All Classes Interface Summary Class Summary Enum Summary Exception Summary Annotation Types Summary
Class |
Description |
AbstractAccessDecisionManager |
|
AbstractAclProvider |
|
AbstractAclVoter |
Provides helper methods for writing domain object ACL voters.
|
AbstractAuthenticationEvent |
Represents an application authentication event.
|
AbstractAuthenticationFailureEvent |
Abstract application event which indicates authentication failure for some reason.
|
AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter> |
|
AbstractAuthenticationProcessingFilter |
Abstract processor of browser-based HTTP-based authentication requests.
|
AbstractAuthenticationTargetUrlRequestHandler |
Base class containing the logic used by strategies which handle redirection to a URL
and are passed an Authentication object as part of the contract.
|
AbstractAuthenticationToken |
Base class for Authentication objects.
|
AbstractAuthorizationEvent |
Abstract superclass for all security interception related events.
|
AbstractAuthorizeTag |
A base class for an <authorize> tag that is independent of the tag rendering
technology (JSP, Facelets).
|
AbstractCasAssertionUserDetailsService |
Abstract class for using the provided CAS assertion to construct a new User object.
|
AbstractConfigAttributeRequestMatcherRegistry<C> |
|
AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> |
|
AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends UserDetailsService> |
|
AbstractFallbackMethodSecurityMetadataSource |
Abstract implementation of MethodSecurityMetadataSource that supports both
Spring AOP and AspectJ and performs attribute resolution from: 1.
|
AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder<B>> |
|
AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>,H extends HttpSecurityBuilder<H>> |
|
AbstractJaasAuthenticationProvider |
|
AbstractLdapAuthenticationProvider |
Base class for the standard LdapAuthenticationProvider and the
ActiveDirectoryLdapAuthenticationProvider .
|
AbstractLdapAuthenticator |
Base class for the authenticator implementations.
|
AbstractMessageMatcherComposite<T> |
|
AbstractMethodSecurityMetadataSource |
Abstract implementation of MethodSecurityMetadataSource which resolves the
secured object type to a MethodInvocation.
|
AbstractOAuth2AuthorizationGrantRequest |
Base implementation of an OAuth 2.0 Authorization Grant request that holds an
authorization grant credential and is used when initiating a request to the
Authorization Server's Token Endpoint.
|
AbstractOAuth2Token |
Base class for OAuth 2.0 Token implementations.
|
AbstractOAuth2TokenAuthenticationToken<T extends AbstractOAuth2Token> |
Base class for AbstractAuthenticationToken implementations that expose common
attributes between different OAuth 2.0 Access Token Formats.
|
AbstractPasswordEncoder |
Abstract base class for password encoders
|
AbstractPermission |
Provides an abstract superclass for Permission implementations.
|
AbstractPreAuthenticatedProcessingFilter |
Base class for processing filters that handle pre-authenticated authentication
requests, where it is assumed that the principal has already been authenticated by an
external system.
|
AbstractRememberMeServices |
Base class for RememberMeServices implementations.
|
AbstractRequestMatcherRegistry<C> |
|
AbstractRequestParameterAllowFromStrategy |
Deprecated.
|
AbstractRetryEntryPoint |
|
AbstractSaml2AuthenticationRequest |
|
AbstractSaml2AuthenticationRequest.Builder<T extends AbstractSaml2AuthenticationRequest.Builder<T>> |
|
AbstractSecurityBuilder<O> |
A base SecurityBuilder that ensures the object being built is only built one
time.
|
AbstractSecurityExpressionHandler<T> |
Base implementation of the facade which isolates Spring Security's requirements for
evaluating security expressions from the implementation of the underlying expression
objects.
|
AbstractSecurityInterceptor |
Abstract class that implements security interception for secure objects.
|
AbstractSecurityWebApplicationInitializer |
Registers the DelegatingFilterProxy to use the springSecurityFilterChain before
any other registered Filter .
|
AbstractSecurityWebSocketMessageBrokerConfigurer |
Allows configuring WebSocket Authorization.
|
AbstractServerWebExchangeMatcherRegistry<T> |
|
AbstractSessionEvent |
Abstract superclass for all session related events.
|
AbstractSessionFixationProtectionStrategy |
A base class for performing session fixation protection.
|
AbstractSessionFixationProtectionStrategy.NullEventPublisher |
|
AbstractUserDetailsAuthenticationProvider |
|
AbstractUserDetailsReactiveAuthenticationManager |
|
AbstractUserDetailsServiceBeanDefinitionParser |
|
AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> |
Abstract base class for all of the WebClientReactive*TokenResponseClient s that
communicate to the Authorization Server's Token Endpoint.
|
AccessControlEntry |
Represents an individual permission assignment within an Acl .
|
AccessControlEntryImpl |
An immutable default implementation of AccessControlEntry .
|
AccessControlListTag |
An implementation of Tag that allows its body through if all authorizations are
granted to the request's principal.
|
AccessDecisionManager |
Makes a final access control (authorization) decision.
|
AccessDecisionVoter<S> |
Indicates a class is responsible for voting on authorization decisions.
|
AccessDeniedException |
Thrown if an Authentication
object does not hold a required authority.
|
AccessDeniedHandler |
|
AccessDeniedHandlerImpl |
|
AccountExpiredException |
Thrown if an authentication request is rejected because the account has expired.
|
AccountStatusException |
Base class for authentication exceptions which are caused by a particular user account
status (locked, disabled etc).
|
AccountStatusUserDetailsChecker |
|
Acl |
Represents an access control list (ACL) for a domain object.
|
AclAuthorizationStrategy |
Strategy used by AclImpl to determine whether a principal is permitted to call
adminstrative methods on the AclImpl .
|
AclAuthorizationStrategyImpl |
|
AclCache |
|
AclDataAccessException |
Abstract base class for Acl data operations.
|
AclEntryAfterInvocationCollectionFilteringProvider |
Given a Collection of domain object instances returned from a secure
object invocation, remove any Collection elements the principal does not
have appropriate permission to access as defined by the AclService .
|
AclEntryAfterInvocationProvider |
Given a domain object instance returned from a secure object invocation, ensures the
principal has appropriate permission as defined by the AclService .
|
AclEntryVoter |
Given a domain object instance passed as a method argument, ensures the principal has
appropriate permission as indicated by the AclService .
|
AclFormattingUtils |
Utility methods for displaying ACL information.
|
AclImpl |
Base implementation of Acl .
|
AclPermissionCacheOptimizer |
Batch loads ACLs for collections of objects to allow optimised filtering.
|
AclPermissionEvaluator |
Used by Spring Security's expression-based access control implementation to evaluate
permissions for a particular object using the ACL module.
|
AclService |
Provides retrieval of Acl instances.
|
ActiveDirectoryAuthenticationException |
|
ActiveDirectoryLdapAuthenticationProvider |
Specialized LDAP authentication provider which uses Active Directory configuration
conventions.
|
AddressStandardClaim |
The Address Claim represents a physical mailing address defined by the OpenID Connect
Core 1.0 specification that can be returned either in the UserInfo Response or the ID
Token.
|
AesBytesEncryptor |
Encryptor that uses AES encryption.
|
AesBytesEncryptor.CipherAlgorithm |
|
AffirmativeBased |
Simple concrete implementation of
AccessDecisionManager that grants access if
any AccessDecisionVoter returns an affirmative response.
|
AfterInvocationManager |
Reviews the Object returned from a secure object invocation, being able to
modify the Object or throw an AccessDeniedException .
|
AfterInvocationProvider |
|
AfterInvocationProviderManager |
|
AllowFromStrategy |
Deprecated.
|
AlreadyBuiltException |
|
AlreadyExistsException |
Thrown if an Acl entry already exists for the object.
|
AndMessageMatcher<T> |
|
AndRequestMatcher |
|
AndServerWebExchangeMatcher |
|
AnnotationMetadataExtractor<A extends java.lang.annotation.Annotation> |
Strategy to process a custom security annotation to extract the relevant
ConfigAttribute s for securing a method.
|
AnnotationParameterNameDiscoverer |
Allows finding parameter names using the value attribute of any number of
Annotation instances.
|
AnonymousAuthenticationFilter |
Detects if there is no Authentication object in the
SecurityContextHolder , and populates it with one if needed.
|
AnonymousAuthenticationProvider |
|
AnonymousAuthenticationToken |
Represents an anonymous Authentication .
|
AnonymousAuthenticationWebFilter |
Detects if there is no Authentication object in the
ReactiveSecurityContextHolder , and populates it with one if needed.
|
AnonymousConfigurer<H extends HttpSecurityBuilder<H>> |
Configures Anonymous authentication (i.e.
|
AnonymousPayloadInterceptor |
|
AntPathRequestMatcher |
Matcher which compares a pre-defined ant-style pattern against the URL (
servletPath + pathInfo ) of an HttpServletRequest .
|
AnyRequestMatcher |
Matches any supplied request.
|
ApacheDSContainer |
Deprecated.
|
Argon2PasswordEncoder |
Implementation of PasswordEncoder that uses the Argon2 hashing function.
|
AspectJCallback |
|
AspectJMethodSecurityInterceptor |
AspectJ JoinPoint security interceptor which wraps the JoinPoint in a
MethodInvocation adapter to make it compatible with security infrastructure
classes which only support MethodInvocation s.
|
Attributes2GrantedAuthoritiesMapper |
Interface to be implemented by classes that can map a list of security attributes (such
as roles or group names) to a collection of Spring Security GrantedAuthority s.
|
AuditableAccessControlEntry |
Represents an ACE that provides auditing information.
|
AuditableAcl |
A mutable ACL that provides audit capabilities.
|
AuditLogger |
Used by AclImpl to log audit events.
|
AuthenticatedAuthorizationManager<T> |
|
AuthenticatedPrincipal |
|
AuthenticatedPrincipalOAuth2AuthorizedClientRepository |
|
AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository |
|
AuthenticatedReactiveAuthorizationManager<T> |
|
AuthenticatedVoter |
|
Authentication |
|
AuthenticationCancelledException |
Deprecated.
|
AuthenticationConfiguration |
Exports the authentication Configuration
|
AuthenticationConverter |
A strategy used for converting from a HttpServletRequest to an
Authentication of particular type.
|
AuthenticationConverterServerWebExchangeMatcher |
|
AuthenticationCredentialsNotFoundEvent |
Indicates a secure object invocation failed because the Authentication
could not be obtained from the SecurityContextHolder .
|
AuthenticationCredentialsNotFoundException |
|
AuthenticationDetailsSource<C,T> |
|
AuthenticationEntryPoint |
|
AuthenticationEntryPointFailureHandler |
|
AuthenticationEventPublisher |
|
AuthenticationException |
Abstract superclass for all exceptions related to an Authentication object
being invalid for whatever reason.
|
AuthenticationFailureBadCredentialsEvent |
Application event which indicates authentication failure due to invalid credentials
being presented.
|
AuthenticationFailureCredentialsExpiredEvent |
Application event which indicates authentication failure due to the user's credentials
having expired.
|
AuthenticationFailureDisabledEvent |
Application event which indicates authentication failure due to the user's account
being disabled.
|
AuthenticationFailureExpiredEvent |
Application event which indicates authentication failure due to the user's account
having expired.
|
AuthenticationFailureHandler |
Strategy used to handle a failed authentication attempt.
|
AuthenticationFailureLockedEvent |
Application event which indicates authentication failure due to the user's account
having been locked.
|
AuthenticationFailureProviderNotFoundEvent |
Application event which indicates authentication failure due to there being no
registered AuthenticationProvider that can process the request.
|
AuthenticationFailureProxyUntrustedEvent |
Application event which indicates authentication failure due to the CAS user's ticket
being generated by an untrusted proxy.
|
AuthenticationFailureServiceExceptionEvent |
Application event which indicates authentication failure due to there being a problem
internal to the AuthenticationManager .
|
AuthenticationFilter |
A Filter that performs authentication of a particular request.
|
AuthenticationManager |
|
AuthenticationManagerBeanDefinitionParser |
Registers the central ProviderManager used by the namespace configuration, and allows
the configuration of an alias, allowing users to reference it in their beans and
clearly see where the name is coming from.
|
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider |
Provider which doesn't provide any service.
|
AuthenticationManagerBuilder |
|
AuthenticationManagerFactoryBean |
Factory bean for the namespace AuthenticationManager, which allows a more meaningful
error message to be reported in the NoSuchBeanDefinitionException, if the user
has forgotten to declare the <authentication-manager> element.
|
AuthenticationManagerResolver<C> |
|
AuthenticationMethod |
The authentication method used when sending bearer access tokens in resource requests
to resource servers.
|
AuthenticationPayloadExchangeConverter |
|
AuthenticationPayloadInterceptor |
Uses the provided ReactiveAuthenticationManager to authenticate a Payload.
|
AuthenticationPrincipal |
|
AuthenticationPrincipal |
Deprecated.
|
AuthenticationPrincipalArgumentResolver |
|
AuthenticationPrincipalArgumentResolver |
|
AuthenticationPrincipalArgumentResolver |
Deprecated.
|
AuthenticationPrincipalArgumentResolver |
|
AuthenticationPrincipalArgumentResolver |
Resolves the Authentication
|
AuthenticationProvider |
Indicates a class can process a specific
Authentication implementation.
|
AuthenticationProviderBeanDefinitionParser |
Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the
latter with the ProviderManager.
