| org.springframework.security.access |
Core access-control related code, including security metadata related classes,
interception code, access control annotations, EL support and voter-based
implementations of the central
AccessDecisionManager
interface. |
| org.springframework.security.access.annotation |
Support for JSR-250 and Spring Security @Secured annotations.
|
| org.springframework.security.access.event |
Authorization event and listener classes.
|
| org.springframework.security.access.expression |
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize, @PreFilter, @PostAuthorize and
@PostFilter annotations.
|
| org.springframework.security.access.expression.method |
Implementation of expression-based method security.
|
| org.springframework.security.access.hierarchicalroles |
Role hierarchy implementation.
|
| org.springframework.security.access.intercept |
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
|
| org.springframework.security.access.intercept.aopalliance |
Enforces security for AOP Alliance MethodInvocations, such as via Spring
AOP.
|
| org.springframework.security.access.intercept.aspectj |
Enforces security for AspectJ JointPoints, delegating secure object
callbacks to the calling aspect.
|
| org.springframework.security.access.method |
Provides SecurityMetadataSource implementations for securing Java method
invocations via different AOP libraries.
|
| org.springframework.security.access.prepost |
Contains the infrastructure classes for handling the @PreAuthorize,
@PreFilter, @PostAuthorize and @PostFilter annotations.
|
| org.springframework.security.access.vote |
Implements a vote-based approach to authorization decisions.
|
| org.springframework.security.acls |
The Spring Security ACL package which implements instance-based security for domain
objects.
|
| org.springframework.security.acls.afterinvocation |
After-invocation providers for collection and array filtering.
|
| org.springframework.security.acls.domain |
Basic implementation of access control lists (ACLs) interfaces.
|
| org.springframework.security.acls.jdbc |
JDBC-based persistence of ACL information
|
| org.springframework.security.acls.model |
Interfaces and shared classes to manage access control lists (ACLs) for domain object
instances.
|
| org.springframework.security.authentication |
Core classes and interfaces related to user authentication, which are used throughout
Spring Security.
|
| org.springframework.security.authentication.dao |
An AuthenticationProvider which relies upon a data access object.
|
| org.springframework.security.authentication.event |
Authentication success and failure events which can be published to the Spring
application context.
|
| org.springframework.security.authentication.jaas |
An authentication provider for JAAS.
|
| org.springframework.security.authentication.jaas.event |
JAAS authentication events which can be published to the Spring application context by
the JAAS authentication provider.
|
| org.springframework.security.authentication.jaas.memory |
An in memory JAAS implementation.
|
| org.springframework.security.authentication.rcp |
Allows remote clients to authenticate and obtain a populated
Authentication object.
|
| org.springframework.security.authorization |
|
| org.springframework.security.cas |
Spring Security support for Jasig's Central Authentication Service
( CAS). |
| org.springframework.security.cas.authentication |
An AuthenticationProvider that can process CAS service tickets and proxy
tickets.
|
| org.springframework.security.cas.jackson2 |
|
| org.springframework.security.cas.userdetails |
|
| org.springframework.security.cas.web |
Authenticates standard web browser users via CAS.
|
| org.springframework.security.cas.web.authentication |
Authentication processing mechanisms which respond to the submission of authentication
credentials using CAS.
|
| org.springframework.security.concurrent |
|
| org.springframework.security.config |
Support classes for the Spring Security namespace.
|
| org.springframework.security.config.annotation |
|
| org.springframework.security.config.annotation.authentication |
|
| org.springframework.security.config.annotation.authentication.builders |
|
| org.springframework.security.config.annotation.authentication.configuration |
|
| org.springframework.security.config.annotation.authentication.configurers.ldap |
|
| org.springframework.security.config.annotation.authentication.configurers.provisioning |
|
| org.springframework.security.config.annotation.authentication.configurers.userdetails |
|
| org.springframework.security.config.annotation.configuration |
|
| org.springframework.security.config.annotation.method.configuration |
|
| org.springframework.security.config.annotation.rsocket |
|
| org.springframework.security.config.annotation.web |
|
| org.springframework.security.config.annotation.web.builders |
|
| org.springframework.security.config.annotation.web.configuration |
|
| org.springframework.security.config.annotation.web.configurers |
|
| org.springframework.security.config.annotation.web.configurers.oauth2.client |
|
| org.springframework.security.config.annotation.web.configurers.oauth2.server.resource |
|
| org.springframework.security.config.annotation.web.configurers.openid |
|
| org.springframework.security.config.annotation.web.configurers.saml2 |
|
| org.springframework.security.config.annotation.web.messaging |
|
| org.springframework.security.config.annotation.web.reactive |
|
| org.springframework.security.config.annotation.web.servlet.configuration |
|
| org.springframework.security.config.annotation.web.socket |
|
| org.springframework.security.config.authentication |
Parsing of <authentication-manager> and related elements.
