All Packages
Package
Description
Core access-control related code, including security metadata related classes,
interception code, access control annotations, EL support and voter-based
implementations of the central
AccessDecisionManager
interface.Support for JSR-250 and Spring Security
@Secured
annotations.Authorization event and listener classes.
Expression handling code to support the use of Spring-EL based expressions in
@PreAuthorize
, @PreFilter
, @PostAuthorize
and
@PostFilter
annotations.Implementation of expression-based method security.
Role hierarchy implementation.
Abstract level security interception classes which are responsible for enforcing the
configured security constraints for a secure object.
Enforces security for AOP Alliance
MethodInvocation
s, such as via Spring
AOP.Enforces security for AspectJ
JointPoint
s, delegating secure object
callbacks to the calling aspect.Provides
SecurityMetadataSource
implementations for securing Java method
invocations via different AOP libraries.Contains the infrastructure classes for handling the
@PreAuthorize
,
@PreFilter
, @PostAuthorize
and @PostFilter
annotations.Implements a vote-based approach to authorization decisions.
The Spring Security ACL package which implements instance-based security for domain
objects.
After-invocation providers for collection and array filtering.
Basic implementation of access control lists (ACLs) interfaces.
JDBC-based persistence of ACL information
Interfaces and shared classes to manage access control lists (ACLs) for domain object
instances.
Core classes and interfaces related to user authentication, which are used throughout
Spring Security.
An
AuthenticationProvider
which relies upon a data access object.Authentication success and failure events which can be published to the Spring
application context.
An authentication provider for JAAS.
JAAS authentication events which can be published to the Spring application context by
the JAAS authentication provider.
An in memory JAAS implementation.
Support classes for the Spring Security namespace.
Parsing of <authentication-manager> and related elements.
Parsing of the <http> namespace element.
Security namespace support for LDAP authentication.
Support for parsing of the <global-method-security> and <intercept-methods>
elements.
Core classes and interfaces related to user authentication and authorization, as well
as the maintenance of a security context.
The default implementation of the
GrantedAuthority
interface.Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of
GrantedAuthority
s.Classes related to the establishment of a security context for the duration of a
request (such as an HTTP or RMI invocation).
Session abstraction which is provided by the
org.springframework.security.core.session.SessionInformation
SessionInformation
class.A service for building secure random tokens.
The standard interfaces for implementing user data DAOs.
Implementations of
UserCache
.Exposes a JDBC-based authentication repository, implementing
org.springframework.security.core.userdetails.UserDetailsService UserDetailsService
.Exposes an in-memory authentication repository.
Internal codec classes.
Mix-in classes to add Jackson serialization support.
Spring Security's LDAP module.
The LDAP authentication provider package.
Implementation of password policy functionality based on the
Password Policy for LDAP Directories.
LdapUserSearch
implementations.Embedded Apache Directory Server implementation, as used by the configuration
namespace.
LDAP-focused
UserDetails
implementations which map from a ubset of the data
contained in some of the standard LDAP types (such as InetOrgPerson
).Core classes and interfaces providing support for OAuth 2.0 Client.
Support classes and interfaces for authenticating and authorizing a client with an
OAuth 2.0 Authorization Server using a specific authorization grant flow.
Classes and interfaces providing support to the client for initiating requests to the
Authorization Server's Protocol Endpoints.
Support classes and interfaces for authenticating and authorizing a client with an
OpenID Connect 1.0 Provider using a specific authorization grant flow.
Classes and interfaces providing support to the client for initiating requests to the
OpenID Connect 1.0 Provider's UserInfo Endpoint.
Classes and interfaces that provide support for
ClientRegistration
.Classes and interfaces providing support to the client for initiating requests to the
OAuth 2.0 Authorization Server's UserInfo Endpoint.
OAuth 2.0 Client
Filter
's and supporting classes and interfaces.Core classes and interfaces providing support for the OAuth 2.0 Authorization
Framework.
Support classes that model the OAuth 2.0 Request and Response messages from the
Authorization Endpoint and Token Endpoint.
Core classes and interfaces providing support for OpenID Connect Core 1.0.
Support classes that model the OpenID Connect Core 1.0 Request and Response messages
from the Authorization Endpoint and Token Endpoint.
Provides a model for an OpenID Connect Core 1.0 representation of a user
Principal
.Provides a model for an OAuth 2.0 representation of a user
Principal
.Core classes and interfaces providing support for JSON Web Signature (JWS).
Core classes and interfaces providing support for JSON Web Token (JWT).
OAuth 2.0 Resource Server core classes and interfaces providing support.
OAuth 2.0 Resource Server
Authentication
s and supporting classes and
interfaces.OAuth 2.0 Introspection supporting classes and interfaces.
OAuth 2.0 Resource Server
Filter
's and supporting classes and interfaces.OAuth 2.0 Resource Server access denial classes and interfaces.
Contains simple user and authority group account provisioning interfaces together with
a a JDBC-based implementation.
Security related tag libraries that can be used in JSPs and templates.
JSP Security tag library implementation.
General utility classes used throughout the Spring Security framework.
Spring Security's web security module.
Access-control related classes and packages.
Classes that ensure web requests are received over required transport channels.
Implementation of web security expressions.
Enforcement of security for HTTP requests, typically by the URL requested.
Authentication processing mechanisms, which respond to the submission of authentication
credentials using various protocols (eg BASIC, CAS, form login etc).
Logout functionality based around a filter which handles a specific logout URL.
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming
request has already been authenticated by some externally configured system.
Pre-authentication support for container-authenticated requests.
Websphere-specific pre-authentication classes.
X.509 client certificate authentication support.
Support for remembering a user between different web sessions.
Strategy interface and implementations for handling session-related behaviour for a
newly authenticated user.
Provides HTTP-based "switch user" (su) capabilities.
Authentication user-interface rendering code.
WWW-Authenticate based authentication mechanism implementations: Basic and Digest
authentication.
Classes which are responsible for maintaining the security context between HTTP
requests.
Makes a JAAS Subject available as the current Subject.
Mix-in classes to provide Jackson serialization support.
Classes related to the caching of an
HttpServletRequest
which requires
authentication.Populates a Servlet request with a new Spring Security compliant
HttpServletRequestWrapper
.Session management filters,
HttpSession
events and publisher classes.Web utility classes.