
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
AuthenticationCancelledException(String) - Constructor for exception org.springframework.security.openid.AuthenticationCancelledException
Deprecated.
 
AuthenticationCancelledException(String, Throwable) - Constructor for exception org.springframework.security.openid.AuthenticationCancelledException
Deprecated.
 
AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration
Exports the authentication Configuration
AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
authenticationContextClass(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authentication context class reference in the resulting OidcIdToken
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Use this AuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Sets the converter to use
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the converter to use
AuthenticationConverter - Interface in org.springframework.security.web.authentication
A strategy used for converting from a HttpServletRequest to an Authentication of particular type.
AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication
Matches if the ServerAuthenticationConverter can convert a ServerWebExchange to an Authentication.
AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
 
AuthenticationCredentialsNotFoundEvent - Class in org.springframework.security.access.event
Indicates a secure object invocation failed because the Authentication could not be obtained from the SecurityContextHolder.
AuthenticationCredentialsNotFoundEvent(Object, Collection<ConfigAttribute>, AuthenticationCredentialsNotFoundException) - Constructor for class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
Construct the event.
AuthenticationCredentialsNotFoundException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because there is no Authentication object in the SecurityContext.
AuthenticationCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
Constructs an AuthenticationCredentialsNotFoundException with the specified message.
AuthenticationCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
Constructs an AuthenticationCredentialsNotFoundException with the specified message and root cause.
AuthenticationDetailsSource<C,T> - Interface in org.springframework.security.authentication
Provides a Authentication.getDetails() object for a given web request.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies a custom AuthenticationDetailsSource.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
Specifies a custom AuthenticationDetailsSource to use for basic authentication.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Sets the AuthenticationEntryPoint to be used.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
Configures what to do when the application request authentication
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
How to request for authentication.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
Allows easily setting the entry point.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Configures the ServerAuthenticationEntryPoint to use for requests authenticating with Bearer Tokens.
AuthenticationEntryPoint - Interface in org.springframework.security.web
Used by ExceptionTranslationFilter to commence an authentication scheme.
AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication
AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
 
AuthenticationEventPublisher - Interface in org.springframework.security.authentication
 
authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
AuthenticationException - Exception in org.springframework.security.core
Abstract superclass for all exceptions related to an Authentication object being invalid for whatever reason.
AuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.core.AuthenticationException
Constructs an AuthenticationException with the specified message and root cause.
AuthenticationException(String) - Constructor for exception org.springframework.security.core.AuthenticationException
Constructs an AuthenticationException with the specified message and no root cause.
AuthenticationFailureBadCredentialsEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to invalid credentials being presented.
AuthenticationFailureBadCredentialsEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
 
AuthenticationFailureCredentialsExpiredEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's credentials having expired.
AuthenticationFailureCredentialsExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent
 
AuthenticationFailureDisabledEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's account being disabled.
AuthenticationFailureDisabledEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent
 
AuthenticationFailureExpiredEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's account having expired.
AuthenticationFailureExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent
 
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Configures how a failed authentication is handled.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
The ServerAuthenticationFailureHandler used after authentication failure.
AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication
Strategy used to handle a failed authentication attempt.
AuthenticationFailureLockedEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's account having been locked.
AuthenticationFailureLockedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureLockedEvent
 
AuthenticationFailureProviderNotFoundEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to there being no registered AuthenticationProvider that can process the request.
AuthenticationFailureProviderNotFoundEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent
 
AuthenticationFailureProxyUntrustedEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy.
AuthenticationFailureProxyUntrustedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent
 
AuthenticationFailureServiceExceptionEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to there being a problem internal to the AuthenticationManager.
AuthenticationFailureServiceExceptionEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent
 
authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the AnonymousAuthenticationFilter used to populate an anonymous user.
authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the AnonymousAuthenticationWebFilter used to populate an anonymous user.
AuthenticationFilter - Class in org.springframework.security.web.authentication
A Filter that performs authentication of a particular request.
AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
 
AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
 
AuthenticationManager - Interface in org.springframework.security.authentication
Processes an Authentication request.
authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Allows providing a custom AuthenticationManager.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
 
authenticationManager() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Gets the AuthenticationManager to use.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
 
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
 
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configure the default authentication manager.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Configures the ReactiveAuthenticationManager to use
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
 
authenticationManagerBean() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Override this method to expose the AuthenticationManager from WebSecurityConfigurerAdapter.configure(AuthenticationManagerBuilder) to be exposed as a Bean.
AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication
Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.
AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
 
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication
Provider which doesn't provide any service.
AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders
AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Creates a new instance
authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication
Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.
AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
AuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication
An interface for resolving an AuthenticationManager based on the provided context
authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the matcher used for determining if the request is an authentication request.
AuthenticationMethod - Class in org.springframework.security.oauth2.core
The authentication method used when sending bearer access tokens in resource requests to resource servers.
AuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.AuthenticationMethod
Constructs an AuthenticationMethod using the provided value.
authenticationMethods(List<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use these authentication methods in the resulting OidcIdToken
AuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
AuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
 
AuthenticationPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
Uses the provided ReactiveAuthenticationManager to authenticate a Payload.
AuthenticationPayloadInterceptor(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
Creates a new instance
AuthenticationPrincipal - Annotation Type in org.springframework.security.core.annotation
Annotation that is used to resolve Authentication.getPrincipal() to a method argument.
AuthenticationPrincipal - Annotation Type in org.springframework.security.web.bind.annotation
Deprecated.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.context
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
 
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
 
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support
Deprecated.
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Deprecated.
 
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
 
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
Resolves the Authentication
AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
 
AuthenticationProvider - Interface in org.springframework.security.authentication
Indicates a class can process a specific Authentication implementation.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder
Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the AuthenticationProvider used to validate an anonymous user.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding an additional AuthenticationProvider to be used
AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication
Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.
AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
 
authenticationRequestUri(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Sets the authenticationRequestUri, a URL that will receive the AuthNRequest message
AuthenticationServiceException - Exception in org.springframework.security.authentication
Thrown if an authentication request could not be processed due to a system problem.
AuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
Constructs an AuthenticationServiceException with the specified message.
AuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
Constructs an AuthenticationServiceException with the specified message and root cause.
AuthenticationSimpleHttpInvokerRequestExecutor - Class in org.springframework.security.remoting.httpinvoker
Adds BASIC authentication support to SimpleHttpInvokerRequestExecutor.
AuthenticationSimpleHttpInvokerRequestExecutor() - Constructor for class org.springframework.security.remoting.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor
 
AuthenticationSuccessEvent - Class in org.springframework.security.authentication.event
Application event which indicates successful authentication.
AuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AuthenticationSuccessEvent
 
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
The ServerAuthenticationSuccessHandler used after authentication success.
AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication
Strategy used to handle a successful user authentication.
AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser
Application event which indicates that a user context switch.
AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
Switch user context event constructor
AuthenticationTag - Class in org.springframework.security.taglibs.authz
An Tag implementation that allows convenient access to the current Authentication object.
AuthenticationTag() - Constructor for class org.springframework.security.taglibs.authz.AuthenticationTag
 