|
AuthenticationServiceException |
Thrown if an authentication request could not be processed due to a system problem.
|
AuthenticationSimpleHttpInvokerRequestExecutor |
Adds BASIC authentication support to SimpleHttpInvokerRequestExecutor .
|
AuthenticationSuccessEvent |
Application event which indicates successful authentication.
|
AuthenticationSuccessHandler |
Strategy used to handle a successful user authentication.
|
AuthenticationSwitchUserEvent |
Application event which indicates that a user context switch.
|
AuthenticationTag |
An Tag implementation that allows convenient access to
the current Authentication object.
|
AuthenticationTrustResolver |
Evaluates Authentication tokens
|
AuthenticationTrustResolverImpl |
|
AuthenticationUserDetailsService<T extends Authentication> |
Interface that allows for retrieving a UserDetails object based on an
Authentication object.
|
AuthenticationWebFilter |
A WebFilter that performs authentication of a particular request.
|
AuthorityAuthorizationManager<T> |
|
AuthorityGranter |
The AuthorityGranter interface is used to map a given principal to role names.
|
AuthorityReactiveAuthorizationManager<T> |
|
AuthorityUtils |
Utility method for manipulating GrantedAuthority collections etc.
|
AuthorizationCodeOAuth2AuthorizedClientProvider |
|
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider |
|
AuthorizationContext |
|
AuthorizationDecision |
|
AuthorizationFailureEvent |
Indicates a secure object invocation failed because the principal could not be
authorized for the request.
|
AuthorizationFilter |
|
AuthorizationGrantType |
An authorization grant is a credential representing the resource owner's authorization
(to access it's protected resources) to the client and used by the client to obtain an
access token.
|
AuthorizationManager<T> |
An Authorization manager which can determine if an Authentication has access to
a specific object.
|
AuthorizationPayloadInterceptor |
|
AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> |
|
AuthorizationServiceException |
Thrown if an authorization request could not be processed due to a system problem.
|
AuthorizationWebFilter |
|
AuthorizedClientServiceOAuth2AuthorizedClientManager |
|
AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper |
|
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager |
|
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper |
|
AuthorizedEvent |
Event indicating a secure object was invoked successfully.
|
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> |
|
AutowiredWebSecurityConfigurersIgnoreParents |
A class used to get all the WebSecurityConfigurer instances from the current
ApplicationContext but ignoring the parent.
|
AxFetchListFactory |
Deprecated.
|
BadCredentialsException |
Thrown if an authentication request is rejected because the credentials are invalid.
|
BadJwtException |
|
BadOpaqueTokenException |
|
Base64 |
Deprecated.
|
Base64StringKeyGenerator |
A StringKeyGenerator that generates base64-encoded String keys.
|
BasePermission |
A set of standard permissions.
|
BasicAuthenticationConverter |
|
BasicAuthenticationDecoder |
Deprecated.
|
BasicAuthenticationEncoder |
Deprecated.
|
BasicAuthenticationEntryPoint |
|
BasicAuthenticationFilter |
Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder .
|
BasicAuthenticationPayloadExchangeConverter |
|
BasicLookupStrategy |
Performs lookups in a manner that is compatible with ANSI SQL.
|
BCrypt |
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
"A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
|
BCryptPasswordEncoder |
Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
|
BCryptPasswordEncoder.BCryptVersion |
Stores the default bcrypt version for use in configuration.
|
BeanIds |
Contains globally used default Bean IDs for beans created by the namespace support in
Spring Security 2.
|
BearerPayloadExchangeConverter |
|
BearerTokenAccessDeniedHandler |
|
BearerTokenAuthentication |
An Authentication token that represents a
successful authentication as obtained through a bearer token.
|
BearerTokenAuthenticationEncoder |
|
BearerTokenAuthenticationEntryPoint |
|
BearerTokenAuthenticationFilter |
Authenticates requests that contain an OAuth 2.0
Bearer
Token.
|
BearerTokenAuthenticationToken |
|
BearerTokenError |
|
BearerTokenErrorCodes |
Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token
Usage.
|
BearerTokenErrors |
|
BearerTokenMetadata |
Represents a bearer token that has been encoded into a Payload#metadata() .
|
BearerTokenResolver |
A strategy for resolving
Bearer
Tokens from the HttpServletRequest .
|
BearerTokenServerAccessDeniedHandler |
|
BearerTokenServerAuthenticationEntryPoint |
|
BindAuthenticator |
An authenticator which binds as a user.
|
BouncyCastleAesCbcBytesEncryptor |
|
BouncyCastleAesGcmBytesEncryptor |
|
BytesEncryptor |
Service interface for symmetric data encryption.
|
BytesKeyGenerator |
A generator for unique byte array-based keys.
|
CacheControlHeadersWriter |
Inserts headers to prevent caching if no cache control headers have been specified.
|
CacheControlServerHttpHeadersWriter |
Writes cache control related headers.
|
CachingUserDetailsService |
|
CasAssertionAuthenticationToken |
Temporary authentication object needed to load the user details service.
|
CasAuthenticationEntryPoint |
Used by the ExceptionTranslationFilter to commence authentication via the
JA-SIG Central Authentication Service (CAS).
|
CasAuthenticationFilter |
Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy
tickets.
|
CasAuthenticationProvider |
|
CasAuthenticationToken |
Represents a successful CAS Authentication .
|
CasJackson2Module |
Jackson module for spring-security-cas.
|
ChangeSessionIdAuthenticationStrategy |
Uses HttpServletRequest.changeSessionId() to protect against session fixation
attacks.
|
ChannelAttributeFactory |
Used as a factory bean to create config attribute values for the
requires-channel attribute.
|
ChannelDecisionManager |
Decides whether a web channel provides sufficient security.
|
ChannelDecisionManagerImpl |
|
ChannelEntryPoint |
|
ChannelProcessingFilter |
Ensures a web request is delivered over the required channel.
|
ChannelProcessor |
Decides whether a web channel meets a specific security condition.
|
ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> |
Adds channel security (i.e.
|
ChannelSecurityInterceptor |
Performs security handling of Message resources via a ChannelInterceptor
implementation.
|
ChildrenExistException |
Thrown if an Acl cannot be deleted because children Acl s exist.
|
ClaimAccessor |
An "accessor" for a set of claims that may be used for assertions.
|
ClaimConversionService |
A ConversionService configured with converters that provide type conversion for
claim values.
|
ClaimTypeConverter |
A Converter that provides type conversion for claim values.
|
ClearSiteDataHeaderWriter |
|
ClearSiteDataHeaderWriter.Directive |
|
ClearSiteDataServerHttpHeadersWriter |
Writes the Clear-Site-Data response header when the request is secure.
|
ClearSiteDataServerHttpHeadersWriter.Directive |
|
ClientAuthenticationMethod |
The authentication method used when authenticating the client with the authorization
server.
|
ClientAuthorizationException |
This exception is thrown on the client side when an attempt to authenticate or
authorize an OAuth 2.0 client fails.
|
ClientAuthorizationRequiredException |
This exception is thrown when an OAuth 2.0 Client is required to obtain authorization
from the Resource Owner.
|
ClientCredentialsOAuth2AuthorizedClientProvider |
|
ClientCredentialsReactiveOAuth2AuthorizedClientProvider |
|
ClientRegistration |
A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0
Provider.
|
ClientRegistration.Builder |
|
ClientRegistrationRepository |
|
ClientRegistrations |
|
ClientRegistrationsBeanDefinitionParser |
|
CommonOAuth2Provider |
Common OAuth2 Providers that can be used to create
builders pre-configured with sensible defaults.
|
CompositeHeaderWriter |
|
CompositeLogoutHandler |
|
CompositeServerHttpHeadersWriter |
|
CompositeSessionAuthenticationStrategy |
|
ConcurrentSessionControlAuthenticationStrategy |
Strategy which handles concurrent session-control.
|
ConcurrentSessionFilter |
Filter required by concurrent session handling package.
|
ConfigAttribute |
Stores a security system related configuration attribute.
|
ConsensusBased |
|
ConsoleAuditLogger |
|
ContentSecurityPolicyHeaderWriter |
|
ContentSecurityPolicyServerHttpHeadersWriter |
Writes the Contet-Security-Policy response header with configured policy
directives.
|
ContentTypeOptionsServerHttpHeadersWriter |
Adds X-Content-Type-Options: nosniff
|
ContextPropagatingRemoteInvocation |
The actual RemoteInvocation that is passed from the client to the server.
|
ContextPropagatingRemoteInvocationFactory |
Called by a client-side instance of
org.springframework.remoting.rmi.RmiProxyFactoryBean when it wishes to
create a remote invocation.
|
ContextSourceSettingPostProcessor |
Checks for the presence of a ContextSource instance.
|
CookieClearingLogoutHandler |
A logout handler which clears either - A defined list of cookie names, using the
context path as the cookie path OR - A given list of Cookies
|
CookieCsrfTokenRepository |
A CsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.
|
CookieRequestCache |
An Implementation of RequestCache which saves the original request URI in a
cookie.
|
CookieServerCsrfTokenRepository |
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named
"XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of
AngularJS.
|
CookieServerRequestCache |
|
CookieTheftException |
|
CoreJackson2Module |
Jackson module for spring-security-core.
|
CorsBeanDefinitionParser |
Parser for the CorsFilter .
|
CorsConfigurer<H extends HttpSecurityBuilder<H>> |
Adds CorsFilter to the Spring Security filter chain.
|
CredentialsContainer |
Indicates that the implementing object contains sensitive data, which can be erased
using the eraseCredentials method.
|
CredentialsExpiredException |
Thrown if an authentication request is rejected because the account's credentials have
expired.
|
CsrfAuthenticationStrategy |
|
CsrfBeanDefinitionParser |
Parser for the CsrfFilter .
|
CsrfChannelInterceptor |
ChannelInterceptorAdapter that validates that a valid CSRF is included in the
header of any SimpMessageType.CONNECT message.
|
CsrfConfigurer<H extends HttpSecurityBuilder<H>> |
|
CsrfException |
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
|
CsrfException |
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
|
CsrfFilter |
Applies
CSRF
protection using a synchronizer token pattern.
|
CsrfInputTag |
A JSP tag that prints out a hidden form field for the CSRF token.
|
CsrfLogoutHandler |
|
CsrfMetaTagsTag |
A JSP tag that prints out a meta tags holding the CSRF form field name and token value
for use in JavaScrip code.
|
CsrfRequestDataValueProcessor |
|
CsrfRequestDataValueProcessor |
Integration with Spring Web MVC that automatically adds the CsrfToken into
forms with hidden inputs when using Spring tag libraries.
|
CsrfServerLogoutHandler |
|
CsrfToken |
Provides the information about an expected CSRF token.
|
CsrfToken |
|
CsrfTokenArgumentResolver |
|
CsrfTokenHandshakeInterceptor |
Copies a CsrfToken from the HttpServletRequest's attributes to the WebSocket
attributes.
|
CsrfTokenRepository |
An API to allow changing the method in which the expected CsrfToken is
associated to the HttpServletRequest .
|
CsrfWebFilter |
Applies
CSRF
protection using a synchronizer token pattern.
|
CumulativePermission |
Represents a Permission that is constructed at runtime from other
permissions.
|
CurrentSecurityContext |
Annotation that is used to resolve the
SecurityContext as a method argument.
|
CurrentSecurityContextArgumentResolver |
|
CurrentSecurityContextArgumentResolver |
|
CurrentSecurityContextArgumentResolver |
|
Customizer<T> |
Callback interface that accepts a single input argument and returns no result.
|
CustomUserTypesOAuth2UserService |
Deprecated.
|
CycleInRoleHierarchyException |
Exception that is thrown because of a cycle in the role hierarchy definition
|
DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> |
|
DaoAuthenticationProvider |
|
DebugBeanDefinitionParser |
|
DebugFilter |
Spring Security debugging filter.
|
DefaultAddressStandardClaim |
|
DefaultAddressStandardClaim.Builder |
|
DefaultAuthenticationEventPublisher |
The default strategy for publishing authentication events.
|
DefaultAuthorizationCodeTokenResponseClient |
|
DefaultBearerTokenResolver |
|
DefaultClientCredentialsTokenResponseClient |
|
DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
DefaultCsrfToken |
A CSRF token that is used to protect against CSRF attacks.
|
DefaultFilterChainValidator |
|
DefaultFilterInvocationSecurityMetadataSource |
Default implementation of FilterInvocationDefinitionSource.
|
DefaultHttpFirewall |
User's should consider using StrictHttpFirewall because rather than trying to
sanitize a malicious URL it rejects the malicious URL providing better security
guarantees.
|
DefaultJaasAuthenticationProvider |
Creates a LoginContext using the Configuration provided to it.
|
DefaultJwtBearerTokenResponseClient |
|
DefaultLdapAuthoritiesPopulator |
The default strategy for obtaining user role information from the directory.
|
DefaultLdapUsernameToDnMapper |
This implementation appends a name component to the userDnBase context using
the usernameAttributeName property.
|
DefaultLoginExceptionResolver |
This LoginExceptionResolver simply wraps the LoginException with an
AuthenticationServiceException.
|
DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> |
|
DefaultLoginPageGeneratingFilter |
For internal use with namespace configuration in the case where a user doesn't
configure a login page.
|
DefaultLogoutPageGeneratingFilter |
Generates a default log out page.
