Index

$ A B C D E F G H I J K L M N O P Q R S T U V W X Z _ 
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form

$

$2A - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
 
$2B - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
 
$2Y - Enum constant in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
 

A

abort() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Abort the authentication process by forgetting the Spring Security Authentication.
AbstractAccessDecisionManager - Class in org.springframework.security.access.vote
Deprecated.
AbstractAccessDecisionManager(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
AbstractAclProvider - Class in org.springframework.security.acls.afterinvocation
Abstract AfterInvocationProvider which provides commonly-used ACL-related services.
AbstractAclProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
AbstractAclVoter - Class in org.springframework.security.access.vote
Deprecated.
Now used by only-deprecated classes. Generally speaking, in-memory ACL is no longer advised, so no replacement is planned at this point.
AbstractAclVoter() - Constructor for class org.springframework.security.access.vote.AbstractAclVoter
Deprecated.
 
AbstractAuthenticationEvent - Class in org.springframework.security.authentication.event
Represents an application authentication event.
AbstractAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationEvent
 
AbstractAuthenticationFailureEvent - Class in org.springframework.security.authentication.event
Abstract application event which indicates authentication failure for some reason.
AbstractAuthenticationFailureEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent
 
AbstractAuthenticationFilterConfigurer<B extends HttpSecurityBuilder<B>,T extends AbstractAuthenticationFilterConfigurer<B,T,F>,F extends AbstractAuthenticationProcessingFilter> - Class in org.springframework.security.config.annotation.web.configurers
Base class for configuring AbstractAuthenticationFilterConfigurer.
AbstractAuthenticationFilterConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Creates a new instance with minimal defaults
AbstractAuthenticationFilterConfigurer(F, String) - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Creates a new instance
AbstractAuthenticationProcessingFilter - Class in org.springframework.security.web.authentication
Abstract processor of browser-based HTTP-based authentication requests.
AbstractAuthenticationProcessingFilter(String) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
AbstractAuthenticationProcessingFilter(String, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Creates a new instance with a default filterProcessesUrl and an AuthenticationManager
AbstractAuthenticationProcessingFilter(RequestMatcher) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Creates a new instance
AbstractAuthenticationProcessingFilter(RequestMatcher, AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Creates a new instance with a RequestMatcher and an AuthenticationManager
AbstractAuthenticationTargetUrlRequestHandler - Class in org.springframework.security.web.authentication
Base class containing the logic used by strategies which handle redirection to a URL and are passed an Authentication object as part of the contract.
AbstractAuthenticationTargetUrlRequestHandler() - Constructor for class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
 
AbstractAuthenticationToken - Class in org.springframework.security.authentication
Base class for Authentication objects.
AbstractAuthenticationToken(Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AbstractAuthenticationToken
Creates a token with the supplied array of authorities.
AbstractAuthorizationEvent - Class in org.springframework.security.access.event
Deprecated.
Authorization events have moved. Consider AuthorizationGrantedEvent and AuthorizationDeniedEvent
AbstractAuthorizationEvent(Object) - Constructor for class org.springframework.security.access.event.AbstractAuthorizationEvent
Deprecated.
Construct the event, passing in the secure object being intercepted.
AbstractAuthorizeTag - Class in org.springframework.security.taglibs.authz
A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets).
AbstractAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
AbstractCasAssertionUserDetailsService - Class in org.springframework.security.cas.userdetails
Abstract class for using the provided CAS assertion to construct a new User object.
AbstractCasAssertionUserDetailsService() - Constructor for class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
 
AbstractConfigAttributeRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web.configurers
A base class for registering RequestMatcher's.
AbstractConfigAttributeRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
 
AbstractConfiguredSecurityBuilder<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation
A base SecurityBuilder that allows SecurityConfigurer to be applied to it.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Creates a new instance with the provided ObjectPostProcessor.
AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean) - Constructor for class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Creates a new instance with the provided ObjectPostProcessor.
AbstractDaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,C extends AbstractDaoAuthenticationConfigurer<B,C,U>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails
Allows configuring a DaoAuthenticationProvider
AbstractFallbackMethodSecurityMetadataSource - Class in org.springframework.security.access.method
Deprecated.
Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
AbstractFallbackMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
Deprecated.
 
AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,B>,B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers
Adds a convenient base class for SecurityConfigurer instances that operate on HttpSecurity.
AbstractHttpConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
 
AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>,H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlConfigurer<C,H>.AbstractInterceptUrlRegistry<R,T>,T> - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
 
AbstractJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
AbstractJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
AbstractLdapAuthenticationManagerFactory<T extends AbstractLdapAuthenticator> - Class in org.springframework.security.config.ldap
Creates an AuthenticationManager that can perform LDAP authentication.
AbstractLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication
Base class for the standard LdapAuthenticationProvider and the ActiveDirectoryLdapAuthenticationProvider.
AbstractLdapAuthenticationProvider() - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
AbstractLdapAuthenticator - Class in org.springframework.security.ldap.authentication
Base class for the authenticator implementations.
AbstractLdapAuthenticator(ContextSource) - Constructor for class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
Create an initialized instance with the ContextSource provided.
AbstractMessageMatcherComposite<T> - Class in org.springframework.security.messaging.util.matcher
Abstract MessageMatcher containing multiple MessageMatcher
AbstractMethodSecurityMetadataSource - Class in org.springframework.security.access.method
Deprecated.
Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
AbstractMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
Deprecated.
 
AbstractOAuth2AuthorizationGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
Base implementation of an OAuth 2.0 Authorization Grant request that holds an authorization grant credential and is used when initiating a request to the Authorization Server's Token Endpoint.
AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
Sub-class constructor.
AbstractOAuth2Token - Class in org.springframework.security.oauth2.core
Base class for OAuth 2.0 Token implementations.
AbstractOAuth2Token(String) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
Sub-class constructor.
AbstractOAuth2Token(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.AbstractOAuth2Token
Sub-class constructor.
AbstractOAuth2TokenAuthenticationToken<T extends OAuth2Token> - Class in org.springframework.security.oauth2.server.resource.authentication
Base class for AbstractAuthenticationToken implementations that expose common attributes between different OAuth 2.0 Access Token Formats.
AbstractOAuth2TokenAuthenticationToken(T) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
Sub-class constructor.
AbstractOAuth2TokenAuthenticationToken(T, Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
 
AbstractOAuth2TokenAuthenticationToken(T, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
Sub-class constructor.
AbstractPasswordEncoder - Class in org.springframework.security.crypto.password
Abstract base class for password encoders
AbstractPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.AbstractPasswordEncoder
 
AbstractPermission - Class in org.springframework.security.acls.domain
Provides an abstract superclass for Permission implementations.
AbstractPermission(int) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
Sets the permission mask and uses the '*' character to represent active bits when represented as a bit pattern string.
AbstractPermission(int, char) - Constructor for class org.springframework.security.acls.domain.AbstractPermission
Sets the permission mask and uses the specified character for active bits.
AbstractPreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth
Base class for processing filters that handle pre-authenticated authentication requests, where it is assumed that the principal has already been authenticated by an external system.
AbstractPreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 
AbstractRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
Base class for RememberMeServices implementations.
AbstractRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
AbstractRequestMatcherRegistry<C> - Class in org.springframework.security.config.annotation.web
A base class for registering RequestMatcher's.
AbstractRequestMatcherRegistry() - Constructor for class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
 
AbstractRequestParameterAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
AbstractRestClientOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
Abstract base class for RestClient-based implementations of OAuth2AccessTokenResponseClient that communicate to the Authorization Server's Token Endpoint.
AbstractRetryEntryPoint - Class in org.springframework.security.web.access.channel
 
AbstractRetryEntryPoint(String, int) - Constructor for class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
AbstractSaml2AuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
Data holder for AuthNRequest parameters to be sent using either the Saml2MessageBinding.POST or Saml2MessageBinding.REDIRECT binding.
AbstractSaml2AuthenticationRequest.Builder<T extends AbstractSaml2AuthenticationRequest.Builder<T>> - Class in org.springframework.security.saml2.provider.service.authentication
A builder for AbstractSaml2AuthenticationRequest and its subclasses.
AbstractSecurityBuilder<O> - Class in org.springframework.security.config.annotation
A base SecurityBuilder that ensures the object being built is only built one time.
AbstractSecurityBuilder() - Constructor for class org.springframework.security.config.annotation.AbstractSecurityBuilder
 