AuthenticationTrustResolver - Interface in org.springframework.security.authentication
Evaluates Authentication tokens
AuthenticationTrustResolverImpl - Class in org.springframework.security.authentication
Basic implementation of AuthenticationTrustResolver.
AuthenticationTrustResolverImpl() - Constructor for class org.springframework.security.authentication.AuthenticationTrustResolverImpl
 
authenticationUserDetailsService(AuthenticationUserDetailsService<OpenIDAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
Specifies the AuthenticationUserDetailsService to use.
AuthenticationUserDetailsService<T extends Authentication> - Interface in org.springframework.security.core.userdetails
Interface that allows for retrieving a UserDetails object based on an Authentication object.
AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
A WebFilter that performs authentication of a particular request.
AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Creates an instance
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Creates an instance
authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the authorities.
authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the authorities.
authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the authorities.
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the Authentication.getAuthorities() for anonymous users
authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the Authentication.getAuthorities() for anonymous users
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the Authentication.getAuthorities() for anonymous users
authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the Authentication.getAuthorities() for anonymous users
authorities(GrantedAuthority...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the authorities.
authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the authorities.
authorities(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the authorities.
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Use the provided authorities in the token
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Use the provided authorities in the token
authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Provides the configured Jwt so that custom authorities can be derived from it
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Use the provided authorities in the resulting principal
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Use the provided authorities in the resulting principal
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the GrantedAuthoritys to use.
authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the GrantedAuthoritys to use.
authorities(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the GrantedAuthoritys to use.
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Use the provided authorities in the token
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Use the provided authorities in the token
authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Provides the configured Jwt so that custom authorities can be derived from it
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Use the provided authorities in the resulting principal
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Use the provided authorities in the resulting principal
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Populates the user's GrantedAuthority's.
authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Populates the user's GrantedAuthority's.
authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Sets the query to be used for finding a user's authorities by their username.
authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
AuthorityGranter - Interface in org.springframework.security.authentication.jaas
The AuthorityGranter interface is used to map a given principal to role names.
authorityListToSet(Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Converts an array of GrantedAuthority objects to a Set.
AuthorityReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
A ReactiveAuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.
AuthorityUtils - Class in org.springframework.security.core.authority
Utility method for manipulating GrantedAuthority collections etc.
AUTHORIZATION_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
authorizationCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the authorization_code grant.
authorizationCode() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the authorization_code grant.
authorizationCode() - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns a new OAuth2AuthorizationRequest.Builder, initialized with the authorization code grant type.
authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Returns the OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer for configuring the OAuth 2.0 Authorization Code Grant.
authorizationCodeGrant(Customizer<OAuth2ClientConfigurer<B>.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Configures the OAuth 2.0 Authorization Code Grant.
authorizationCodeHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authorization code hash in the resulting OidcIdToken
AuthorizationCodeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the authorization_code grant.
AuthorizationCodeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
 
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientProvider for the authorization_code grant.
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
 
AuthorizationContext - Class in org.springframework.security.web.server.authorization
 
AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
 
AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
 
AuthorizationDecision - Class in org.springframework.security.authorization
 
AuthorizationDecision(boolean) - Constructor for class org.springframework.security.authorization.AuthorizationDecision
 
authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Returns the OAuth2LoginConfigurer.AuthorizationEndpointConfig for configuring the Authorization Server's Authorization Endpoint.
authorizationEndpoint(Customizer<OAuth2LoginConfigurer<B>.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Configures the Authorization Server's Authorization Endpoint.
AuthorizationFailureEvent - Class in org.springframework.security.access.event
Indicates a secure object invocation failed because the principal could not be authorized for the request.
AuthorizationFailureEvent(Object, Collection<ConfigAttribute>, Authentication, AccessDeniedException) - Constructor for class org.springframework.security.access.event.AuthorizationFailureEvent
Construct the event.
authorizationGrantType(AuthorizationGrantType) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the authorization grant type used for the client.
AuthorizationGrantType - Class in org.springframework.security.oauth2.core
An authorization grant is a credential representing the resource owner's authorization (to access it's protected resources) to the client and used by the client to obtain an access token.
AuthorizationGrantType(String) - Constructor for class org.springframework.security.oauth2.core.AuthorizationGrantType
Constructs an AuthorizationGrantType using the provided value.
AuthorizationPayloadInterceptor - Class in org.springframework.security.rsocket.authorization
Provides authorization of the PayloadExchange.
AuthorizationPayloadInterceptor(ReactiveAuthorizationManager<PayloadExchange>) - Constructor for class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
 
authorizationRequestBaseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer
Deprecated.
Sets the base URI used for authorization requests.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Sets the repository to use for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the repository to use for storing OAuth2AuthorizationRequest's.
AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web
Implementations of this interface are responsible for the persistence of OAuth2AuthorizationRequest between requests.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the URI string representation of the OAuth 2.0 Authorization Request.
authorizationRequestUri(Function<UriBuilder, URI>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Function to be provided a UriBuilder representation of the OAuth 2.0 Authorization Request allowing for further customizations.
AuthorizationServiceException - Exception in org.springframework.security.access
Thrown if an authorization request could not be processed due to a system problem.
AuthorizationServiceException(String) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
Constructs an AuthorizationServiceException with the specified message.
AuthorizationServiceException(String, Throwable) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
Constructs an AuthorizationServiceException with the specified message and root cause.
authorizationUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the uri for the authorization endpoint.
authorizationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the uri for the authorization endpoint.
AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization
 
AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter
 
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
Attempt to authorize the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
Attempt to authorize the client in the provided context.
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
 
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
 
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
 
authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager
Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
Attempt to re-authorize the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
Attempt to re-authorize the client in the provided context.
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
 
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
 
authorize() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Make an authorization decision by considering all <authorize> tag attributes.
authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Sets the repository for authorized client(s).
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the repository for authorized client(s).
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Sets the service for authorized client(s).
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the service for authorized client(s).
authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
AuthorizedClientServiceOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientManager that is capable of operating outside of the context of a HttpServletRequest, e.g.
AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
Constructs an AuthorizedClientServiceOAuth2AuthorizedClientManager using the provided parameters.
AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
The default implementation of the contextAttributesMapper.
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientManager that is capable of operating outside of the context of a ServerWebExchange, e.g.
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
Constructs an AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager using the provided parameters.
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
The default implementation of the contextAttributesMapper.
AuthorizedEvent - Class in org.springframework.security.access.event
Event indicating a secure object was invoked successfully.
AuthorizedEvent(Object, Collection<ConfigAttribute>, Authentication) - Constructor for class org.springframework.security.access.event.AuthorizedEvent
Construct the event.
authorizedParty(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authorized party in the resulting OidcIdToken
authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures authorization.
authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures authorization.
AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 
authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.
authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.
authorizeUsingAccessExpression() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Make an authorization decision based on a Spring EL expression.
authorizeUsingUrlCheck() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Make an authorization decision based on the URL and HTTP method attributes.
authTime(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authentication Instant in the resulting OidcIdToken
autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
 
autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration
A class used to get all the WebSecurityConfigurer instances from the current ApplicationContext but ignoring the parent.
autowiredWebSecurityConfigurersIgnoreParents(ConfigurableListableBeanFactory) - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
awaitTermination(long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
AxFetchListFactory - Interface in org.springframework.security.openid
Deprecated.
The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by spring-security-oauth2.
AZP - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
azp - the Authorized party to which the ID Token was issued