|
DefaultMessageSecurityExpressionHandler<T> |
|
DefaultMessageSecurityMetadataSource |
|
DefaultMethodSecurityExpressionHandler |
The standard implementation of MethodSecurityExpressionHandler .
|
DefaultOAuth2AuthenticatedPrincipal |
A domain object that wraps the attributes of an OAuth 2.0 token.
|
DefaultOAuth2AuthorizationRequestResolver |
|
DefaultOAuth2AuthorizedClientManager |
|
DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper |
|
DefaultOAuth2User |
|
DefaultOAuth2UserService |
An implementation of an OAuth2UserService that supports standard OAuth 2.0
Provider's.
|
DefaultOidcUser |
The default implementation of an OidcUser .
|
DefaultPasswordTokenResponseClient |
|
DefaultPayloadExchange |
|
DefaultPermissionFactory |
|
DefaultPermissionGrantingStrategy |
|
DefaultReactiveOAuth2AuthorizedClientManager |
|
DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper |
|
DefaultReactiveOAuth2UserService |
|
DefaultRedirectStrategy |
Simple implementation of RedirectStrategy which is the default used throughout
the framework.
|
DefaultRefreshTokenTokenResponseClient |
|
DefaultRelyingPartyRegistrationResolver |
|
DefaultRequestRejectedHandler |
|
DefaultSaml2AuthenticatedPrincipal |
|
DefaultSaml2AuthenticationRequestContextResolver |
|
DefaultSavedRequest |
Represents central information from a HttpServletRequest .
|
DefaultSavedRequest.Builder |
|
DefaultSecurityFilterChain |
Standard implementation of SecurityFilterChain .
|
DefaultSecurityParameterNameDiscoverer |
Spring Security's default ParameterNameDiscoverer which tries a number of
ParameterNameDiscoverer depending on what is found on the classpath.
|
DefaultServerOAuth2AuthorizationRequestResolver |
|
DefaultServerRedirectStrategy |
|
DefaultSpringSecurityContextSource |
ContextSource implementation which uses Spring LDAP's LdapContextSource as a
base class.
|
DefaultToken |
The default implementation of Token .
|
DefaultWebInvocationPrivilegeEvaluator |
Allows users to determine whether they have privileges for a given web URI.
|
DefaultWebSecurityExpressionHandler |
|
DelegatingAccessDeniedHandler |
|
DelegatingApplicationListener |
Used for delegating to a number of SmartApplicationListener instances.
|
DelegatingAuthenticationEntryPoint |
An AuthenticationEntryPoint which selects a concrete
AuthenticationEntryPoint based on a RequestMatcher evaluation.
|
DelegatingAuthenticationFailureHandler |
|
DelegatingJwtGrantedAuthoritiesConverter |
|
DelegatingLogoutSuccessHandler |
Delegates to logout handlers based on matched request matchers
|
DelegatingMethodSecurityMetadataSource |
Automatically tries a series of method definition sources, relying on the first source
of metadata that provides a non-null/non-empty response.
|
DelegatingOAuth2AuthorizedClientProvider |
|
DelegatingOAuth2TokenValidator<T extends AbstractOAuth2Token> |
A composite validator
|
DelegatingOAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> |
|
DelegatingPasswordEncoder |
A password encoder that delegates to another PasswordEncoder based upon a prefixed
identifier.
|
DelegatingReactiveAuthenticationManager |
|
DelegatingReactiveAuthorizationManager |
|
DelegatingReactiveAuthorizationManager.Builder |
|
DelegatingReactiveOAuth2AuthorizedClientProvider |
|
DelegatingRequestMatcherHeaderWriter |
|
DelegatingSecurityContextAsyncTaskExecutor |
|
DelegatingSecurityContextCallable<V> |
Wraps a delegate Callable with logic for setting up a SecurityContext
before invoking the delegate Callable and then removing the
SecurityContext after the delegate has completed.
|
DelegatingSecurityContextExecutor |
|
DelegatingSecurityContextExecutorService |
|
DelegatingSecurityContextRunnable |
Wraps a delegate Runnable with logic for setting up a SecurityContext
before invoking the delegate Runnable and then removing the
SecurityContext after the delegate has completed.
|
DelegatingSecurityContextScheduledExecutorService |
|
DelegatingSecurityContextSchedulingTaskExecutor |
|
DelegatingSecurityContextTaskExecutor |
|
DelegatingSecurityContextTaskScheduler |
An implementation of TaskScheduler invoking it whenever the trigger indicates a
next execution time.
|
DelegatingServerAuthenticationEntryPoint |
|
DelegatingServerAuthenticationEntryPoint.DelegateEntry |
|
DelegatingServerAuthenticationSuccessHandler |
|
DelegatingServerLogoutHandler |
|
DenyAllPermissionEvaluator |
A null PermissionEvaluator which denies all access.
|
DigestAuthenticationEntryPoint |
|
DigestAuthenticationFilter |
Processes a HTTP request's Digest authorization headers, putting the result into the
SecurityContextHolder .
|
DisabledException |
Thrown if an authentication request is rejected because the account is disabled.
|
DispatcherTypeRequestMatcher |
Checks the DispatcherType to decide whether to match a given request.
|
DnsEntryNotFoundException |
This will be thrown if no entry matches the specified DNS query.
|
DnsLookupException |
This will be thrown for unknown DNS errors.
|
DnsResolver |
Helper class for DNS operations.
|
EhCacheBasedAclCache |
Simple implementation of AclCache that delegates to EH-CACHE.
|
EhCacheBasedTicketCache |
Caches tickets using a Spring IoC defined
EHCACHE.
|
EhCacheBasedUserCache |
Caches User objects using a Spring IoC defined
EHCACHE.
|
Elements |
Contains all the element names used by Spring Security 3 namespace support.
|
ELRequestMatcher |
A RequestMatcher implementation which uses a SpEL expression
|
EnableGlobalAuthentication |
|
EnableGlobalMethodSecurity |
Enables Spring Security global method security similar to the
<global-method-security> xml support.
|
EnableReactiveMethodSecurity |
|
EnableRSocketSecurity |
Add this annotation to a Configuration class to have Spring Security
RSocketSecurity support added.
|
EnableWebFluxSecurity |
Add this annotation to a Configuration class to have Spring Security WebFlux
support added.
|
EnableWebMvcSecurity |
Deprecated.
|
EnableWebSecurity |
|
EncodingUtils |
Static helper for encoding data.
|
Encryptors |
Factory for commonly used encryptors.
|
Enumerator<T> |
Adapter that wraps an Enumeration around a Java 2 collection
Iterator .
|
ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> |
Adds exception handling for Spring Security related exceptions to an application.
|
ExceptionMappingAuthenticationFailureHandler |
Uses the internal map of exceptions types to URLs to determine the destination on
authentication failure.
|
ExceptionTranslationFilter |
Handles any AccessDeniedException and AuthenticationException
thrown within the filter chain.
|
ExceptionTranslationWebFilter |
|
ExpressionBasedAnnotationAttributeFactory |
|
ExpressionBasedFilterInvocationSecurityMetadataSource |
Expression-based FilterInvocationSecurityMetadataSource .
|
ExpressionBasedMessageSecurityMetadataSourceFactory |
|
ExpressionBasedPostInvocationAdvice |
|
ExpressionBasedPreInvocationAdvice |
Method pre-invocation handling based on expressions.
|
ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> |
Adds URL based authorization based upon SpEL expressions to an application.
|
ExpressionUtils |
|
FastHttpDateFormat |
Utility class to generate HTTP dates.
|
FeaturePolicyHeaderWriter |
|
FeaturePolicyServerHttpHeadersWriter |
Writes the Feature-Policy response header with configured policy directives.
|
FieldUtils |
Offers static methods for directly manipulating fields.
|
FilterBasedLdapUserSearch |
LdapUserSearch implementation which uses an Ldap filter to locate the user.
|
FilterChainBeanDefinitionParser |
|
FilterChainMapBeanDefinitionDecorator |
Sets the filter chain Map for a FilterChainProxy bean declaration.
|
FilterChainProxy |
Delegates Filter requests to a list of Spring-managed filter beans.
|
FilterChainProxy.FilterChainValidator |
|
FilterInvocation |
Holds objects associated with a HTTP filter.
|
FilterInvocationSecurityMetadataSource |
Marker interface for SecurityMetadataSource implementations that are
designed to perform lookups keyed on FilterInvocation s.
|
FilterInvocationSecurityMetadataSourceParser |
|
FilterSecurityInterceptor |
Performs security handling of HTTP resources via a filter implementation.
|
FirewalledRequest |
Request wrapper which is returned by the HttpFirewall interface.
|
FormLoginBeanDefinitionParser |
|
FormLoginConfigurer<H extends HttpSecurityBuilder<H>> |
Adds form based authentication.
|
ForwardAuthenticationFailureHandler |
Forward Authentication Failure Handler
|
ForwardAuthenticationSuccessHandler |
Forward Authentication Success Handler
|
ForwardLogoutSuccessHandler |
LogoutSuccessHandler implementation that will perform a request dispatcher
"forward" to the specified target URL.
|
GlobalAuthenticationConfigurerAdapter |
|
GlobalMethodSecurityBeanDefinitionParser |
Processes the top-level "global-method-security" element.
|
GlobalMethodSecurityConfiguration |
Base Configuration for enabling global method security.
|
GrantedAuthoritiesContainer |
Indicates that a object stores GrantedAuthority objects.
|
GrantedAuthoritiesMapper |
Mapping interface which can be injected into the authentication layer to convert the
authorities loaded from storage into those which will be used in the
Authentication object.
|
GrantedAuthority |
|
GrantedAuthorityDefaults |
|
GrantedAuthorityFromAssertionAttributesUserDetailsService |
Populates the GrantedAuthority s for a user by
reading a list of attributes that were returned as part of the CAS response.
|
GrantedAuthoritySid |
Represents a GrantedAuthority as a Sid .
|
GroupManager |
Allows management of groups of authorities and their members.
|
Header |
Represents a Header to be added to the HttpServletResponse
|
HeaderBearerTokenResolver |
Generic resolver extracting pre-authenticated JWT identity from a custom header.
|
HeadersBeanDefinitionParser |
Parser for the HeadersFilter .
|
HeadersConfigurer<H extends HttpSecurityBuilder<H>> |
Adds the Security HTTP headers to the response.
|
HeaderWriter |
Contract for writing headers to a HttpServletResponse
|
HeaderWriterFilter |
Filter implementation to add headers to the current response.
|
HeaderWriterLogoutHandler |
|
HeaderWriterServerLogoutHandler |
|
Hex |
Hex data encoder.
|
HpkpHeaderWriter |
|
HstsHeaderWriter |
|
Http403ForbiddenEntryPoint |
In the pre-authenticated authentication case (unlike CAS, for example) the user will
already have been identified through some external mechanism and a secure context
established by the time the security-enforcement filter is invoked.
|
HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> |
Adds HTTP basic based authentication.
|
HttpBasicServerAuthenticationEntryPoint |
Prompts a user for HTTP Basic authentication.
|
HttpFirewall |
Interface which can be used to reject potentially dangerous requests and/or wrap them
to control their behaviour.
|
HttpFirewallBeanDefinitionParser |
Injects the supplied HttpFirewall bean reference into the
FilterChainProxy .
|
HttpHeaderWriterWebFilter |
|
HttpRequestResponseHolder |
|
HttpSecurity |
A HttpSecurity is similar to Spring Security's XML <http> element in the
namespace configuration.
|
HttpSecurityBeanDefinitionParser |
Sets up HTTP security: filter stack and protected URLs.
|
HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> |
|
HttpSessionCreatedEvent |
|
HttpSessionCsrfTokenRepository |
|
HttpSessionDestroyedEvent |
|
HttpSessionEventPublisher |
Declared in web.xml as
|
HttpSessionIdChangedEvent |
|
HttpSessionOAuth2AuthorizationRequestRepository |
|
HttpSessionOAuth2AuthorizedClientRepository |
|
HttpSessionRequestCache |
RequestCache which stores the SavedRequest in the HttpSession.
|
HttpSessionSecurityContextRepository |
A SecurityContextRepository implementation which stores the security context in
the HttpSession between requests.
|
HttpsRedirectWebFilter |
Redirects any non-HTTPS request to its HTTPS equivalent.
|
HttpStatusEntryPoint |
|
HttpStatusRequestRejectedHandler |
|
HttpStatusReturningLogoutSuccessHandler |
|
HttpStatusReturningServerLogoutSuccessHandler |
|
HttpStatusServerAccessDeniedHandler |
Sets the provided HTTP Status when access is denied.
|
HttpStatusServerEntryPoint |
|
IdentityUnavailableException |
Thrown if an ACL identity could not be extracted from an object.
|
IdTokenClaimAccessor |
A ClaimAccessor for the "claims" that can be returned in the ID
Token, which provides information about the authentication of an End-User by an
Authorization Server.
|
IdTokenClaimNames |
The names of the "claims" defined by the OpenID Connect Core 1.0
specification that can be returned in the ID Token.
|
ImplicitGrantConfigurer<B extends HttpSecurityBuilder<B>> |
Deprecated.
|
InetOrgPerson |
UserDetails implementation whose properties are based on a subset of the LDAP schema
for inetOrgPerson.
|
InetOrgPerson.Essence |
|
InetOrgPersonContextMapper |
|
InitialContextFactory |
This is used in JndiDnsResolver to get an InitialDirContext for DNS queries.