AbstractSecurityExpressionHandler<T> - Class in org.springframework.security.access.expression
Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects.
AbstractSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
AbstractSecurityInterceptor - Class in org.springframework.security.access.intercept
Deprecated.
AbstractSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
AbstractSecurityWebApplicationInitializer - Class in org.springframework.security.web.context
Registers the DelegatingFilterProxy to use the springSecurityFilterChain before any other registered Filter.
AbstractSecurityWebApplicationInitializer() - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class.
AbstractSecurityWebApplicationInitializer(Class<?>...) - Constructor for class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Creates a new instance that will instantiate the ContextLoaderListener with the specified classes.
AbstractSecurityWebSocketMessageBrokerConfigurer - Class in org.springframework.security.config.annotation.web.socket
Deprecated.
AbstractSecurityWebSocketMessageBrokerConfigurer() - Constructor for class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
AbstractServerWebExchangeMatcherRegistry<T> - Class in org.springframework.security.config.web.server
 
AbstractSessionEvent - Class in org.springframework.security.core.session
Abstract superclass for all session related events.
AbstractSessionEvent(Object) - Constructor for class org.springframework.security.core.session.AbstractSessionEvent
 
AbstractSessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
A base class for performing session fixation protection.
AbstractSessionFixationProtectionStrategy.NullEventPublisher - Class in org.springframework.security.web.authentication.session
 
AbstractUserDetailsAuthenticationProvider - Class in org.springframework.security.authentication.dao
A base AuthenticationProvider that allows subclasses to override and work with UserDetails objects.
AbstractUserDetailsAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
AbstractUserDetailsReactiveAuthenticationManager - Class in org.springframework.security.authentication
A base ReactiveAuthenticationManager that allows subclasses to override and work with UserDetails objects.
AbstractUserDetailsReactiveAuthenticationManager() - Constructor for class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
AbstractUserDetailsServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
 
AbstractUserDetailsServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
Abstract base class for all of the WebClientReactive*TokenResponseClients that communicate to the Authorization Server's Token Endpoint.
acceptMediaType(MediaType) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
Specify a media type to set as the Accept header in the request.
access(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Allows specifying that URLs are secured by an arbitrary expression
access(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Allows specifying that Messages are secured by an arbitrary expression
access(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specifies that the user must have the specified ConfigAttribute's
access(AuthorizationManager<MessageAuthorizationContext<?>>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Allows specifying that Messages are secured by an arbitrary expression
access(AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Allows specifying a custom AuthorizationManager.
access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
access(ReactiveAuthorizationManager<AuthorizationContext>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Allows plugging in a custom authorization strategy
Access() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
 
ACCESS_ABSTAIN - Static variable in interface org.springframework.security.access.AccessDecisionVoter
Deprecated.
 
ACCESS_DENIED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
Deprecated.
 
ACCESS_DENIED - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
access_denied - The resource owner or authorization server denied the request.
ACCESS_DENIED_403 - Static variable in class org.springframework.security.web.WebAttributes
Used to cache an AccessDeniedException in the request for rendering.
ACCESS_DENIED_HANDLER - Static variable in class org.springframework.security.config.Elements
 
ACCESS_GRANTED - Static variable in interface org.springframework.security.access.AccessDecisionVoter
Deprecated.
 
ACCESS_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
access_token - used in Authorization Response and Access Token Response.
AccessControlEntry - Interface in org.springframework.security.acls.model
Represents an individual permission assignment within an Acl.
AccessControlEntryImpl - Class in org.springframework.security.acls.domain
An immutable default implementation of AccessControlEntry.
AccessControlEntryImpl(Serializable, Acl, Sid, Permission, boolean, boolean, boolean) - Constructor for class org.springframework.security.acls.domain.AccessControlEntryImpl
 
AccessControlListTag - Class in org.springframework.security.taglibs.authz
An implementation of Tag that allows its body through if all authorizations are granted to the request's principal.
AccessControlListTag() - Constructor for class org.springframework.security.taglibs.authz.AccessControlListTag
 
accessDecisionManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Allows subclasses to provide a custom AccessDecisionManager.
accessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
Deprecated.
Allows setting the AccessDecisionManager.
AccessDecisionManager - Interface in org.springframework.security.access
Deprecated.
AccessDecisionVoter<S> - Interface in org.springframework.security.access
Deprecated.
AccessDeniedException - Exception in org.springframework.security.access
Thrown if an Authentication object does not hold a required authority.
AccessDeniedException(String) - Constructor for exception org.springframework.security.access.AccessDeniedException
Constructs an AccessDeniedException with the specified message.
AccessDeniedException(String, Throwable) - Constructor for exception org.springframework.security.access.AccessDeniedException
Constructs an AccessDeniedException with the specified message and root cause.
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Specifies the AccessDeniedHandler to be used
accessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Configures the ServerAccessDeniedHandler used when a CSRF token is invalid.
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
Configures what to do when an authenticated user does not hold a required authority
accessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Configures the ServerAccessDeniedHandler to use for requests authenticating with Bearer Tokens.
AccessDeniedHandler - Interface in org.springframework.security.web.access
Used by ExceptionTranslationFilter to handle an AccessDeniedException.
AccessDeniedHandlerImpl - Class in org.springframework.security.web.access
Base implementation of AccessDeniedHandler.
AccessDeniedHandlerImpl() - Constructor for class org.springframework.security.web.access.AccessDeniedHandlerImpl
 
accessDeniedPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Shortcut to specify the AccessDeniedHandler to be used is a specific error page
accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
accessToken(OAuth2AccessToken) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
accessTokenHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this access token hash in the resulting OidcIdToken
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
Sets the client used for requesting the access token credential from the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
accessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the client used when requesting an access token credential at the Token Endpoint.
ACCOUNT_LOCKED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
accountExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the account is expired or not.
accountExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the account is expired or not.
accountExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
AccountExpiredException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the account has expired.
AccountExpiredException(String) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
Constructs a AccountExpiredException with the specified message.
AccountExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountExpiredException
Constructs a AccountExpiredException with the specified message and root cause.
accountLocked(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the account is locked or not.
accountLocked(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the account is locked or not.
accountLocked(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
AccountStatusException - Exception in org.springframework.security.authentication
Base class for authentication exceptions which are caused by a particular user account status (locked, disabled etc).
AccountStatusException(String) - Constructor for exception org.springframework.security.authentication.AccountStatusException
 
AccountStatusException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AccountStatusException
 
AccountStatusUserDetailsChecker - Class in org.springframework.security.authentication
 
AccountStatusUserDetailsChecker() - Constructor for class org.springframework.security.authentication.AccountStatusUserDetailsChecker
 
Acl - Interface in org.springframework.security.acls.model
Represents an access control list (ACL) for a domain object.
AclAuthorizationStrategy - Interface in org.springframework.security.acls.domain
Strategy used by AclImpl to determine whether a principal is permitted to call adminstrative methods on the AclImpl.
AclAuthorizationStrategyImpl - Class in org.springframework.security.acls.domain
Default implementation of AclAuthorizationStrategy.
AclAuthorizationStrategyImpl(GrantedAuthority...) - Constructor for class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
Constructor.
AclCache - Interface in org.springframework.security.acls.model
A caching layer for JdbcAclService.
AclDataAccessException - Exception in org.springframework.security.acls.model
Abstract base class for Acl data operations.
AclDataAccessException(String) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
Constructs an AclDataAccessException with the specified message and no root cause.
AclDataAccessException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AclDataAccessException
Constructs an AclDataAccessException with the specified message and root cause.
AclEntryAfterInvocationCollectionFilteringProvider - Class in org.springframework.security.acls.afterinvocation
Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the AclService.
AclEntryAfterInvocationCollectionFilteringProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
 
AclEntryAfterInvocationProvider - Class in org.springframework.security.acls.afterinvocation
Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the AclService.
AclEntryAfterInvocationProvider(AclService, String, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
AclEntryAfterInvocationProvider(AclService, List<Permission>) - Constructor for class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
AclEntryVoter - Class in org.springframework.security.acls
Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as indicated by the AclService.
AclEntryVoter(AclService, String, Permission[]) - Constructor for class org.springframework.security.acls.AclEntryVoter
 
AclFormattingUtils - Class in org.springframework.security.acls.domain
Utility methods for displaying ACL information.
AclFormattingUtils() - Constructor for class org.springframework.security.acls.domain.AclFormattingUtils
 
AclImpl - Class in org.springframework.security.acls.domain
Base implementation of Acl.
AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.domain.AclImpl
Minimal constructor, which should be used MutableAclService.createAcl(ObjectIdentity) .
AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, PermissionGrantingStrategy, Acl, List<Sid>, boolean, Sid) - Constructor for class org.springframework.security.acls.domain.AclImpl
Full constructor, which should be used by persistence tools that do not provide field-level access features.
AclPermissionCacheOptimizer - Class in org.springframework.security.acls
Batch loads ACLs for collections of objects to allow optimised filtering.
AclPermissionCacheOptimizer(AclService) - Constructor for class org.springframework.security.acls.AclPermissionCacheOptimizer
 
