Index
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form
$
- $2A - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
- $2B - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
- $2Y - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
A
- abort() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Abort the authentication process by forgetting the Spring Security
Authentication
. - AbstractAccessDecisionManager - Class in org.springframework.security.access.vote
-
Deprecated.
- AbstractAccessDecisionManager(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- AbstractAclProvider - Class in org.springframework.security.acls.afterinvocation
-
Abstract
AfterInvocationProvider
which provides commonly-used ACL-related services. - AbstractAclProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- AbstractAclVoter - Class in org.springframework.security.access.vote
-
Deprecated.Now used by only-deprecated classes. Generally speaking, in-memory ACL is no longer advised, so no replacement is planned at this point.
- AbstractAclVoter() - Constructor for class org.springframework.security.access.vote.AbstractAclVoter
-
Deprecated.
- AbstractAuthenticationEvent - Class in org.springframework.security.authentication.event
-
Represents an application authentication event.
- AbstractAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationEvent
- AbstractAuthenticationFailureEvent - Class in org.springframework.security.authentication.event
-
Abstract application event which indicates authentication failure for some reason.
- AbstractAuthenticationFailureEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent
- AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,
T extends AbstractAuthenticationFilterConfigurer<B, T, F>, F extends AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers -
Base class for configuring
AbstractAuthenticationFilterConfigurer
. - AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Creates a new instance with minimal defaults
- AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Creates a new instance
- AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication
-
Abstract processor of browser-based HTTP-based authentication requests.
- AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance with a default filterProcessesUrl and an
AuthenticationManager
- AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance
- AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Creates a new instance with a
RequestMatcher
and anAuthenticationManager
- AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication
-
Base class containing the logic used by strategies which handle redirection to a URL and are passed an
Authentication
object as part of the contract. - AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
- AbstractAuthenticationToken - Class in org.springframework.security.authentication
-
Base class for
Authentication
objects. - AbstractAuthenticationToken(Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AbstractAuthenticationToken
-
Creates a token with the supplied array of authorities.
- AbstractAuthorizationEvent - Class in org.springframework.security.access.event
-
Deprecated.Authorization events have moved. Consider
AuthorizationGrantedEvent
andAuthorizationDeniedEvent
- AbstractAuthorizationEvent(Object) - Constructor for class org.springframework.security.access.event.AbstractAuthorizationEvent
-
Deprecated.Construct the event, passing in the secure object being intercepted.
- AbstractAuthorizeTag - Class in org.springframework.security.taglibs.authz
-
A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets).
- AbstractAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers
-
A base class for registering
RequestMatcher
's. - AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
- AbstractConfiguredSecurityBuilder<O,
B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation -
A base
SecurityBuilder
that allowsSecurityConfigurer
to be applied to it. - AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Creates a new instance with the provided
ObjectPostProcessor
. - AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Creates a new instance with the provided
ObjectPostProcessor
. - AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,
C extends AbstractDaoAuthenticationConfigurer<B, C, U>, U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails -
Allows configuring a
DaoAuthenticationProvider
- AbstractFallbackMethodSecurityMetadataSource - Class in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - AbstractFallbackMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
-
Deprecated.
- AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,
B>, B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers -
Adds a convenient base class for
SecurityConfigurer
instances that operate onHttpSecurity
. - AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
- AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,
H>, H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers -
Deprecated.Use
AuthorizeHttpRequestsConfigurer
instead - AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,
H>.AbstractInterceptUrlRegistry<R, T>, T> - Class in org.springframework.security.config.annotation.web.configurers -
Deprecated.
- AbstractJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
-
An
AuthenticationProvider
implementation that retrieves user details from a JAAS login configuration. - AbstractJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
- AbstractLdapAuthenticationManagerFactory<T extends AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap
-
Creates an
AuthenticationManager
that can perform LDAP authentication. - AbstractLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication
-
Base class for the standard
LdapAuthenticationProvider
and theActiveDirectoryLdapAuthenticationProvider
. - AbstractLdapAuthenticationProvider() - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- AbstractLdapAuthenticator - Class in org.springframework.security.ldap.authentication
-
Base class for the authenticator implementations.
- AbstractLdapAuthenticator(ContextSource) - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
-
Create an initialized instance with the
ContextSource
provided. - AbstractMessageMatcherComposite<T> - Class in org.springframework.security.messaging.util.matcher
-
Abstract
MessageMatcher
containing multipleMessageMatcher
- AbstractMethodSecurityMetadataSource - Class in org.springframework.security.access.method
-
Deprecated.Use the
use-authorization-manager
attribute for<method-security>
and<intercept-methods>
instead or use annotation-based orAuthorizationManager
-based authorization - AbstractMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
-
Deprecated.
- AbstractOAuth2AuthorizationGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
-
Base implementation of an OAuth 2.0 Authorization Grant request that holds an authorization grant credential and is used when initiating a request to the Authorization Server's Token Endpoint.
- AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
-
Sub-class constructor.
- AbstractOAuth2Token - Class in org.springframework.security.oauth2.core
-
Base class for OAuth 2.0 Token implementations.
- AbstractOAuth2Token(String) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Sub-class constructor.
- AbstractOAuth2Token(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
-
Sub-class constructor.
- AbstractOAuth2TokenAuthenticationToken<T extends OAuth2Token> - Class in org.springframework.security.oauth2.server.resource.authentication
-
Base class for
AbstractAuthenticationToken
implementations that expose common attributes between different OAuth 2.0 Access Token Formats. - AbstractOAuth2TokenAuthenticationToken(T) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
-
Sub-class constructor.
- AbstractOAuth2TokenAuthenticationToken(T, Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
- AbstractOAuth2TokenAuthenticationToken(T, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
-
Sub-class constructor.
- AbstractPasswordEncoder - Class in org.springframework.security.crypto.password
-
Abstract base class for password encoders
- AbstractPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.AbstractPasswordEncoder
- AbstractPermission - Class in org.springframework.security.acls.domain
-
Provides an abstract superclass for
Permission
implementations. - AbstractPermission(int) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
-
Sets the permission mask and uses the '*' character to represent active bits when represented as a bit pattern string.
- AbstractPermission(int, char) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
-
Sets the permission mask and uses the specified character for active bits.
- AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth
-
Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.
- AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
- AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
-
Base class for RememberMeServices implementations.
- AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web
-
A base class for registering
RequestMatcher
's. - AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
- AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel
- AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- AbstractSaml2AuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
-
Data holder for
AuthNRequest
parameters to be sent using either theSaml2MessageBinding.POST
orSaml2MessageBinding.REDIRECT
binding. - AbstractSaml2AuthenticationRequest.Builder<T extends AbstractSaml2AuthenticationRequest.Builder<T>> - Class in org.springframework.security.saml2.provider.service.authentication
-
A builder for
AbstractSaml2AuthenticationRequest
and its subclasses. - AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation
-
A base
SecurityBuilder
that ensures the object being built is only built one time. - AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder
- AbstractSecurityExpressionHandler<T> - Class in org.springframework.security.access.expression
-
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
- AbstractSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
- AbstractSecurityInterceptor - Class in org.springframework.security.access.intercept
-
Deprecated.Use
AuthorizationFilter
instead for filter security,AuthorizationChannelInterceptor
for messaging security, orAuthorizationManagerBeforeMethodInterceptor
andAuthorizationManagerAfterMethodInterceptor
for method security. - AbstractSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context
-
Registers the
DelegatingFilterProxy
to use the springSecurityFilterChain before any other registeredFilter
. - AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.
- AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Creates a new instance that will instantiate the
ContextLoaderListener
with the specified classes. - AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket
-
Deprecated.Use
EnableWebSocketSecurity
instead - AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server
- AbstractSessionEvent - Class in org.springframework.security.core.session
-
Abstract superclass for all session related events.
- AbstractSessionEvent(Object) - Constructor for class org.springframework.security.core.session.AbstractSessionEvent
- AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
-
A base class for performing session fixation protection.
- AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session
- AbstractUserDetailsAuthenticationProvider - Class in org.springframework.security.authentication.dao
-
A base
AuthenticationProvider
that allows subclasses to override and work withUserDetails
objects. - AbstractUserDetailsAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- AbstractUserDetailsReactiveAuthenticationManager - Class in org.springframework.security.authentication
-
A base
ReactiveAuthenticationManager
that allows subclasses to override and work withUserDetails
objects. - AbstractUserDetailsReactiveAuthenticationManager() - Constructor for class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
- AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
-
Abstract base class for all of the
WebClientReactive*TokenResponseClient
s that communicate to the Authorization Server's Token Endpoint. - acceptMediaType(MediaType) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
-
Specify a media type to set as the Accept header in the request.
- access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Allows specifying that URLs are secured by an arbitrary expression
- access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Allows specifying that Messages are secured by an arbitrary expression
- access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies that the user must have the specified
ConfigAttribute
's - access(AuthorizationManager<MessageAuthorizationContext<?>>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Allows specifying that Messages are secured by an arbitrary expression
- access(AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Allows specifying a custom
AuthorizationManager
. - access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Allows plugging in a custom authorization strategy
- Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
- ACCESS_ABSTAIN - Static variable in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.
- ACCESS_DENIED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.
- ACCESS_DENIED - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
-
access_denied
- The resource owner or authorization server denied the request. - ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes
-
Used to cache an
AccessDeniedException
in the request for rendering. - ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements
- ACCESS_GRANTED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
-
Deprecated.
- ACCESS_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
access_token
- used in Authorization Response and Access Token Response. - AccessControlEntry - Interface in org.springframework.security.acls.model
-
Represents an individual permission assignment within an
Acl
. - AccessControlEntryImpl - Class in org.springframework.security.acls.domain
-
An immutable default implementation of
AccessControlEntry
. - AccessControlEntryImpl(Serializable, Acl, Sid, Permission, boolean, boolean, boolean) - Constructor for class org.springframework.security.acls.domain.AccessControlEntryImpl
- AccessControlListTag - Class in org.springframework.security.taglibs.authz
-
An implementation of
Tag
that allows its body through if all authorizations are granted to the request's principal. - AccessControlListTag() - Constructor for class org.springframework.security.taglibs.authz.AccessControlListTag
- accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Allows subclasses to provide a custom
AccessDecisionManager
. - accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
-
Deprecated.Allows setting the
AccessDecisionManager
. - AccessDecisionManager - Interface in org.springframework.security.access
-
Deprecated.Use
AuthorizationManager
instead - AccessDecisionVoter<S> - Interface in org.springframework.security.access
-
Deprecated.Use
AuthorizationManager
instead - AccessDeniedException - Exception in org.springframework.security.access
-
Thrown if an
Authentication
object does not hold a required authority. - AccessDeniedException(String) - Constructor for exception org.springframework.security.access.AccessDeniedException
-
Constructs an
AccessDeniedException
with the specified message. - AccessDeniedException(String, Throwable) - Constructor for exception org.springframework.security.access.AccessDeniedException
-
Constructs an
AccessDeniedException
with the specified message and root cause. - accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Specifies the
AccessDeniedHandler
to be used - accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Configures the
ServerAccessDeniedHandler
used when a CSRF token is invalid. - accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
-
Configures what to do when an authenticated user does not hold a required authority
- accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ServerAccessDeniedHandler
to use for requests authenticating with Bearer Tokens. - AccessDeniedHandler - Interface in org.springframework.security.web.access
-
Used by
ExceptionTranslationFilter
to handle anAccessDeniedException
. - AccessDeniedHandlerImpl - Class in org.springframework.security.web.access
-
Base implementation of
AccessDeniedHandler
. - AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl
- accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Shortcut to specify the
AccessDeniedHandler
to be used is a specific error page - accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this
OAuth2AccessToken
- accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this
OAuth2AccessToken
- accessTokenHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this access token hash in the resulting
OidcIdToken
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the client used for requesting the access token credential from the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
-
Sets the client used for requesting the access token credential from the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the client used when requesting an access token credential at the Token Endpoint.
- ACCOUNT_LOCKED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Defines if the account is expired or not.
- accountExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Defines if the account is expired or not.
- accountExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- AccountExpiredException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the account has expired.
- AccountExpiredException(String) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
-
Constructs a
AccountExpiredException
with the specified message. - AccountExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
-
Constructs a
AccountExpiredException
with the specified message and root cause. - accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Defines if the account is locked or not.