B

BadCredentialsException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the credentials are invalid.
BadCredentialsException(String) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
Constructs a BadCredentialsException with the specified message.
BadCredentialsException(String, Throwable) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
Constructs a BadCredentialsException with the specified message and root cause.
BadJwtException - Exception in org.springframework.security.oauth2.jwt
An exception similar to BadCredentialsException that indicates a Jwt that is invalid in some way.
BadJwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
 
BadJwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
 
BadOpaqueTokenException - Exception in org.springframework.security.oauth2.server.resource.introspection
An exception similar to BadCredentialsException that indicates an opaque token that is invalid in some way.
BadOpaqueTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
 
BadOpaqueTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
 
Base64 - Class in org.springframework.security.crypto.codec
Deprecated.
Use java.util.Base64
Base64StringKeyGenerator - Class in org.springframework.security.crypto.keygen
A StringKeyGenerator that generates base64-encoded String keys.
Base64StringKeyGenerator() - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with keyLength of 32 bytes and standard Base64 encoding.
Base64StringKeyGenerator(int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with the provided key length in bytes and standard Base64 encoding.
Base64StringKeyGenerator(Base64.Encoder) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with keyLength of 32 bytes and the provided encoder.
Base64StringKeyGenerator(Base64.Encoder, int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with the provided key length and encoder.
BasePermission - Class in org.springframework.security.acls.domain
A set of standard permissions.
BasePermission(int) - Constructor for class org.springframework.security.acls.domain.BasePermission
 
BasePermission(int, char) - Constructor for class org.springframework.security.acls.domain.BasePermission
 
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the base URI used for authorization requests.
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
Sets the URI where the authorization response will be processed.
BASIC - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Deprecated.
 
BASIC_AUTH - Static variable in class org.springframework.security.config.Elements
 
BASIC_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
Deprecated.
Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www
Converts from a HttpServletRequest to UsernamePasswordAuthenticationToken that can be authenticated.
BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
BasicAuthenticationDecoder - Class in org.springframework.security.rsocket.metadata
Deprecated.
Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
BasicAuthenticationDecoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
Deprecated.
 
BasicAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
Deprecated.
Basic Authentication did not evolve into a standard. use SimpleAuthenticationEncoder
BasicAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
Deprecated.
 
BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
Used by the ExceptionTranslationFilter to commence authentication via the BasicAuthenticationFilter.
BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www
Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.
BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Creates an instance which will authenticate against the supplied AuthenticationManager and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain.
BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Creates an instance which will authenticate against the supplied AuthenticationManager and use the supplied AuthenticationEntryPoint to handle authentication failures.
BasicAuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
BasicAuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
 
BasicLookupStrategy - Class in org.springframework.security.acls.jdbc
Performs lookups in a manner that is compatible with ANSI SQL.
BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
Constructor accepting mandatory arguments
BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, PermissionGrantingStrategy) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
Creates a new instance
BCrypt - Class in org.springframework.security.crypto.bcrypt
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
BCrypt() - Constructor for class org.springframework.security.crypto.bcrypt.BCrypt
 
BCryptPasswordEncoder - Class in org.springframework.security.crypto.bcrypt
Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
BCryptPasswordEncoder() - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder.BCryptVersion - Enum in org.springframework.security.crypto.bcrypt
Stores the default bcrypt version for use in configuration.
BeanIds - Class in org.springframework.security.config
Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.
BeanIds() - Constructor for class org.springframework.security.config.BeanIds
 
BEARER - Static variable in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
 
BEARER_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.BearerTokenMetadata
Deprecated.
Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
BearerPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
BearerPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
 
bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders
Sets the provided value as a Bearer token in a header with the name of HttpHeaders.AUTHORIZATION
BearerTokenAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access
Translates any AccessDeniedException into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate.
BearerTokenAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
 
BearerTokenAuthentication - Class in org.springframework.security.oauth2.server.resource.authentication
An Authentication token that represents a successful authentication as obtained through a bearer token.
BearerTokenAuthentication(OAuth2AuthenticatedPrincipal, OAuth2AccessToken, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
Constructs a BearerTokenAuthentication with the provided arguments
BearerTokenAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
BearerTokenAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
 
BearerTokenAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web
An AuthenticationEntryPoint implementation used to commence authentication of protected resource requests using BearerTokenAuthenticationFilter.
BearerTokenAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
 
BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web
Authenticates requests that contain an OAuth 2.0 Bearer Token.
BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource
An Authentication that contains a Bearer Token.
BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken
Create a BearerTokenAuthenticationToken using the provided parameter(s)
bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Configures the ServerAuthenticationConverter to use for requests authenticating with Bearer Tokens.
BearerTokenError - Class in org.springframework.security.oauth2.server.resource
A representation of a Bearer Token Error.
BearerTokenError(String, HttpStatus, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
Create a BearerTokenError using the provided parameters
BearerTokenError(String, HttpStatus, String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
Create a BearerTokenError using the provided parameters
BearerTokenErrorCodes - Interface in org.springframework.security.oauth2.server.resource
Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token Usage.
BearerTokenErrors - Class in org.springframework.security.oauth2.server.resource
A factory for creating BearerTokenError instances that correspond to the registered Bearer Token Error Codes.
BearerTokenMetadata - Class in org.springframework.security.rsocket.metadata
Represents a bearer token that has been encoded into a Payload#metadata().
BearerTokenMetadata(String) - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenMetadata
 
bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
BearerTokenResolver - Interface in org.springframework.security.oauth2.server.resource.web
A strategy for resolving Bearer Tokens from the HttpServletRequest.
BearerTokenServerAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access.server
Translates any AccessDeniedException into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate.
BearerTokenServerAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
 
BearerTokenServerAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web.server
An AuthenticationEntryPoint implementation used to commence authentication of protected resource requests using BearerTokenAuthenticationFilter.
BearerTokenServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
 
before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
 
before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in interface org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice
The "before" advice which should be executed to perform any filtering necessary and to decide whether the method call is authorised.
beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
 
beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Invoked prior to invoking each SecurityConfigurer.configure(SecurityBuilder) method.
beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
beforeHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Map<String, Object>) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
 
beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Invoked prior to invoking each SecurityConfigurer.init(SecurityBuilder) method.
beforeInvocation(Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Invoked before the springSecurityFilterChain is added.
beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
If configured before test execution sets the SecurityContext
beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
Sets up the SecurityContext for each test method.
beginConsumption(HttpServletRequest, String, String, String) - Method in class org.springframework.security.openid.OpenID4JavaConsumer
Deprecated.
 
beginConsumption(HttpServletRequest, String, String, String) - Method in interface org.springframework.security.openid.OpenIDConsumer
Deprecated.
Given the request, the claimedIdentity, the return to url, and a realm, lookup the openId authentication page the user should be redirected to.
BindAuthenticator - Class in org.springframework.security.ldap.authentication
An authenticator which binds as a user.
BindAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.BindAuthenticator
Create an initialized instance using the BaseLdapPathContextSource provided.
binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder
Deprecated.
Sets the message binding to be used when sending an AuthNRequest message
birthdate(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this birthdate in the resulting OidcUserInfo
BIRTHDATE - Static variable in interface org.springframework.security.oauth2.core.oidc.StandardClaimNames
birthdate - the user's birth date
block(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
If false, will not specify the mode as blocked.
BouncyCastleAesCbcBytesEncryptor - Class in org.springframework.security.crypto.encrypt
An Encryptor equivalent to AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.CBC that uses Bouncy Castle instead of JCE.
BouncyCastleAesCbcBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
 
BouncyCastleAesCbcBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
 
BouncyCastleAesGcmBytesEncryptor - Class in org.springframework.security.crypto.encrypt
An Encryptor equivalent to AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.GCM that uses Bouncy Castle instead of JCE.
BouncyCastleAesGcmBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
 
BouncyCastleAesGcmBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
 
build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
 
build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder
Builds the object and returns it or null.
build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
build() - Method in class org.springframework.security.core.userdetails.User.UserBuilder
 
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Builds an instance of DelegatingOAuth2AuthorizedClientProvider composed of one or more OAuth2AuthorizedClientProvider(s).
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Builds a new ClientRegistration.
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
build() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
build() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Build the OidcIdToken
build() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Build the OidcUserInfo
build() - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Build the Jwt
build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Build the configured NimbusJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
Build the configured NimbusJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
Build the configured NimbusJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
 
build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest.Builder
Deprecated.
Creates a Saml2AuthenticationRequest object.
build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext.Builder
build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.Builder
Constructs an immutable Saml2PostAuthenticationRequest object.
build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
Constructs an immutable Saml2RedirectAuthenticationRequest object.
build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Constructs a RelyingPartyRegistration object based on the builder configurations
build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder
Deprecated.
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
 
build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
 
buildDetails(C) - Method in interface org.springframework.security.authentication.AuthenticationDetailsSource
Called by a class when it wishes a new authentication details instance to be created.
buildDetails(HttpServletRequest) - Method in class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
 
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
Builds the authentication details object.
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 
buildDn(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
Assembles the Distinguished Name that should be used the given username.
buildDn(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper
 
builder() - Static method in class org.springframework.security.core.userdetails.User
Creates a UserBuilder
builder() - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Returns a new OAuth2AuthorizedClientProviderBuilder for configuring the supported authorization grant(s).
builder() - Static method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Returns a new ReactiveOAuth2AuthorizedClientProviderBuilder for configuring the supported authorization grant(s).
Builder() - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Default constructor.
Builder(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Constructs and initializes the address attributes using the provided addressFields.
builder() - Static method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
builder() - Static method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
 
Builder() - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
 
builder() - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest
Deprecated.
builder() - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext
Builder() - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
 
Builder() - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder
Deprecated.
 
Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
 
builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
 
Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
 
buildFromMask(int) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
buildFromMask(int) - Method in interface org.springframework.security.acls.domain.PermissionFactory
Dynamically creates a CumulativePermission or BasePermission representing the active bits in the passed mask.
buildFromName(String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
buildFromName(String) - Method in interface org.springframework.security.acls.domain.PermissionFactory
 
buildFromNames(List<String>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
buildFromNames(List<String>) - Method in interface org.springframework.security.acls.domain.PermissionFactory
 
buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
 
buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils
Obtains the full URL the client used to make the request.
buildGroupDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Creates a DN from a group name.
buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Builds a URL to redirect the supplied request to HTTPS.
buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
 
buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
 
buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
Obtains the web application-specific fragment of the request URL.
buildReturnToUrl(HttpServletRequest) - Method in class org.springframework.security.openid.OpenIDAuthenticationFilter
Deprecated.
Builds the return_to URL that will be sent to the OpenID service provider.
buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.intercept.RunAsManager
Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.
buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
 
BytesEncryptor - Interface in org.springframework.security.crypto.encrypt
Service interface for symmetric data encryption.
BytesKeyGenerator - Interface in org.springframework.security.crypto.keygen
A generator for unique byte array-based keys.

C

C_HASH - Static variable in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
c_hash - the Authorization Code hash value
cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures cache control headers
cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures cache control headers
cache(Cache) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Use the given Cache to store JWK Set.
CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
The value for cache control value
cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows customizing the CacheControlHeadersWriter.
cacheControl(Customizer<HeadersConfigurer<H>.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows customizing the CacheControlHeadersWriter.
CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers
Inserts headers to prevent caching if no cache control headers have been specified.
CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter
Creates a new instance
CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes cache control related headers.
CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
 
cachePermissionsFor(Authentication, Collection<?>) - Method in interface org.springframework.security.access.PermissionCacheOptimizer
Optimises the permission cache for anticipated operation on the supplied collection of objects.
cachePermissionsFor(Authentication, Collection<?>) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
 
CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
CachingUserDetailsService - Class in org.springframework.security.authentication
 
CachingUserDetailsService(UserDetailsService) - Constructor for class org.springframework.security.authentication.CachingUserDetailsService
 
calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
Calculates the validity period in seconds for a newly generated remember-me login.
calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
 
call() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
 
cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
canRead(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
canWrite(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
CAS_STATEFUL_IDENTIFIER - Static variable in class org.springframework.security.cas.web.CasAuthenticationFilter
Used to identify a CAS request for a stateful user agent, such as a web browser.
CAS_STATELESS_IDENTIFIER - Static variable in class org.springframework.security.cas.web.CasAuthenticationFilter
Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (e.g.
CasAssertionAuthenticationToken - Class in org.springframework.security.cas.authentication
Temporary authentication object needed to load the user details service.
CasAssertionAuthenticationToken(Assertion, String) - Constructor for class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
 
CasAuthenticationEntryPoint - Class in org.springframework.security.cas.web
Used by the ExceptionTranslationFilter to commence authentication via the JA-SIG Central Authentication Service (CAS).
CasAuthenticationEntryPoint() - Constructor for class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
CasAuthenticationFilter - Class in org.springframework.security.cas.web
Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy tickets.
CasAuthenticationFilter() - Constructor for class org.springframework.security.cas.web.CasAuthenticationFilter
 
CasAuthenticationProvider - Class in org.springframework.security.cas.authentication
An AuthenticationProvider implementation that integrates with JA-SIG Central Authentication Service (CAS).
CasAuthenticationProvider() - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
CasAuthenticationToken - Class in org.springframework.security.cas.authentication
Represents a successful CAS Authentication.
CasAuthenticationToken(String, Object, Object, Collection<? extends GrantedAuthority>, UserDetails, Assertion) - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationToken
Constructor.
CasJackson2Module - Class in org.springframework.security.cas.jackson2
Jackson module for spring-security-cas.
CasJackson2Module() - Constructor for class org.springframework.security.cas.jackson2.CasJackson2Module
 
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
 
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
 
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
 
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
 
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
 
CHANGE_AUDITING - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
CHANGE_GENERAL - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
CHANGE_OWNERSHIP - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
changePassword(String, String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Changes the password for the current user.
changePassword(String, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
changePassword(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
changePassword(String, String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Modify the current user's password.
changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
Specifies that the Servlet container-provided session fixation protection should be used.
ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
Uses HttpServletRequest.changeSessionId() to protect against session fixation attacks.
ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
 
ChannelAttributeFactory - Class in org.springframework.security.config.http
Used as a factory bean to create config attribute values for the requires-channel attribute.
ChannelDecisionManager - Interface in org.springframework.security.web.access.channel
Decides whether a web channel provides sufficient security.
ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel
Implementation of ChannelDecisionManager.
ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
ChannelEntryPoint - Interface in org.springframework.security.web.access.channel
May be used by a ChannelProcessor to launch a web channel.
ChannelProcessingFilter - Class in org.springframework.security.web.access.channel
Ensures a web request is delivered over the required channel.
ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
ChannelProcessor - Interface in org.springframework.security.web.access.channel
Decides whether a web channel meets a specific security condition.
channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
Sets the ChannelProcessor instances to use in ChannelDecisionManagerImpl
ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds channel security (i.e.
ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
Creates a new instance
ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
 