AclPermissionEvaluator - Class in org.springframework.security.acls
Used by Spring Security's expression-based access control implementation to evaluate permissions for a particular object using the ACL module.
AclPermissionEvaluator(AclService) - Constructor for class org.springframework.security.acls.AclPermissionEvaluator
 
aclService - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
AclService - Interface in org.springframework.security.acls.model
Provides retrieval of Acl instances.
ACR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
acr - the Authentication Context Class Reference
ACTIVE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
active - Indicator whether or not the token is currently active
ActiveDirectoryAuthenticationException - Exception in org.springframework.security.ldap.authentication.ad
Thrown as a translation of an AuthenticationException when attempting to authenticate against Active Directory using ActiveDirectoryLdapAuthenticationProvider.
ActiveDirectoryLdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication.ad
Specialized LDAP authentication provider which uses Active Directory configuration conventions.
ActiveDirectoryLdapAuthenticationProvider(String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
 
ActiveDirectoryLdapAuthenticationProvider(String, String, String) - Constructor for class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
 
ACTOR_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
actor_token - used in Token Exchange Access Token Request.
ACTOR_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
actor_token_type - used in Token Exchange Access Token Request.
add(PayloadExchangeMatcherEntry<ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext>>) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
 
add(ServerWebExchangeMatcherEntry<ReactiveAuthorizationManager<AuthorizationContext>>) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
 
add(ServerWebExchangeMatcher, ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder
add(RequestMatcher, AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder
add(RequestMatcher, AuthorizationManager<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
addAdvisor(AuthorizationAdvisor) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
Add an advisor that should be included to each proxy created.
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
addArgumentResolvers(List<HandlerMethodArgumentResolver>) - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
Deprecated.
 
addAuthorities(LdapName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
addAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Deprecated.
addAuthority(GrantedAuthority) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
addAuthority(GrantedAuthority) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
Adds the authority to the list, unless it is already there, in which case it is ignored
addCn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
addConverters(ConverterRegistry) - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService
Adds the converters that provide type conversion for claim values to the provided ConverterRegistry.
addCustomAuthorities(String, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Allows subclasses to add their own granted authorities to the list to be returned in the UserDetails.
addFilter(Filter) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
addFilter(Filter) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework.
addFilterAfter(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
addFilterAfter(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding a Filter after one of the known Filter classes.
addFilterAfter(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Adds a WebFilter after specific position.
addFilterAt(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds the Filter at the location of the specified Filter class.
addFilterAt(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Adds a WebFilter at a specific position.
addFilterBefore(Filter, Class<? extends Filter>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
addFilterBefore(Filter, Class<? extends Filter>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding a Filter before one of the known Filter classes.
addFilterBefore(WebFilter, SecurityWebFiltersOrder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Adds a WebFilter before specific position.
addGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager
Assigns a new authority to a group.
addGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
addHeader(String, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
 
addHeadersConverter(Converter<OAuth2AuthorizationCodeGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
Add (compose) the provided headersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.
addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
Add (compose) the provided headersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.
addHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
Add (compose) the provided headersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.
addHeaderWriter(HeaderWriter) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Adds a HeaderWriter instance
additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Allows subclasses to perform any additional checks of a returned (or cached) UserDetails for a given authentication request.
additionalAuthenticationChecks(UserDetails, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
additionalParameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Consumer to be provided access to the additional parameter(s) allowing the ability to add, replace, or remove.
additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
Sets the additional parameters returned in the response.
additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the additional parameter(s) used in the request.
additionalParameters(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
Sets the additional parameters returned in the response.
addListener(SmartApplicationListener) - Method in class org.springframework.security.context.DelegatingApplicationListener
Adds a new SmartApplicationListener to use.
addLogoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
addObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Adds an ObjectPostProcessor to be used for this SecurityConfigurerAdapter.
addParametersConverter(Converter<OAuth2AuthorizationCodeGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
Add (compose) the provided parametersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap of the parameters used in the OAuth 2.0 Access Token Request body.
addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
Add (compose) the provided parametersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.
addParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
Add (compose) the provided parametersConverter to the current Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.
addPayloadInterceptor(PayloadInterceptor) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
Adds a PayloadInterceptor to be used.
address(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this address in the resulting OidcUserInfo
ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
The address scope requests access to the address claim.
ADDRESS - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
address - the user's preferred postal address
AddressStandardClaim - Interface in org.springframework.security.oauth2.core.oidc
The Address Claim represents a physical mailing address defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.
addSecureMethod(Class<?>, Method, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Adds configuration attributes for a specific method, for example where the method has been matched using a pointcut expression.
addSecureMethod(Class<?>, String, List<ConfigAttribute>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Add configuration attributes for a secure method.
addSecurityFilterChainBuilder(SecurityBuilder<? extends SecurityFilterChain>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Adds builders to create SecurityFilterChain instances.
addSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
addSha256Pins(String...) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
addSha256Pins(String...) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
addUserToGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
Makes a user a member of a particular group.
addUserToGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
admin - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
ADMINISTRATION - Static variable in class org.springframework.security.acls.domain.BasePermission
 
AesBytesEncryptor - Class in org.springframework.security.crypto.encrypt
Encryptor that uses AES encryption.
AesBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
Constructs an encryptor that uses AES encryption.
AesBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
Constructs an encryptor that uses AES encryption.
AesBytesEncryptor(String, CharSequence, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
Constructs an encryptor that uses AES encryption.
AesBytesEncryptor(SecretKey, BytesKeyGenerator, AesBytesEncryptor.CipherAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.AesBytesEncryptor
Constructs an encryptor that uses AES encryption.
AesBytesEncryptor.CipherAlgorithm - Enum Class in org.springframework.security.crypto.encrypt
 
AffirmativeBased - Class in org.springframework.security.access.vote
Deprecated.
AffirmativeBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.AffirmativeBased
Deprecated.
 
after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
Deprecated.
 
after(Authentication, MethodInvocation, PostInvocationAttribute, Object) - Method in interface org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice
Deprecated.
 
AFTER_INVOCATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
 
afterConfigureAdded(WebTestClient.MockServerSpec<?>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
 
afterConfigurerAdded(WebTestClient.Builder, WebHttpHandlerBuilder, ClientHttpConnector) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
afterHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Exception) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
 
afterInvocation(InterceptorStatusToken, Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
afterInvocationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
AfterInvocationManager - Interface in org.springframework.security.access.intercept
Deprecated.
Use delegation with AuthorizationManager
AfterInvocationProvider - Interface in org.springframework.security.access
Deprecated.
Use delegation with AuthorizationManager
AfterInvocationProviderManager - Class in org.springframework.security.access.intercept
Deprecated.
Use delegation with AuthorizationManager
AfterInvocationProviderManager() - Constructor for class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
afterMessageHandled(Message<?>, MessageChannel, MessageHandler, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Validates the required properties are set.
afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.ProviderManager
 
afterPropertiesSet() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
afterPropertiesSet() - Method in class org.springframework.security.cas.ServiceProperties
 
afterPropertiesSet() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
Check whether all properties have been set to correct values.
afterPropertiesSet() - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
 
afterPropertiesSet() - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
afterPropertiesSet() - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
afterPropertiesSet() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
afterPropertiesSet() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
afterPropertiesSet() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
Check that all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
Loads the web.xml file using the configured ResourceLoader and parses the role-name elements from it, using these as the set of mappableAttributes.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Check whether all required properties have been set.
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
afterPropertiesSet() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.FilterChainProxy
 
afterPropertiesSet() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
 
afterPropertiesSet() - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
 
afterReceiveCompletion(Message<?>, MessageChannel, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
afterSendCompletion(Message<?>, MessageChannel, boolean, Exception) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
 
afterSingletonsInstantiated() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
afterSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Invoked after the springSecurityFilterChain is added.
afterTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
afterTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
afterTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
Clears out the TestSecurityContextHolder and the SecurityContextHolder after each test method.
ALG - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
alg - the algorithm header identifies the cryptographic algorithm used to secure a JWS or JWE
algorithm(JwaAlgorithm) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the JWA algorithm used to digitally sign the JWS or encrypt the JWE.
ALL - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
 
ALL - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
 
allocateToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
allocateToken(String) - Method in interface org.springframework.security.core.token.TokenService
Forces the allocation of a new Token.
allOf(AuthorizationDecision, AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
Creates an AuthorizationManager that grants access if all AuthorizationManagers granted, if managers are empty or abstained, a default AuthorizationDecision is returned.
allOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
Creates an AuthorizationManager that grants access if all AuthorizationManagers granted or abstained, if managers are empty then granted decision is returned.
allOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers
Creates a RequestMatcher that matches if all the given RequestMatchers match, if matchers are empty then the returned matcher always matches.
ALLOW_FROM - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
allowableSessionsExceeded(List<SessionInformation>, int, SessionRegistry) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
Allows subclasses to customise behaviour when too many sessions are detected.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
Deprecated.
Method to be implemented by base classes, used to determine if the supplied origin is allowed.
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
Deprecated.
 
allowed(String) - Method in class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
Deprecated.
 