- accountLocked(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Defines if the account is locked or not.
- accountLocked(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- AccountStatusException - Exception in org.springframework.security.authentication
-
Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).
- AccountStatusException(String) - Constructor for exception org.springframework.security.authentication.AccountStatusException
- AccountStatusException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountStatusException
- AccountStatusUserDetailsChecker - Class in org.springframework.security.authentication
- AccountStatusUserDetailsChecker() - Constructor for class org.springframework.security.authentication.AccountStatusUserDetailsChecker
- Acl - Interface in org.springframework.security.acls.model
-
Represents an access control list (ACL) for a domain object.
- AclAuthorizationStrategy - Interface in org.springframework.security.acls.domain
-
Strategy used by
AclImpl
to determine whether a principal is permitted to call adminstrative methods on theAclImpl
. - AclAuthorizationStrategyImpl - Class in org.springframework.security.acls.domain
-
Default implementation of
AclAuthorizationStrategy
. - AclAuthorizationStrategyImpl(GrantedAuthority...) - Constructor for class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
-
Constructor.
- AclCache - Interface in org.springframework.security.acls.model
-
A caching layer for
JdbcAclService
. - AclDataAccessException - Exception in org.springframework.security.acls.model
-
Abstract base class for Acl data operations.
- AclDataAccessException(String) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
-
Constructs an
AclDataAccessException
with the specified message and no root cause. - AclDataAccessException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
-
Constructs an
AclDataAccessException
with the specified message and root cause. - AclEntryAfterInvocationCollectionFilteringProvider - Class in org.springframework.security.acls.afterinvocation
-
Given a
Collection
of domain object instances returned from a secure object invocation, remove anyCollection
elements the principal does not have appropriate permission to access as defined by theAclService
. - AclEntryAfterInvocationCollectionFilteringProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
- AclEntryAfterInvocationProvider - Class in org.springframework.security.acls.afterinvocation
-
Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the
AclService
. - AclEntryAfterInvocationProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- AclEntryAfterInvocationProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
- AclEntryVoter - Class in org.springframework.security.acls
-
Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the
AclService
. - AclEntryVoter(AclService, String, Permission[]) - Constructor for class org.springframework.security.acls.AclEntryVoter
- AclFormattingUtils - Class in org.springframework.security.acls.domain
-
Utility methods for displaying ACL information.
- AclFormattingUtils() - Constructor for class org.springframework.security.acls.domain.AclFormattingUtils
- AclImpl - Class in org.springframework.security.acls.domain
-
Base implementation of
Acl
. - AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.domain.AclImpl
-
Minimal constructor, which should be used
MutableAclService.createAcl(ObjectIdentity)
. - AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, PermissionGrantingStrategy, Acl, List<Sid>, boolean, Sid) - Constructor for class org.springframework.security.acls.domain.AclImpl
-
Full constructor, which should be used by persistence tools that do not provide field-level access features.
- AclPermissionCacheOptimizer - Class in org.springframework.security.acls
-
Batch loads ACLs for collections of objects to allow optimised filtering.
- AclPermissionCacheOptimizer(AclService) - Constructor for class org.springframework.security.acls.AclPermissionCacheOptimizer
- AclPermissionEvaluator - Class in org.springframework.security.acls
-
Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module.
- AclPermissionEvaluator(AclService) - Constructor for class org.springframework.security.acls.AclPermissionEvaluator
- aclService - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
- AclService - Interface in org.springframework.security.acls.model
-
Provides retrieval of
Acl
instances. - ACR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
acr
- the Authentication Context Class Reference - ACTIVE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
active
- Indicator whether or not the token is currently active - ActiveDirectoryAuthenticationException - Exception in org.springframework.security.ldap.authentication.ad
-
Thrown as a translation of an
AuthenticationException
when attempting to authenticate against Active Directory usingActiveDirectoryLdapAuthenticationProvider
. - ActiveDirectoryLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication.ad
-
Specialized LDAP authentication provider which uses Active Directory configuration conventions.
- ActiveDirectoryLdapAuthenticationProvider(String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
- ActiveDirectoryLdapAuthenticationProvider(String, String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
- add(PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
- add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
- add(ServerWebExchangeMatcher, ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder
-
Maps a
ServerWebExchangeMatcher
to anReactiveAuthenticationManager
. - add(RequestMatcher, AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder
-
Maps a
RequestMatcher
to anAuthorizationManager
. - add(RequestMatcher, AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Maps a
RequestMatcher
to anAuthorizationManager
. - addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
-
Deprecated.
- addAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- addAuthority(GrantedAuthority) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
- addAuthority(GrantedAuthority) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
-
Adds the authority to the list, unless it is already there, in which case it is ignored
- addCn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
- addConverters(ConverterRegistry) - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService
-
Adds the converters that provide type conversion for claim values to the provided
ConverterRegistry
. - addCustomAuthorities(String, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
-
Allows subclasses to add their own granted authorities to the list to be returned in the UserDetails.
- addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Adds a
Filter
that must be an instance of or extend one of the Filters provided within the Security framework. - addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding a
Filter
after one of the knownFilter
classes. - addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Adds a
WebFilter
after specific position. - addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds the Filter at the location of the specified Filter class.
- addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Adds a
WebFilter
at a specific position. - addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding a
Filter
before one of the knownFilter
classes. - addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Adds a
WebFilter
before specific position. - addGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager
-
Assigns a new authority to a group.
- addGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
- addHeadersConverter(Converter<OAuth2ClientCredentialsGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
-
Add (compose) the provided
headersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Add (compose) the provided
headersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aHttpHeaders
used in the OAuth 2.0 Access Token Request headers. - addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Adds a
HeaderWriter
instance - additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
-
Allows subclasses to perform any additional checks of a returned (or cached)
UserDetails
for a given authentication request. - additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
- additionalParameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Consumer
to be provided access to the additional parameter(s) allowing the ability to add, replace, or remove. - additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Sets the additional parameters returned in the response.
- additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the additional parameter(s) used in the request.
- addListener(SmartApplicationListener) - Method in class org.springframework.security.context.DelegatingApplicationListener
-
Adds a new SmartApplicationListener to use.
- addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Adds a
LogoutHandler
. - addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Adds an
ObjectPostProcessor
to be used for thisSecurityConfigurerAdapter
. - addParametersConverter(Converter<OAuth2ClientCredentialsGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
-
Add (compose) the provided
parametersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
of the parameters used in the OAuth 2.0 Access Token Request body. - addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
-
Add (compose) the provided
parametersConverter
to the currentConverter
used for converting theAbstractOAuth2AuthorizationGrantRequest
instance to aMultiValueMap
used in the OAuth 2.0 Access Token Request body. - addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
-
Adds a
PayloadInterceptor
to be used. - address(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this address in the resulting
OidcUserInfo
- ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
-
The
address
scope requests access to theaddress
claim. - ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
address
- the user's preferred postal address - AddressStandardClaim - Interface in org.springframework.security.oauth2.core.oidc
-
The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.
- addSecureMethod(Class<?>, Method, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Adds configuration attributes for a specific method, for example where the method has been matched using a pointcut expression.
- addSecureMethod(Class<?>, String, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
-
Deprecated.Add configuration attributes for a secure method.
- addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
-
Adds builders to create
SecurityFilterChain
instances. - addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
- addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
-
Deprecated.Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
- addUserToGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
-
Makes a user a member of a particular group.
- addUserToGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- admin - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- ADMINISTRATION - Static variable in class org.springframework.security.acls.domain.BasePermission
- AesBytesEncryptor - Class in org.springframework.security.crypto.encrypt
-
Encryptor that uses AES encryption.
- AesBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor(String, CharSequence, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor(SecretKey, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
-
Constructs an encryptor that uses AES encryption.
- AesBytesEncryptor.CipherAlgorithm - Enum Class in org.springframework.security.crypto.encrypt
- AffirmativeBased - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorizationManager
instead - AffirmativeBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AffirmativeBased
-
Deprecated.
- after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
-
Deprecated.
- after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in interface org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice
-
Deprecated.
- AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
- afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
- afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- afterHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Exception) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
- afterInvocation(InterceptorStatusToken, Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
- afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provide a custom
AfterInvocationManager
for the default implementation ofGlobalMethodSecurityConfiguration.methodSecurityInterceptor(MethodSecurityMetadataSource)
. - AfterInvocationManager - Interface in org.springframework.security.access.intercept
-
Deprecated.Use delegation with
AuthorizationManager
- AfterInvocationProvider - Interface in org.springframework.security.access
-
Deprecated.Use delegation with
AuthorizationManager
- AfterInvocationProviderManager - Class in org.springframework.security.access.intercept
-
Deprecated.Use delegation with
AuthorizationManager
- AfterInvocationProviderManager() - Constructor for class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Validates the required properties are set.
- afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.authentication.ProviderManager
- afterPropertiesSet() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
- afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
-
Check whether all properties have been set to correct values.
- afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
- afterPropertiesSet() - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- afterPropertiesSet() - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
- afterPropertiesSet() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- afterPropertiesSet() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
- afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
- afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Check that all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
-
Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Check whether all required properties have been set.
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy
- afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
- afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
- afterReceiveCompletion(Message<?>, MessageChannel, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.
- afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.
- afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Invoked after the springSecurityFilterChain is added.
- afterTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- afterTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
Clears out the
TestSecurityContextHolder
and theSecurityContextHolder
after each test method. - ALG - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
-
alg
- the algorithm header identifies the cryptographic algorithm used to secure a JWS or JWE - algorithm(JwaAlgorithm) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the
JWA algorithm
used to digitally sign the JWS or encrypt the JWE. - ALL - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- ALL - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- allocateToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
- allocateToken(String) - Method in interface org.springframework.security.core.token.TokenService
-
Forces the allocation of a new
Token
. - allOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that grants access if allAuthorizationManager
s granted or abstained, ifmanagers
are empty then granted decision is returned. - ALLOW_FROM - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
-
Allows subclasses to customise behaviour when too many sessions are detected.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
-
Deprecated.Method to be implemented by base classes, used to determine if the supplied origin is allowed.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
-
Deprecated.
- allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
-
Deprecated.
- AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions
-
Deprecated.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
- AlreadyBuiltException - Exception in org.springframework.security.config.annotation
-
Thrown when
AbstractSecurityBuilder.build()
is two or more times. - AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException
- AlreadyExistsException - Exception in org.springframework.security.acls.model
-
Thrown if an
Acl
entry already exists for the object. - AlreadyExistsException(String) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
-
Constructs an
AlreadyExistsException
with the specified message. - AlreadyExistsException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
-
Constructs an
AlreadyExistsException
with the specified message and root cause. - ALWAYS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
-
Always create an
HttpSession
- alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Whether the cookie should always be created even if the remember-me parameter is not set.
- AMR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
amr
- the Authentication Methods References - and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
-
Gets the
LdapAuthenticationProviderConfigurer
for further customizations - and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
-
Allows obtaining a reference to the
LdapAuthenticationProviderConfigurer
for further customizations - and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Returns the
UserDetailsManagerConfigurer
for method chaining (i.e. - and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
-
Return the
SecurityBuilder
when done using theSecurityConfigurer
. - and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
-
Return the
HttpSecurity
for further customizations - and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
-
Returns the
WebSecurity
to be returned for chaining. - and() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
-
Return the
HttpSecurityBuilder
when done using theAuthorizeHttpRequestsConfigurer
. - and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
-
Return the
SecurityBuilder
when done using theSecurityConfigurer
. - and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig
-
Allows completing configuration of Cache Control and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
-
Allows completing configuration of Content Security Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig
-
Allows customizing the
HeadersConfigurer
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
-
Allows completing configuration of Cross-Origin-Embedder-Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
-
Allows completing configuration of Cross Origin Opener Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
-
Allows completing configuration of Cross-Origin-Resource-Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig
-
Allows completing configuration of Feature Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
-
Allows continuing customizing the headers configuration.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
Deprecated.Allows completing configuration of Public Key Pinning and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
Allows completing configuration of Strict Transport Security and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig
-
Allows completing configuration of Permissions Policy and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
- and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
-
Allows completing configuration of X-XSS-Protection and continuing configuration of headers.