|
InMemoryClientRegistrationRepository |
|
InMemoryConfiguration |
An in memory representation of a JAAS configuration.
|
InMemoryOAuth2AuthorizedClientService |
|
InMemoryReactiveClientRegistrationRepository |
|
InMemoryReactiveOAuth2AuthorizedClientService |
|
InMemoryRelyingPartyRegistrationRepository |
|
InMemoryResource |
An in memory implementation of Spring's Resource
interface.
|
InMemoryTokenRepositoryImpl |
Simple PersistentTokenRepository implementation backed by a Map.
|
InMemoryUserDetailsManager |
Non-persistent implementation of UserDetailsManager which is backed by an
in-memory map.
|
InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> |
|
InsecureChannelProcessor |
Ensures channel security is inactive by review of
HttpServletRequest.isSecure() responses.
|
InsufficientAuthenticationException |
Thrown if an authentication request is rejected because the credentials are not
sufficiently trusted.
|
InteractiveAuthenticationSuccessEvent |
Indicates an interactive authentication was successful.
|
InterceptMethodsBeanDefinitionDecorator |
|
InterceptorStatusToken |
|
InternalAuthenticationServiceException |
Thrown if an authentication request could not be processed due to a system problem that
occurred internally.
|
InvalidBearerTokenException |
|
InvalidCookieException |
Exception thrown by a RememberMeServices implementation to indicate that a submitted
cookie is of an invalid format or has expired.
|
InvalidCsrfTokenException |
Thrown when an expected CsrfToken exists, but it does not match the value
present on the HttpServletRequest
|
InvalidSessionAccessDeniedHandler |
|
InvalidSessionStrategy |
Determines the behaviour of the SessionManagementFilter when an invalid session
Id is submitted and detected in the SessionManagementFilter .
|
IpAddressMatcher |
Matches a request based on IP Address or subnet mask matching against the remote
address.
|
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource |
Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as
obtained by calling HttpServletRequest.isUserInRole(String) ) into
GrantedAuthority s and stores these in the authentication details object.
|
J2eePreAuthenticatedProcessingFilter |
This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE
container-based authentication mechanism.
|
JaasApiIntegrationFilter |
A Filter which attempts to obtain a JAAS Subject and continue
the FilterChain running as that Subject .
|
JaasAuthenticationCallbackHandler |
The JaasAuthenticationCallbackHandler is similar to the
javax.security.auth.callback.CallbackHandler interface in that it defines a handle
method.
|
JaasAuthenticationEvent |
|
JaasAuthenticationFailedEvent |
Fired when LoginContext.login throws a LoginException, or if any other exception is
thrown during that time.
|
JaasAuthenticationProvider |
|
JaasAuthenticationSuccessEvent |
Fired by the
JaasAuthenticationProvider after successfully logging the user into the LoginContext,
handling all callbacks, and calling all AuthorityGranters.
|
JaasAuthenticationToken |
UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the
user was logged into
|
JaasGrantedAuthority |
GrantedAuthority which, in addition to the assigned role, holds the principal
that an AuthorityGranter used as a reason to grant this authority.
|
JaasNameCallbackHandler |
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
NameCallback and PasswordCallback.
|
JaasPasswordCallbackHandler |
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the
NameCallback and PasswordCallback.
|
JdbcAclService |
Simple JDBC-based implementation of AclService .
|
JdbcDaoImpl |
UserDetailsService implementation which retrieves the user details (username,
password, enabled flag, and authorities) from a database using JDBC queries.
|
JdbcMutableAclService |
|
JdbcOAuth2AuthorizedClientService |
|
JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder |
|
JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper |
|
JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper |
|
JdbcTokenRepositoryImpl |
JDBC based persistent login token repository implementation.
|
JdbcUserDetailsManager |
Jdbc user management service, based on the same table structure as its parent class,
JdbcDaoImpl.
|
JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> |
|
JdbcUserServiceBeanDefinitionParser |
|
JeeConfigurer<H extends HttpSecurityBuilder<H>> |
Adds support for J2EE pre authentication.
|
JndiDnsResolver |
Implementation of DnsResolver which uses JNDI for the DNS queries.
|
JspAuthorizeTag |
|
Jsr250MethodSecurityMetadataSource |
Sources method security metadata from major JSR 250 security annotations.
|
Jsr250SecurityConfig |
Security config applicable as a JSR 250 annotation attribute.
|
Jsr250Voter |
Voter on JSR-250 configuration attributes.
|
JwaAlgorithm |
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of
the contents and JSON Web Encryption (JWE) to encrypt the contents.
|
JwsAlgorithm |
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of
the contents of the JWS Protected Header and JWS Payload.
|
JwsAlgorithms |
The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and
used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of
the JWS Protected Header and JWS Payload.
|
Jwt |
|
Jwt.Builder |
|
JwtAuthenticationConverter |
|
JwtAuthenticationProvider |
|
JwtAuthenticationToken |
|
JwtBearerGrantRequest |
A JWT Bearer Grant request that holds a Jwt assertion.
|
JwtBearerGrantRequestEntityConverter |
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter
that converts the provided JwtBearerGrantRequest to a RequestEntity
representation of an OAuth 2.0 Access Token Request for the JWT Bearer Grant.
|
JwtBearerOAuth2AuthorizedClientProvider |
|
JwtBearerTokenAuthenticationConverter |
|
JwtClaimAccessor |
A ClaimAccessor for the "claims" that may be contained in the JSON
object JWT Claims Set of a JSON Web Token (JWT).
|
JwtClaimNames |
The Registered Claim Names defined by the JSON Web Token (JWT) specification that may
be contained in the JSON object JWT Claims Set.
|
JwtClaimValidator<T> |
Validates a claim in a Jwt against a provided
Predicate
|
JwtDecoder |
Implementations of this interface are responsible for "decoding" a JSON Web
Token (JWT) from it's compact claims representation format to a Jwt .
|
JwtDecoderFactory<C> |
|
JwtDecoders |
|
JwtException |
Base exception for all JSON Web Token (JWT) related errors.
|
JwtGrantedAuthoritiesConverter |
|
JwtIssuerAuthenticationManagerResolver |
|
JwtIssuerReactiveAuthenticationManagerResolver |
|
JwtIssuerValidator |
Validates the "iss" claim in a Jwt , that is matches a configured value
|
JwtReactiveAuthenticationManager |
|
JwtTimestampValidator |
|
JwtValidationException |
|
JwtValidators |
Provides factory methods for creating OAuth2TokenValidator<Jwt>
|
KeyBasedPersistenceTokenService |
Basic implementation of TokenService that is compatible with clusters and
across machine restarts, without requiring database persistence.
|
KeyGenerators |
Factory for commonly used key generators.
|
LazyCsrfTokenRepository |
|
LdapAuthenticationProvider |
|
LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> |
|
LdapAuthenticator |
The strategy interface for locating and authenticating an Ldap user.
|
LdapAuthoritiesPopulator |
Obtains a list of granted authorities for an Ldap user.
|
LdapAuthority |
An authority that contains at least a DN and a role name for an LDAP entry but can also
contain other desired attributes to be fetched during an LDAP authority search.
|
LdapProviderBeanDefinitionParser |
Ldap authentication provider namespace configuration.
|
LdapServerBeanDefinitionParser |
|
LdapShaPasswordEncoder |
Deprecated.
|
LdapUserDetails |
Captures the information for a user's LDAP entry.
|
LdapUserDetailsImpl |
A UserDetails implementation which is used internally by the Ldap services.
|
LdapUserDetailsImpl.Essence |
Variation of essence pattern.
|
LdapUserDetailsManager |
An Ldap implementation of UserDetailsManager.
|
LdapUserDetailsMapper |
The context mapper used by the LDAP authentication provider to create an LDAP user
object.
|
LdapUserDetailsService |
|
LdapUsernameToDnMapper |
Constructs an Ldap Distinguished Name from a username.
|
LdapUserSearch |
Obtains a user's information from the LDAP directory given a login name.
|
LdapUserServiceBeanDefinitionParser |
|
LdapUtils |
LDAP Utility methods.
|
LockedException |
Thrown if an authentication request is rejected because the account is locked.
|
LoggerListener |
Outputs interceptor-related application events to Commons Logging.
|
LoggerListener |
Outputs authentication-related application events to Commons Logging.
|
LoginExceptionResolver |
The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve
LoginModule specific exceptions to Spring Security AuthenticationExceptions.
|
LoginPageGeneratingWebFilter |
Generates a default log in page used for authenticating users.
|
LoginUrlAuthenticationEntryPoint |
|
LogoutConfigurer<H extends HttpSecurityBuilder<H>> |
Adds logout support.
|
LogoutFilter |
Logs a principal out.
|
LogoutHandler |
Indicates a class that is able to participate in logout handling.
|
LogoutPageGeneratingWebFilter |
Generates a default log out page.
|
LogoutSuccessEvent |
Application event which indicates successful logout
|
LogoutSuccessEventPublishingLogoutHandler |
|
LogoutSuccessHandler |
Strategy that is called after a successful logout by the LogoutFilter , to
handle redirection or forwarding to the appropriate destination.
|
LogoutWebFilter |
|
LookupStrategy |
|
MacAlgorithm |
An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to create a MAC of the contents of
the JWS Protected Header and JWS Payload.
|
MapBasedAttributes2GrantedAuthoritiesMapper |
This class implements the Attributes2GrantedAuthoritiesMapper and
MappableAttributesRetriever interfaces based on the supplied Map.
|
MapBasedMethodSecurityMetadataSource |
Stores a list of ConfigAttributes for a method or class signature.
|
MapOAuth2AccessTokenResponseConverter |
|
MappableAttributesRetriever |
Interface to be implemented by classes that can retrieve a list of mappable security
attribute strings (for example the list of all available J2EE roles in a web or EJB
application).
|
MappedJwtClaimSetConverter |
Converts a JWT claim set, claim by claim.
|
MapReactiveUserDetailsService |
|
MatcherSecurityWebFilterChain |
|
MatcherType |
|
Md4PasswordEncoder |
Deprecated.
|
MediaTypeRequestMatcher |
Allows matching HttpServletRequest based upon the MediaType 's resolved
from a ContentNegotiationStrategy .
|
MediaTypeServerWebExchangeMatcher |
Matches based upon the accept headers.
|
MessageDigestPasswordEncoder |
Deprecated.
|
MessageExpressionVoter<T> |
Voter which handles Message authorisation decisions.
|
MessageMatcher<T> |
API for determining if a Message should be matched on.
|
MessageSecurityExpressionRoot |
|
MessageSecurityMetadataSource |
|
MessageSecurityMetadataSourceRegistry |
Allows mapping security constraints using MessageMatcher to the security
expressions.
|
MethodInvocationAdapter |
Decorates a JoinPoint to allow it to be used with method-security infrastructure
classes which support MethodInvocation instances.
|
MethodInvocationPrivilegeEvaluator |
Allows users to determine whether they have "before invocation" privileges for a given
method invocation.
|
MethodInvocationUtils |
Static utility methods for creating MethodInvocation s usable within Spring
Security.
|
MethodSecurityExpressionHandler |
Extended expression-handler facade which adds methods which are specific to securing
method invocations.
|
MethodSecurityExpressionOperations |
Interface which must be implemented if you want to use filtering in method security
expressions.
|
MethodSecurityInterceptor |
Provides security interception of AOP Alliance based method invocations.
|
MethodSecurityMetadataSource |
Interface for SecurityMetadataSource implementations that are designed to
perform lookups keyed on Method s.
|
MethodSecurityMetadataSourceAdvisor |
|
MethodSecurityMetadataSourceBeanDefinitionParser |
|
MissingCsrfTokenException |
Thrown when no expected CsrfToken is found but is required.
|
MutableAcl |
A mutable Acl.
|
MutableAclService |
Provides support for creating and storing Acl instances.
|
MvcRequestMatcher |
A RequestMatcher that uses Spring MVC's HandlerMappingIntrospector to
match the path and extract variables.
|
NegatedRequestMatcher |
|
NegatedServerWebExchangeMatcher |
Negates the provided matcher.
|
NestedLdapAuthoritiesPopulator |
A LDAP authority populator that can recursively search static nested groups.
|
NimbusAuthorizationCodeTokenResponseClient |
Deprecated.
|
NimbusJwtClientAuthenticationParametersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> |
A Converter that customizes the OAuth 2.0 Access Token Request parameters by
adding a signed JSON Web Token (JWS) to be used for client authentication at the
Authorization Server's Token Endpoint.
|
NimbusJwtDecoder |
A low-level Nimbus implementation of JwtDecoder which takes a raw Nimbus
configuration.
|
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder |
|
NimbusJwtDecoder.PublicKeyJwtDecoderBuilder |
|
NimbusJwtDecoder.SecretKeyJwtDecoderBuilder |
|
NimbusJwtDecoderJwkSupport |
Deprecated.
|
NimbusOpaqueTokenIntrospector |
|
NimbusReactiveJwtDecoder |
An implementation of a ReactiveJwtDecoder that "decodes" a JSON Web
Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web
Signature (JWS).
|
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder |
|
NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder |
|
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder |
|
NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder |
|
NimbusReactiveOpaqueTokenIntrospector |
|
NonceExpiredException |
Thrown if an authentication request is rejected because the digest nonce has expired.