ALLOWED_HEADER_NAMES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
 
ALLOWED_HEADER_VALUES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
 
ALLOWED_PARAMETER_NAMES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
 
ALLOWED_PARAMETER_VALUES - Static variable in class org.springframework.security.web.firewall.StrictHttpFirewall
 
AllowFromStrategy - Interface in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
AlreadyBuiltException - Exception in org.springframework.security.config.annotation
Thrown when AbstractSecurityBuilder.build() is two or more times.
AlreadyBuiltException(String) - Constructor for exception org.springframework.security.config.annotation.AlreadyBuiltException
 
AlreadyExistsException - Exception in org.springframework.security.acls.model
Thrown if an Acl entry already exists for the object.
AlreadyExistsException(String) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
Constructs an AlreadyExistsException with the specified message.
AlreadyExistsException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.AlreadyExistsException
Constructs an AlreadyExistsException with the specified message and root cause.
ALWAYS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
Always create an HttpSession
alwaysRemember(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Whether the cookie should always be created even if the remember-me parameter is not set.
AMR - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
amr - the Authentication Methods References
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Gets the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
Allows obtaining a reference to the LdapAuthenticationProviderConfigurer for further customizations
and() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Returns the UserDetailsManagerConfigurer for method chaining (i.e.
and() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use the lambda based configuration instead.
and() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
Use the lambda based configuration instead. For example:
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
             .securityMatchers((matchers) -> matchers
                 .requestMatchers("/api/**")
             )
             .authorizeHttpRequests((authorize) -> authorize
                 .anyRequest().hasRole("USER")
             )
             .httpBasic(Customizer.withDefaults());
         return http.build();
     }

 }
 
and() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
Returns the WebSecurity to be returned for chaining.
and() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use the lambda based configuration instead.
and() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) instead
and() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
Deprecated.
 
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) instead
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FeaturePolicyConfig
Allows completing configuration of Feature Policy and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Allows completing configuration of Public Key Pinning and continuing configuration of headers.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) instead
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
 
and() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
 
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) instead
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) instead
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use #featurePolicy(Customizer) instead
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
Deprecated, for removal: This API element is subject to removal in a future version.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
and() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
AndMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher
MessageMatcher that will return true if all of the passed in MessageMatcher instances match.
AndMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
Creates a new instance
AndMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.AndMessageMatcher
Creates a new instance
AndRequestMatcher - Class in org.springframework.security.web.util.matcher
RequestMatcher that will return true if all of the passed in RequestMatcher instances match.
AndRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
Creates a new instance
AndRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.AndRequestMatcher
Creates a new instance
AndServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Matches if all the provided ServerWebExchangeMatcher match
AndServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
 
AndServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
 
AnnotationMetadataExtractor<A extends Annotation> - Interface in org.springframework.security.access.annotation
Deprecated.
Used only by now-deprecated classes. Consider SecuredAuthorizationManager for `@Secured` methods.
AnnotationParameterNameDiscoverer - Class in org.springframework.security.core.parameters
Allows finding parameter names using the value attribute of any number of Annotation instances.
AnnotationParameterNameDiscoverer(String...) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
 
AnnotationParameterNameDiscoverer(Set<String>) - Constructor for class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
 
AnnotationTemplateExpressionDefaults - Class in org.springframework.security.core.annotation
A component for configuring the expression attribute template of the parsed Spring Security annotation
AnnotationTemplateExpressionDefaults() - Constructor for class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults
 
anonymous() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Creates an instance of AuthenticatedAuthorizationManager that determines if the Authentication is anonymous.
anonymous() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that URLs are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specifies that an anonymous user is allowed access
anonymous() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Messages are allowed by anonymous users.
anonymous() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
anonymous() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Messages are allowed by anonymous users.
anonymous() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
anonymous() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specify that URLs are allowed by anonymous users.
anonymous(Customizer<AnonymousConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring how an anonymous user is represented.
anonymous(Customizer<ServerHttpSecurity.AnonymousSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Enables and Configures anonymous authentication.
ANONYMOUS - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
Where anonymous authentication is placed.
ANONYMOUS - Static variable in class org.springframework.security.config.Elements
 
ANONYMOUS_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
Instance of AnonymousAuthenticationWebFilter
AnonymousAuthenticationFilter - Class in org.springframework.security.web.authentication
Detects if there is no Authentication object in the SecurityContextHolder, and populates it with one if needed.
AnonymousAuthenticationFilter(String) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousAuthenticationFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
AnonymousAuthenticationProvider - Class in org.springframework.security.authentication
An AuthenticationProvider implementation that validates AnonymousAuthenticationTokens.
AnonymousAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
AnonymousAuthenticationToken - Class in org.springframework.security.authentication
Represents an anonymous Authentication.
AnonymousAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.AnonymousAuthenticationToken
Constructor.
AnonymousAuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
Detects if there is no Authentication object in the ReactiveSecurityContextHolder, and populates it with one if needed.
AnonymousAuthenticationWebFilter(String) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousAuthenticationWebFilter(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
 
AnonymousConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Configures Anonymous authentication (i.e.
AnonymousConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Creates a new instance
AnonymousPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
If ReactiveSecurityContextHolder is empty populates an AnonymousAuthenticationToken
AnonymousPayloadInterceptor(String) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
Creates a filter with a principal named "anonymousUser" and the single authority "ROLE_ANONYMOUS".
AnonymousPayloadInterceptor(String, Object, List<GrantedAuthority>) - Constructor for class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
 
ant - Enum constant in enum class org.springframework.security.config.http.MatcherType
 
antMatcher(String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the specific pattern which will match all HTTP methods in a case-sensitive manner.
antMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher that will match all request with the supplied HTTP method in a case-sensitive manner.
antMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern and HTTP method in a case-sensitive manner.
AntPathRequestMatcher - Class in org.springframework.security.web.util.matcher
Matcher which compares a pre-defined ant-style pattern against the URL ( servletPath + pathInfo) of an HttpServletRequest.
AntPathRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the specific pattern which will match all HTTP methods in a case sensitive manner.
AntPathRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern and HTTP method in a case sensitive manner.
AntPathRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern which will match the specified Http method
AntPathRequestMatcher(String, String, boolean, UrlPathHelper) - Constructor for class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Creates a matcher with the supplied pattern which will match the specified Http method
ANY_CHANNEL - Static variable in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
ANY_MESSAGE - Static variable in interface org.springframework.security.messaging.util.matcher.MessageMatcher
Matches every Message
anyExchange() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
Always matches
anyExchange() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
Maps any request.
anyExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
Disables authorization.
anyExchange() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
 
anyExchange() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Matches any exchange
anyMessage() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps any Message to a security expression.
anyMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps any Message to a security expression.
anyOf(AuthorizationDecision, AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
Creates an AuthorizationManager that grants access if at least one AuthorizationManager granted, if managers are empty or abstained, a default AuthorizationDecision is returned.
anyOf(AuthorizationManager<T>...) - Static method in class org.springframework.security.authorization.AuthorizationManagers
Creates an AuthorizationManager that grants access if at least one AuthorizationManager granted or abstained, if managers are empty then denied decision is returned.
anyOf(RequestMatcher...) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers
Creates a RequestMatcher that matches if at least one of the given RequestMatchers matches, if matchers are empty then the returned matcher never matches.
anyRequest() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
Matches if PayloadExchangeType.isRequest() is true, else not a match
anyRequest() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Maps any request.
anyRequest() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
 
anyRequest() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
Maps any request.
AnyRequestMatcher - Class in org.springframework.security.web.util.matcher
Matches any supplied request.
ApacheDSContainer - Class in org.springframework.security.ldap.server
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use UnboundIdContainer instead because ApacheDS 1.x is no longer supported with no GA version to replace it.
ApacheDSContainer(String, String) - Constructor for class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
appendFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
apply(C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Deprecated, for removal: This API element is subject to removal in a future version.
apply(Row, RowMetadata) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
 
apply(SocketAcceptor) - Method in class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor
 
apply(JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
apply(R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
 
apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
Deprecated.
apply(ServerWebExchange) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Deprecated.
Argon2PasswordEncoder - Class in org.springframework.security.crypto.argon2
Implementation of PasswordEncoder that uses the Argon2 hashing function.
Argon2PasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
Constructs an Argon2 password encoder with the provided parameters.
asHeader() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
Instead of using the CsrfToken as a request parameter (default) will populate the CsrfToken as a header.
AspectJCallback - Interface in org.springframework.security.access.intercept.aspectj
Deprecated.
This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.
AspectJMethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aspectj
Deprecated.
This class will be removed from the public API. Please either use `spring-security-aspects`, Spring Security's method security support or create your own class that uses Spring AOP annotations.
AspectJMethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
Deprecated.
 
assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
assertingPartyDetails(Consumer<RelyingPartyRegistration.AssertingPartyDetails.Builder>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
assertingPartyMetadata(Consumer<AssertingPartyMetadata.Builder<?>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Apply this Consumer to further configure the Asserting Party metadata
AssertingPartyMetadata - Interface in org.springframework.security.saml2.provider.service.registration
An interface representing SAML 2.0 Asserting Party metadata
AssertingPartyMetadata.Builder<B extends AssertingPartyMetadata.Builder<B>> - Interface in org.springframework.security.saml2.provider.service.registration
 
AssertingPartyMetadataRepository - Interface in org.springframework.security.saml2.provider.service.registration
A repository for retrieving SAML 2.0 Asserting Party Metadata
ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
assertion - used in Access Token Request.
assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
assertionConsumerServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
assertionConsumerServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Set the AssertionConsumerService Location.
AT_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
at_hash - the Access Token hash value
ATT_GROUP_ROLE_ATTRIBUTE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_HASH - Static variable in class org.springframework.security.config.authentication.PasswordEncoderParser
 
ATT_LDIF_FILE - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
Optionally defines an ldif resource to be loaded.
ATT_PORT - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
Defines the port the LDAP_PROVIDER server should run on
ATT_ROOT_SUFFIX - Static variable in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
sets the configuration suffix (default is "dc=springframework,dc=org").
ATT_SERVER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
ATT_USER_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
 
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Performs actual authentication.
attemptAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
attemptExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Attempt to exit from an already switched user.
attemptSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Attempt to switch to another user.
attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
Sets an attribute associated to the context.
attribute(String, Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
Sets an attribute associated to the request.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
Provides a Consumer access to the attributes associated to the context.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
Provides a Consumer access to the attributes associated to the request.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Consumer to be provided access to the attribute(s) allowing the ability to add, replace, or remove.
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Mutate the attributes using the given Consumer
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Mutate the attributes using the given Consumer
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Mutate the attributes using the given Consumer
attributes(Consumer<Map<String, Object>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Mutate the attributes using the given Consumer
attributes(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the attributes associated to the request.
Attributes2GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping
Interface to be implemented by classes that can map a list of security attributes (such as roles or group names) to a collection of Spring Security GrantedAuthoritys.
AUD - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
aud - the Audience(s) that the ID Token is intended for
AUD - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
aud - The intended audience for the token
AUD - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
aud - the Audience(s) that the ID Token is intended for
AUD - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
aud - the Audience claim identifies the recipient(s) that the JWT is intended for
audience(Collection<String>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this audience in the resulting OidcLogoutToken
audience(Collection<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this audience in the resulting OidcIdToken
audience(Collection<String>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this audience in the resulting Jwt
audience(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the audience (aud) claim, which identifies the recipient(s) that the JWT is intended for.
AUDIENCE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
audience - used in Token Exchange Access Token Request.
AuditableAccessControlEntry - Interface in org.springframework.security.acls.model
Represents an ACE that provides auditing information.
AuditableAcl - Interface in org.springframework.security.acls.model
A mutable ACL that provides audit capabilities.
AuditLogger - Interface in org.springframework.security.acls.domain
Used by AclImpl to log audit events.
AUTH_TIME - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
auth_time - the time when the End-User authentication occurred
authenticate(Authentication) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationManager
Attempts to authenticate the passed Authentication object, returning a fully populated Authentication object (including granted authorities) if successful.
authenticate(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationProvider
Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
authenticate(Authentication) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Attempts to login the user given the Authentication objects principal and credential
authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.ProviderManager
Attempts to authenticate the passed Authentication object.
authenticate(Authentication) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManager
Attempts to authenticate the provided Authentication
authenticate(Authentication) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
 
authenticate(Authentication) - Method in interface org.springframework.security.ldap.authentication.LdapAuthenticator
Authenticates as a user and obtains additional user information from the directory.
authenticate(Authentication) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
Decode and validate the Bearer Token.
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
 
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to OpaqueTokenAuthenticationConverter.
authenticate(Authentication) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
Introspect and validate the opaque Bearer Token and then delegates Authentication instantiation to ReactiveOpaqueTokenAuthenticationConverter.
authenticate(Authentication) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Authenticate the given PreAuthenticatedAuthenticationToken.
authenticate(Authentication) - Method in class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
 
authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Creates an instance of AuthenticatedAuthorizationManager.
authenticated() - Static method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
authenticated() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that URLs are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Messages are allowed by any authenticated user.
authenticated() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require an authenticated user
authenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Messages are allowed by any authenticated user.
authenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
ResultMatcher that verifies that a specified user is authenticated.
authenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specify that URLs are allowed by any authenticated user.
authenticated(Object, Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
This factory method can be safely used by any code that wishes to create a authenticated UsernamePasswordAuthenticationToken.
authenticated(Object, Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
Creates an unauthenticated token
AuthenticatedAuthorizationManager<T> - Class in org.springframework.security.authorization
An AuthorizationManager that determines if the current user is authenticated.
AuthenticatedAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Creates an instance that determines if the current user is authenticated, this is the same as calling AuthenticatedAuthorizationManager.authenticated() factory method.
AuthenticatedPrincipal - Interface in org.springframework.security.core
Representation of an authenticated Principal once an Authentication request has been successfully authenticated by the AuthenticationManager.authenticate(Authentication) method.
AuthenticatedPrincipalOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web
An implementation of an OAuth2AuthorizedClientRepository that delegates to the provided OAuth2AuthorizedClientService if the current Principal is authenticated, otherwise, to the default (or provided) OAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous).
AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
Constructs a AuthenticatedPrincipalOAuth2AuthorizedClientRepository using the provided parameters.
AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server
An implementation of an ServerOAuth2AuthorizedClientRepository that delegates to the provided ServerOAuth2AuthorizedClientRepository if the current Principal is authenticated, otherwise, to the default (or provided) ServerOAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous).
AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
Creates an instance
AuthenticatedReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
A ReactiveAuthorizationManager that determines if the current user is authenticated.
authenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
AuthenticatedVoter - Class in org.springframework.security.access.vote
Deprecated.
AuthenticatedVoter() - Constructor for class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
authentication(Authentication) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the Authentication used to look up and save the OAuth2AuthorizedClient.
authentication(Authentication) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish a SecurityContext that uses the specified Authentication for the Authentication.getPrincipal() and a custom UserDetails.
Authentication - Interface in org.springframework.security.core
Represents the token for an authentication request or for an authenticated principal once the request has been processed by the AuthenticationManager.authenticate(Authentication) method.
AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
A generic placeholder for other types of authentication.
AUTHENTICATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
AUTHENTICATION_EXCEPTION - Static variable in class org.springframework.security.web.WebAttributes
Used to cache an authentication-failure exception in the session.
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.BeanIds
The "global" AuthenticationManager instance, registered by the <authentication-manager> element
AUTHENTICATION_MANAGER - Static variable in class org.springframework.security.config.Elements
 
AUTHENTICATION_PROVIDER - Static variable in class org.springframework.security.config.Elements
 
AUTHENTICATION_SCHEME_BASIC - Static variable in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
AuthenticationConfiguration - Class in org.springframework.security.config.annotation.authentication.configuration
Exports the authentication Configuration
AuthenticationConfiguration() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
authenticationContextClass(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authentication context class reference in the resulting OidcIdToken
authenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
 
authenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Use this AuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Use this AuthenticationConverter when converting incoming requests to an Authentication.
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Sets the converter to use
authenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the converter to use
AuthenticationConverter - Interface in org.springframework.security.web.authentication
A strategy used for converting from a HttpServletRequest to an Authentication of particular type.
AuthenticationConverterServerWebExchangeMatcher - Class in org.springframework.security.web.server.authentication
Matches if the ServerAuthenticationConverter can convert a ServerWebExchange to an Authentication.
AuthenticationConverterServerWebExchangeMatcher(ServerAuthenticationConverter) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
 