- and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Returns the
OAuth2ClientConfigurer
for further configuration. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Returns the
OAuth2LoginConfigurer
for further configuration. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
-
Returns the
OAuth2LoginConfigurer
for further configuration. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
-
Returns the
OAuth2LoginConfigurer
for further configuration. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
-
Returns the
OAuth2LoginConfigurer
for further configuration. - and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
- and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
- and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
- and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
-
Used to chain back to the
SessionManagementConfigurer
- and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
. - and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
-
Allows method chaining to continue configuring the
ServerHttpSecurity
- and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
- AndMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher
-
MessageMatcher
that will return true if all of the passed inMessageMatcher
instances match. - AndMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
-
Creates a new instance
- AndMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
-
Creates a new instance
- AndRequestMatcher - Class in org.springframework.security.web.util.matcher
-
RequestMatcher
that will return true if all of the passed inRequestMatcher
instances match. - AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Creates a new instance
- AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
-
Creates a new instance
- AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
-
Matches if all the provided
ServerWebExchangeMatcher
match - AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
- AnnotationMetadataExtractor<A extends Annotation> - Interface in org.springframework.security.access.annotation
-
Deprecated.Used only by now-deprecated classes. Consider
SecuredAuthorizationManager
for `@Secured` methods. - AnnotationParameterNameDiscoverer - Class in org.springframework.security.core.parameters
-
Allows finding parameter names using the value attribute of any number of
Annotation
instances. - AnnotationParameterNameDiscoverer(String...) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
- AnnotationParameterNameDiscoverer(Set<String>) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
- anonymous() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance of
AuthenticatedAuthorizationManager
that determines if theAuthentication
is anonymous. - anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring how an anonymous user is represented.
- anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by anonymous users.
- anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by anonymous users.
- anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specifies that an anonymous user is allowed access
- anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by anonymous users.
- anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Enables and Configures anonymous authentication.
- anonymous() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by anonymous users.
- anonymous() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that uses anAnonymousAuthenticationToken
. - anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows configuring how an anonymous user is represented.
- anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Enables and Configures anonymous authentication.
- ANONYMOUS - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where anonymous authentication is placed.
- ANONYMOUS - Static variable in class org.springframework.security.config.Elements
- ANONYMOUS_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
Instance of AnonymousAuthenticationWebFilter
- AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication
-
Detects if there is no
Authentication
object in theSecurityContextHolder
, and populates it with one if needed. - AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- AnonymousAuthenticationProvider - Class in org.springframework.security.authentication
-
An
AuthenticationProvider
implementation that validatesAnonymousAuthenticationToken
s. - AnonymousAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationProvider
- AnonymousAuthenticationToken - Class in org.springframework.security.authentication
-
Represents an anonymous
Authentication
. - AnonymousAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationToken
-
Constructor.
- AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
-
Detects if there is no
Authentication
object in theReactiveSecurityContextHolder
, and populates it with one if needed. - AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Configures Anonymous authentication (i.e.
- AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Creates a new instance
- AnonymousPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
-
If
ReactiveSecurityContextHolder
is empty populates anAnonymousAuthenticationToken
- AnonymousPayloadInterceptor(String) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
-
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
- AnonymousPayloadInterceptor(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
- ant - Enum constant in enum class org.springframework.security.config.http.MatcherType
- antMatcher(String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the specific pattern which will match all HTTP methods in a case-sensitive manner.
- antMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher that will match all request with the supplied HTTP method in a case-sensitive manner.
- antMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern and HTTP method in a case-sensitive manner.
- AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Matcher which compares a pre-defined ant-style pattern against the URL (
servletPath + pathInfo
) of anHttpServletRequest
. - AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.
- AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.
- AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern which will match the specified Http method
- AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
-
Creates a matcher with the supplied pattern which will match the specified Http method
- ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- ANY_MESSAGE - Static variable in interface org.springframework.security.messaging.util.matcher.MessageMatcher
-
Matches every
Message
- anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
-
Always matches
- anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
-
Maps any request.
- anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
-
Disables authorization.
- anyExchange() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
- anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
-
Matches any exchange
- anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Maps any
Message
to a security expression. - anyMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
-
Maps any
Message
to a security expression. - anyOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
-
Creates an
AuthorizationManager
that grants access if at least oneAuthorizationManager
granted or abstained, ifmanagers
are empty then denied decision is returned. - anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
-
Matches if
PayloadExchangeType.isRequest()
is true, else not a match - anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Maps any request.
- anyRequest() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
- AnyRequestMatcher - Class in org.springframework.security.web.util.matcher
-
Matches any supplied request.
- ApacheDSContainer - Class in org.springframework.security.ldap.server
-
Deprecated.Use
UnboundIdContainer
instead because ApacheDS 1.x is no longer supported with no GA version to replace it. - ApacheDSContainer(String, String) - Constructor for class org.springframework.security.ldap.server.ApacheDSContainer
-
Deprecated.
- appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Inserts the provided
Filter
s after existingFilter
s using default generated names,AbstractSecurityWebApplicationInitializer.getSecurityDispatcherTypes()
, andAbstractSecurityWebApplicationInitializer.isAsyncSecuritySupported()
. - apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Applies a
SecurityConfigurerAdapter
to thisSecurityBuilder
and invokesSecurityConfigurerAdapter.setBuilder(SecurityBuilder)
. - apply(Row, RowMetadata) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
- apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor
- apply(JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
- apply(R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
- apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
-
Deprecated.
- apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- Argon2PasswordEncoder - Class in org.springframework.security.crypto.argon2
-
Implementation of PasswordEncoder that uses the Argon2 hashing function.
- Argon2PasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
-
Constructs an Argon2 password encoder with the provided parameters.
- asHeader() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
- AspectJCallback - Interface in org.springframework.security.access.intercept.aspectj
-
Deprecated.This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.
- AspectJMethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aspectj
-
Deprecated.This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.
- AspectJMethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
-
Deprecated.
- assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Apply this
Consumer
to further configure the Asserting Party details - ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
assertion
- used in Access Token Request. - assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the AssertionConsumerService Binding.
- assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Set the AssertionConsumerService Location.
- AT_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
at_hash
- the Access Token hash value - ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser
- ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
-
Optionally defines an ldif resource to be loaded.
- ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
-
Defines the port the LDAP_PROVIDER server should run on
- ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
-
sets the configuration suffix (default is "dc=springframework,dc=org").
- ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
-
Performs actual authentication.
- attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
- attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Attempt to exit from an already switched user.
- attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
-
Attempt to switch to another user.
- attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Sets an attribute associated to the context.
- attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Sets an attribute associated to the request.
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Provides a
Consumer
access to the attributes associated to the context. - attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Provides a
Consumer
access to the attributes associated to the request. - attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Consumer
to be provided access to the attribute(s) allowing the ability to add, replace, or remove. - attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Mutate the attributes using the given
Consumer
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Mutate the attributes using the given
Consumer
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Mutate the attributes using the given
Consumer
- attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Mutate the attributes using the given
Consumer
- attributes(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the attributes associated to the request.
- Attributes2GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping
-
Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security
GrantedAuthority
s. - AUD - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
aud
- The intended audience for the token - AUD - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
aud
- the Audience(s) that the ID Token is intended for - AUD - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
-
aud
- the Audience claim identifies the recipient(s) that the JWT is intended for - audience(Collection<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this audience in the resulting
OidcIdToken
- audience(Collection<String>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this audience in the resulting
Jwt
- audience(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the audience
(aud)
claim, which identifies the recipient(s) that the JWT is intended for. - AuditableAccessControlEntry - Interface in org.springframework.security.acls.model
-
Represents an ACE that provides auditing information.
- AuditableAcl - Interface in org.springframework.security.acls.model
-
A mutable ACL that provides audit capabilities.
- AuditLogger - Interface in org.springframework.security.acls.domain
-
Used by
AclImpl
to log audit events. - AUTH_TIME - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
auth_time
- the time when the End-User authentication occurred - authenticate(Authentication) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
-
Deprecated.
- authenticate(Authentication) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
- authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationManager
-
Attempts to authenticate the passed
Authentication
object, returning a fully populatedAuthentication
object (including granted authorities) if successful. - authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationProvider
-
Performs authentication with the same contract as
AuthenticationManager.authenticate(Authentication)
. - authenticate(Authentication) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Attempts to login the user given the Authentication objects principal and credential
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ProviderManager
-
Attempts to authenticate the passed
Authentication
object. - authenticate(Authentication) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManager
-
Attempts to authenticate the provided
Authentication
- authenticate(Authentication) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
- authenticate(Authentication) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
- authenticate(Authentication) - Method in interface org.springframework.security.ldap.authentication.LdapAuthenticator
-
Authenticates as a user and obtains additional user information from the directory.
- authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
-
Decode and validate the Bearer Token.
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
- authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
-
Introspect and validate the opaque Bearer Token and then delegates
Authentication
instantiation toOpaqueTokenAuthenticationConverter
. - authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
-
Introspect and validate the opaque Bearer Token and then delegates
Authentication
instantiation toReactiveOpaqueTokenAuthenticationConverter
. - authenticate(Authentication) - Method in class org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider
- authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
-
Authenticate the given PreAuthenticatedAuthenticationToken.
- authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
- authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance of
AuthenticatedAuthorizationManager
. - authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
-
Gets an instance of
AuthenticatedReactiveAuthorizationManager
- authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
- authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
-
Specify that URLs are allowed by any authenticated user.
- authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
-
Deprecated.Specify that URLs are allowed by any authenticated user.
- authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
-
Deprecated.Specify that Messages are allowed by any authenticated user.
- authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
-
Require an authenticated user
- authenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
-
Specify that Messages are allowed by any authenticated user.
- authenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
-
ResultMatcher
that verifies that a specified user is authenticated. - authenticated(Object, Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
-
This factory method can be safely used by any code that wishes to create a authenticated
UsernamePasswordAuthenticationToken
. - AuthenticatedAuthorizationManager<T> - Class in org.springframework.security.authorization
-
An
AuthorizationManager
that determines if the current user is authenticated. - AuthenticatedAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Creates an instance that determines if the current user is authenticated, this is the same as calling
AuthenticatedAuthorizationManager.authenticated()
factory method. - AuthenticatedPrincipal - Interface in org.springframework.security.core
-
Representation of an authenticated
Principal
once anAuthentication
request has been successfully authenticated by theAuthenticationManager.authenticate(Authentication)
method. - AuthenticatedPrincipalOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web
-
An implementation of an
OAuth2AuthorizedClientRepository
that delegates to the providedOAuth2AuthorizedClientService
if the currentPrincipal
is authenticated, otherwise, to the default (or provided)OAuth2AuthorizedClientRepository
if the current request is unauthenticated (or anonymous). - AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
-
Constructs a
AuthenticatedPrincipalOAuth2AuthorizedClientRepository
using the provided parameters. - AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server
-
An implementation of an
ServerOAuth2AuthorizedClientRepository
that delegates to the providedServerOAuth2AuthorizedClientRepository
if the currentPrincipal
is authenticated, otherwise, to the default (or provided)ServerOAuth2AuthorizedClientRepository
if the current request is unauthenticated (or anonymous). - AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
-
Creates an instance
- AuthenticatedReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
-
A
ReactiveAuthorizationManager
that determines if the current user is authenticated. - authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
-
Specifies the
AuthenticationUserDetailsService
that is used with thePreAuthenticatedAuthenticationProvider
. - AuthenticatedVoter - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorityAuthorizationManager
instead - AuthenticatedVoter() - Constructor for class org.springframework.security.access.vote.AuthenticatedVoter
-
Deprecated.
- authentication(Authentication) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theAuthentication
used to look up and save theOAuth2AuthorizedClient
. - authentication(Authentication) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
-
Establish a
SecurityContext
that uses the specifiedAuthentication
for theAuthentication.getPrincipal()
and a customUserDetails
. - Authentication - Interface in org.springframework.security.core
-
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the
AuthenticationManager.authenticate(Authentication)
method. - AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
A generic placeholder for other types of authentication.
- AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes
-
Used to cache an authentication-failure exception in the session.
- AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds
-
The "global" AuthenticationManager instance, registered by the <authentication-manager> element
- AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements
- AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
- AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration
-
Exports the authentication
Configuration
- AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- authenticationContextClass(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authentication context class reference in the resulting
OidcIdToken
- authenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- authenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Use this
AuthenticationConverter
when converting incoming requests to anAuthentication
. - authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the converter to use
- authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the converter to use
- AuthenticationConverter - Interface in org.springframework.security.web.authentication
-
A strategy used for converting from a
HttpServletRequest
to anAuthentication
of particular type. - AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication
- AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
- AuthenticationCredentialsNotFoundEvent - Class in org.springframework.security.access.event
-
Deprecated.Authentication is now separated from authorization. Consider
AbstractAuthenticationFailureEvent
instead. - AuthenticationCredentialsNotFoundEvent(Object, Collection<ConfigAttribute>, AuthenticationCredentialsNotFoundException) - Constructor for class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
-
Deprecated.Construct the event.
- AuthenticationCredentialsNotFoundException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because there is no
Authentication
object in theSecurityContext
. - AuthenticationCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
-
Constructs an
AuthenticationCredentialsNotFoundException
with the specified message. - AuthenticationCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
-
Constructs an
AuthenticationCredentialsNotFoundException
with the specified message and root cause. - authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Specifies a custom
AuthenticationDetailsSource
. - authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
Specifies a custom
AuthenticationDetailsSource
to use for basic authentication. - authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Specifies the
AuthenticationDetailsSource
- AuthenticationDetailsSource<C,
T> - Interface in org.springframework.security.authentication -
Provides a
Authentication.getDetails()
object for a given web request. - authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
-
Sets the
AuthenticationEntryPoint
to be used. - authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
-
The
AuthenticationEntryPoint
to be populated onBasicAuthenticationFilter
in the event that authentication fails. - authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
-
Configures what to do when the application request authentication
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
How to request for authentication.
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
Allows easily setting the entry point.
- authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ServerAuthenticationEntryPoint
to use for requests authenticating with Bearer Tokens. - AuthenticationEntryPoint - Interface in org.springframework.security.web
-
Used by
ExceptionTranslationFilter
to commence an authentication scheme. - AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication
-
Adapts a
AuthenticationEntryPoint
into aAuthenticationFailureHandler
- AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
- authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Sets the
AuthenticationEventPublisher
- AuthenticationEventPublisher - Interface in org.springframework.security.authentication
- AuthenticationException - Exception in org.springframework.security.core
-
Abstract superclass for all exceptions related to an
Authentication
object being invalid for whatever reason. - AuthenticationException(String) - Constructor for exception org.springframework.security.core.AuthenticationException
-
Constructs an
AuthenticationException
with the specified message and no root cause. - AuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.core.AuthenticationException
-
Constructs an
AuthenticationException
with the specified message and root cause. - AuthenticationFailureBadCredentialsEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to invalid credentials being presented.
- AuthenticationFailureBadCredentialsEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
- AuthenticationFailureCredentialsExpiredEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's credentials having expired.
- AuthenticationFailureCredentialsExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent
- AuthenticationFailureDisabledEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's account being disabled.
- AuthenticationFailureDisabledEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent
- AuthenticationFailureExpiredEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's account having expired.
- AuthenticationFailureExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent
- authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
Configures how a failed authentication is handled.
- authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
- authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
The
ServerAuthenticationFailureHandler
used after authentication failure. - authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
- AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication
-
Strategy used to handle a failed authentication attempt.
- AuthenticationFailureLockedEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the user's account having been locked.
- AuthenticationFailureLockedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureLockedEvent
- AuthenticationFailureProviderNotFoundEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to there being no registered
AuthenticationProvider
that can process the request. - AuthenticationFailureProviderNotFoundEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent
- AuthenticationFailureProxyUntrustedEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy.
- AuthenticationFailureProxyUntrustedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent
- AuthenticationFailureServiceExceptionEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates authentication failure due to there being a problem internal to the
AuthenticationManager
. - AuthenticationFailureServiceExceptionEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent
- authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
AnonymousAuthenticationFilter
used to populate an anonymous user. - authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the
AnonymousAuthenticationWebFilter
used to populate an anonymous user. - AuthenticationFilter - Class in org.springframework.security.web.authentication
-
A
Filter
that performs authentication of a particular request. - AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
- AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
- authenticationIsRequired(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
- authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Allows providing a custom
AuthenticationManager
. - authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Configure the default
AuthenticationManager
. - authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
- authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
- authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Allows a configuration of a
AuthenticationManager
to be used during SAML 2 authentication. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configure the default authentication manager.
- authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
The
ReactiveAuthenticationManager
used to authenticate. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
-
The
ReactiveAuthenticationManager
used to authenticate. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Configures the
ReactiveAuthenticationManager
to use. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Configures the
ReactiveAuthenticationManager
to use. - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
-
Configures the
ReactiveAuthenticationManager
to use - authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
- AuthenticationManager - Interface in org.springframework.security.authentication
-
Processes an
Authentication
request. - AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication
-
Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.
- AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
- AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication
-
Provider which doesn't provide any service.
- authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
- AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders
-
SecurityBuilder
used to create anAuthenticationManager
. - AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Creates a new instance
- AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication
-
Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.
- AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
- authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ReactiveAuthenticationManagerResolver
- AuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication
-
An interface for resolving an
AuthenticationManager
based on the provided context - authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the
matcher
used for determining if the request is an authentication request. - AuthenticationMethod - Class in org.springframework.security.oauth2.core
-
The authentication method used when sending bearer access tokens in resource requests to resource servers.
- AuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.AuthenticationMethod
-
Constructs an
AuthenticationMethod
using the provided value. - authenticationMethods(List<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use these authentication methods in the resulting
OidcIdToken
- AuthenticationObservationContext - Class in org.springframework.security.authentication
-
An
Observation.Context
used during authentications - AuthenticationObservationContext() - Constructor for class org.springframework.security.authentication.AuthenticationObservationContext
- AuthenticationObservationConvention - Class in org.springframework.security.authentication
-
An
ObservationConvention
for translating authentications intoKeyValues
. - AuthenticationObservationConvention() - Constructor for class org.springframework.security.authentication.AuthenticationObservationConvention
- AuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
-
Converts from the
PayloadExchange
for Authentication Extension. - AuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
- AuthenticationPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
-
Uses the provided
ReactiveAuthenticationManager
to authenticate a Payload. - AuthenticationPayloadInterceptor(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
-
Creates a new instance
- AuthenticationPrincipal - Annotation Interface in org.springframework.security.core.annotation
-
Annotation that is used to resolve
Authentication.getPrincipal()
to a method argument. - AuthenticationPrincipal - Annotation Interface in org.springframework.security.web.bind.annotation
-
Deprecated.Use
AuthenticationPrincipal
instead. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.context
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support
-
Deprecated.Use
AuthenticationPrincipalArgumentResolver
instead. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation
-
Allows resolving the
Authentication.getPrincipal()
using theAuthenticationPrincipal
annotation. - AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
-
Resolves the Authentication
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
-
Deprecated.
- AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
- AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
- authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
-
Add authentication based upon the custom
AuthenticationProvider
that is passed in. - authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder
-
Add authentication based upon the custom
AuthenticationProvider
that is passed in. - authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
AuthenticationProvider
used to validate an anonymous user. - authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
-
Allows adding an additional
AuthenticationProvider
to be used - AuthenticationProvider - Interface in org.springframework.security.authentication
-
Indicates a class can process a specific
Authentication
implementation. - AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication
-
Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.
- AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
- authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Use this
Saml2AuthenticationRequestResolver
for generating SAML 2.0 Authentication Requests. - authenticationRequestUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Customize the URL that the SAML Authentication Request will be sent to.
- authenticationRequestUri(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Sets the
authenticationRequestUri
, a URL that will receive the AuthNRequest message - AuthenticationServiceException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request could not be processed due to a system problem.
- AuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
-
Constructs an
AuthenticationServiceException
with the specified message. - AuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
-
Constructs an
AuthenticationServiceException
with the specified message and root cause. - AuthenticationSuccessEvent - Class in org.springframework.security.authentication.event
-
Application event which indicates successful authentication.
- AuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AuthenticationSuccessEvent
- authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
-
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
- authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
-
The
ServerAuthenticationSuccessHandler
used after authentication success. - authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
The
ServerAuthenticationSuccessHandler
used after authentication success. - AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication
-
Strategy used to handle a successful user authentication.
- AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser
-
Application event which indicates that a user context switch.
- AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
-
Switch user context event constructor
- AuthenticationTag - Class in org.springframework.security.taglibs.authz
-
An
Tag
implementation that allows convenient access to the currentAuthentication
object. - AuthenticationTag() - Constructor for class org.springframework.security.taglibs.authz.AuthenticationTag
- AuthenticationTrustResolver - Interface in org.springframework.security.authentication
-
Evaluates
Authentication
tokens - AuthenticationTrustResolverImpl - Class in org.springframework.security.authentication
-
Basic implementation of
AuthenticationTrustResolver
. - AuthenticationTrustResolverImpl() - Constructor for class org.springframework.security.authentication.AuthenticationTrustResolverImpl
- authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
-
Specifies the
AuthenticationUserDetailsService
to use. - AuthenticationUserDetailsService<T extends Authentication> - Interface in org.springframework.security.core.userdetails
-
Interface that allows for retrieving a UserDetails object based on an Authentication object.
- AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
-
A
WebFilter
that performs authentication of a particular request. - AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Creates an instance
- AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
-
Creates an instance
- AuthnRequestContext(HttpServletRequest, RelyingPartyRegistration, AuthnRequest) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver.AuthnRequestContext
- authorities() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
-
The authorities to use.
- authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the authorities.
- authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the authorities.
- authorities(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the
GrantedAuthority
s to use. - authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the authorities.
- authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the
GrantedAuthority
s to use. - authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
-
Populates the user's
GrantedAuthority
's. - authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Use the provided authorities in the token
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Use the provided authorities in the resulting principal
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Use the provided authorities in the token
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Use the provided authorities in the resulting principal
- authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the authorities.
- authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
-
Sets the
Authentication.getAuthorities()
for anonymous users - authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Provides the configured
Jwt
so that custom authorities can be derived from it - authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Provides the configured
Jwt
so that custom authorities can be derived from it - authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
-
Populates the authorities.
- authorities(GrantedAuthority...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
-
Populates the authorities.
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
-
Use the provided authorities in the token
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
-
Use the provided authorities in the resulting principal
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
-
Specifies the
GrantedAuthority
s to use. - authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
-
Use the provided authorities in the token
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided authorities in the
Authentication
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
-
Use the provided authorities in the resulting principal
- authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
-
Populates the user's
GrantedAuthority
's. - authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
-
Sets the query to be used for finding a user's authorities by their username.
- authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the
GrantedAuthoritiesMapper
. - AuthorityAuthorizationDecision - Class in org.springframework.security.authorization
-
Represents an
AuthorizationDecision
based on a collection of authorities - AuthorityAuthorizationDecision(boolean, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.authorization.AuthorityAuthorizationDecision
- AuthorityAuthorizationManager<T> - Class in org.springframework.security.authorization
-
An
AuthorizationManager
that determines if the current user is authorized by evaluating if theAuthentication
contains a specified authority. - AuthorityGranter - Interface in org.springframework.security.authentication.jaas
-
The AuthorityGranter interface is used to map a given principal to role names.
- authorityListToSet(Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Converts an array of GrantedAuthority objects to a Set.
- AuthorityReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
-
A
ReactiveAuthorizationManager
that determines if the current user is authorized by evaluating if theAuthentication
contains a specified authority. - AuthorityUtils - Class in org.springframework.security.core.authority
-
Utility method for manipulating GrantedAuthority collections etc.
- AUTHORIZATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where authorization is placed.
- AUTHORIZATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
- AUTHORIZATION_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- AuthorizationChannelInterceptor - Class in org.springframework.security.messaging.access.intercept
-
Authorizes
Message
resources using the providedAuthorizationManager
- AuthorizationChannelInterceptor(AuthorizationManager<Message<?>>) - Constructor for class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
-
Creates a new instance
- authorizationCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
authorization_code
grant. - authorizationCode() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
authorization_code
grant. - authorizationCode() - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
-
Returns a new
OAuth2AuthorizationRequest.Builder
, initialized with the authorization code grant type. - authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Returns the
OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationCodeGrantConfigurer
for configuring the OAuth 2.0 Authorization Code Grant. - authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Configures the OAuth 2.0 Authorization Code Grant.
- authorizationCodeHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authorization code hash in the resulting
OidcIdToken
- AuthorizationCodeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for theauthorization_code
grant. - AuthorizationCodeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
- AuthorizationCodeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
for theauthorization_code
grant. - AuthorizationCodeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
- AuthorizationContext - Class in org.springframework.security.web.server.authorization
- AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
- AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
- AuthorizationDecision - Class in org.springframework.security.authorization
- AuthorizationDecision(boolean) - Constructor for class org.springframework.security.authorization.AuthorizationDecision
- AuthorizationDeniedEvent<T> - Class in org.springframework.security.authorization.event
-
An
ApplicationEvent
which indicates failed authorization. - AuthorizationDeniedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationDeniedEvent
- authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Returns the
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>.AuthorizationEndpointConfig
for configuring the Authorization Server's Authorization Endpoint. - authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Configures the Authorization Server's Authorization Endpoint.
- AuthorizationEvent - Class in org.springframework.security.authorization.event
-
A parent class for
AuthorizationGrantedEvent
andAuthorizationDeniedEvent
. - AuthorizationEvent(Supplier<Authentication>, Object, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationEvent
-
Construct an
AuthorizationEvent
- AuthorizationEventPublisher - Interface in org.springframework.security.authorization
-
A contract for publishing authorization events
- AuthorizationFailureEvent - Class in org.springframework.security.access.event
-
Deprecated.Use
AuthorizationDeniedEvent
instead - AuthorizationFailureEvent(Object, Collection<ConfigAttribute>, Authentication, AccessDeniedException) - Constructor for class org.springframework.security.access.event.AuthorizationFailureEvent
-
Deprecated.Construct the event.
- AuthorizationFilter - Class in org.springframework.security.web.access.intercept
-
An authorization filter that restricts access to the URL using
AuthorizationManager
. - AuthorizationFilter(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.intercept.AuthorizationFilter
-
Creates an instance.
- AuthorizationGrantedEvent<T> - Class in org.springframework.security.authorization.event
-
An
ApplicationEvent
which indicates successful authorization. - AuthorizationGrantedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationGrantedEvent
- authorizationGrantType(AuthorizationGrantType) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the
authorization grant type
used for the client. - AuthorizationGrantType - Class in org.springframework.security.oauth2.core
-
An authorization grant is a credential representing the resource owner's authorization (to access it's protected resources) to the client and used by the client to obtain an access token.
- AuthorizationGrantType(String) - Constructor for class org.springframework.security.oauth2.core.AuthorizationGrantType
-
Constructs an
AuthorizationGrantType
using the provided value. - AuthorizationInterceptorsOrder - Enum Class in org.springframework.security.authorization.method
-
Ordering of Spring Security's authorization
Advisor
s - AuthorizationManager<T> - Interface in org.springframework.security.authorization
-
An Authorization manager which can determine if an
Authentication
has access to a specific object. - AuthorizationManagerAfterMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which can determine if anAuthentication
has access to the result of anMethodInvocation
using anAuthorizationManager
- AuthorizationManagerAfterMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
-
Creates an instance.
- AuthorizationManagerAfterReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which can determine if anAuthentication
has access to the returned object from theMethodInvocation
using the configuredReactiveAuthorizationManager
. - AuthorizationManagerAfterReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
-
Creates an instance.
- AuthorizationManagerBeforeMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which uses aAuthorizationManager
to determine if anAuthentication
may invoke the givenMethodInvocation
- AuthorizationManagerBeforeMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
-
Creates an instance.
- AuthorizationManagerBeforeReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
-
A
MethodInterceptor
which can determine if anAuthentication
has access to theMethodInvocation
using the configuredReactiveAuthorizationManager
. - AuthorizationManagerBeforeReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
-
Creates an instance.
- AuthorizationManagers - Class in org.springframework.security.authorization
-
A factory class to create an
AuthorizationManager
instances. - AuthorizationManagerWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
-
An implementation of
WebInvocationPrivilegeEvaluator
which delegates the checks to an instance ofAuthorizationManager
- AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
- AuthorizationObservationContext<T> - Class in org.springframework.security.authorization
-
An
Observation.Context
used during authorizations - AuthorizationObservationContext(T) - Constructor for class org.springframework.security.authorization.AuthorizationObservationContext
- AuthorizationObservationConvention - Class in org.springframework.security.authorization
-
An
ObservationConvention
for translating authorizations intoKeyValues
. - AuthorizationObservationConvention() - Constructor for class org.springframework.security.authorization.AuthorizationObservationConvention
- AuthorizationPayloadInterceptor - Class in org.springframework.security.rsocket.authorization
-
Provides authorization of the
PayloadExchange
. - AuthorizationPayloadInterceptor(ReactiveAuthorizationManager<PayloadExchange>) - Constructor for class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
- authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the redirect strategy for Authorization Endpoint redirect URI.
- authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the repository used for storing
OAuth2AuthorizationRequest
's. - authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Sets the repository to use for storing
OAuth2AuthorizationRequest
's. - authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the repository to use for storing
OAuth2AuthorizationRequest
's. - AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web
-
Implementations of this interface are responsible for the persistence of
OAuth2AuthorizationRequest
between requests. - authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
-
Sets the resolver used for resolving
OAuth2AuthorizationRequest
's. - authorizationRequestUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the
URI
string representation of the OAuth 2.0 Authorization Request. - authorizationRequestUri(Function<UriBuilder, URI>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
A
Function
to be provided aUriBuilder
representation of the OAuth 2.0 Authorization Request allowing for further customizations. - AuthorizationServiceException - Exception in org.springframework.security.access
-
Thrown if an authorization request could not be processed due to a system problem.
- AuthorizationServiceException(String) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
-
Constructs an
AuthorizationServiceException
with the specified message. - AuthorizationServiceException(String, Throwable) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
-
Constructs an
AuthorizationServiceException
with the specified message and root cause. - authorizationUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the uri for the authorization endpoint.
- authorizationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the uri for the authorization endpoint.
- AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization
- AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter
- authorize() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Make an authorization decision by considering all <authorize> tag attributes.
- authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
-
Attempt to authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
- authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
- authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the provided context. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
-
Deprecated.Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
-
Deprecated.Attempt to authorize (or re-authorize) the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider
-
Attempt to authorize (or re-authorize) the
client
in the provided context. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
-
Attempt to re-authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
-
Attempt to re-authorize the
client
in the providedcontext
. - authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
- authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
- authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
-
Attempt to authorize or re-authorize (if required) the
client
identified by the providedclientRegistrationId
. - authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager
-
Attempt to authorize or re-authorize (if required) the
client
identified by the providedclientRegistrationId
. - authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
- authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
- authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Sets the repository for authorized client(s).
- authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the repository for authorized client(s).
- authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Configures the
ReactiveClientRegistrationRepository
. - authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
- authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Sets the service for authorized client(s).
- authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the service for authorized client(s).
- authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- AuthorizedClientServiceOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientManager
that is capable of operating outside of the context of aHttpServletRequest
, e.g. - AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
-
Constructs an
AuthorizedClientServiceOAuth2AuthorizedClientManager
using the provided parameters. - AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
-
The default implementation of the
contextAttributesMapper
. - AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientManager
that is capable of operating outside of the context of aServerWebExchange
, e.g. - AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
-
Constructs an
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
using the provided parameters. - AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
-
The default implementation of the
contextAttributesMapper
. - AuthorizedEvent - Class in org.springframework.security.access.event
-
Deprecated.Use
AuthorizationGrantedEvent
instead - AuthorizedEvent(Object, Collection<ConfigAttribute>, Authentication) - Constructor for class org.springframework.security.access.event.AuthorizedEvent
-
Deprecated.Construct the event.
- authorizedParty(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authorized party in the resulting
OidcIdToken
- authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures authorization.
- authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures authorization.
- AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
- authorizeHttpRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows restricting access based upon the
HttpServletRequest
usingRequestMatcher
implementations (i.e. - authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Allows restricting access based upon the
HttpServletRequest
usingRequestMatcher
implementations (i.e. - AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds a URL based authorization using
AuthorizationManager
. - AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
-
Creates an instance.
- AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
-
Registry for mapping a
RequestMatcher
to anAuthorizationManager
. - AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
-
An object that allows configuring the
AuthorizationManager
forRequestMatcher
s. - authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated.Use
HttpSecurity.authorizeHttpRequests()
instead - authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Deprecated.Use
HttpSecurity.authorizeHttpRequests()
instead - authorizeUsingAccessExpression() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Make an authorization decision based on a Spring EL expression.
- authorizeUsingUrlCheck() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Make an authorization decision based on the URL and HTTP method attributes.
- authTime(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this authentication
Instant
in the resultingOidcIdToken
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
- autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
-
This method will be called whenever the
SecurityContextHolder
does not contain anAuthentication
object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities. - AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration
-
A class used to get all the
WebSecurityConfigurer
instances from the currentApplicationContext
but ignoring the parent. - awaitTermination(long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
- AZP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
azp
- the Authorized party to which the ID Token was issued
B
- BadCredentialsException - Exception in org.springframework.security.authentication
-
Thrown if an authentication request is rejected because the credentials are invalid.
- BadCredentialsException(String) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
-
Constructs a
BadCredentialsException
with the specified message. - BadCredentialsException(String, Throwable) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
-
Constructs a
BadCredentialsException
with the specified message and root cause. - BadJwtException - Exception in org.springframework.security.oauth2.jwt
-
An exception similar to
BadCredentialsException
that indicates aJwt
that is invalid in some way. - BadJwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
- BadJwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
- BadOpaqueTokenException - Exception in org.springframework.security.oauth2.server.resource.introspection
-
An exception similar to
BadCredentialsException
that indicates an opaque token that is invalid in some way. - BadOpaqueTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
- BadOpaqueTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
- Base64 - Class in org.springframework.security.crypto.codec
-
Deprecated.Use java.util.Base64
- Base64StringKeyGenerator - Class in org.springframework.security.crypto.keygen
-
A StringKeyGenerator that generates base64-encoded String keys.
- Base64StringKeyGenerator() - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with keyLength of 32 bytes and standard Base64 encoding.
- Base64StringKeyGenerator(int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with the provided key length in bytes and standard Base64 encoding.
- Base64StringKeyGenerator(Base64.Encoder) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with keyLength of 32 bytes and the provided encoder.
- Base64StringKeyGenerator(Base64.Encoder, int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
-
Creates an instance with the provided key length and encoder.
- BasePermission - Class in org.springframework.security.acls.domain
-
A set of standard permissions.
- BasePermission(int) - Constructor for class org.springframework.security.acls.domain.BasePermission
- BasePermission(int, char) - Constructor for class org.springframework.security.acls.domain.BasePermission
- baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
-
Sets the base
URI
used for authorization requests. - baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
-
Sets the
URI
where the authorization response will be processed. - BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
-
Deprecated.
- BASIC_AUTH - Static variable in class org.springframework.security.config.Elements
- BASIC_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
-
Where basic authentication is placed.
- BASIC_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
-
Deprecated.Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
- basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
-
Deprecated.
- BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www
-
Converts from a HttpServletRequest to
UsernamePasswordAuthenticationToken
that can be authenticated. - BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- BasicAuthenticationDecoder - Class in org.springframework.security.rsocket.metadata
-
Deprecated.Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
- BasicAuthenticationDecoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
-
Deprecated.
- BasicAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
-
Deprecated.Basic Authentication did not evolve into a standard. use
SimpleAuthenticationEncoder
- BasicAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
-
Deprecated.
- BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
-
Used by the
ExceptionTranslationFilter
to commence authentication via theBasicAuthenticationFilter
. - BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www
-
Processes a HTTP request's BASIC authorization headers, putting the result into the
SecurityContextHolder
. - BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Creates an instance which will authenticate against the supplied
AuthenticationManager
and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain. - BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
-
Creates an instance which will authenticate against the supplied
AuthenticationManager
and use the suppliedAuthenticationEntryPoint
to handle authentication failures. - BasicAuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
-
Converts from the
PayloadExchange
to aUsernamePasswordAuthenticationToken
by extractingUsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE
from the metadata. - BasicAuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
- BasicLookupStrategy - Class in org.springframework.security.acls.jdbc
-
Performs lookups in a manner that is compatible with ANSI SQL.
- BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
Constructor accepting mandatory arguments
- BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, PermissionGrantingStrategy) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
-
Creates a new instance
- BCrypt - Class in org.springframework.security.crypto.bcrypt
-
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
- BCrypt() - Constructor for class org.springframework.security.crypto.bcrypt.BCrypt
- BCryptPasswordEncoder - Class in org.springframework.security.crypto.bcrypt
-
Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
- BCryptPasswordEncoder() - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
- BCryptPasswordEncoder.BCryptVersion - Enum Class in org.springframework.security.crypto.bcrypt
-
Stores the default bcrypt version for use in configuration.
- BeanIds - Class in org.springframework.security.config
-
Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.
- BeanIds() - Constructor for class org.springframework.security.config.BeanIds
- BEARER - Static variable in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
- BEARER_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.BearerTokenMetadata
-
Deprecated.Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
- BearerPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
-
Converts from the
PayloadExchange
to aBearerTokenAuthenticationToken
by extractingBearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE
from the metadata. - BearerPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
- bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders
-
Sets the provided value as a Bearer token in a header with the name of
HttpHeaders.AUTHORIZATION
- BearerTokenAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access
-
Translates any
AccessDeniedException
into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate. - BearerTokenAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
- BearerTokenAuthentication - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
Authentication
token that represents a successful authentication as obtained through a bearer token. - BearerTokenAuthentication(OAuth2AuthenticatedPrincipal, OAuth2AccessToken, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
-
Constructs a
BearerTokenAuthentication
with the provided arguments - BearerTokenAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
-
Encodes Bearer Authentication.
- BearerTokenAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
- BearerTokenAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web
-
An
AuthenticationEntryPoint
implementation used to commence authentication of protected resource requests usingBearerTokenAuthenticationFilter
. - BearerTokenAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
- BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web.authentication
-
Authenticates requests that contain an OAuth 2.0 Bearer Token.
- BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web
-
Deprecated.Use
BearerTokenAuthenticationFilter
instead - BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
-
Deprecated.Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
-
Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
-
Deprecated.Construct a
BearerTokenAuthenticationFilter
using the provided parameter(s) - BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication
-
An
Authentication
that contains a Bearer Token. - BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource
-
Deprecated.Please use
BearerTokenAuthenticationToken
- BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
-
Create a
BearerTokenAuthenticationToken
using the provided parameter(s) - BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken
-
Deprecated.Create a
BearerTokenAuthenticationToken
using the provided parameter(s) - bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
-
Configures the
ServerAuthenticationConverter
to use for requests authenticating with Bearer Tokens. - BearerTokenError - Class in org.springframework.security.oauth2.server.resource
-
A representation of a Bearer Token Error.
- BearerTokenError(String, HttpStatus, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
-
Create a
BearerTokenError
using the provided parameters - BearerTokenError(String, HttpStatus, String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
-
Create a
BearerTokenError
using the provided parameters - BearerTokenErrorCodes - Class in org.springframework.security.oauth2.server.resource
-
Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token Usage.
- BearerTokenErrors - Class in org.springframework.security.oauth2.server.resource
-
A factory for creating
BearerTokenError
instances that correspond to the registered Bearer Token Error Codes. - BearerTokenMetadata - Class in org.springframework.security.rsocket.metadata
-
Represents a bearer token that has been encoded into a
Payload#metadata()
. - BearerTokenMetadata(String) - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenMetadata
- bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- BearerTokenResolver - Interface in org.springframework.security.oauth2.server.resource.web
-
A strategy for resolving Bearer Tokens from the
HttpServletRequest
. - BearerTokenServerAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access.server
-
Translates any
AccessDeniedException
into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate. - BearerTokenServerAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
- BearerTokenServerAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web.server
-
An
AuthenticationEntryPoint
implementation used to commence authentication of protected resource requests usingBearerTokenAuthenticationFilter
. - BearerTokenServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
- before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
-
Deprecated.
- before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in interface org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice
-
Deprecated.The "before" advice which should be executed to perform any filtering necessary and to decide whether the method call is authorised.
- beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
- beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Invoked prior to invoking each
SecurityConfigurer.configure(SecurityBuilder)
method. - beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
- beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
- beforeHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Map<String, Object>) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
- beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
-
Invoked prior to invoking each
SecurityConfigurer.init(SecurityBuilder)
method. - beforeInvocation(Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
-
Deprecated.
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
- beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
- beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
-
Invoked before the springSecurityFilterChain is added.
- beforeTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
If configured before test execution sets the SecurityContext
- beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
- beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
-
Sets up the
SecurityContext
for each test method. - BindAuthenticator - Class in org.springframework.security.ldap.authentication
-
An authenticator which binds as a user.
- BindAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.BindAuthenticator
-
Create an initialized instance using the
BaseLdapPathContextSource
provided. - binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used
- binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used
- birthdate(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this birthdate in the resulting
OidcUserInfo
- BIRTHDATE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
-
birthdate
- the user's birth date - BouncyCastleAesCbcBytesEncryptor - Class in org.springframework.security.crypto.encrypt
-
An Encryptor equivalent to
AesBytesEncryptor
usingAesBytesEncryptor.CipherAlgorithm.CBC
that uses Bouncy Castle instead of JCE. - BouncyCastleAesCbcBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
- BouncyCastleAesCbcBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
- BouncyCastleAesGcmBytesEncryptor - Class in org.springframework.security.crypto.encrypt
-
An Encryptor equivalent to
AesBytesEncryptor
usingAesBytesEncryptor.CipherAlgorithm.GCM
that uses Bouncy Castle instead of JCE. - BouncyCastleAesGcmBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
- BouncyCastleAesGcmBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
- build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
- build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
- build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder
-
Builds the object and returns it or null.
- build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Builds the
SecurityWebFilterChain
- build() - Method in class org.springframework.security.core.userdetails.User.UserBuilder
- build() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
-
Builds a new
OAuth2AuthorizationContext
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
-
Builds an instance of
AuthorizationCodeOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Builds an instance of
DelegatingOAuth2AuthorizedClientProvider
composed of one or moreOAuth2AuthorizedClientProvider
(s). - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Builds an instance of
ClientCredentialsOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Builds an instance of
PasswordOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Builds an instance of
RefreshTokenOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
-
Builds a new
OAuth2AuthorizeRequest
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
-
Builds an instance of
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Builds an instance of
DelegatingReactiveOAuth2AuthorizedClientProvider
composed of one or moreReactiveOAuth2AuthorizedClientProvider
(s). - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Builds an instance of
ClientCredentialsReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Builds an instance of
PasswordReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Builds an instance of
RefreshTokenReactiveOAuth2AuthorizedClientProvider
. - build() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Builds a new
ClientRegistration
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
-
Builds a new
OAuth2AccessTokenResponse
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Builds a new
OAuth2AuthorizationRequest
. - build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Builds a new
OAuth2AuthorizationResponse
. - build() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Builds a new
DefaultAddressStandardClaim
. - build() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Build the
OidcIdToken
- build() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Build the
OidcUserInfo
- build() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Builds a new
JwsHeader
. - build() - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Build the
Jwt
- build() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Builds a new
JwtClaimsSet
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Build the configured
NimbusJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
-
Build the configured
NimbusJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
-
Build the configured
NimbusJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
-
Build the configured
NimbusReactiveJwtDecoder
. - build() - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
-
Build the
Saml2LogoutRequest
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
-
Build the
Saml2LogoutResponse
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder
- build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.Builder
-
Constructs an immutable
Saml2PostAuthenticationRequest
object. - build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
-
Constructs an immutable
Saml2RedirectAuthenticationRequest
object. - build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
-
Build an
OpenSamlAssertingPartyDetails
- build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
-
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
- build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
-
Constructs a RelyingPartyRegistration object based on the builder configurations
- build() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
-
Creates a
RequestMatcherDelegatingAuthorizationManager
instance. - build() - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder
-
Creates a
RequestMatcherDelegatingAuthenticationManagerResolver
instance. - build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- build() - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder
-
Creates a
RequestMatcherDelegatingAuthenticationManagerResolver
instance. - build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
- build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- buildDetails(C) - Method in interface org.springframework.security.authentication.AuthenticationDetailsSource
-
Called by a class when it wishes a new authentication details instance to be created.
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
-
Builds the authentication details object.
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
- buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
- buildDn(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
-
Assembles the Distinguished Name that should be used the given username.
- buildDn(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper
- builder() - Static method in class org.springframework.security.core.userdetails.User
-
Creates a UserBuilder
- builder() - Static method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager
-
Creates a builder for
MessageMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Returns a new
OAuth2AuthorizedClientProviderBuilder
for configuring the supported authorization grant(s). - builder() - Static method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Returns a new
ReactiveOAuth2AuthorizedClientProviderBuilder
for configuring the supported authorization grant(s). - builder() - Static method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
-
Create a
OidcUserInfo.Builder
- builder() - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
-
Returns a new
JwtClaimsSet.Builder
. - builder() - Static method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
- builder() - Static method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
-
Creates a builder for
RequestMatcherDelegatingAuthorizationManager
. - builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
- builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
- Builder() - Constructor for class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
- Builder() - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Default constructor.
- Builder() - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Deprecated.Use
Builder(RelyingPartyRegistration)
instead - Builder() - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
- Builder() - Constructor for class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
- Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
- Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
- Builder(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Constructs and initializes the address attributes using the provided
addressFields
. - Builder(RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
-
Creates a new Builder with relying party registration
- Builder(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
-
Construct a new instance of this builder
- buildFromMask(int) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- buildFromMask(int) - Method in interface org.springframework.security.acls.domain.PermissionFactory
-
Dynamically creates a
CumulativePermission
orBasePermission
representing the active bits in the passed mask. - buildFromName(String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- buildFromName(String) - Method in interface org.springframework.security.acls.domain.PermissionFactory
- buildFromNames(List<String>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
- buildFromNames(List<String>) - Method in interface org.springframework.security.acls.domain.PermissionFactory
- buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
- buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils
-
Obtains the full URL the client used to make the request.
- buildGroupDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Creates a DN from a group name.
- buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Builds a URL to redirect the supplied request to HTTPS.
- buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
- buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
- buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
-
Obtains the web application-specific fragment of the request URL.
- buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.intercept.RunAsManager
-
Deprecated.Returns a replacement
Authentication
object for the current secure object invocation, ornull
if replacement not required. - buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
-
Deprecated.
- BytesEncryptor - Interface in org.springframework.security.crypto.encrypt
-
Service interface for symmetric data encryption.
- BytesKeyGenerator - Interface in org.springframework.security.crypto.keygen
-
A generator for unique byte array-based keys.
C
- C_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
-
c_hash
- the Authorization Code hash value - cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures cache control headers
- cache(Cache) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
-
Use the given
Cache
to store JWK Set. - cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures cache control headers
- CACHE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- CACHE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
-
The value for cache control value
- cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows customizing the
CacheControlHeadersWriter
. - cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows customizing the
CacheControlHeadersWriter
. - CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers
-
Inserts headers to prevent caching if no cache control headers have been specified.
- CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter
-
Creates a new instance
- CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes cache control related headers.
- CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
- cachePermissionsFor(Authentication, Collection<?>) - Method in interface org.springframework.security.access.PermissionCacheOptimizer
-
Optimises the permission cache for anticipated operation on the supplied collection of objects.
- cachePermissionsFor(Authentication, Collection<?>) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
- CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
- CachingUserDetailsService - Class in org.springframework.security.authentication
- CachingUserDetailsService(UserDetailsService) - Constructor for class org.springframework.security.authentication.CachingUserDetailsService
- calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
-
Calculates the validity period in seconds for a newly generated remember-me login.
- calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
- call() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
- cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
-
Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
- canRead(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- canWrite(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
- CBC - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Subclasses should implement this method for returning the object that is chained to the creation of the
RequestMatcher
instances. - chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
- chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
- chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
-
Marks the
RequestMatcher
's as unmapped and then callsAbstractConfigAttributeRequestMatcherRegistry.chainRequestMatchersInternal(List)
. - chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
- chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
-
Subclasses should implement this method for returning the object that is chained to the creation of the
RequestMatcher
instances. - chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
- chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
-
Deprecated.
- chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
-
Deprecated.
- CHANGE_AFTER_RESET - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
- CHANGE_AUDITING - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- CHANGE_GENERAL - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- CHANGE_OWNERSHIP - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
- changePassword(String, String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
Changes the password for the current user.