ChannelSecurityConfigurer.MvcMatchersRequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
 
ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
 
ChannelSecurityInterceptor - Class in org.springframework.security.messaging.access.intercept
Performs security handling of Message resources via a ChannelInterceptor implementation.
ChannelSecurityInterceptor(MessageSecurityMetadataSource) - Constructor for class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Creates a new instance
check(UserDetails) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
 
check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
 
check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
 
check(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
Determines if access is granted for a specific authentication and object.
check(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserDetailsChecker
Examines the User
check(Mono<Authentication>, PayloadExchange) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
 
check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
 
checkAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
 
checkpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Check that a plaintext password matches a previously hashed one
checkpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Check that a password (as a byte array) matches a previously hashed one
ChildrenExistException - Exception in org.springframework.security.acls.model
Thrown if an Acl cannot be deleted because children Acls exist.
ChildrenExistException(String) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
Constructs an ChildrenExistException with the specified message.
ChildrenExistException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
Constructs an ChildrenExistException with the specified message and root cause.
claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this claim in the resulting OidcIdToken
claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this claim in the resulting OidcUserInfo
claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this claim in the resulting Jwt
ClaimAccessor - Interface in org.springframework.security.oauth2.core
An "accessor" for a set of claims that may be used for assertions.
ClaimConversionService - Class in org.springframework.security.oauth2.core.converter
A ConversionService configured with converters that provide type conversion for claim values.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Provides access to every OidcIdToken.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Provides access to every OidcUserInfo.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Provides access to every Jwt.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
ClaimTypeConverter - Class in org.springframework.security.oauth2.core.converter
A Converter that provides type conversion for claim values.
ClaimTypeConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
Constructs a ClaimTypeConverter using the provided parameters.
clear(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission
 
clear() - Method in class org.springframework.security.acls.domain.CumulativePermission
 
CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
 
clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Specifies if SecurityContextLogoutHandler should clear the Authentication at the time of logout.
clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
Removes temporary authentication-related data which may have been stored in the session during the authentication process.
clearCache() - Method in class org.springframework.security.acls.domain.EhCacheBasedAclCache
 
clearCache() - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
clearCache() - Method in interface org.springframework.security.acls.model.AclCache
 
clearContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
Clears the Mono<SecurityContext> from Reactor Context
clearContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Explicitly clears the context value from the current thread.
clearContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Clears the current context.
clearContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers
Provides support for Clear Site Data.
ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
Creates a new instance of ClearSiteDataHeaderWriter with given sources.
ClearSiteDataHeaderWriter.Directive - Enum in org.springframework.security.web.header.writers
Represents the directive values expected by the ClearSiteDataHeaderWriter.
ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Clear-Site-Data response header when the request is secure.
ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
Constructs a new instance using the given directives.
ClearSiteDataServerHttpHeadersWriter.Directive - Enum in org.springframework.security.web.server.header
Represents the directive values expected by the ClearSiteDataServerHttpHeadersWriter
CLIENT_CREDENTIALS - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
CLIENT_ID - Static variable in interface org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
client_id - used in Authorization Request and Access Token Request.
CLIENT_ID - Static variable in interface org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionClaimNames
client_id - The Client identifier for the token
CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
 
CLIENT_SECRET - Static variable in interface org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
client_secret - used in Access Token Request.
clientAuthenticationMethod(ClientAuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the authentication method used when authenticating the client with the authorization server.
ClientAuthenticationMethod - Class in org.springframework.security.oauth2.core
The authentication method used when authenticating the client with the authorization server.
ClientAuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.ClientAuthenticationMethod
Constructs a ClientAuthenticationMethod using the provided value.
ClientAuthorizationException - Exception in org.springframework.security.oauth2.client
This exception is thrown on the client side when an attempt to authenticate or authorize an OAuth 2.0 client fails.
ClientAuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationException(OAuth2Error, String, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationException(OAuth2Error, String, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationRequiredException - Exception in org.springframework.security.oauth2.client
This exception is thrown when an OAuth 2.0 Client is required to obtain authorization from the Resource Owner.
ClientAuthorizationRequiredException(String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationRequiredException
Constructs a ClientAuthorizationRequiredException using the provided parameters.
clientCredentials() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
clientCredentials(Consumer<OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
clientCredentials() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
clientCredentials(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
ClientCredentialsOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the client_credentials grant.
ClientCredentialsOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
 
ClientCredentialsReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientProvider for the client_credentials grant.
ClientCredentialsReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
 
clientId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the client identifier.
clientId(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the client identifier.
clientName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the logical name of the client or registration.
ClientRegistration - Class in org.springframework.security.oauth2.client.registration
A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
Use this Consumer to configure a ClientRegistration
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided ClientRegistration as the client to authorize.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided ClientRegistration as the client to authorize.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
Use this Consumer to configure a ClientRegistration
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided ClientRegistration as the client to authorize.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided ClientRegistration as the client to authorize.
ClientRegistration.Builder - Class in org.springframework.security.oauth2.client.registration
A builder for ClientRegistration.
ClientRegistration.ProviderDetails - Class in org.springframework.security.oauth2.client.registration
Details of the Provider.
ClientRegistration.ProviderDetails.UserInfoEndpoint - Class in org.springframework.security.oauth2.client.registration
Details of the UserInfo Endpoint.
clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.
clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer
Deprecated.
Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the repository of client registrations.
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
ClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration
A repository for OAuth 2.0 / OpenID Connect 1.0 ClientRegistration(s).
ClientRegistrations - Class in org.springframework.security.oauth2.client.registration
Allows creating a ClientRegistration.Builder from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer.
ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client
 
ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
 
clientSecret(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the client secret.
clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
closeContext(Context) - Static method in class org.springframework.security.ldap.LdapUtils
 
closeEnumeration(NamingEnumeration) - Static method in class org.springframework.security.ldap.LdapUtils
 
code - Variable in class org.springframework.security.acls.domain.AbstractPermission
 
code(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the authorization code.
CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
 
CODE - Static variable in interface org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
code - used in Authorization Response and Access Token Request.
CODE_CHALLENGE - Static variable in interface org.springframework.security.oauth2.core.endpoint.PkceParameterNames
code_challenge - used in Authorization Request.
CODE_CHALLENGE_METHOD - Static variable in interface org.springframework.security.oauth2.core.endpoint.PkceParameterNames
code_challenge_method - used in Authorization Request.
CODE_VERIFIER - Static variable in interface org.springframework.security.oauth2.core.endpoint.PkceParameterNames
code_verifier - used in Token Request.
commaSeparatedStringToAuthorityList(String) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Creates a array of GrantedAuthority objects from a comma-separated string representation (e.g.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
Collect error details from the provided parameters and format according to RFC 6750, specifically error, error_description, error_uri, and scope.
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint
Commences a secure channel.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
Always returns a 403 error code to the client.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Performs the redirect (or forward) to the login form URL.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint
Commences an authentication scheme.
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint
Initiates the authentication flow
commit() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Authenticate the Subject (phase two) by adding the Spring Security Authentication to the Subject's principals.
CommonOAuth2Provider - Enum in org.springframework.security.config.oauth2.client
Common OAuth2 Providers that can be used to create builders pre-configured with sensible defaults.
compare(String, String, Object) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Performs an LDAP compare operation of the value of an attribute for a particular directory entry.
CompositeHeaderWriter - Class in org.springframework.security.web.header.writers
A HeaderWriter that delegates to several other HeaderWriters.
CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter
Creates a new instance.
CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout
Performs a logout through all the LogoutHandler implementations.
CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
 
CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
 
CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Combines multiple ServerHttpHeadersWriter instances into a single instance.
CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
 
CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
 
CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
A SessionAuthenticationStrategy that accepts multiple SessionAuthenticationStrategy implementations to delegate to.
CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 
concat(Saml2Error) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Return a new Saml2ResponseValidatorResult that contains both the given Saml2Error and the errors from the result
concat(Saml2ResponseValidatorResult) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Return a new Saml2ResponseValidatorResult that contains the errors from the given Saml2ResponseValidatorResult as well as this result.
concatenate(byte[]...) - Static method in class org.springframework.security.crypto.util.EncodingUtils
Combine the individual byte arrays into one array.
CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements
 
ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
Strategy which handles concurrent session-control.
ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
 
ConcurrentSessionFilter - Class in org.springframework.security.web.session
Filter required by concurrent session handling package.
ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
 
ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
 
ConfigAttribute - Interface in org.springframework.security.access
Stores a security system related configuration attribute.
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
Configures the CorsConfigurationSource to be used
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
 
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
 
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Sub classes can override this method to register different types of authentication.
configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
 
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Used by the default implementation of WebSecurityConfigurerAdapter.authenticationManager() to attempt to obtain an AuthenticationManager.
configure(WebSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Override this method to configure WebSecurity.
configure(HttpSecurity) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
Override this method to configure the HttpSecurity.
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer
Deprecated.
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
 
configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
 
configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
 
configureJaas(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
Hook method for configuring Jaas.
ConsensusBased - Class in org.springframework.security.access.vote
Simple concrete implementation of AccessDecisionManager that uses a consensus-based approach.
ConsensusBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.ConsensusBased
 
ConsoleAuditLogger - Class in org.springframework.security.acls.domain
A basic implementation of AuditLogger.
ConsoleAuditLogger() - Constructor for class org.springframework.security.acls.domain.ConsoleAuditLogger
 
consumer(OpenIDConsumer) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
Allows specifying the OpenIDConsumer to be used.
consumerManager(ConsumerManager) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
Allows specifying the ConsumerManager to be used.
containsClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns true if the claim exists in ClaimAccessor.getClaims(), otherwise false.
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
 
containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
Allows the repository to be queried as to whether it contains a security context for the current request.
containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Allows determining if a mapping was added.
CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Content Security Policy (CSP) Level 2.
contentSecurityPolicy(Customizer<HeadersConfigurer<H>.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Content Security Policy (CSP) Level 2.
contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures Content-Security-Policy response header.
contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures Content-Security-Policy response header.
ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
Creates a new instance.
ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
Creates a new instance
ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Contet-Security-Policy response header with configured policy directives.
ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
contentTypeOptions(Customizer<HeadersConfigurer<H>.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures content type response headers
contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures content type response headers
ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Adds X-Content-Type-Options: nosniff
ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
 
CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds
 
CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds
 
ContextPropagatingRemoteInvocation - Class in org.springframework.security.remoting.rmi
The actual RemoteInvocation that is passed from the client to the server.
ContextPropagatingRemoteInvocation(MethodInvocation) - Constructor for class org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocation
Constructs the object, storing the principal and credentials extracted from the client-side security context.
ContextPropagatingRemoteInvocationFactory - Class in org.springframework.security.remoting.rmi
Called by a client-side instance of org.springframework.remoting.rmi.RmiProxyFactoryBean when it wishes to create a remote invocation.
ContextPropagatingRemoteInvocationFactory() - Constructor for class org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocationFactory
 
contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Specifies the BaseLdapPathContextSource to be used.
contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Allows easily configuring of a BaseLdapPathContextSource with defaults pointing to an embedded LDAP server that is created.
ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap
Checks for the presence of a ContextSource instance.
conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
convert(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
Returns the RequestEntity used for the Access Token Request.
convert(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
Returns the RequestEntity used for the Access Token Request.
convert(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter
Returns the RequestEntity used for the Access Token Request.
convert(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter
Returns the RequestEntity used for the Access Token Request.
convert(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter
Returns the RequestEntity used for the UserInfo Request.
convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
 
convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
 
convert(Map<String, String>) - Method in class org.springframework.security.oauth2.core.endpoint.MapOAuth2AccessTokenResponseConverter
 
convert(OAuth2AccessTokenResponse) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponseMapConverter
 
convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
Extract GrantedAuthoritys from the given Jwt.
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter
 
convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.web.server.ServerBearerTokenAuthenticationConverter
 
convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
 
convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
 
convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
 
convert(PayloadExchange) - Method in interface org.springframework.security.rsocket.authentication.PayloadExchangeAuthenticationConverter
 
convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
 
convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
 
convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter
 
convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter
Converts a ServerWebExchange to an Authentication
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
 
convertPasswordToString(Object) - Static method in class org.springframework.security.ldap.LdapUtils
 
CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout
A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies
CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
 
CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
 
CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf
A CsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository
 
CookieRequestCache - Class in org.springframework.security.web.savedrequest
An Implementation of RequestCache which saves the original request URI in a cookie.
CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache
 
CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
 
CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest
An implementation of ServerRequestCache that saves the requested URI in a cookie.
CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
 
CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme
 
CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException
 
copyToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
CoreJackson2Module - Class in org.springframework.security.jackson2
Jackson module for spring-security-core.
CoreJackson2Module() - Constructor for class org.springframework.security.jackson2.CoreJackson2Module
 
cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds a CorsFilter to be used.
cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds a CorsFilter to be used.
CORS - Static variable in class org.springframework.security.config.Elements
 
cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures CORS headers.
cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures CORS headers.
CorsBeanDefinitionParser - Class in org.springframework.security.config.http
Parser for the CorsFilter.
CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser
 
CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds CorsFilter to the Spring Security filter chain.
CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
Creates a new instance
count(int) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer.AttributeExchangeConfigurer.AttributeConfigurer
Deprecated.
Specifies the number of attribute values to request.
country(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the country.
create - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
CREATE - Static variable in class org.springframework.security.acls.domain.BasePermission
 
create(Callable<V>, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
Creates a DelegatingSecurityContextCallable and with the given Callable and SecurityContext, but if the securityContext is null will defaults to the current SecurityContext on the SecurityContextHolder
create(Runnable, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
Factory method for creating a DelegatingSecurityContextRunnable.
create(Object, String, Object...) - Static method in class org.springframework.security.util.MethodInvocationUtils
Generates a MethodInvocation for specified methodName on the passed object, using the args to locate the method.
CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
Default SQL for creating the database table to store the tokens
createAcl(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
createAcl(ObjectIdentity) - Method in interface org.springframework.security.acls.model.MutableAclService
Creates an empty Acl object in the database.
createAttributeList(String) - Method in interface org.springframework.security.openid.AxFetchListFactory
Deprecated.
Builds the list of attributes which should be added to the fetch request for the supplied OpenID identifier.
createAttributeList(String) - Method in class org.springframework.security.openid.NullAxFetchListFactory
Deprecated.
 