AuthenticationCredentialsNotFoundEvent - Class in org.springframework.security.access.event
Deprecated.
Authentication is now separated from authorization. Consider AbstractAuthenticationFailureEvent instead.
AuthenticationCredentialsNotFoundEvent(Object, Collection<ConfigAttribute>, AuthenticationCredentialsNotFoundException) - Constructor for class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
Deprecated.
Construct the event.
AuthenticationCredentialsNotFoundException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because there is no Authentication object in the SecurityContext.
AuthenticationCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
Constructs an AuthenticationCredentialsNotFoundException with the specified message.
AuthenticationCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationCredentialsNotFoundException
Constructs an AuthenticationCredentialsNotFoundException with the specified message and root cause.
authenticationDetailsSource - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies a custom AuthenticationDetailsSource.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
Specifies a custom AuthenticationDetailsSource to use for basic authentication.
authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
AuthenticationDetailsSource<C,T> - Interface in org.springframework.security.authentication
Provides a Authentication.getDetails() object for a given web request.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Sets the AuthenticationEntryPoint to be used.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
The AuthenticationEntryPoint to be populated on BasicAuthenticationFilter in the event that authentication fails.
authenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec
Configures what to do when the application request authentication
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
How to request for authentication.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
Allows easily setting the entry point.
authenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Configures the ServerAuthenticationEntryPoint to use for requests authenticating with Bearer Tokens.
AuthenticationEntryPoint - Interface in org.springframework.security.web
Used by ExceptionTranslationFilter to commence an authentication scheme.
AuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.authentication
AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
 
authenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
AuthenticationEventPublisher - Interface in org.springframework.security.authentication
 
AuthenticationException - Exception in org.springframework.security.core
Abstract superclass for all exceptions related to an Authentication object being invalid for whatever reason.
AuthenticationException(String) - Constructor for exception org.springframework.security.core.AuthenticationException
Constructs an AuthenticationException with the specified message and no root cause.
AuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.core.AuthenticationException
Constructs an AuthenticationException with the specified message and root cause.
AuthenticationFailureBadCredentialsEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to invalid credentials being presented.
AuthenticationFailureBadCredentialsEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent
 
AuthenticationFailureCredentialsExpiredEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's credentials having expired.
AuthenticationFailureCredentialsExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent
 
AuthenticationFailureDisabledEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's account being disabled.
AuthenticationFailureDisabledEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent
 
AuthenticationFailureExpiredEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's account having expired.
AuthenticationFailureExpiredEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureExpiredEvent
 
authenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Specifies the AuthenticationFailureHandler to use when authentication fails.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Configures how a failed authentication is handled.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
 
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
The ServerAuthenticationFailureHandler used after authentication failure.
authenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
 
AuthenticationFailureHandler - Interface in org.springframework.security.web.authentication
Strategy used to handle a failed authentication attempt.
AuthenticationFailureLockedEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the user's account having been locked.
AuthenticationFailureLockedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureLockedEvent
 
AuthenticationFailureProviderNotFoundEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to there being no registered AuthenticationProvider that can process the request.
AuthenticationFailureProviderNotFoundEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProviderNotFoundEvent
 
AuthenticationFailureProxyUntrustedEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to the CAS user's ticket being generated by an untrusted proxy.
AuthenticationFailureProxyUntrustedEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent
 
AuthenticationFailureServiceExceptionEvent - Class in org.springframework.security.authentication.event
Application event which indicates authentication failure due to there being a problem internal to the AuthenticationManager.
AuthenticationFailureServiceExceptionEvent(Authentication, AuthenticationException) - Constructor for class org.springframework.security.authentication.event.AuthenticationFailureServiceExceptionEvent
 
authenticationFilter(AnonymousAuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the AnonymousAuthenticationFilter used to populate an anonymous user.
authenticationFilter(AnonymousAuthenticationWebFilter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the AnonymousAuthenticationWebFilter used to populate an anonymous user.
AuthenticationFilter - Class in org.springframework.security.web.authentication
A Filter that performs authentication of a particular request.
AuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
 
AuthenticationFilter(AuthenticationManager, AuthenticationConverter) - Constructor for class org.springframework.security.web.authentication.AuthenticationFilter
 
authenticationIsRequired(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
authenticationManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Allows providing a custom AuthenticationManager.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configure the default AuthenticationManager.
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
 
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
 
authenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Allows a configuration of a AuthenticationManager to be used during SAML 2 authentication.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
 
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configure the default authentication manager.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
The ReactiveAuthenticationManager used to authenticate.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Configures the ReactiveAuthenticationManager to use.
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Configures the ReactiveAuthenticationManager to use
authenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
 
AuthenticationManager - Interface in org.springframework.security.authentication
Processes an Authentication request.
AuthenticationManagerBeanDefinitionParser - Class in org.springframework.security.config.authentication
Registers the central ProviderManager used by the namespace configuration, and allows the configuration of an alias, allowing users to reference it in their beans and clearly see where the name is coming from.
AuthenticationManagerBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
 
AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider - Class in org.springframework.security.config.authentication
Provider which doesn't provide any service.
authenticationManagerBuilder(ObjectPostProcessor<Object>, ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
AuthenticationManagerBuilder - Class in org.springframework.security.config.annotation.authentication.builders
AuthenticationManagerBuilder(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Creates a new instance
AuthenticationManagerFactoryBean - Class in org.springframework.security.config.authentication
Factory bean for the namespace AuthenticationManager, which allows a more meaningful error message to be reported in the NoSuchBeanDefinitionException, if the user has forgotten to declare the <authentication-manager> element.
AuthenticationManagerFactoryBean() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
authenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
authenticationManagerResolver(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
AuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication
An interface for resolving an AuthenticationManager based on the provided context
authenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the matcher used for determining if the request is an authentication request.
AuthenticationMethod - Class in org.springframework.security.oauth2.core
The authentication method used when sending bearer access tokens in resource requests to resource servers.
AuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.AuthenticationMethod
Constructs an AuthenticationMethod using the provided value.
authenticationMethods(List<String>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use these authentication methods in the resulting OidcIdToken
AuthenticationObservationContext - Class in org.springframework.security.authentication
An Observation.Context used during authentications
AuthenticationObservationContext() - Constructor for class org.springframework.security.authentication.AuthenticationObservationContext
 
AuthenticationObservationConvention - Class in org.springframework.security.authentication
An ObservationConvention for translating authentications into KeyValues.
AuthenticationObservationConvention() - Constructor for class org.springframework.security.authentication.AuthenticationObservationConvention
 
AuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
AuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
 
AuthenticationPayloadInterceptor - Class in org.springframework.security.rsocket.authentication
Uses the provided ReactiveAuthenticationManager to authenticate a Payload.
AuthenticationPayloadInterceptor(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
Creates a new instance
AuthenticationPrincipal - Annotation Interface in org.springframework.security.core.annotation
Annotation that is used to resolve Authentication.getPrincipal() to a method argument.
AuthenticationPrincipal - Annotation Interface in org.springframework.security.web.bind.annotation
Deprecated.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.context
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.bind.support
Deprecated.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.method.annotation
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation.
AuthenticationPrincipalArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
Resolves the Authentication
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
 
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
 
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Deprecated.
 
AuthenticationPrincipalArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
 
AuthenticationPrincipalArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
 
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.authentication.ProviderManagerBuilder
Add authentication based upon the custom AuthenticationProvider that is passed in.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the AuthenticationProvider used to validate an anonymous user.
authenticationProvider(AuthenticationProvider) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Specifies the AuthenticationProvider to use when authenticating the user.
authenticationProvider(AuthenticationProvider) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding an additional AuthenticationProvider to be used
AuthenticationProvider - Interface in org.springframework.security.authentication
Indicates a class can process a specific Authentication implementation.
AuthenticationProviderBeanDefinitionParser - Class in org.springframework.security.config.authentication
Wraps a UserDetailsService bean with a DaoAuthenticationProvider and registers the latter with the ProviderManager.
AuthenticationProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
 
authenticationRequestResolver(Saml2AuthenticationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Use this Saml2AuthenticationRequestResolver for generating SAML 2.0 Authentication Requests.
authenticationRequestUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
authenticationRequestUri(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Sets the authenticationRequestUri, a URL that will receive the AuthNRequest message
authenticationRequestUriQuery(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Customize the URL that the SAML Authentication Request will be sent to.
AuthenticationServiceException - Exception in org.springframework.security.authentication
Thrown if an authentication request could not be processed due to a system problem.
AuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
Constructs an AuthenticationServiceException with the specified message.
AuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.AuthenticationServiceException
Constructs an AuthenticationServiceException with the specified message and root cause.
AuthenticationSuccessEvent - Class in org.springframework.security.authentication.event
Application event which indicates successful authentication.
AuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.AuthenticationSuccessEvent
 
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(Consumer<List<ServerAuthenticationSuccessHandler>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Allows customizing the list of ServerAuthenticationSuccessHandler.
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Specifies the AuthenticationSuccessHandler to be used.
authenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
The ServerAuthenticationSuccessHandler used after authentication success.
authenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
The ServerAuthenticationSuccessHandler used after authentication success.
AuthenticationSuccessHandler - Interface in org.springframework.security.web.authentication
Strategy used to handle a successful user authentication.
AuthenticationSwitchUserEvent - Class in org.springframework.security.web.authentication.switchuser
Application event which indicates that a user context switch.
AuthenticationSwitchUserEvent(Authentication, UserDetails) - Constructor for class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
Switch user context event constructor
AuthenticationTag - Class in org.springframework.security.taglibs.authz
An Tag implementation that allows convenient access to the current Authentication object.
AuthenticationTag() - Constructor for class org.springframework.security.taglibs.authz.AuthenticationTag
 