|
NoOpPasswordEncoder |
Deprecated.
|
NoOpServerRequestCache |
|
NoOpServerSecurityContextRepository |
|
NotFoundException |
Thrown if an ACL-related object cannot be found.
|
NullAuthenticatedSessionStrategy |
|
NullAuthoritiesMapper |
|
NullAxFetchListFactory |
Deprecated.
|
NullLdapAuthoritiesPopulator |
|
NullRememberMeServices |
|
NullRequestCache |
Null implementation of RequestCache.
|
NullRoleHierarchy |
|
NullSecurityContextRepository |
|
NullStatelessTicketCache |
|
NullUserCache |
Does not perform any caching.
|
OAuth2AccessToken |
|
OAuth2AccessToken.TokenType |
Access Token Types.
|
OAuth2AccessTokenResponse |
A representation of an OAuth 2.0 Access Token Response.
|
OAuth2AccessTokenResponse.Builder |
|
OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> |
A strategy for "exchanging" an authorization grant credential (e.g.
|
OAuth2AccessTokenResponseHttpMessageConverter |
|
OAuth2AccessTokenResponseMapConverter |
A Converter that converts the provided OAuth2AccessTokenResponse to a
Map representation of the OAuth 2.0 Access Token Response parameters.
|
OAuth2AuthenticatedPrincipal |
|
OAuth2AuthenticationException |
This exception is thrown for all OAuth 2.0 related Authentication errors.
|
OAuth2AuthenticationToken |
|
OAuth2AuthorizationCodeAuthenticationProvider |
|
OAuth2AuthorizationCodeAuthenticationToken |
|
OAuth2AuthorizationCodeGrantFilter |
A Filter for the OAuth 2.0 Authorization Code Grant, which handles the
processing of the OAuth 2.0 Authorization Response.
|
OAuth2AuthorizationCodeGrantRequest |
An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code
credential, which was granted by the Resource Owner to the
Client .
|
OAuth2AuthorizationCodeGrantRequestEntityConverter |
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter
that converts the provided OAuth2AuthorizationCodeGrantRequest to a
RequestEntity representation of an OAuth 2.0 Access Token Request for the
Authorization Code Grant.
|
OAuth2AuthorizationCodeGrantWebFilter |
A Filter for the OAuth 2.0 Authorization Code Grant, which handles the
processing of the OAuth 2.0 Authorization Response.
|
OAuth2AuthorizationCodeReactiveAuthenticationManager |
An implementation of an
AuthenticationProvider for OAuth
2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
|
OAuth2AuthorizationContext |
A context that holds authorization-specific state and is used by an
OAuth2AuthorizedClientProvider when attempting to authorize (or re-authorize)
an OAuth 2.0 Client.
|
OAuth2AuthorizationContext.Builder |
|
OAuth2AuthorizationException |
Base exception for OAuth 2.0 Authorization errors.
|
OAuth2AuthorizationExchange |
An "exchange" of an OAuth 2.0 Authorization Request and Response for the
authorization code grant type.
|
OAuth2AuthorizationFailureHandler |
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
Authorization Server or Resource Server.
|
OAuth2AuthorizationRequest |
A representation of an OAuth 2.0 Authorization Request for the authorization code grant
type or implicit grant type.
|
OAuth2AuthorizationRequest.Builder |
|
OAuth2AuthorizationRequestRedirectFilter |
This Filter initiates the authorization code grant or implicit grant flow by
redirecting the End-User's user-agent to the Authorization Server's Authorization
Endpoint.
|
OAuth2AuthorizationRequestRedirectWebFilter |
This WebFilter initiates the authorization code grant or implicit grant flow by
redirecting the End-User's user-agent to the Authorization Server's Authorization
Endpoint.
|
OAuth2AuthorizationRequestResolver |
|
OAuth2AuthorizationResponse |
A representation of an OAuth 2.0 Authorization Response for the authorization code
grant type.
|
OAuth2AuthorizationResponse.Builder |
|
OAuth2AuthorizationResponseType |
The response_type parameter is consumed by the authorization endpoint which is
used by the authorization code grant type and implicit grant type.
|
OAuth2AuthorizationSuccessHandler |
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
via the Authorization Server.
|
OAuth2AuthorizedClient |
A representation of an OAuth 2.0 "Authorized Client".
|
OAuth2AuthorizedClientArgumentResolver |
An implementation of a HandlerMethodArgumentResolver that is capable of
resolving a method parameter to an argument value of type
OAuth2AuthorizedClient .
|
OAuth2AuthorizedClientArgumentResolver |
An implementation of a HandlerMethodArgumentResolver that is capable of
resolving a method parameter to an argument value of type
OAuth2AuthorizedClient .
|
OAuth2AuthorizedClientId |
|
OAuth2AuthorizedClientManager |
Implementations of this interface are responsible for the overall management of
Authorized Client(s) .
|
OAuth2AuthorizedClientProvider |
A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
|
OAuth2AuthorizedClientProviderBuilder |
|
OAuth2AuthorizedClientRepository |
Implementations of this interface are responsible for the persistence of
Authorized Client(s) between requests.
|
OAuth2AuthorizedClientService |
Implementations of this interface are responsible for the management of
Authorized Client(s) , which provide the purpose of
associating an Access Token credential
to a Client and Resource Owner,
who is the Principal that originally
granted the authorization.
|
OAuth2AuthorizeRequest |
|
OAuth2AuthorizeRequest.Builder |
|
OAuth2BodyExtractors |
Static factory methods for OAuth2 BodyExtractor implementations.
|
OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> |
|
OAuth2ClientCredentialsGrantRequest |
|
OAuth2ClientCredentialsGrantRequestEntityConverter |
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter
that converts the provided OAuth2ClientCredentialsGrantRequest to a
RequestEntity representation of an OAuth 2.0 Access Token Request for the
Client Credentials Grant.
|
OAuth2ClientJackson2Module |
Jackson Module for spring-security-oauth2-client , that registers the
following mix-in annotations:
OAuth2AuthorizationRequestMixin
ClientRegistrationMixin
OAuth2AccessTokenMixin
OAuth2RefreshTokenMixin
OAuth2AuthorizedClientMixin
OAuth2UserAuthorityMixin
DefaultOAuth2UserMixin
OidcIdTokenMixin
OidcUserInfoMixin
OidcUserAuthorityMixin
DefaultOidcUserMixin
OAuth2AuthenticationTokenMixin
OAuth2AuthenticationExceptionMixin
OAuth2ErrorMixin
If not already enabled, default typing will be automatically enabled as type info is
required to properly serialize/deserialize objects.
|
OAuth2Error |
A representation of an OAuth 2.0 Error.
|
OAuth2ErrorCodes |
Standard error codes defined by the OAuth 2.0 Authorization Framework.
|
OAuth2ErrorHttpMessageConverter |
|
OAuth2ErrorResponseErrorHandler |
|
OAuth2IntrospectionAuthenticatedPrincipal |
A domain object that wraps the attributes of OAuth 2.0 Token Introspection.
|
OAuth2IntrospectionClaimAccessor |
A ClaimAccessor for the "claims" that may be contained in the
Introspection Response.
|
OAuth2IntrospectionClaimNames |
|
OAuth2IntrospectionException |
Base exception for all OAuth 2.0 Introspection related errors
|
OAuth2LoginAuthenticationFilter |
|
OAuth2LoginAuthenticationProvider |
An implementation of an AuthenticationProvider for OAuth 2.0 Login, which
leverages the OAuth 2.0 Authorization Code Grant Flow.
|
OAuth2LoginAuthenticationToken |
|
OAuth2LoginAuthenticationWebFilter |
|
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> |
|
OAuth2LoginReactiveAuthenticationManager |
An implementation of an
AuthenticationProvider for OAuth
2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
|
OAuth2ParameterNames |
Standard and custom (non-standard) parameter names defined in the OAuth Parameters
Registry and used by the authorization endpoint, token endpoint and token revocation
endpoint.
|
OAuth2PasswordGrantRequest |
An OAuth 2.0 Resource Owner Password Credentials Grant request that holds the resource
owner's credentials.
|
OAuth2PasswordGrantRequestEntityConverter |
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter
that converts the provided OAuth2PasswordGrantRequest to a
RequestEntity representation of an OAuth 2.0 Access Token Request for the
Resource Owner Password Credentials Grant.
|
OAuth2RefreshToken |
|
OAuth2RefreshTokenGrantRequest |
An OAuth 2.0 Refresh Token Grant request that holds the refresh token credential granted to the client .
|
OAuth2RefreshTokenGrantRequestEntityConverter |
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter
that converts the provided OAuth2RefreshTokenGrantRequest to a
RequestEntity representation of an OAuth 2.0 Access Token Request for the
Refresh Token Grant.
|
OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> |
|
OAuth2Token |
Core interface representing an OAuth 2.0 Token.
|
OAuth2TokenValidator<T extends AbstractOAuth2Token> |
Implementations of this interface are responsible for "verifying" the
validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
|
OAuth2TokenValidatorResult |
|
OAuth2User |
A representation of a user Principal that is registered with an OAuth 2.0
Provider.
|
OAuth2UserAuthority |
|
OAuth2UserRequest |
Represents a request the OAuth2UserService uses when initiating a request to
the UserInfo Endpoint.
|
OAuth2UserRequestEntityConverter |
A Converter that converts the provided OAuth2UserRequest to a
RequestEntity representation of a request for the UserInfo Endpoint.
|
OAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> |
Implementations of this interface are responsible for obtaining the user attributes of
the End-User (Resource Owner) from the UserInfo Endpoint using the
Access Token granted to the
Client and returning an
AuthenticatedPrincipal in the form of an OAuth2User .
|
ObjectIdentity |
Represents the identity of an individual domain object instance.
|
ObjectIdentityGenerator |
Strategy which creates an ObjectIdentity from an object identifier (such as a
primary key) and type information.
|
ObjectIdentityImpl |
|
ObjectIdentityRetrievalStrategy |
Strategy interface that provides the ability to determine which ObjectIdentity
will be returned for a particular domain object
|
ObjectIdentityRetrievalStrategyImpl |
|
ObjectPostProcessor<T> |
Allows initialization of Objects.
|
ObjectPostProcessorConfiguration |
|
OidcAuthorizationCodeAuthenticationProvider |
|
OidcAuthorizationCodeReactiveAuthenticationManager |
An implementation of an
AuthenticationProvider for OAuth
2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
|
OidcClientInitiatedLogoutSuccessHandler |
A logout success handler for initiating OIDC logout through the user agent.
|
OidcClientInitiatedServerLogoutSuccessHandler |
A reactive logout success handler for initiating OIDC logout through the user agent.
|
OidcIdToken |
|
OidcIdToken.Builder |
|
OidcIdTokenDecoderFactory |
|
OidcIdTokenValidator |
|
OidcParameterNames |
Standard parameter names defined in the OAuth Parameters Registry and used by the
authorization endpoint and token endpoint.
|
OidcReactiveOAuth2UserService |
|
OidcScopes |
The scope values defined by the OpenID Connect Core 1.0 specification that can be used
to request claims .
|
OidcUser |
A representation of a user Principal that is registered with an OpenID Connect
1.0 Provider.
|
OidcUserAuthority |
|
OidcUserInfo |
A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected
Resource UserInfo Endpoint.
|
OidcUserInfo.Builder |
|
OidcUserRequest |
Represents a request the OidcUserService uses when initiating a request to the
UserInfo Endpoint.
|
OidcUserService |
An implementation of an OAuth2UserService that supports OpenID Connect 1.0
Provider's.
|
OnCommittedResponseWrapper |
Base class for response wrappers which encapsulate the logic for handling an event when
the HttpServletResponse is committed.
|
OpaqueTokenAuthenticationProvider |
|
OpaqueTokenIntrospector |
A contract for introspecting and verifying an OAuth 2.0 token.
|
OpaqueTokenReactiveAuthenticationManager |
|
OpenID4JavaConsumer |
Deprecated.
|
OpenIDAttribute |
Deprecated.
|
OpenIDAuthenticationFilter |
Deprecated.
|
OpenIDAuthenticationProvider |
Deprecated.
|
OpenIDAuthenticationStatus |
Deprecated.
|
OpenIDAuthenticationToken |
Deprecated.
|
OpenIDConsumer |
Deprecated.
|
OpenIDConsumerException |
Deprecated.
|
OpenIDLoginConfigurer<H extends HttpSecurityBuilder<H>> |
Deprecated.
|
OpenSamlInitializationService |
An initialization service for initializing OpenSAML.
|
OpenSamlMetadataResolver |
|
OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter |
|
OrMessageMatcher<T> |
|
OrRequestMatcher |
|
OrServerWebExchangeMatcher |
|
OwnershipAcl |
A mutable ACL that provides ownership capabilities.
|
P |
Deprecated.
|
P |
|
PasswordComparisonAuthenticator |
An LdapAuthenticator which compares the login password with the value stored in the
directory using a remote LDAP "compare" operation.
|
PasswordEncoder |
Service interface for encoding passwords.
|
PasswordEncoderFactories |
|
PasswordEncoderParser |
Stateful parser for the <password-encoder> element.
|
PasswordOAuth2AuthorizedClientProvider |
|
PasswordPolicyAwareContextSource |
Extended version of the DefaultSpringSecurityContextSource which adds support
for the use of PasswordPolicyControl to make use of user account data stored in
the directory.