|
| org.springframework.security.config.core |
|
| org.springframework.security.config.core.userdetails |
|
| org.springframework.security.config.crypto |
|
| org.springframework.security.config.debug |
|
| org.springframework.security.config.http |
Parsing of the <http> namespace element.
|
| org.springframework.security.config.ldap |
Security namespace support for LDAP authentication.
|
| org.springframework.security.config.method |
Support for parsing of the <global-method-security> and <intercept-methods>
elements.
|
| org.springframework.security.config.oauth2.client |
|
| org.springframework.security.config.provisioning |
|
| org.springframework.security.config.web.server |
|
| org.springframework.security.config.websocket |
|
| org.springframework.security.context |
|
| org.springframework.security.converter |
|
| org.springframework.security.core |
Core classes and interfaces related to user authentication and authorization, as well
as the maintenance of a security context.
|
| org.springframework.security.core.annotation |
|
| org.springframework.security.core.authority |
The default implementation of the GrantedAuthority interface.
|
| org.springframework.security.core.authority.mapping |
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
GrantedAuthoritys.
|
| org.springframework.security.core.context |
Classes related to the establishment of a security context for the duration of a
request (such as an HTTP or RMI invocation).
|
| org.springframework.security.core.parameters |
|
| org.springframework.security.core.session |
Session abstraction which is provided by the
org.springframework.security.core.session.SessionInformation
SessionInformation class.
|
| org.springframework.security.core.token |
A service for building secure random tokens.
|
| org.springframework.security.core.userdetails |
The standard interfaces for implementing user data DAOs.
|
| org.springframework.security.core.userdetails.cache |
|
| org.springframework.security.core.userdetails.jdbc |
Exposes a JDBC-based authentication repository, implementing
org.springframework.security.core.userdetails.UserDetailsService UserDetailsService.
|
| org.springframework.security.core.userdetails.memory |
Exposes an in-memory authentication repository.
|
| org.springframework.security.crypto.argon2 |
|
| org.springframework.security.crypto.bcrypt |
|
| org.springframework.security.crypto.codec |
Internal codec classes.
|
| org.springframework.security.crypto.encrypt |
|
| org.springframework.security.crypto.factory |
|
| org.springframework.security.crypto.keygen |
|
| org.springframework.security.crypto.password |
|
| org.springframework.security.crypto.scrypt |
|
| org.springframework.security.crypto.util |
|
| org.springframework.security.data.repository.query |
|
| org.springframework.security.jackson2 |
Mix-in classes to add Jackson serialization support.
|
| org.springframework.security.ldap |
Spring Security's LDAP module.
|
| org.springframework.security.ldap.authentication |
The LDAP authentication provider package.
|
| org.springframework.security.ldap.authentication.ad |
|
| org.springframework.security.ldap.ppolicy |
|
| org.springframework.security.ldap.search |
LdapUserSearch implementations.
|
| org.springframework.security.ldap.server |
Embedded Apache Directory Server implementation, as used by the configuration
namespace.
|
| org.springframework.security.ldap.userdetails |
LDAP-focused UserDetails implementations which map from a ubset of the data
contained in some of the standard LDAP types (such as InetOrgPerson).
|
| org.springframework.security.messaging.access.expression |
|
| org.springframework.security.messaging.access.intercept |
|
| org.springframework.security.messaging.context |
|
| org.springframework.security.messaging.handler.invocation.reactive |
|
| org.springframework.security.messaging.util.matcher |
|
| org.springframework.security.messaging.web.csrf |
|
| org.springframework.security.messaging.web.socket.server |
|
| org.springframework.security.oauth2.client |
Core classes and interfaces providing support for OAuth 2.0 Client.
|
| org.springframework.security.oauth2.client.annotation |
|
| org.springframework.security.oauth2.client.authentication |
Support classes and interfaces for authenticating and authorizing a client with an
OAuth 2.0 Authorization Server using a specific authorization grant flow.
|
| org.springframework.security.oauth2.client.endpoint |
Classes and interfaces providing support to the client for initiating requests to the
Authorization Server's Protocol Endpoints.
|
| org.springframework.security.oauth2.client.http |
|
| org.springframework.security.oauth2.client.jackson2 |
|
| org.springframework.security.oauth2.client.oidc.authentication |
Support classes and interfaces for authenticating and authorizing a client with an
OpenID Connect 1.0 Provider using a specific authorization grant flow.