createAttributeList(String) - Method in class org.springframework.security.openid.RegexBasedAxFetchListFactory
Deprecated.
Iterates through the patterns stored in the map and returns the list of attributes defined for the first match.
createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
 
createAuthenticationRequest(String, String) - Method in class org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocation
Creates the server-side authentication request object.
createAuthenticationRequest(Saml2AuthenticationRequest) - Method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory
Deprecated.
createAuthenticationRequest(Saml2AuthenticationRequest) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory
createAuthority(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
Creates a GrantedAuthority from a role attribute.
createAuthorityList(String...) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Converts authorities into a List of GrantedAuthority objects.
createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory
 
createCipher() - Method in enum org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
createCurrentUser(Authentication) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
Creates a principal-like sid from the authentication information.
createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
 
createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
 
createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoderFactory
Creates a JwtDecoder using the supplied "contextual" type.
createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory
Creates a ReactiveJwtDecoder using the supplied "contextual" type.
createDefault() - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
Create a Jwt Validator that contains all standard validators.
createDefaultAssertionValidator() - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider
Construct a default strategy for validating each SAML 2.0 Assertion and associated Authentication token
createDefaultAssertionValidator(Converter<OpenSamlAuthenticationProvider.AssertionToken, ValidationContext>) - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider
Construct a default strategy for validating each SAML 2.0 Assertion and associated Authentication token
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
Returns the default Converter's used for type conversion of claim values for an OidcIdToken.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
Returns the default Converter's used for type conversion of claim values for an OidcIdToken.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.
createDefaultResponseAuthenticationConverter() - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider
Construct a default strategy for converting a SAML 2.0 Response and Authentication token into a Saml2Authentication
createDefaultWithIssuer(String) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
Create a Jwt Validator that contains all standard validators when an issuer is known.
createDelegatingPasswordEncoder() - Static method in class org.springframework.security.crypto.factory.PasswordEncoderFactories
Creates a DelegatingPasswordEncoder with default mappings.
createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
Subclasses can override this methode if they want to use a different EL root context
createEmptyContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Delegates the creation of a new, empty context to the configured strategy.
createEmptyContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
createEntries(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
createEvaluationContext(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
Invokes the internal template methods to create StandardEvaluationContext and SecurityExpressionRoot objects.
createEvaluationContext(Authentication, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type.
createEvaluationContextInternal(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
Override to create a custom instance of StandardEvaluationContext.
createEvaluationContextInternal(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.
createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Allows the EvaluationContext to be customized for variable lookup etc.
createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.
createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>, SecurityExpressionHandler<Message<Object>>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.
createFromClass(Class<?>, String) - Static method in class org.springframework.security.util.MethodInvocationUtils
Generates a MethodInvocation for the specified methodName on the passed class.
createFromClass(Object, Class<?>, String, Class<?>[], Object[]) - Static method in class org.springframework.security.util.MethodInvocationUtils
Generates a MethodInvocation for specified methodName on the passed class, using the args to locate the method.
createGroup(String, List<GrantedAuthority>) - Method in interface org.springframework.security.provisioning.GroupManager
Creates a new group with the specified list of authorities.
createGroup(String, List<GrantedAuthority>) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
createList(String...) - Static method in class org.springframework.security.access.SecurityConfig
 
createListFromCommaDelimitedString(String) - Static method in class org.springframework.security.access.SecurityConfig
 
createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Creates the LoginContext to be used for authentication.
createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
Creates a LoginContext using the Configuration that was specified in DefaultJaasAuthenticationProvider.setConfiguration(Configuration).
createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Create the RequestMatcher given a loginProcessingUrl
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer
Deprecated.
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
 
createMatcher(ParserContext, String, String) - Method in enum org.springframework.security.config.http.MatcherType
 
createMatcher(ParserContext, String, String, String) - Method in enum org.springframework.security.config.http.MatcherType
 
createMessageMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
Creates a new instance with the specified pattern, SimpMessageType.MESSAGE, and PathMatcher.
createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Allows subclasses to create creating a MessageSecurityMetadataSource.
createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Creates MvcRequestMatcher instances for the method and patterns passed in
createNewAuthentication(Authentication, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
 
createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
 
createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
 
createObjectIdentity(Serializable, String) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
 
createObjectIdentity(ObjectIdentity, Sid) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Creates an entry in the acl_object_identity table for the passed ObjectIdentity.
createObjectIdentity(Serializable, String) - Method in interface org.springframework.security.acls.model.ObjectIdentityGenerator
 
createOrRetrieveClassPrimaryKey(String, boolean, Class) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is true.
createOrRetrieveSidPrimaryKey(Sid, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
createOrRetrieveSidPrimaryKey(String, boolean, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
createPasswordEncoderBeanDefinition(String, boolean) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser
 
createPostAuthenticationRequest(Saml2AuthenticationRequestContext) - Method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory
 
createPostAuthenticationRequest(Saml2AuthenticationRequestContext) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory
Creates all the necessary AuthNRequest parameters for a POST binding.
createPostInvocationAttribute(String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
 
createPostInvocationAttribute(String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory
 
createPreInvocationAttribute(String, String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
 
createPreInvocationAttribute(String, String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory
 
createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext) - Method in class org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory
 
createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory
Creates all the necessary AuthNRequest parameters for a REDIRECT binding.
createRedirectUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Constructs the Url for Redirection to the CAS server.
createRemoteInvocation(MethodInvocation) - Method in class org.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocationFactory
 
createSecurityContext(A) - Method in interface org.springframework.security.test.context.support.WithSecurityContextFactory
Create a SecurityContext given an Annotation.
createSecurityExpressionRoot(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
Implement in order to create a root object of the correct type for the supported invocation type.
createSecurityExpressionRoot(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Creates the root object for expression evaluation.
createSecurityExpressionRoot(Authentication, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
 
createSecurityExpressionRoot(Authentication, FilterInvocation) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
 
createServiceUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Constructs a new Service Url.
createSid(boolean, String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
Creates a particular implementation of Sid depending on the arguments.
createSubscribeMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
Creates a new instance with the specified pattern, SimpMessageType.SUBSCRIBE, and PathMatcher.
createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Creates a successful Authentication object.
createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
createSuccessfulAuthentication(UsernamePasswordAuthenticationToken, UserDetails) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Creates the final Authentication object which will be returned from the authenticate method.
createSuccessfulAuthentication(UserDetails, OpenIDAuthenticationToken) - Method in class org.springframework.security.openid.OpenIDAuthenticationProvider
Deprecated.
Handles the creation of the final Authentication object which will be returned by the provider.
createSuccessfulAuthentication(HttpServletRequest, UserDetails) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Creates the final Authentication object returned from the autoLogin method.
createTarget() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
createTarget() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
createTarget() - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
createUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
createUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
createUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
createUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Create a new user with the supplied details.
createUserDetails(String, UserDetails, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Can be overridden to customize the creation of the final UserDetailsObject which is returned by the loadUserByUsername method.
createUserDetails() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
createUserDetails() - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
createUserDetails(Authentication, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
Creates the final UserDetails object.
credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest.Builder
Deprecated.
Modifies the collection of Saml2X509Credential credentials used in communication between IDP and SP, specifically signing the authentication request.
credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
CredentialsContainer - Interface in org.springframework.security.core
Indicates that the implementing object contains sensitive data, which can be erased using the eraseCredentials method.
credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the credentials are expired or not.
credentialsExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the credentials are expired or not.
credentialsExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
CredentialsExpiredException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the account's credentials have expired.
CredentialsExpiredException(String) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException
Constructs a CredentialsExpiredException with the specified message.
CredentialsExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException
Constructs a CredentialsExpiredException with the specified message and root cause.
csrf() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds CSRF support.
csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds CSRF support.
CSRF - Static variable in class org.springframework.security.config.Elements
 