|
PasswordPolicyControl |
A Password Policy request control.
|
PasswordPolicyControlExtractor |
Obtains the PasswordPolicyControl from a context for use by other classes.
|
PasswordPolicyControlFactory |
Transforms a control object to a PasswordPolicyResponseControl object, if appropriate.
|
PasswordPolicyData |
|
PasswordPolicyErrorStatus |
Defines status codes for use with PasswordPolicyException, with error codes
(for message source lookup) and default messages.
|
PasswordPolicyException |
Generic exception raised by the ppolicy package.
|
PasswordPolicyResponseControl |
Represents the response control received when a PasswordPolicyControl is used
when binding to a directory.
|
PasswordReactiveOAuth2AuthorizedClientProvider |
|
PathPatternParserServerWebExchangeMatcher |
Matches if the PathPattern matches the path within the application.
|
PayloadExchange |
Contract for a Payload interaction.
|
PayloadExchangeAuthenticationConverter |
|
PayloadExchangeAuthorizationContext |
|
PayloadExchangeMatcher |
|
PayloadExchangeMatcher.MatchResult |
The result of matching
|
PayloadExchangeMatcherEntry<T> |
|
PayloadExchangeMatcherReactiveAuthorizationManager |
|
PayloadExchangeMatcherReactiveAuthorizationManager.Builder |
|
PayloadExchangeMatchers |
|
PayloadExchangeType |
|
PayloadInterceptor |
Contract for interception-style, chained processing of Payloads that may be used to
implement cross-cutting, application-agnostic requirements such as security, timeouts,
and others.
|
PayloadInterceptorChain |
|
PayloadInterceptorOrder |
|
PayloadSocketAcceptorInterceptor |
|
Pbkdf2PasswordEncoder |
A PasswordEncoder implementation that uses PBKDF2 with :
a configurable random salt value length (default is 8
bytes)
a configurable number of iterations (default is 185000)
a configurable output hash width (default is 256
bits)
a configurable key derivation function (see Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm )
a configurable secret appended to the random salt (default is empty)
The algorithm is invoked on the concatenated bytes of the salt, secret and password.
|
Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm |
The Algorithm used for creating the SecretKeyFactory
|
Permission |
Represents a permission granted to a Sid for a given domain object.
|
PermissionCacheOptimizer |
Allows permissions to be pre-cached when using pre or post filtering with expressions
|
PermissionEvaluator |
Strategy used in expression evaluation to determine whether a user has a permission or
permissions for a given domain object.
|
PermissionFactory |
Provides a simple mechanism to retrieve Permission instances from integer
masks.
|
PermissionGrantingStrategy |
Allow customization of the logic for determining whether a permission or permissions
are granted to a particular sid or sids by an Acl .
|
PermissionsPolicyHeaderWriter |
|
PermissionsPolicyServerHttpHeadersWriter |
Writes the Permissions-Policy response header with configured policy
directives.
|
PersistentRememberMeToken |
|
PersistentTokenBasedRememberMeServices |
|
PersistentTokenRepository |
|
Person |
UserDetails implementation whose properties are based on the LDAP schema for
Person.
|
Person.Essence |
|
PersonContextMapper |
|
PkceParameterNames |
Standard parameter names defined in the OAuth Parameters Registry and used by the
authorization endpoint and token endpoint.
|
PortMapper |
PortMapper implementations provide callers with information about which
HTTP ports are associated with which HTTPS ports on the system, and vice versa.
|
PortMapperConfigurer<H extends HttpSecurityBuilder<H>> |
Allows configuring a shared PortMapper instance used to determine the ports
when redirecting between HTTP and HTTPS.
|
PortMapperImpl |
Concrete implementation of PortMapper that obtains HTTP:HTTPS pairs from the
application context.
|
PortResolver |
A PortResolver determines the port a web request was received on.
|
PortResolverImpl |
Concrete implementation of PortResolver that obtains the port from
ServletRequest.getServerPort().
|
PostAuthorize |
Annotation for specifying a method access-control expression which will be evaluated
after a method has been invoked.
|
PostFilter |
Annotation for specifying a method filtering expression which will be evaluated after a
method has been invoked.
|
PostInvocationAdviceProvider |
AfterInvocationProvider which delegates to a
PostInvocationAuthorizationAdvice instance passing it the
PostInvocationAttribute created from @PostAuthorize and @PostFilter
annotations.
|
PostInvocationAttribute |
Marker interface for attributes which are created from combined @PostFilter
and @PostAuthorize annotations.
|
PostInvocationAuthorizationAdvice |
Performs filtering and authorization logic after a method is invoked.
|
PreAuthenticatedAuthenticationProvider |
Processes a pre-authenticated authentication request.
|
PreAuthenticatedAuthenticationToken |
|
PreAuthenticatedCredentialsNotFoundException |
|
PreAuthenticatedGrantedAuthoritiesUserDetailsService |
This AuthenticationUserDetailsService implementation creates a UserDetails object based
solely on the information contained in the given PreAuthenticatedAuthenticationToken.
|
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails |
This WebAuthenticationDetails implementation allows for storing a list of
pre-authenticated Granted Authorities.
|
PreAuthorize |
Annotation for specifying a method access-control expression which will be evaluated to
decide whether a method invocation is allowed or not.
|
PreFilter |
Annotation for specifying a method filtering expression which will be evaluated before
a method has been invoked.
|
PreInvocationAttribute |
Marker interface for attributes which are created from combined @PreFilter
and @PreAuthorize annotations.
|
PreInvocationAuthorizationAdvice |
Performs argument filtering and authorization logic before a method is invoked.
|
PreInvocationAuthorizationAdviceVoter |
Voter which performs the actions using a PreInvocationAuthorizationAdvice
implementation generated from @PreFilter and @PreAuthorize annotations.
|
PrePostAdviceReactiveMethodInterceptor |
A MethodInterceptor that supports PreAuthorize and
PostAuthorize for methods that return Mono or Flux and Kotlin
coroutine functions.
|
PrePostAnnotationSecurityMetadataSource |
MethodSecurityMetadataSource which extracts metadata from the @PreFilter
and @PreAuthorize annotations placed on a method.
|
PrePostInvocationAttributeFactory |
|
PrincipalSid |
Represents an Authentication.getPrincipal() as a Sid .
|
ProviderManager |
|
ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> |
Interface for operating on a SecurityBuilder that creates a ProviderManager
|
ProviderNotFoundException |
|
PublicInvocationEvent |
Event that is generated whenever a public secure object is invoked.
|
R2dbcReactiveOAuth2AuthorizedClientService |
|
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder |
|
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper |
|
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper |
|
ReactiveAuthenticationManager |
|
ReactiveAuthenticationManagerAdapter |
Adapts an AuthenticationManager to the reactive APIs.
|
ReactiveAuthenticationManagerResolver<C> |
|
ReactiveAuthorizationManager<T> |
A reactive authorization manager which can determine if an Authentication has
access to a specific object.
|
ReactiveClientRegistrationRepository |
|
ReactiveJwtAuthenticationConverter |
|
ReactiveJwtAuthenticationConverterAdapter |
A reactive Converter for adapting a non-blocking imperative Converter
|
ReactiveJwtDecoder |
Implementations of this interface are responsible for "decoding" a JSON Web
Token (JWT) from it's compact claims representation format to a Jwt .
|
ReactiveJwtDecoderFactory<C> |
|
ReactiveJwtDecoders |
|
ReactiveJwtGrantedAuthoritiesConverterAdapter |
Adapts a Converter<Jwt, Collection<GrantedAuthority>> to
a Converter<Jwt, Flux<GrantedAuthority>> .
|
ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> |
A reactive strategy for "exchanging" an authorization grant credential (e.g.
|
ReactiveOAuth2AuthorizationFailureHandler |
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the
authorization server or resource server.
|
ReactiveOAuth2AuthorizationSuccessHandler |
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized)
via the authorization server.
|
ReactiveOAuth2AuthorizedClientManager |
Implementations of this interface are responsible for the overall management of
Authorized Client(s) .
|
ReactiveOAuth2AuthorizedClientProvider |
A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
|
ReactiveOAuth2AuthorizedClientProviderBuilder |
|
ReactiveOAuth2AuthorizedClientService |
Implementations of this interface are responsible for the management of
Authorized Client(s) , which provide the purpose of
associating an Access Token credential
to a Client and Resource Owner,
who is the Principal that originally
granted the authorization.
|
ReactiveOAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> |
Implementations of this interface are responsible for obtaining the user attributes of
the End-User (Resource Owner) from the UserInfo Endpoint using the
Access Token granted to the
Client and returning an
AuthenticatedPrincipal in the form of an OAuth2User .
|
ReactiveOidcIdTokenDecoderFactory |
|
ReactiveOpaqueTokenIntrospector |
A contract for introspecting and verifying an OAuth 2.0 token.
|
ReactivePreAuthenticatedAuthenticationManager |
|
ReactiveSecurityContextHolder |
|
ReactiveUserDetailsPasswordService |
|
ReactiveUserDetailsService |
|
ReactiveUserDetailsServiceResourceFactoryBean |
|
ReactorContextTestExecutionListener |
Sets up the Reactor Context with the Authentication from the TestSecurityContextHolder
and then clears the Reactor Context at the end of the tests.
|
ReactorContextWebFilter |
|
RedirectServerAuthenticationEntryPoint |
Performs a redirect to a specified location.
|
RedirectServerAuthenticationFailureHandler |
Performs a redirect to a specified location.
|
RedirectServerAuthenticationSuccessHandler |
Performs a redirect on authentication success.
|
RedirectServerLogoutSuccessHandler |
Performs a redirect on log out success.
|
RedirectStrategy |
Encapsulates the redirection logic for all classes in the framework which perform
redirects.
|
RedirectUrlBuilder |
Internal class for building redirect URLs.
|
ReferrerPolicyHeaderWriter |
|
ReferrerPolicyHeaderWriter.ReferrerPolicy |
|
ReferrerPolicyServerHttpHeadersWriter |
Writes the Referrer-Policy response header.
|
ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy |
|
RefreshTokenOAuth2AuthorizedClientProvider |
|
RefreshTokenReactiveOAuth2AuthorizedClientProvider |
|
RegexBasedAxFetchListFactory |
Deprecated.
|
RegExpAllowFromStrategy |
Deprecated.
|
RegexRequestMatcher |
Uses a regular expression to decide whether a supplied the URL of a supplied
HttpServletRequest .
|
RegisteredOAuth2AuthorizedClient |
This annotation may be used to resolve a method parameter to an argument value of type
OAuth2AuthorizedClient .
|
RegisterSessionAuthenticationStrategy |
|
RelyingPartyRegistration |
Represents a configured relying party (aka Service Provider) and asserting party (aka
Identity Provider) pair.
|
RelyingPartyRegistration.AssertingPartyDetails |
The configuration metadata of the Asserting party
|
RelyingPartyRegistration.AssertingPartyDetails.Builder |
|
RelyingPartyRegistration.Builder |
|
RelyingPartyRegistration.ProviderDetails |
Deprecated.
|
RelyingPartyRegistration.ProviderDetails.Builder |
Deprecated.
|
RelyingPartyRegistrationRepository |
|
RelyingPartyRegistrations |
|
RememberMeAuthenticationException |
This exception is thrown when an
Authentication exception occurs while using
the remember-me authentication.
|
RememberMeAuthenticationFilter |
Detects if there is no Authentication object in the SecurityContext ,
and populates the context with a remember-me authentication token if a
RememberMeServices implementation so requests.
|
RememberMeAuthenticationProvider |
|
RememberMeAuthenticationToken |
Represents a remembered Authentication .
|
RememberMeConfigurer<H extends HttpSecurityBuilder<H>> |
Configures Remember Me authentication.
|
RememberMeServices |
Implement by a class that is capable of providing a remember-me service.
|
RemoteAuthenticationException |
Thrown if a RemoteAuthenticationManager cannot validate the presented
authentication request.
|
RemoteAuthenticationManager |
Allows remote clients to attempt authentication.
|
RemoteAuthenticationManagerImpl |
Server-side processor of a remote authentication request.
|
RemoteAuthenticationProvider |
|
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler |
|
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover |
|
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler |
|
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover |
|
RequestAttributeAuthenticationFilter |
A simple pre-authenticated filter which obtains the username from request attributes,
for use with SSO systems such as
Stanford
WebAuth or Shibboleth.
|
RequestAuthorizationContext |
An HttpServletRequest authorization context.
|
RequestCache |
Implements "saved request" logic, allowing a single request to be retrieved and
restarted after redirecting to an authentication mechanism.
|
RequestCacheAwareFilter |
Responsible for reconstituting the saved request if one is cached and it matches the
current request.
|
RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> |
Adds request cache for Spring Security.
|
RequestHeaderAuthenticationFilter |
A simple pre-authenticated filter which obtains the username from a request header, for
use with systems such as CA Siteminder.
|
RequestHeaderRequestMatcher |
A RequestMatcher that can be used to match request that contain a header with
an expected header name and an expected value.
|
RequestKey |
|
RequestMatcher |
Simple strategy to match an HttpServletRequest.