|
| org.springframework.security.oauth2.client.oidc.userinfo |
Classes and interfaces providing support to the client for initiating requests to the
OpenID Connect 1.0 Provider's UserInfo Endpoint.
|
| org.springframework.security.oauth2.client.oidc.web.logout |
|
| org.springframework.security.oauth2.client.oidc.web.server.logout |
|
| org.springframework.security.oauth2.client.registration |
|
| org.springframework.security.oauth2.client.userinfo |
Classes and interfaces providing support to the client for initiating requests to the
OAuth 2.0 Authorization Server's UserInfo Endpoint.
|
| org.springframework.security.oauth2.client.web |
OAuth 2.0 Client Filter's and supporting classes and interfaces.
|
| org.springframework.security.oauth2.client.web.method.annotation |
|
| org.springframework.security.oauth2.client.web.reactive.function.client |
|
| org.springframework.security.oauth2.client.web.reactive.result.method.annotation |
|
| org.springframework.security.oauth2.client.web.server |
|
| org.springframework.security.oauth2.client.web.server.authentication |
|
| org.springframework.security.oauth2.core |
Core classes and interfaces providing support for the OAuth 2.0 Authorization
Framework.
|
| org.springframework.security.oauth2.core.converter |
|
| org.springframework.security.oauth2.core.endpoint |
Support classes that model the OAuth 2.0 Request and Response messages from the
Authorization Endpoint and Token Endpoint.
|
| org.springframework.security.oauth2.core.http.converter |
|
| org.springframework.security.oauth2.core.oidc |
Core classes and interfaces providing support for OpenID Connect Core 1.0.
|
| org.springframework.security.oauth2.core.oidc.endpoint |
Support classes that model the OpenID Connect Core 1.0 Request and Response messages
from the Authorization Endpoint and Token Endpoint.
|
| org.springframework.security.oauth2.core.oidc.user |
Provides a model for an OpenID Connect Core 1.0 representation of a user
Principal.
|
| org.springframework.security.oauth2.core.user |
Provides a model for an OAuth 2.0 representation of a user Principal.
|
| org.springframework.security.oauth2.core.web.reactive.function |
|
| org.springframework.security.oauth2.jose |
|
| org.springframework.security.oauth2.jose.jws |
Core classes and interfaces providing support for JSON Web Signature (JWS).
|
| org.springframework.security.oauth2.jwt |
Core classes and interfaces providing support for JSON Web Token (JWT).
|
| org.springframework.security.oauth2.server.resource |
OAuth 2.0 Resource Server core classes and interfaces providing support.
|
| org.springframework.security.oauth2.server.resource.authentication |
OAuth 2.0 Resource Server Authentications and supporting classes and
interfaces.
|
| org.springframework.security.oauth2.server.resource.introspection |
OAuth 2.0 Introspection supporting classes and interfaces.
|
| org.springframework.security.oauth2.server.resource.web |
OAuth 2.0 Resource Server Filter's and supporting classes and interfaces.
|
| org.springframework.security.oauth2.server.resource.web.access |
OAuth 2.0 Resource Server access denial classes and interfaces.
|
| org.springframework.security.oauth2.server.resource.web.access.server |
|
| org.springframework.security.oauth2.server.resource.web.reactive.function.client |
|
| org.springframework.security.oauth2.server.resource.web.server |
|
| org.springframework.security.openid |
|
| org.springframework.security.provisioning |
Contains simple user and authority group account provisioning interfaces together with
a a JDBC-based implementation.
|
| org.springframework.security.remoting.dns |
DNS resolution.
|
| org.springframework.security.remoting.httpinvoker |
Enables use of Spring's HttpInvoker extension points to present the
principal and credentials located in the
ContextHolder via BASIC authentication.
|
| org.springframework.security.remoting.rmi |
Enables use of Spring's RMI remoting extension points to propagate the
SecurityContextHolder (which should contain an Authentication
request token) from one JVM to the remote JVM.
|
| org.springframework.security.rsocket.api |
|
| org.springframework.security.rsocket.authentication |
|
| org.springframework.security.rsocket.authorization |
|
| org.springframework.security.rsocket.core |
|
| org.springframework.security.rsocket.metadata |
|
| org.springframework.security.rsocket.util.matcher |
|
| org.springframework.security.saml2 |
|
| org.springframework.security.saml2.core |
|
| org.springframework.security.saml2.credentials |
|
| org.springframework.security.saml2.provider.service.authentication |
|
| org.springframework.security.saml2.provider.service.metadata |
|
| org.springframework.security.saml2.provider.service.registration |
|
| org.springframework.security.saml2.provider.service.servlet.filter |
|
| org.springframework.security.saml2.provider.service.web |
|
| org.springframework.security.scheduling |
|
| org.springframework.security.taglibs |
Security related tag libraries that can be used in JSPs and templates.
