Package org.springframework.security.authentication
package org.springframework.security.authentication
Core classes and interfaces related to user authentication, which are used throughout
Spring Security.
Of key importance is the
AuthenticationManager
and its default implementation
ProviderManager
,
which maintains a list
AuthenticationProvider
s to which it delegates authentication requests.
-
ClassDescriptionBase class for
Authentication
objects.A baseReactiveAuthenticationManager
that allows subclasses to override and work withUserDetails
objects.Thrown if an authentication request is rejected because the account has expired.Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).AnAuthenticationProvider
implementation that validatesAnonymousAuthenticationToken
s.Represents an anonymousAuthentication
.Thrown if an authentication request is rejected because there is noAuthentication
object in theSecurityContext
.Provides aAuthentication.getDetails()
object for a given web request.Processes anAuthentication
request.An interface for resolving anAuthenticationManager
based on the provided contextAnObservation.Context
used during authenticationsAnObservationConvention
for translating authentications intoKeyValues
.Indicates a class can process a specificAuthentication
implementation.Thrown if an authentication request could not be processed due to a system problem.EvaluatesAuthentication
tokensBasic implementation ofAuthenticationTrustResolver
.Thrown if an authentication request is rejected because the credentials are invalid.Implementation ofUserDetailsService
that utilizes caching through aUserCache
Thrown if an authentication request is rejected because the account's credentials have expired.The default strategy for publishing authentication events.AReactiveAuthenticationManager
that delegates to otherReactiveAuthenticationManager
instances using the result from the first non empty result.Thrown if an authentication request is rejected because the account is disabled.Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.Thrown if an authentication request could not be processed due to a system problem that occurred internally.Thrown if an authentication request is rejected because the account is locked.AnAuthenticationManager
that observes the authenticationAnReactiveAuthenticationManager
that observes the authenticationIterates anAuthentication
request through a list ofAuthenticationProvider
s.Thrown byProviderManager
if noAuthenticationProvider
could be found that supports the presentedAuthentication
object.Determines if the providedAuthentication
can be authenticated.Adapts an AuthenticationManager to the reactive APIs.An interface for resolving aReactiveAuthenticationManager
based on the provided contextAnAuthenticationProvider
implementation that validatesRememberMeAuthenticationToken
s.Represents a rememberedAuthentication
.AnAuthenticationProvider
implementation for theTestingAuthenticationToken
.AnAuthentication
implementation that is designed for use whilst unit testing.AReactiveAuthenticationManager
that uses aReactiveUserDetailsService
to validate the provided username and password.AnAuthentication
implementation that is designed for simple presentation of a username and password.