|
RequestMatcher.MatchResult |
The result of matching against an HttpServletRequest Contains the status, true or
false, of the match and if present, any variables extracted from the match
|
RequestMatcherDelegatingAccessDeniedHandler |
|
RequestMatcherDelegatingAuthorizationManager |
|
RequestMatcherDelegatingAuthorizationManager.Builder |
|
RequestMatcherEditor |
PropertyEditor which creates ELRequestMatcher instances from Strings
This allows to use a String in a BeanDefinition instead of an (inner) bean if a
RequestMatcher is required, e.g.
|
RequestRejectedException |
|
RequestRejectedHandler |
|
RequestVariablesExtractor |
Deprecated.
|
RetryWithHttpEntryPoint |
Commences an insecure channel by retrying the original request using HTTP.
|
RetryWithHttpsEntryPoint |
Commences a secure channel by retrying the original request using HTTPS.
|
RoleHierarchy |
The simple interface of a role hierarchy.
|
RoleHierarchyAuthoritiesMapper |
|
RoleHierarchyImpl |
This class defines a role hierarchy for use with various access checking components.
|
RoleHierarchyUtils |
|
RoleHierarchyVoter |
Extended RoleVoter which uses a RoleHierarchy definition to determine the roles
allocated to the current user before voting.
|
RoleVoter |
|
RoutePayloadExchangeMatcher |
|
RsaKeyConversionServicePostProcessor |
|
RsaKeyConverters |
Used for creating Key converter instances
|
RSocketSecurity |
Allows configuring RSocket based security.
|
RunAsImplAuthenticationProvider |
|
RunAsManager |
Creates a new temporary Authentication object for the current secure object
invocation only.
|
RunAsManagerImpl |
|
RunAsUserToken |
|
Saml2AuthenticatedPrincipal |
|
Saml2Authentication |
|
Saml2AuthenticationException |
This exception is thrown for all SAML 2.0 related Authentication errors.
|
Saml2AuthenticationRequest |
Deprecated.
|
Saml2AuthenticationRequest.Builder |
|
Saml2AuthenticationRequestContext |
|
Saml2AuthenticationRequestContext.Builder |
|
Saml2AuthenticationRequestContextResolver |
|
Saml2AuthenticationRequestFactory |
Component that generates AuthenticationRequest, samlp:AuthnRequestType
XML, and accompanying signature data.
|
Saml2AuthenticationToken |
Represents an incoming SAML 2.0 response containing an assertion that has not been
validated.
|
Saml2AuthenticationTokenConverter |
|
Saml2Error |
A representation of an SAML 2.0 Error.
|
Saml2Error |
Deprecated.
|
Saml2ErrorCodes |
A list of SAML known 2 error codes used during SAML authentication.
|
Saml2ErrorCodes |
Deprecated.
|
Saml2Exception |
|
Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> |
An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web
Browser Single Sign On (WebSSO) Flow.
|
Saml2MessageBinding |
The type of bindings that messages are exchanged using Supported bindings are
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST and
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect .
|
Saml2MetadataFilter |
A Filter that returns the metadata for a Relying Party
|
Saml2MetadataResolver |
|
Saml2PostAuthenticationRequest |
Data holder for information required to send an AuthNRequest over a POST
binding from the service provider to the identity provider
https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
(line 2031)
|
Saml2PostAuthenticationRequest.Builder |
|
Saml2RedirectAuthenticationRequest |
Data holder for information required to send an AuthNRequest over a REDIRECT
binding from the service provider to the identity provider
https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf
(line 2031)
|
Saml2RedirectAuthenticationRequest.Builder |
|
Saml2ResponseValidatorResult |
A result emitted from a SAML 2.0 Response validation attempt
|
Saml2WebSsoAuthenticationFilter |
|
Saml2WebSsoAuthenticationRequestFilter |
This Filter formulates a
SAML 2.0
AuthnRequest (line 1968) and redirects to a configured asserting party.
|
Saml2X509Credential |
An object for holding a public certificate, any associated private key, and its
intended
usages (Line 584, Section 4.3 Credentials).
|
Saml2X509Credential |
Deprecated.
|
Saml2X509Credential.Saml2X509CredentialType |
|
Saml2X509Credential.Saml2X509CredentialType |
Deprecated.
|
SamlServiceProperties |
Sets the appropriate parameters for CAS's implementation of SAML (which is not
guaranteed to be actually SAML compliant).
|
SaveContextOnUpdateOrErrorResponseWrapper |
Base class for response wrappers which encapsulate the logic for storing a security
context and which store the SecurityContext when a
sendError() , sendRedirect ,
getOutputStream().close() , getOutputStream().flush() ,
getWriter().close() , or getWriter().flush() happens on the
same thread that this SaveContextOnUpdateOrErrorResponseWrapper was created.
|
SavedCookie |
Stores off the values of a cookie in a serializable holder
|
SavedRequest |
Encapsulates the functionality required of a cached request for both an authentication
mechanism (typically form-based login) to redirect to the original URL and for a
RequestCache to build a wrapped request, reproducing the original request
data.
|
SavedRequestAwareAuthenticationSuccessHandler |
|
SCryptPasswordEncoder |
Implementation of PasswordEncoder that uses the SCrypt hashing function.
|
SecureChannelProcessor |
Ensures channel security is active by review of
HttpServletRequest.isSecure() responses.
|
Secured |
Java 5 annotation for describing service layer security attributes.
|
SecuredAnnotationSecurityMetadataSource |
Sources method security metadata from Spring Security's Secured annotation.
|
SecureRandomFactoryBean |
Creates a SecureRandom instance.
|
SecurityBuilder<O> |
Interface for building an Object
|
SecurityConfig |
|
SecurityConfigurer<O,B extends SecurityBuilder<O>> |
|
SecurityConfigurerAdapter<O,B extends SecurityBuilder<O>> |
A base class for SecurityConfigurer that allows subclasses to only implement
the methods they are interested in.
|
SecurityContext |
Interface defining the minimum security information associated with the current thread
of execution.
|
SecurityContextCallableProcessingInterceptor |
Allows for integration with Spring MVC's Callable support.
|
SecurityContextChannelInterceptor |
Creates a ExecutorChannelInterceptor that will obtain the
Authentication from the specified Message.getHeaders() .
|
SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> |
|
SecurityContextHolder |
|
SecurityContextHolderAwareRequestFilter |
A Filter which populates the ServletRequest with a request
wrapper which implements the servlet API security methods.
|
SecurityContextHolderAwareRequestWrapper |
|
SecurityContextHolderStrategy |
A strategy for storing security context information against a thread.
|
SecurityContextImpl |
|
SecurityContextLoginModule |
An implementation of LoginModule that uses a Spring Security
SecurityContext to
provide authentication.
|
SecurityContextLogoutHandler |
|
SecurityContextPersistenceFilter |
|
SecurityContextRepository |
|
SecurityContextServerLogoutHandler |
|
SecurityContextServerWebExchange |
Overrides the ServerWebExchange.getPrincipal() with the provided
SecurityContext
|
SecurityContextServerWebExchangeWebFilter |
|
SecurityDebugBeanFactoryPostProcessor |
|
SecurityEvaluationContextExtension |
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for
creating Spring Data queries.
|
SecurityExpressionHandler<T> |
Facade which isolates Spring Security's requirements for evaluating security
expressions from the implementation of the underlying expression objects
|
SecurityExpressionOperations |
Standard interface for expression root objects used with expression-based security.
|
SecurityExpressionRoot |
Base root object for use in Spring Security expression evaluations.
|
SecurityFilterChain |
Defines a filter chain which is capable of being matched against an
HttpServletRequest .
|
SecurityHeaders |
Utilities for interacting with HttpHeaders
|
SecurityJackson2Modules |
This utility class will find all the SecurityModules in classpath.
|
SecurityMetadataSource |
Implemented by classes that store and can identify the ConfigAttribute s that
applies to a given secure object invocation.
|
SecurityMockMvcConfigurers |
Provides Security related
MockMvcConfigurer implementations.
|
SecurityMockMvcRequestBuilders |
Contains Spring Security related MockMvc RequestBuilder s.
|
SecurityMockMvcRequestBuilders.FormLoginRequestBuilder |
Creates a form based login request including any necessary CsrfToken .
|
SecurityMockMvcRequestBuilders.LogoutRequestBuilder |
Creates a logout request (including any necessary CsrfToken )
|
SecurityMockMvcRequestPostProcessors |
Contains MockMvc RequestPostProcessor implementations for Spring
Security.
|
SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor |
Populates a valid CsrfToken into the request.
|
SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor |
|
SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor |
|
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor |
|
SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor |
|
SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor |
|
SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor |
|
SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor |
|
SecurityMockMvcResultMatchers |
Security related MockMvc ResultMatcher s.
|
SecurityMockMvcResultMatchers.AuthenticatedMatcher |
A MockMvc ResultMatcher that verifies a specific user is associated
to the MvcResult .
|
SecurityMockServerConfigurers |
Test utilities for working with Spring Security and
WebTestClient.Builder.apply(WebTestClientConfigurer) .
|
SecurityMockServerConfigurers.CsrfMutator |
|
SecurityMockServerConfigurers.JwtMutator |
Updates the WebServerExchange using {@link
SecurityMockServerConfigurers#mockAuthentication(Authentication)} .
|
SecurityMockServerConfigurers.OAuth2ClientMutator |
|
SecurityMockServerConfigurers.OAuth2LoginMutator |
|
SecurityMockServerConfigurers.OidcLoginMutator |
|
SecurityMockServerConfigurers.OpaqueTokenMutator |
|
SecurityMockServerConfigurers.UserExchangeMutator |
Updates the WebServerExchange using {@link
SecurityMockServerConfigurers#mockUser(UserDetails)} .
|
SecurityNamespaceHandler |
Parses elements from the "security" namespace
(http://www.springframework.org/schema/security).
|
SecuritySocketAcceptorInterceptor |
A SocketAcceptorInterceptor that applies Security through a delegate
SocketAcceptorInterceptor .
|
SecurityTestExecutionListeners |
There are many times a user may want to use Spring Security's test support (i.e.
|
SecurityWebApplicationContextUtils |
Spring Security extension to Spring's WebApplicationContextUtils .
|
SecurityWebFilterChain |
Defines a filter chain which is capable of being matched against a
ServerWebExchange in order to decide whether it applies to that request.
|
SecurityWebFiltersOrder |
|
ServerAccessDeniedHandler |
|
ServerAuthenticationConverter |
|
ServerAuthenticationEntryPoint |
Used to request authentication
|
ServerAuthenticationEntryPointFailureHandler |
|
ServerAuthenticationFailureHandler |
Handles authentication failure
|
ServerAuthenticationSuccessHandler |
Handles authentication success
|
ServerAuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> |
|
ServerBearerExchangeFilterFunction |
|
ServerBearerTokenAuthenticationConverter |
A strategy for resolving
Bearer
Tokens from the ServerWebExchange .
|
ServerCsrfTokenRepository |
An API to allow changing the method in which the expected CsrfToken is
associated to the ServerWebExchange .
|
ServerFormLoginAuthenticationConverter |
Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
data HTTP parameters.
|
ServerFormLoginAuthenticationConverter |
Deprecated.
|
ServerHttpBasicAuthenticationConverter |
Converts from a ServerWebExchange to an Authentication that can be
authenticated.
|
ServerHttpBasicAuthenticationConverter |
Deprecated.
|
ServerHttpHeadersWriter |
Interface for writing headers just before the response is committed.
|
ServerHttpSecurity |
|
ServerLogoutHandler |
Handles log out
|
ServerLogoutSuccessHandler |
Strategy for when log out was successfully performed (typically after
ServerLogoutHandler is invoked).
|
ServerOAuth2AuthorizationCodeAuthenticationTokenConverter |
|
ServerOAuth2AuthorizationRequestResolver |
|
ServerOAuth2AuthorizedClientExchangeFilterFunction |
Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth2
requests by including the token as a Bearer Token.
|
ServerOAuth2AuthorizedClientRepository |
Implementations of this interface are responsible for the persistence of
Authorized Client(s) between requests.
|
ServerRedirectStrategy |
A strategy for performing redirects.
|
ServerRequestCache |
Saves a ServerHttpRequest so it can be "replayed" later.
|
ServerRequestCacheWebFilter |
|
ServerSecurityContextRepository |
|
ServerWebExchangeDelegatingServerAccessDeniedHandler |
|
ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry |
|
ServerWebExchangeMatcher |
|
ServerWebExchangeMatcher.MatchResult |
The result of matching
|
ServerWebExchangeMatcherEntry<T> |
|
ServerWebExchangeMatchers |
|
ServerX509AuthenticationConverter |
|
ServiceAuthenticationDetails |
|
ServiceAuthenticationDetailsSource |
The AuthenticationDetailsSource that is set on the
CasAuthenticationFilter should return a value that implements
ServiceAuthenticationDetails if the application needs to authenticate dynamic
service urls.
|
ServiceProperties |
Stores properties related to this CAS service.
|
ServletApiConfigurer<H extends HttpSecurityBuilder<H>> |
|
ServletBearerExchangeFilterFunction |
|
ServletOAuth2AuthorizedClientExchangeFilterFunction |
|
SessionAuthenticationException |
Thrown by an SessionAuthenticationStrategy to indicate that an authentication
object is not valid for the current session, typically because the same user has
exceeded the number of sessions they are allowed to have concurrently.
|
SessionAuthenticationStrategy |
Allows pluggable support for HttpSession-related behaviour when an authentication
occurs.