|
| org.springframework.security.taglibs.authz |
JSP Security tag library implementation.
|
| org.springframework.security.taglibs.csrf |
|
| org.springframework.security.task |
|
| org.springframework.security.test.context |
|
| org.springframework.security.test.context.annotation |
|
| org.springframework.security.test.context.support |
|
| org.springframework.security.test.web.reactive.server |
|
| org.springframework.security.test.web.servlet.request |
|
| org.springframework.security.test.web.servlet.response |
|
| org.springframework.security.test.web.servlet.setup |
|
| org.springframework.security.test.web.support |
|
| org.springframework.security.util |
General utility classes used throughout the Spring Security framework.
|
| org.springframework.security.web |
Spring Security's web security module.
|
| org.springframework.security.web.access |
Access-control related classes and packages.
|
| org.springframework.security.web.access.channel |
Classes that ensure web requests are received over required transport channels.
|
| org.springframework.security.web.access.expression |
Implementation of web security expressions.
|
| org.springframework.security.web.access.intercept |
Enforcement of security for HTTP requests, typically by the URL requested.
|
| org.springframework.security.web.authentication |
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
|
| org.springframework.security.web.authentication.logout |
Logout functionality based around a filter which handles a specific logout URL.
|
| org.springframework.security.web.authentication.preauth |
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming
request has already been authenticated by some externally configured system.
|
| org.springframework.security.web.authentication.preauth.j2ee |
Pre-authentication support for container-authenticated requests.
|
| org.springframework.security.web.authentication.preauth.websphere |
Websphere-specific pre-authentication classes.
|
| org.springframework.security.web.authentication.preauth.x509 |
X.509 client certificate authentication support.
|
| org.springframework.security.web.authentication.rememberme |
Support for remembering a user between different web sessions.
|
| org.springframework.security.web.authentication.session |
Strategy interface and implementations for handling session-related behaviour for a
newly authenticated user.
|
| org.springframework.security.web.authentication.switchuser |
Provides HTTP-based "switch user" (su) capabilities.
|
| org.springframework.security.web.authentication.ui |
Authentication user-interface rendering code.
|
| org.springframework.security.web.authentication.www |
WWW-Authenticate based authentication mechanism implementations: Basic and Digest
authentication.
|
| org.springframework.security.web.bind.annotation |
|
| org.springframework.security.web.bind.support |
|
| org.springframework.security.web.context |
Classes which are responsible for maintaining the security context between HTTP
requests.
|
| org.springframework.security.web.context.request.async |
|
| org.springframework.security.web.context.support |
|
| org.springframework.security.web.csrf |
|
| org.springframework.security.web.debug |
|
| org.springframework.security.web.firewall |
|
| org.springframework.security.web.header |
|
| org.springframework.security.web.header.writers |
|
| org.springframework.security.web.header.writers.frameoptions |
|
| org.springframework.security.web.http |
|
| org.springframework.security.web.jaasapi |
Makes a JAAS Subject available as the current Subject.
|
| org.springframework.security.web.jackson2 |
Mix-in classes to provide Jackson serialization support.
|
| org.springframework.security.web.method.annotation |
|
| org.springframework.security.web.reactive.result.method.annotation |
|
| org.springframework.security.web.reactive.result.view |
|
| org.springframework.security.web.savedrequest |
Classes related to the caching of an HttpServletRequest which requires
authentication.
|
| org.springframework.security.web.server |
|
| org.springframework.security.web.server.authentication |
|
| org.springframework.security.web.server.authentication.logout |
|
| org.springframework.security.web.server.authorization |
|
| org.springframework.security.web.server.context |
|
| org.springframework.security.web.server.csrf |
|
| org.springframework.security.web.server.header |
|
| org.springframework.security.web.server.jackson2 |
|
| org.springframework.security.web.server.savedrequest |
|
| org.springframework.security.web.server.transport |
|
| org.springframework.security.web.server.ui |
|
| org.springframework.security.web.server.util.matcher |
|
| org.springframework.security.web.servlet.support.csrf |
|
| org.springframework.security.web.servlet.util.matcher |
|
| org.springframework.security.web.servletapi |
Populates a Servlet request with a new Spring Security compliant
HttpServletRequestWrapper.
|
| org.springframework.security.web.session |
Session management filters, HttpSession events and publisher classes.
|
| org.springframework.security.web.util |
Web utility classes.
|
| org.springframework.security.web.util.matcher |
|