csrf() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures CSRF Protection which is enabled by default.
csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures CSRF Protection which is enabled by default.
csrf() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
 
csrf() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.
CsrfAuthenticationStrategy - Class in org.springframework.security.web.csrf
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating.
CsrfAuthenticationStrategy(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
Creates a new instance
CsrfBeanDefinitionParser - Class in org.springframework.security.config.http
Parser for the CsrfFilter.
CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser
 
csrfChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
 
CsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf
ChannelInterceptorAdapter that validates that a valid CSRF is included in the header of any SimpMessageType.CONNECT message.
CsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor
 
CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds CSRF protection for the methods as specified by CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Creates a new instance
CsrfException - Exception in org.springframework.security.web.csrf
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfException(String) - Constructor for exception org.springframework.security.web.csrf.CsrfException
 
CsrfException - Exception in org.springframework.security.web.server.csrf
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfException(String) - Constructor for exception org.springframework.security.web.server.csrf.CsrfException
 
CsrfFilter - Class in org.springframework.security.web.csrf
Applies CSRF protection using a synchronizer token pattern.
CsrfFilter(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfFilter
 
CsrfInputTag - Class in org.springframework.security.taglibs.csrf
A JSP tag that prints out a hidden form field for the CSRF token.
CsrfInputTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfInputTag
 
CsrfLogoutHandler - Class in org.springframework.security.web.csrf
CsrfLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfLogoutHandler(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfLogoutHandler
Creates a new instance
CsrfMetaTagsTag - Class in org.springframework.security.taglibs.csrf
A JSP tag that prints out a meta tags holding the CSRF form field name and token value for use in JavaScrip code.
CsrfMetaTagsTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
 
CsrfRequestDataValueProcessor - Class in org.springframework.security.web.reactive.result.view
 
CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
 
CsrfRequestDataValueProcessor - Class in org.springframework.security.web.servlet.support.csrf
Integration with Spring Web MVC that automatically adds the CsrfToken into forms with hidden inputs when using Spring tag libraries.
CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
CsrfServerLogoutHandler - Class in org.springframework.security.web.server.csrf
CsrfServerLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfServerLogoutHandler(ServerCsrfTokenRepository) - Constructor for class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
Creates a new instance
CsrfToken - Interface in org.springframework.security.web.csrf
Provides the information about an expected CSRF token.
CsrfToken - Interface in org.springframework.security.web.server.csrf
 
CsrfTokenArgumentResolver - Class in org.springframework.security.web.method.annotation
Allows resolving the current CsrfToken.
CsrfTokenArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
 
CsrfTokenHandshakeInterceptor - Class in org.springframework.security.messaging.web.socket.server
Copies a CsrfToken from the HttpServletRequest's attributes to the WebSocket attributes.
CsrfTokenHandshakeInterceptor() - Constructor for class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
 
csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Specify the CsrfTokenRepository to use.
csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Configures the ServerCsrfTokenRepository used to persist the CSRF Token.
CsrfTokenRepository - Interface in org.springframework.security.web.csrf
An API to allow changing the method in which the expected CsrfToken is associated to the HttpServletRequest.
CsrfWebFilter - Class in org.springframework.security.web.server.csrf
Applies CSRF protection using a synchronizer token pattern.
CsrfWebFilter() - Constructor for class org.springframework.security.web.server.csrf.CsrfWebFilter
 
CumulativePermission - Class in org.springframework.security.acls.domain
Represents a Permission that is constructed at runtime from other permissions.
CumulativePermission() - Constructor for class org.springframework.security.acls.domain.CumulativePermission
 
currentDate - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Current formatted date.
currentDateGenerated - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Instant on which the currentDate object was generated.
CurrentSecurityContext - Annotation Type in org.springframework.security.core.annotation
Annotation that is used to resolve the SecurityContext as a method argument.
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
Allows resolving the Authentication.getPrincipal() using the CurrentSecurityContext annotation.
CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
 
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.method.annotation
Allows resolving the SecurityContext using the CurrentSecurityContext annotation.
CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
 
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
Resolves the SecurityContext
CurrentSecurityContextArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
 
CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements
 
customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
Performs the customizations on WebSecurity.
customize(T) - Method in interface org.springframework.security.config.Customizer
Performs the customizations on the input argument.
customizeClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Allows subclasses to customize the configuration of the ChannelRegistration .
Customizer<T> - Interface in org.springframework.security.config
Callback interface that accepts a single input argument and returns no result.
customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
customUserType(Class<? extends OAuth2User>, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
Deprecated.
See CustomUserTypesOAuth2UserService for alternative usage.
CustomUserTypesOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo
Deprecated.
It is recommended to use a delegation-based strategy of an OAuth2UserService to support custom OAuth2User types, as it provides much greater flexibility compared to this implementation. See the reference manual for details on how to implement.
CustomUserTypesOAuth2UserService(Map<String, Class<? extends OAuth2User>>) - Constructor for class org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService
Deprecated.
Constructs a CustomUserTypesOAuth2UserService using the provided parameters.
CycleInRoleHierarchyException - Exception in org.springframework.security.access.hierarchicalroles
Exception that is thrown because of a cycle in the role hierarchy definition
CycleInRoleHierarchyException() - Constructor for exception org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException
 

D

DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails
Allows configuring a DaoAuthenticationProvider
DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer
Creates a new instance
DaoAuthenticationProvider - Class in org.springframework.security.authentication.dao
An AuthenticationProvider implementation that retrieves user details from a UserDetailsService.
DaoAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Populates the DataSource to be used.
debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Controls debugging support for Spring Security.
DEBUG - Static variable in class org.springframework.security.config.Elements
 
DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds
 
DebugBeanDefinitionParser - Class in org.springframework.security.config
 
DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser
 
DebugFilter - Class in org.springframework.security.web.debug
Spring Security debugging filter.
DebugFilter(FilterChainProxy) - Constructor for class org.springframework.security.web.debug.DebugFilter
 
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionManager
Resolves an access control decision for the passed parameters.
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.AfterInvocationProvider
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
Given the details of a secure object invocation including its returned Object, make an access control decision or optionally modify the returned Object.
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
 
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AffirmativeBased
This concrete implementation simply polls all configured AccessDecisionVoters and grants access if any AccessDecisionVoter voted affirmatively.
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.ConsensusBased
This concrete implementation simply polls all configured AccessDecisionVoters and upon completion determines the consensus of granted against denied responses.
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.UnanimousBased
This concrete implementation polls all configured AccessDecisionVoters for each ConfigAttribute and grants access if only grant (or abstain) votes were received.
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.