- changePassword(String, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
- changePassword(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- changePassword(String, String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
-
Modify the current user's password.
- changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
-
Sets the change password page.
- changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
-
Sets the change password page.
- changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
-
Specifies that the Servlet container-provided session fixation protection should be used.
- ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Uses
HttpServletRequest.changeSessionId()
to protect against session fixation attacks. - ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
- ChannelAttributeFactory - Class in org.springframework.security.config.http
-
Used as a factory bean to create config attribute values for the requires-channel attribute.
- ChannelDecisionManager - Interface in org.springframework.security.web.access.channel
-
Decides whether a web channel provides sufficient security.
- ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel
-
Implementation of
ChannelDecisionManager
. - ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
- ChannelEntryPoint - Interface in org.springframework.security.web.access.channel
-
May be used by a
ChannelProcessor
to launch a web channel. - ChannelProcessingFilter - Class in org.springframework.security.web.access.channel
-
Ensures a web request is delivered over the required channel.
- ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter
- ChannelProcessor - Interface in org.springframework.security.web.access.channel
-
Decides whether a web channel meets a specific security condition.
- channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
-
Sets the
ChannelProcessor
instances to use inChannelDecisionManagerImpl
- ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds channel security (i.e.
- ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
-
Creates a new instance
- ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
- ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
- ChannelSecurityInterceptor - Class in org.springframework.security.messaging.access.intercept
-
Deprecated.Use
AuthorizationChannelInterceptor
instead - ChannelSecurityInterceptor(MessageSecurityMetadataSource) - Constructor for class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
-
Deprecated.Creates a new instance
- check(Supplier<Authentication>, HttpServletRequest) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
-
Delegates to a specific
AuthorizationManager
based on aRequestMatcher
evaluation. - check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
-
Determine if an
Authentication
has access to a method by evaluating theDenyAll
,PermitAll
, andRolesAllowed
annotations thatMethodInvocation
specifies. - check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
-
Determines the access by evaluating the provided expression.
- check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
-
Determine if an
Authentication
has access to a method by evaluating an expression from thePreAuthorize
annotation that theMethodInvocation
specifies. - check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager
-
Determine if an
Authentication
has access to a method by evaluating theSecured
annotation thatMethodInvocation
specifies. - check(Supplier<Authentication>, Message<?>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager
-
Delegates to a specific
AuthorizationManager
based on aMessageMatcher
evaluation. - check(Supplier<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
-
Determine if an
Authentication
has access to the returned object by evaluating thePostAuthorize
annotation that theMethodInvocation
specifies. - check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
-
Determines the access by evaluating the provided expression.
- check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
-
Determines if the current user is authorized according to the given strategy.
- check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
-
Determines if the current user is authorized by evaluating if the
Authentication
contains a specified authority. - check(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager
-
Determines if access is granted for a specific authentication and object.
- check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
- check(UserDetails) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
- check(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserDetailsChecker
-
Examines the User
- check(Mono<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
-
Determines if an
Authentication
has access to theMethodInvocation
by evaluating an expression from thePreAuthorize
annotation. - check(Mono<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
-
Determines if an
Authentication
has access to the returned object from theMethodInvocation
by evaluating an expression from thePostAuthorize
annotation. - check(Mono<Authentication>, PayloadExchange) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
- check(Mono<Authentication>, AuthorizationContext) - Method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager
- check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
- check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
- check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
- check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
- check(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
-
Determines if access is granted for a specific authentication and object.
- checkAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
-
Deprecated.
- checkpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Check that a password (as a byte array) matches a previously hashed one
- checkpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
-
Check that a plaintext password matches a previously hashed one
- ChildAuthenticationManagerFactoryBean(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
- ChildrenExistException - Exception in org.springframework.security.acls.model
-
Thrown if an
Acl
cannot be deleted because childrenAcl
s exist. - ChildrenExistException(String) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
-
Constructs an
ChildrenExistException
with the specified message. - ChildrenExistException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
-
Constructs an
ChildrenExistException
with the specified message and root cause. - ciRegex - Enum constant in enum class org.springframework.security.config.http.MatcherType
- claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Use this claim in the resulting
OidcIdToken
- claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Use this claim in the resulting
OidcUserInfo
- claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Use this claim in the resulting
Jwt
- claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
Sets the claim.
- ClaimAccessor - Interface in org.springframework.security.oauth2.core
-
An "accessor" for a set of claims that may be used for assertions.
- ClaimConversionService - Class in org.springframework.security.oauth2.core.converter
-
A
ConversionService
configured with converters that provide type conversion for claim values. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
-
Provides access to every
OidcIdToken.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
-
Provides access to every
OidcUserInfo.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
-
Provides access to every
Jwt.Builder.claim(String, Object)
declared so far with the possibility to add, replace, or remove. - claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
-
A
Consumer
to be provided access to the claims allowing the ability to add, replace, or remove. - ClaimTypeConverter - Class in org.springframework.security.oauth2.core.converter
-
A
Converter
that provides type conversion for claim values. - ClaimTypeConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
-
Constructs a
ClaimTypeConverter
using the provided parameters. - clear() - Method in class org.springframework.security.acls.domain.CumulativePermission
- clear(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission
- CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
- clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
-
Specifies if
SecurityContextLogoutHandler
should clear theAuthentication
at the time of logout. - clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
-
Removes temporary authentication-related data which may have been stored in the session during the authentication process.
- clearCache() - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
- clearCache() - Method in interface org.springframework.security.acls.model.AclCache
- clearContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Clears the current context.
- clearContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
-
Clears the
Mono<SecurityContext>
from ReactorContext
- clearContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Explicitly clears the context value from the current thread.
- clearContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Clears the current context.
- clearContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
- clearContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Clear Site Data.
- ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
-
Creates a new instance of
ClearSiteDataHeaderWriter
with given sources. - ClearSiteDataHeaderWriter.Directive - Enum Class in org.springframework.security.web.header.writers
-
Represents the directive values expected by the
ClearSiteDataHeaderWriter
. - ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Clear-Site-Data
response header when the request is secure. - ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
-
Constructs a new instance using the given directives.
- ClearSiteDataServerHttpHeadersWriter.Directive - Enum Class in org.springframework.security.web.server.header
-
Represents the directive values expected by the
ClearSiteDataServerHttpHeadersWriter
- CLIENT_ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_assertion
- used in Access Token Request. - CLIENT_ASSERTION_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_assertion_type
- used in Access Token Request. - CLIENT_CREDENTIALS - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
- CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_id
- used in Authorization Request and Access Token Request. - CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
-
client_id
- The Client identifier for the token - CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
- CLIENT_SECRET - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
client_secret
- used in Access Token Request. - CLIENT_SECRET_BASIC - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- CLIENT_SECRET_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- CLIENT_SECRET_POST - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
- clientAuthenticationMethod(ClientAuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the
authentication method
used when authenticating the client with the authorization server. - ClientAuthenticationMethod - Class in org.springframework.security.oauth2.core
-
The authentication method used when authenticating the client with the authorization server.
- ClientAuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.ClientAuthenticationMethod
-
Constructs a
ClientAuthenticationMethod
using the provided value. - ClientAuthorizationException - Exception in org.springframework.security.oauth2.client
-
This exception is thrown on the client side when an attempt to authenticate or authorize an OAuth 2.0 client fails.
- ClientAuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationException(OAuth2Error, String, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationException(OAuth2Error, String, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
-
Constructs a
ClientAuthorizationException
using the provided parameters. - ClientAuthorizationRequiredException - Exception in org.springframework.security.oauth2.client
-
This exception is thrown when an OAuth 2.0 Client is required to obtain authorization from the Resource Owner.
- ClientAuthorizationRequiredException(String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationRequiredException
-
Constructs a
ClientAuthorizationRequiredException
using the provided parameters. - clientCredentials() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - clientCredentials() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - clientCredentials(Consumer<OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - clientCredentials(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
-
Configures support for the
client_credentials
grant. - ClientCredentialsOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of an
OAuth2AuthorizedClientProvider
for theclient_credentials
grant. - ClientCredentialsOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
- ClientCredentialsReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
-
An implementation of a
ReactiveOAuth2AuthorizedClientProvider
for theclient_credentials
grant. - ClientCredentialsReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
- clientId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the client identifier.
- clientId(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
-
Sets the client identifier.
- clientName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the logical name of the client or registration.
- clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this
Consumer
to configure aClientRegistration
- clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this
Consumer
to configure aClientRegistration
- clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
-
Use this
ClientRegistration
- clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
-
Use the provided
ClientRegistration
as the client to authorize. - clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
-
Use the provided
ClientRegistration
as the client to authorize. - clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
-
Use this
ClientRegistration
- clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
-
Use the provided
ClientRegistration
as the client to authorize. - clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
-
Use the provided
ClientRegistration
as the client to authorize. - ClientRegistration - Class in org.springframework.security.oauth2.client.registration
-
A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider.
- ClientRegistration.Builder - Class in org.springframework.security.oauth2.client.registration
-
A builder for
ClientRegistration
. - ClientRegistration.ProviderDetails - Class in org.springframework.security.oauth2.client.registration
-
Details of the Provider.
- ClientRegistration.ProviderDetails.UserInfoEndpoint - Class in org.springframework.security.oauth2.client.registration
-
Details of the UserInfo Endpoint.
- clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
. - clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
-
Modifies the
ClientRequest.attributes()
to include theClientRegistration.getRegistrationId()
to be used to look up theOAuth2AuthorizedClient
. - clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
- clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
- clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-
Sets the repository of client registrations.
- clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-
Sets the repository of client registrations.
- clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
-
Configures the
ReactiveClientRegistrationRepository
. - clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- ClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration
-
A repository for OAuth 2.0 / OpenID Connect 1.0
ClientRegistration
(s). - ClientRegistrations - Class in org.springframework.security.oauth2.client.registration
-
Allows creating a
ClientRegistration.Builder
from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer. - ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client
- ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
- clientSecret(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
-
Sets the client secret.
- clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the
Clock
used inInstant.now(Clock)
when checking the access token expiry. - clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
-
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
- closeContext(Context) - Static method in class org.springframework.security.ldap.LdapUtils
- closeEnumeration(NamingEnumeration) - Static method in class org.springframework.security.ldap.LdapUtils
- code - Variable in class org.springframework.security.acls.domain.AbstractPermission
- code(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
-
Sets the authorization code.
- CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
- CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
-
code
- used in Authorization Response and Access Token Request. - CODE_CHALLENGE - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
-
code_challenge
- used in Authorization Request. - CODE_CHALLENGE_METHOD - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
-
code_challenge_method
- used in Authorization Request. - CODE_VERIFIER - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
-
code_verifier
- used in Token Request. - collectionFromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
-
Return a
Collection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata. - collectionFromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
-
Return a
Collection
ofRelyingPartyRegistration.Builder
s based off of the given SAML 2.0 Asserting Party (IDP) metadata location. - commaSeparatedStringToAuthorityList(String) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Creates a array of GrantedAuthority objects from a comma-separated string representation (e.g.
- commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
- commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint
-
Commences a secure channel.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
-
Collect error details from the provided parameters and format according to RFC 6750, specifically
error
,error_description
,error_uri
, andscope
. - commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
-
Always returns a 403 error code to the client.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
-
Performs the redirect (or forward) to the login form URL.
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
- commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint
-
Commences an authentication scheme.
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
- commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint
-
Initiates the authentication flow
- commit() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
-
Authenticate the
Subject
(phase two) by adding the Spring SecurityAuthentication
to theSubject
's principals. - CommonOAuth2Provider - Enum Class in org.springframework.security.config.oauth2.client
-
Common OAuth2 Providers that can be used to create
builders
pre-configured with sensible defaults for theHttpSecurity.oauth2Login()
flow. - compare(String, String, Object) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
-
Performs an LDAP compare operation of the value of an attribute for a particular directory entry.
- CompositeAccessDeniedHandler - Class in org.springframework.security.web.access
- CompositeAccessDeniedHandler(Collection<AccessDeniedHandler>) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
- CompositeAccessDeniedHandler(AccessDeniedHandler...) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
- CompositeHeaderWriter - Class in org.springframework.security.web.header.writers
-
A
HeaderWriter
that delegates to several otherHeaderWriter
s. - CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter
-
Creates a new instance.
- CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
Performs a logout through all the
LogoutHandler
implementations. - CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
- CompositeRequestRejectedHandler - Class in org.springframework.security.web.firewall
-
A
RequestRejectedHandler
that delegates to several otherRequestRejectedHandler
s. - CompositeRequestRejectedHandler(RequestRejectedHandler...) - Constructor for class org.springframework.security.web.firewall.CompositeRequestRejectedHandler
-
Creates a new instance.
- CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Combines multiple
ServerHttpHeadersWriter
instances into a single instance. - CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
- CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
A
SessionAuthenticationStrategy
that accepts multipleSessionAuthenticationStrategy
implementations to delegate to. - CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
- concat(Saml2Error) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Return a new
Saml2ResponseValidatorResult
that contains both the givenSaml2Error
and the errors from the result - concat(Saml2ResponseValidatorResult) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
-
Return a new
Saml2ResponseValidatorResult
that contains the errors from the givenSaml2ResponseValidatorResult
as well as this result. - concatenate(byte[]...) - Static method in class org.springframework.security.crypto.util.EncodingUtils
-
Combine the individual byte arrays into one array.
- CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements
- ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
-
Strategy which handles concurrent session-control.
- ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
- ConcurrentSessionFilter - Class in org.springframework.security.web.session
-
Filter required by concurrent session handling package.
- ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
- ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
-
Deprecated.
- ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
- ConfigAttribute - Interface in org.springframework.security.access
-
Stores a security system related configuration attribute.
- configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
- configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
-
Configures the
CorsConfigurationSource
to be used - configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
- configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
-
Deprecated.
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
-
Configure the
SecurityBuilder
by setting the necessary properties on theSecurityBuilder
. - configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
- configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
- configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
- configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Sub classes can override this method to register different types of authentication.
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
- configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
- configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
Deprecated.
- configureJaas(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
-
Hook method for configuring Jaas.
- ConsensusBased - Class in org.springframework.security.access.vote
-
Deprecated.Use
AuthorizationManager
instead - ConsensusBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.ConsensusBased
-
Deprecated.
- ConsoleAuditLogger - Class in org.springframework.security.acls.domain
-
A basic implementation of
AuditLogger
. - ConsoleAuditLogger() - Constructor for class org.springframework.security.acls.domain.ConsoleAuditLogger
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
- containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
- containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
-
Allows the repository to be queried as to whether it contains a security context for the current request.
- containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Allows determining if a mapping was added.
- CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Content Security Policy (CSP) Level 2.
- contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures
Content-Security-Policy
response header. - contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Allows configuration for Content Security Policy (CSP) Level 2.
- contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures
Content-Security-Policy
response header. - ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
-
Provides support for Content Security Policy (CSP) Level 2.
- ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Creates a new instance.
- ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
-
Creates a new instance
- ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Writes the
Contet-Security-Policy
response header with configured policy directives. - ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
- contentType(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
-
Sets the content type header that declares the media type of the secured content (the payload).
- contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Configures the
XContentTypeOptionsHeaderWriter
which inserts the X-Content-Type-Options: - contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures content type response headers
- contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-
Configures the
XContentTypeOptionsHeaderWriter
which inserts the X-Content-Type-Options: - contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
-
Configures content type response headers
- ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
-
Adds X-Content-Type-Options: nosniff
- ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
- CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds
- CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds
- contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Allows easily configuring of a
BaseLdapPathContextSource
with defaults pointing to an embedded LDAP server that is created. - contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
-
Specifies the
BaseLdapPathContextSource
to be used. - ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap
-
Checks for the presence of a ContextSource instance.
- conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
- convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
- convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
- convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter
- convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
- convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter
-
Converts a successful introspection result into an authentication result.
- convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter
-
Converts a successful introspection result into an authentication result.
- convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
- convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter
- convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
- convert(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter
-
Returns the
RequestEntity
used for the UserInfo Request. - convert(OAuth2AccessTokenResponse) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
-
Extract
GrantedAuthority
s from the givenJwt
. - convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
-
Extract
GrantedAuthority
s from the givenJwt
. - convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
- convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter
- convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
- convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
- convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
- convert(PayloadExchange) - Method in interface org.springframework.security.rsocket.authentication.PayloadExchangeAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
- convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter
-
Converts a
ServerWebExchange
to anAuthentication
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
- convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
- convert(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
- convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
- convertPasswordToString(Object) - Static method in class org.springframework.security.ldap.LdapUtils
- CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout
-
A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies
- CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
- CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf
-
A
CsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. - CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository
- CookieRequestCache - Class in org.springframework.security.web.savedrequest
-
An Implementation of
RequestCache
which saves the original request URI in a cookie. - CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache
- COOKIES - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
- COOKIES - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
- CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
-
A
ServerCsrfTokenRepository
that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. - CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
- CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest
-
An implementation of
ServerRequestCache
that saves the requested URI in a cookie. - CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
- CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme
- CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException
- copyToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
- CoreJackson2Module - Class in org.springframework.security.jackson2
-
Jackson module for spring-security-core.
- CoreJackson2Module() - Constructor for class org.springframework.security.jackson2.CoreJackson2Module
- cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds a
CorsFilter
to be used. - cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures CORS headers.
- cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
-
Adds a
CorsFilter
to be used. - cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
-
Configures CORS headers.
- CORS - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
-
CorsWebFilter
- CORS - Static variable in class org.springframework.security.config.Elements
- CorsBeanDefinitionParser - Class in org.springframework.security.config.http
-
Parser for the
CorsFilter
. - CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser
- CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
-
Adds
CorsFilter
to the Spring Security filter chain. - CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
-
Creates a new instance
- country(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
-
Sets the country.
- create - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
- create(Object, String, Object...) - Static method in class org.springframework.security.util.MethodInvocationUtils
-
Generates a
MethodInvocation
for specifiedmethodName
on the passed object, using theargs
to locate the method. - create(Runnable, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
-
Factory method for creating a
DelegatingSecurityContextRunnable
. - create(Callable<V>, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
-
Creates a
DelegatingSecurityContextCallable
and with the givenCallable
andSecurityContext
, but if the securityContext is null will defaults to the currentSecurityContext
on theSecurityContextHolder
- CREATE - Static variable in class org.springframework.security.acls.domain.BasePermission
- CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
-
Default SQL for creating the database table to store the tokens
- createAcl(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
- createAcl(ObjectIdentity) - Method in interface org.springframework.security.acls.model.MutableAclService
-
Creates an empty
Acl
object in the database. - createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
- createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
- createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Returns the configured
AuthenticationManager
that can be used to perform LDAP authentication. - createAuthority(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
-
Creates a GrantedAuthority from a role attribute.
- createAuthorityList(String...) - Static method in class org.springframework.security.core.authority.AuthorityUtils
-
Converts authorities into a List of GrantedAuthority objects.
- createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory
- createCipher() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
- createCurrentUser(Authentication) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
-
Creates a principal-like sid from the authentication information.
- createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoderFactory
-
Creates a
JwtDecoder
using the supplied "contextual" type. - createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory
-
Creates a
ReactiveJwtDecoder
using the supplied "contextual" type. - createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
- createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
- createDefault() - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
-
Create a
Jwt
Validator that contains all standard validators. - createDefaultAssertionValidator() - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider
-
Construct a default strategy for validating each SAML 2.0 Assertion and associated
Authentication
token - createDefaultAssertionValidator(Converter<OpenSaml4AuthenticationProvider.AssertionToken, ValidationContext>) - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider
- createDefaultAssertionValidatorWithParameters(Consumer<Map<String, Object>>) - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider
-
Construct a default strategy for validating each SAML 2.0 Assertion and associated
Authentication
token - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
-
Returns the default
Converter
's used for type conversion of claim values for anOidcIdToken
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
-
Returns the default
Converter
's used for type conversion of claim values for anOidcIdToken
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
-
Returns the default
Converter
's used for type conversion of claim values for anOidcUserInfo
. - createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
-
Returns the default
Converter
's used for type conversion of claim values for anOidcUserInfo
. - createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
-
Allows subclasses to supply the default
AbstractLdapAuthenticator
. - createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
- createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
- createDefaultResponseAuthenticationConverter() - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider
-
Construct a default strategy for converting a SAML 2.0 Response and
Authentication
token into aSaml2Authentication
- createDefaultResponseValidator() - Static method in class org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider
-
Construct a default strategy for validating the SAML 2.0 Response
- createDefaultWithIssuer(String) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
-
Create a
Jwt
Validator that contains all standard validators when an issuer is known. - createDelegatingPasswordEncoder() - Static method in class org.springframework.security.crypto.factory.PasswordEncoderFactories
-
Creates a
DelegatingPasswordEncoder
with default mappings. - createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
-
Subclasses can override this methode if they want to use a different EL root context
- createEmptyContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
-
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
- createEmptyContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
-
Delegates the creation of a new, empty context to the configured strategy.
- createEmptyContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
-
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
- createEmptyContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
- createEntries(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
- createEvaluationContext(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
- createEvaluationContext(Supplier<Authentication>, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
-
Provides an evaluation context in which to evaluate security expressions for the invocation type.
- createEvaluationContext(Authentication, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
- createEvaluationContext(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
-
Invokes the internal template methods to create
StandardEvaluationContext
andSecurityExpressionRoot
objects. - createEvaluationContext(Authentication, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
-
Provides an evaluation context in which to evaluate security expressions for the invocation type.
- createEvaluationContextInternal(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
-
Uses a
MethodSecurityEvaluationContext
as the EvaluationContext implementation. - createEvaluationContextInternal(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
-
Override to create a custom instance of
StandardEvaluationContext
. - createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
Allows the
EvaluationContext
to be customized for variable lookup etc. - createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
- createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
-
Deprecated.Provide a
MethodSecurityExpressionHandler
that is registered with theExpressionBasedPreInvocationAdvice
. - createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
-
Deprecated.Create a
MessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions. - createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>, SecurityExpressionHandler<Message<Object>>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
-
Deprecated.Create a
MessageSecurityMetadataSource
that usesMessageMatcher
mapped to Spring Expressions. - createFromClass(Class<?>, String) - Static method in class org.springframework.security.util.MethodInvocationUtils
-
Generates a
MethodInvocation
for the specifiedmethodName
on the passed class. - createFromClass(Object, Class<?>, String, Class<?>[], Object[]) - Static method in class org.springframework.security.util.MethodInvocationUtils
-
Generates a
MethodInvocation
for specifiedmethodName
on the passed class, using theargs
to locate the method. - createGroup(String, List<GrantedAuthority>) - Method in interface org.springframework.security.provisioning.GroupManager
-
Creates a new group with the specified list of authorities.
- createGroup(String, List<GrantedAuthority>) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- createList(String...) - Static method in class org.springframework.security.access.SecurityConfig
- createListFromCommaDelimitedString(String) - Static method in class org.springframework.security.access.SecurityConfig
- createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
-
Creates the LoginContext to be used for authentication.
- createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
-
Creates a LoginContext using the Configuration that was specified in
DefaultJaasAuthenticationProvider.setConfiguration(Configuration)
. - createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
- createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
-
Create the
RequestMatcher
given a loginProcessingUrl - createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
- createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
- createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
- createMatcher(ParserContext, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
- createMatcher(ParserContext, String, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
- createMessageMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
-
Creates a new instance with the specified pattern,
SimpMessageType.MESSAGE
, andPathMatcher
. - createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
-
Deprecated.Allows subclasses to create creating a
MessageSecurityMetadataSource
. - createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
-
Creates
MvcRequestMatcher
instances for the method and patterns passed in - createNewAuthentication(Authentication, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
- createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
- createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
- createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
- createObjectIdentity(Serializable, String) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
- createObjectIdentity(Serializable, String) - Method in interface org.springframework.security.acls.model.ObjectIdentityGenerator
- createObjectIdentity(ObjectIdentity, Sid) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Creates an entry in the acl_object_identity table for the passed ObjectIdentity.
- createOrRetrieveClassPrimaryKey(String, boolean, Class) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from
acl_class
, creating a new row if needed and theallowCreate
property istrue
. - createOrRetrieveSidPrimaryKey(String, boolean, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
- createOrRetrieveSidPrimaryKey(Sid, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
-
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
- createParameters(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter
AuthorizationManager
instead