|
SessionCreationEvent |
Generic session creation event which indicates that a session (potentially represented
by a security context) has begun.
|
SessionCreationPolicy |
Specifies the various session creation policies for Spring Security.
|
SessionDestroyedEvent |
Generic "session termination" event which indicates that a session (potentially
represented by a security context) has ended.
|
SessionFixationProtectionEvent |
Indicates a session ID was changed for the purposes of session fixation protection.
|
SessionFixationProtectionStrategy |
Uses HttpServletRequest.invalidate() to protect against session fixation
attacks.
|
SessionIdChangedEvent |
Generic "session ID changed" event which indicates that a session identifier
(potentially represented by a security context) has changed.
|
SessionInformation |
Represents a record of a session within the Spring Security framework.
|
SessionInformationExpiredEvent |
|
SessionInformationExpiredStrategy |
Determines the behaviour of the ConcurrentSessionFilter when an expired session
is detected in the ConcurrentSessionFilter .
|
SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> |
Allows configuring session management.
|
SessionManagementFilter |
Detects that a user has been authenticated since the start of the request and, if they
have, calls the configured SessionAuthenticationStrategy to perform any
session-related activity such as activating session-fixation protection mechanisms or
checking for multiple concurrent logins.
|
SessionRegistry |
Maintains a registry of SessionInformation instances.
|
SessionRegistryImpl |
|
Sha512DigestUtils |
Provides SHA512 digest methods.
|
Sid |
A security identity recognised by the ACL system.
|
SidRetrievalStrategy |
Strategy interface that provides an ability to determine the Sid instances
applicable for an Authentication .
|
SidRetrievalStrategyImpl |
Basic implementation of SidRetrievalStrategy that creates a Sid for the
principal, as well as every granted authority the principal holds.
|
SignatureAlgorithm |
An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA)
specification and used by JSON Web Signature (JWS) to digitally sign the contents of
the JWS Protected Header and JWS Payload.
|
SimpDestinationMessageMatcher |
MessageMatcher which compares a pre-defined pattern against the destination of a
Message .
|
SimpleAttributes2GrantedAuthoritiesMapper |
This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a
one-to-one mapping from roles to Spring Security GrantedAuthorities.
|
SimpleAuthenticationEncoder |
Encodes Simple
Authentication.
|
SimpleAuthorityMapper |
Simple one-to-one GrantedAuthoritiesMapper which allows for case conversion of
the authority name and the addition of a string prefix (which defaults to ROLE_
).
|
SimpleGrantedAuthority |
|
SimpleGrantedAuthorityMixin |
|
SimpleMappableAttributesRetriever |
This class implements the MappableAttributesRetriever interface by just returning a
list of mappable attributes as previously set using the corresponding setter method.
|
SimpleMethodInvocation |
Represents the AOP Alliance MethodInvocation .
|
SimpleRedirectInvalidSessionStrategy |
Performs a redirect to a fixed URL when an invalid requested session is detected by the
SessionManagementFilter .
|
SimpleRedirectSessionInformationExpiredStrategy |
Performs a redirect to a fixed URL when an expired session is detected by the
ConcurrentSessionFilter .
|
SimpleSavedRequest |
A Bean implementation of SavedRequest
|
SimpleUrlAuthenticationFailureHandler |
AuthenticationFailureHandler which performs a redirect to the value of the
defaultFailureUrl property when the
onAuthenticationFailure method is called.
|
SimpleUrlAuthenticationSuccessHandler |
AuthenticationSuccessHandler which can be configured with a default URL which
users should be sent to upon successful authentication.
|
SimpleUrlLogoutSuccessHandler |
|
SimpMessageTypeMatcher |
A MessageMatcher that matches if the provided Message has a type that
is the same as the SimpMessageType that was specified in the constructor.
|
SpringCacheBasedAclCache |
Simple implementation of AclCache that
delegates to Cache implementation.
|
SpringCacheBasedTicketCache |
Caches tickets using a Spring IoC defined Cache .
|
SpringCacheBasedUserCache |
Caches UserDetails instances in a Spring defined Cache .
|
SpringSecurityAuthenticationSource |
An AuthenticationSource to retrieve authentication information stored in Spring
Security's SecurityContextHolder .
|
SpringSecurityCoreVersion |
Internal class used for checking version compatibility in a deployed application.
|
SpringSecurityLdapTemplate |
Extension of Spring LDAP's LdapTemplate class which adds extra functionality required
by Spring Security.
|
SpringSecurityMessageSource |
The default MessageSource used by Spring Security.
|
StandardClaimAccessor |
A ClaimAccessor for the "Standard Claims" that can be returned either
in the UserInfo Response or the ID Token.
|
StandardClaimNames |
The names of the "Standard Claims" defined by the OpenID Connect Core 1.0
specification that can be returned either in the UserInfo Response or the ID Token.
|
StandardPasswordEncoder |
Deprecated.
|
StatelessTicketCache |
Caches CAS service tickets and CAS proxy tickets for stateless connections.
|
StaticAllowFromStrategy |
Deprecated.
|
StaticHeadersWriter |
HeaderWriter implementation which writes the same Header instance.
|
StaticServerHttpHeadersWriter |
Allows specifying HttpHeaders that should be written to the response.
|
StaticServerHttpHeadersWriter.Builder |
|
StrictHttpFirewall |
|
StrictTransportSecurityServerHttpHeadersWriter |
Writes the Strict-Transport-Security if the request is secure.
|
StringKeyGenerator |
A generator for unique string keys.
|
SubjectDnX509PrincipalExtractor |
Obtains the principal from a certificate using a regular expression match against the
Subject (as returned by a call to X509Certificate.getSubjectDN() ).
|
SwitchUserAuthorityChanger |
Allows subclasses to modify the GrantedAuthority list that will be assigned to
the principal when they assume the identity of a different principal.
|
SwitchUserFilter |
Switch User processing filter responsible for user context switching.
|
SwitchUserGrantedAuthority |
|
SwitchUserWebFilter |
Switch User processing filter responsible for user context switching.
|
TagLibConfig |
internal configuration class for taglibs.
|
TestExecutionEvent |
Represents the events on the methods of
TestExecutionListener
|
TestingAuthenticationProvider |
|
TestingAuthenticationToken |
An Authentication implementation that is
designed for use whilst unit testing.
|
TestSecurityContextHolder |
|
TextEncryptor |
Service interface for symmetric encryption of text strings.
|
TextEscapeUtils |
Internal utility for escaping characters in HTML strings.
|
ThrowableAnalyzer |
Handler for analyzing Throwable instances.
|
ThrowableCauseExtractor |
Interface for handlers extracting the cause out of a specific Throwable type.
|
Token |
|
TokenBasedRememberMeServices |
Identifies previously remembered users by a Base-64 encoded cookie.
|
TokenService |
Provides a mechanism to allocate and rebuild secure, randomised tokens.
|
Transient |
A marker for Authentication s that should never be stored across requests, for
example a bearer token authentication
|
UnanimousBased |
Simple concrete implementation of
AccessDecisionManager that requires all
voters to abstain or grant access.
|
UnAuthenticatedServerOAuth2AuthorizedClientRepository |
Deprecated.
|
UnboundIdContainer |
|
UnloadedSidException |
Thrown if an Acl cannot perform an operation because it only loaded a subset of
Sid s and the caller has requested details for an unloaded Sid
.
|
UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> |
|
UrlUtils |
Provides static methods for composing URLs.
|
User |
|
User.UserBuilder |
Builds the user to be added.
|
UserAttribute |
|
UserAttributeEditor |
Property editor that creates a UserAttribute from a comma separated list of
values.
|
UserCache |
|
UserDetails |
Provides core user information.
|
UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> |
|
UserDetailsByNameServiceWrapper<T extends Authentication> |
This implementation for AuthenticationUserDetailsService wraps a regular Spring
Security UserDetailsService implementation, to retrieve a UserDetails object based on
the user name contained in an Authentication object.
|
UserDetailsChecker |
Called by classes which make use of a UserDetailsService to check the status of
the loaded UserDetails object.
|
UserDetailsContextMapper |
Operations to map a UserDetails object to and from a Spring LDAP
DirContextOperations implementation.
|
UserDetailsManager |
An extension of the UserDetailsService which provides the ability to create new
users and update existing ones.
|
UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsManagerConfigurer<B,C>> |
|
UserDetailsManagerResourceFactoryBean |
|
UserDetailsMapFactoryBean |
Creates a Collection<UserDetails> from a @{code Map} in the format of
|
UserDetailsPasswordService |
|
UserDetailsRepositoryReactiveAuthenticationManager |
|
UserDetailsResourceFactoryBean |
Parses a Resource that is a Properties file in the format of:
username=password[,enabled|disabled],roles...
|
UserDetailsService |
Core interface which loads user-specific data.
|
UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsServiceConfigurer<B,C,U>,U extends UserDetailsService> |
|
UserDetailsServiceFactoryBean |
Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.
|
UserDetailsServiceLdapAuthoritiesPopulator |
Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name
which was supplied at login as the username.
|
UsernameNotFoundException |
|
UsernamePasswordAuthenticationFilter |
Processes an authentication form submission.
|
UsernamePasswordAuthenticationToken |
An Authentication implementation that is
designed for simple presentation of a username and password.
|
UsernamePasswordMetadata |
Represents a username and password that have been encoded into a
Payload.metadata() .
|
UserServiceBeanDefinitionParser |
|
Utf8 |
UTF-8 Charset encoder/decoder.
|
WebAsyncManagerIntegrationFilter |
|
WebAttributes |
Well-known keys which are used to store Spring Security information in request or
session scope.
|
WebAuthenticationDetails |
A holder of selected HTTP details related to a web authentication request.
|
WebAuthenticationDetailsSource |
Implementation of AuthenticationDetailsSource which builds the details object
from an HttpServletRequest object, creating a WebAuthenticationDetails
.
|
WebClientReactiveAuthorizationCodeTokenResponseClient |
|
WebClientReactiveClientCredentialsTokenResponseClient |
|
WebClientReactivePasswordTokenResponseClient |
|
WebClientReactiveRefreshTokenTokenResponseClient |
|
WebExpressionVoter |
Voter which handles web authorisation decisions.
|
WebFilterChainProxy |
|
WebFilterChainServerAuthenticationSuccessHandler |
Success handler that continues the filter chain after authentication success.
|
WebFilterExchange |
A composite of the ServerWebExchange and the WebFilterChain .
|
WebInvocationPrivilegeEvaluator |
Allows users to determine whether they have privileges for a given web URI.
|
WebJackson2Module |
Jackson module for spring-security-web.
|
WebMvcSecurityConfiguration |
Deprecated.
|
WebSecurity |
|
WebSecurityConfiguration |
|
WebSecurityConfigurer<T extends SecurityBuilder<javax.servlet.Filter>> |
|
WebSecurityConfigurerAdapter |
|
WebSecurityCustomizer |
|
WebSecurityExpressionRoot |
|
WebServerJackson2Module |
Jackson module for spring-security-web-flux.
|
WebServletJackson2Module |
Jackson module for spring-security-web related to servlet.
|
WebSessionOAuth2ServerAuthorizationRequestRepository |
|
WebSessionServerCsrfTokenRepository |
|
WebSessionServerOAuth2AuthorizedClientRepository |
|
WebSessionServerRequestCache |
An implementation of ServerRequestCache that saves the
ServerHttpRequest in the WebSession .
|
WebSessionServerSecurityContextRepository |
|
WebSocketMessageBrokerSecurityBeanDefinitionParser |
Parses Spring Security's websocket namespace support.
|
WebSpherePreAuthenticatedProcessingFilter |
This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere
authentication.
|
WebSpherePreAuthenticatedWebAuthenticationDetailsSource |
This AuthenticationDetailsSource implementation will set the pre-authenticated granted
authorities based on the WebSphere groups for the current WebSphere user, mapped using
the configured Attributes2GrantedAuthoritiesMapper.
|
WebTestUtils |
A utility class for testing spring security
|
WebXmlMappableAttributesRetriever |
|
WhiteListedAllowFromStrategy |
Deprecated.
|
WithAnonymousUser |
|
WithMockUser |
|
WithSecurityContext |
|
WithSecurityContextFactory<A extends java.lang.annotation.Annotation> |
|
WithSecurityContextTestExecutionListener |
A TestExecutionListener that will find annotations that are annotated with
WithSecurityContext on a test method or at the class level.
|
WithUserDetails |
|
X509AuthenticationFilter |
|
X509Configurer<H extends HttpSecurityBuilder<H>> |
Adds X509 based pre authentication to an application.
|
X509PrincipalExtractor |
Obtains the principal from an X509Certificate for use within the framework.
|
XContentTypeOptionsHeaderWriter |
|
XContentTypeOptionsServerHttpHeadersWriter |
Adds X-Content-Type-Options: nosniff
|
XFrameOptionsHeaderWriter |
HeaderWriter implementation for the X-Frame-Options headers.
|
XFrameOptionsHeaderWriter.XFrameOptionsMode |
The possible values for the X-Frame-Options header.
|
XFrameOptionsServerHttpHeadersWriter |
ServerHttpHeadersWriter implementation for the X-Frame-Options headers.
|
XFrameOptionsServerHttpHeadersWriter.Mode |
The X-Frame-Options values.
|
XXssProtectionHeaderWriter |
|
XXssProtectionServerHttpHeadersWriter |
Add the x-xss-protection header.
|