AuthenticationTrustResolver - Interface in org.springframework.security.authentication
Evaluates Authentication tokens
AuthenticationTrustResolverImpl - Class in org.springframework.security.authentication
Basic implementation of AuthenticationTrustResolver.
AuthenticationTrustResolverImpl() - Constructor for class org.springframework.security.authentication.AuthenticationTrustResolverImpl
 
authenticationUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
Specifies the AuthenticationUserDetailsService to use.
AuthenticationUserDetailsService<T extends Authentication> - Interface in org.springframework.security.core.userdetails
Interface that allows for retrieving a UserDetails object based on an Authentication object.
AuthenticationWebFilter - Class in org.springframework.security.web.server.authentication
A WebFilter that performs authentication of a particular request.
AuthenticationWebFilter(ReactiveAuthenticationManager) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Creates an instance
AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Creates an instance
authnRequestsSigned(Boolean) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
authnRequestsSigned(Boolean) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Set the AuthnRequestsSigned setting.
authorities() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
The authorities to use.
authorities(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the authorities.
authorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the Authentication.getAuthorities() for anonymous users
authorities(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the Authentication.getAuthorities() for anonymous users
authorities(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the authorities.
authorities(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the GrantedAuthoritys to use.
authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the authorities.
authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the GrantedAuthoritys to use.
authorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Populates the user's GrantedAuthority's.
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Use the provided authorities in the token
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Use the provided authorities in the resulting principal
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Use the provided authorities in the token
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(Collection<GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Use the provided authorities in the resulting principal
authorities(List<? extends GrantedAuthority>) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the authorities.
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the Authentication.getAuthorities() for anonymous users
authorities(List<GrantedAuthority>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the Authentication.getAuthorities() for anonymous users
authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Provides the configured Jwt so that custom authorities can be derived from it
authorities(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Provides the configured Jwt so that custom authorities can be derived from it
authorities(GrantedAuthority...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the authorities.
authorities(GrantedAuthority...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the authorities.
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Use the provided authorities in the token
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Use the provided authorities in the resulting principal
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the GrantedAuthoritys to use.
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Use the provided authorities in the token
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided authorities in the Authentication
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Use the provided authorities in the resulting principal
authorities(GrantedAuthority...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Populates the user's GrantedAuthority's.
AuthoritiesAuthorizationManager - Class in org.springframework.security.authorization
An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains any of the specified authorities.
AuthoritiesAuthorizationManager() - Constructor for class org.springframework.security.authorization.AuthoritiesAuthorizationManager
 
authoritiesByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Sets the query to be used for finding a user's authorities by their username.
authoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
AuthorityAuthorizationDecision - Class in org.springframework.security.authorization
Represents an AuthorizationDecision based on a collection of authorities
AuthorityAuthorizationDecision(boolean, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.authorization.AuthorityAuthorizationDecision
 
AuthorityAuthorizationManager<T> - Class in org.springframework.security.authorization
An AuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.
AuthorityGranter - Interface in org.springframework.security.authentication.jaas
The AuthorityGranter interface is used to map a given principal to role names.
authorityListToSet(Collection<? extends GrantedAuthority>) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Converts an array of GrantedAuthority objects to a Set.
AuthorityReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
A ReactiveAuthorizationManager that determines if the current user is authorized by evaluating if the Authentication contains a specified authority.
AuthorityUtils - Class in org.springframework.security.core.authority
Utility method for manipulating GrantedAuthority collections etc.
AUTHORIZATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
Where authorization is placed.
AUTHORIZATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
AUTHORIZATION_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
AuthorizationAdvisor - Interface in org.springframework.security.authorization.method
An interface that indicates method security advice
AuthorizationAdvisorProxyFactory - Class in org.springframework.security.authorization.method
A proxy factory for applying authorization advice to an arbitrary object.
AuthorizationAdvisorProxyFactory(List<AuthorizationAdvisor>) - Constructor for class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
Construct an AuthorizationAdvisorProxyFactory with the provided advisors.
AuthorizationAdvisorProxyFactory.TargetVisitor - Interface in org.springframework.security.authorization.method
An interface to handle how the AuthorizationAdvisorProxyFactory should step through the target's object hierarchy.
AuthorizationChannelInterceptor - Class in org.springframework.security.messaging.access.intercept
Authorizes Message resources using the provided AuthorizationManager
AuthorizationChannelInterceptor(AuthorizationManager<Message<?>>) - Constructor for class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
Creates a new instance
authorizationCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the authorization_code grant.
authorizationCode() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the authorization_code grant.
authorizationCode() - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns a new OAuth2AuthorizationRequest.Builder, initialized with the authorization code grant type.
authorizationCodeGrant() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
authorizationCodeGrant(Customizer<OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Configures the OAuth 2.0 Authorization Code Grant.
authorizationCodeHash(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authorization code hash in the resulting OidcIdToken
AuthorizationCodeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the authorization_code grant.
AuthorizationCodeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
 
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientProvider for the authorization_code grant.
AuthorizationCodeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
 
AuthorizationContext - Class in org.springframework.security.web.server.authorization
 
AuthorizationContext(ServerWebExchange) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
 
AuthorizationContext(ServerWebExchange, Map<String, Object>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationContext
 
AuthorizationDecision - Class in org.springframework.security.authorization
 
AuthorizationDecision(boolean) - Constructor for class org.springframework.security.authorization.AuthorizationDecision
 
AuthorizationDeniedEvent<T> - Class in org.springframework.security.authorization.event
An ApplicationEvent which indicates failed authorization.
AuthorizationDeniedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationDeniedEvent
 
AuthorizationDeniedException - Exception in org.springframework.security.authorization
AuthorizationDeniedException(String) - Constructor for exception org.springframework.security.authorization.AuthorizationDeniedException
 
AuthorizationDeniedException(String, AuthorizationResult) - Constructor for exception org.springframework.security.authorization.AuthorizationDeniedException
 
authorizationEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
authorizationEndpoint(Customizer<OAuth2LoginConfigurer.AuthorizationEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Configures the Authorization Server's Authorization Endpoint.
AuthorizationEvent - Class in org.springframework.security.authorization.event
AuthorizationEvent(Supplier<Authentication>, Object, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationEvent
Construct an AuthorizationEvent
AuthorizationEventPublisher - Interface in org.springframework.security.authorization
A contract for publishing authorization events
AuthorizationFailureEvent - Class in org.springframework.security.access.event
Deprecated.
AuthorizationFailureEvent(Object, Collection<ConfigAttribute>, Authentication, AccessDeniedException) - Constructor for class org.springframework.security.access.event.AuthorizationFailureEvent
Deprecated.
Construct the event.
authorizationFailureHandler(OAuth2AuthorizedClientService) - Static method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientService.
authorizationFailureHandler(OAuth2AuthorizedClientRepository) - Static method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
Provides an OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server using a OAuth2AuthorizedClientRepository.
AuthorizationFilter - Class in org.springframework.security.web.access.intercept
An authorization filter that restricts access to the URL using AuthorizationManager.
AuthorizationFilter(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.intercept.AuthorizationFilter
Creates an instance.
AuthorizationGrantedEvent<T> - Class in org.springframework.security.authorization.event
An ApplicationEvent which indicates successful authorization.
AuthorizationGrantedEvent(Supplier<Authentication>, T, AuthorizationDecision) - Constructor for class org.springframework.security.authorization.event.AuthorizationGrantedEvent
 
authorizationGrantType(AuthorizationGrantType) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the authorization grant type used for the client.
AuthorizationGrantType - Class in org.springframework.security.oauth2.core
An authorization grant is a credential representing the resource owner's authorization (to access it's protected resources) to the client and used by the client to obtain an access token.
AuthorizationGrantType(String) - Constructor for class org.springframework.security.oauth2.core.AuthorizationGrantType
Constructs an AuthorizationGrantType using the provided value.
AuthorizationInterceptorsOrder - Enum Class in org.springframework.security.authorization.method
Ordering of Spring Security's authorization Advisors
AuthorizationManager<T> - Interface in org.springframework.security.authorization
An Authorization manager which can determine if an Authentication has access to a specific object.
AuthorizationManagerAfterMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which can determine if an Authentication has access to the result of an MethodInvocation using an AuthorizationManager
AuthorizationManagerAfterMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
Creates an instance.
AuthorizationManagerAfterReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which can determine if an Authentication has access to the returned object from the MethodInvocation using the configured ReactiveAuthorizationManager.
AuthorizationManagerAfterReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocationResult>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
Creates an instance.
AuthorizationManagerBeforeMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which uses a AuthorizationManager to determine if an Authentication may invoke the given MethodInvocation
AuthorizationManagerBeforeMethodInterceptor(Pointcut, AuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an instance.
AuthorizationManagerBeforeReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which can determine if an Authentication has access to the MethodInvocation using the configured ReactiveAuthorizationManager.
AuthorizationManagerBeforeReactiveMethodInterceptor(Pointcut, ReactiveAuthorizationManager<MethodInvocation>) - Constructor for class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
Creates an instance.
AuthorizationManagers - Class in org.springframework.security.authorization
A factory class to create an AuthorizationManager instances.
AuthorizationManagerWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
An implementation of WebInvocationPrivilegeEvaluator which delegates the checks to an instance of AuthorizationManager
AuthorizationManagerWebInvocationPrivilegeEvaluator(AuthorizationManager<HttpServletRequest>) - Constructor for class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
 
AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer - Interface in org.springframework.security.web.access
Used to transform the HttpServletRequest prior to passing it into the AuthorizationManager.
AuthorizationObservationContext<T> - Class in org.springframework.security.authorization
An Observation.Context used during authorizations
AuthorizationObservationContext(T) - Constructor for class org.springframework.security.authorization.AuthorizationObservationContext
 
AuthorizationObservationConvention - Class in org.springframework.security.authorization
An ObservationConvention for translating authorizations into KeyValues.
AuthorizationObservationConvention() - Constructor for class org.springframework.security.authorization.AuthorizationObservationConvention
 
AuthorizationPayloadInterceptor - Class in org.springframework.security.rsocket.authorization
Provides authorization of the PayloadExchange.
AuthorizationPayloadInterceptor(ReactiveAuthorizationManager<PayloadExchange>) - Constructor for class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
 
AuthorizationProxy - Interface in org.springframework.security.authorization.method
An interface that is typically implemented by Spring Security's AOP support to identify an instance as being proxied by Spring Security.
AuthorizationProxyFactory - Interface in org.springframework.security.authorization
A factory for wrapping arbitrary objects in authorization-related advice
authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the redirect strategy for Authorization Endpoint redirect URI.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the repository used for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Sets the repository to use for storing OAuth2AuthorizationRequest's.
authorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the repository to use for storing OAuth2AuthorizationRequest's.
AuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web
Implementations of this interface are responsible for the persistence of OAuth2AuthorizationRequest between requests.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(OAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestResolver(ServerOAuth2AuthorizationRequestResolver) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Sets the resolver used for resolving OAuth2AuthorizationRequest's.
authorizationRequestUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the URI string representation of the OAuth 2.0 Authorization Request.
authorizationRequestUri(Function<UriBuilder, URI>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Function to be provided a UriBuilder representation of the OAuth 2.0 Authorization Request allowing for further customizations.
AuthorizationResult - Interface in org.springframework.security.authorization
Represents an authorization result
AuthorizationServiceException - Exception in org.springframework.security.access
Thrown if an authorization request could not be processed due to a system problem.
AuthorizationServiceException(String) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
Constructs an AuthorizationServiceException with the specified message.
AuthorizationServiceException(String, Throwable) - Constructor for exception org.springframework.security.access.AuthorizationServiceException
Constructs an AuthorizationServiceException with the specified message and root cause.
authorizationUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the uri for the authorization endpoint.
authorizationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the uri for the authorization endpoint.
AuthorizationWebFilter - Class in org.springframework.security.web.server.authorization
 
AuthorizationWebFilter(ReactiveAuthorizationManager<? super ServerWebExchange>) - Constructor for class org.springframework.security.web.server.authorization.AuthorizationWebFilter
 
authorize() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Make an authorization decision by considering all <authorize> tag attributes.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider
Attempt to authorize the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider
Attempt to authorize the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
 
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
 
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
Deprecated.
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
Deprecated.
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
Attempt to re-authorize the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
Attempt to re-authorize the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizationContext) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
Attempt to authorize (or re-authorize) the client in the provided context.
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
 
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
 
authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
authorize(OAuth2AuthorizeRequest) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager
Attempt to authorize or re-authorize (if required) the client identified by the provided clientRegistrationId.
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
 
authorize(OAuth2AuthorizeRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
 
authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
authorizedClientParametersMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Sets the repository for authorized client(s).
authorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the repository for authorized client(s).
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
authorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
authorizedClientRowMapper - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Sets the service for authorized client(s).
authorizedClientService(OAuth2AuthorizedClientService) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the service for authorized client(s).
authorizedClientService(ReactiveOAuth2AuthorizedClientService) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
AuthorizedClientServiceOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientManager that is capable of operating outside of the context of a HttpServletRequest, e.g.
AuthorizedClientServiceOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
Constructs an AuthorizedClientServiceOAuth2AuthorizedClientManager using the provided parameters.
AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
The default implementation of the contextAttributesMapper.
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientManager that is capable of operating outside of the context of a ServerWebExchange, e.g.
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ReactiveOAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
Constructs an AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager using the provided parameters.
AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client
The default implementation of the contextAttributesMapper.
AuthorizedEvent - Class in org.springframework.security.access.event
Deprecated.
AuthorizedEvent(Object, Collection<ConfigAttribute>, Authentication) - Constructor for class org.springframework.security.access.event.AuthorizedEvent
Deprecated.
Construct the event.
authorizedParty(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authorized party in the resulting OidcIdToken
authorizeExchange() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) or authorizeExchange(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
authorizeExchange(Customizer<ServerHttpSecurity.AuthorizeExchangeSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures authorization.
AuthorizeExchangeSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 
authorizeHttpRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
authorizeHttpRequests(Customizer<AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e.
AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds a URL based authorization using AuthorizationManager.
AuthorizeHttpRequestsConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
Creates an instance.
AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
Registry for mapping a RequestMatcher to an AuthorizationManager.
AuthorizeHttpRequestsConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
An object that allows configuring the AuthorizationManager for RequestMatchers.
AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable - Class in org.springframework.security.config.annotation.web.configurers
An object that allows configuring RequestMatchers with URI path variables
authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
AuthorizePayloadsSpec() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
authorizeRequests() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated.
For removal in 7.0. Use HttpSecurity.authorizeHttpRequests() instead
authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated.
For removal in 7.0. Use HttpSecurity.authorizeHttpRequests() instead
AuthorizeReturnObject - Annotation Interface in org.springframework.security.authorization.method
Wraps Spring Security method authorization advice around the return object of any method this annotation is applied to.
AuthorizeReturnObjectCoreHintsRegistrar - Class in org.springframework.security.aot.hint
A SecurityHintsRegistrar that scans all beans for methods that use AuthorizeReturnObject and registers those return objects as TypeHints.
AuthorizeReturnObjectCoreHintsRegistrar(AuthorizationProxyFactory) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectCoreHintsRegistrar
 
AuthorizeReturnObjectDataHintsRegistrar - Class in org.springframework.security.data.aot.hint
A SecurityHintsRegistrar that scans all beans for implementations of RepositoryFactoryBeanSupport, registering the corresponding entity class as a TypeHint should any if that repository's method use AuthorizeReturnObject.
AuthorizeReturnObjectDataHintsRegistrar(AuthorizationProxyFactory) - Constructor for class org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar
 
AuthorizeReturnObjectHintsRegistrar - Class in org.springframework.security.aot.hint
A SecurityHintsRegistrar implementation that registers only the classes provided in the constructor.
AuthorizeReturnObjectHintsRegistrar(AuthorizationProxyFactory, Class<?>...) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar
 
AuthorizeReturnObjectHintsRegistrar(AuthorizationProxyFactory, List<Class<?>>) - Constructor for class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar
Construct this registrar
AuthorizeReturnObjectMethodInterceptor - Class in org.springframework.security.authorization.method
A method interceptor that applies the given AuthorizationProxyFactory to any return value annotated with AuthorizeReturnObject
AuthorizeReturnObjectMethodInterceptor(AuthorizationProxyFactory) - Constructor for class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
authorizeUsingAccessExpression() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Make an authorization decision based on a Spring EL expression.
authorizeUsingUrlCheck() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Make an authorization decision based on the URL and HTTP method attributes.
authTime(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this authentication Instant in the resulting OidcIdToken
autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
 
autoLogin(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Template implementation which locates the Spring Security cookie, decodes it into a delimited array of tokens and submits it to subclasses for processing via the processAutoLoginCookie method.
autoLogin(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
This method will be called whenever the SecurityContextHolder does not contain an Authentication object and Spring Security wishes to provide an implementation with an opportunity to authenticate the request using remember-me capabilities.
AutowiredWebSecurityConfigurersIgnoreParents - Class in org.springframework.security.config.annotation.web.configuration
A class used to get all the WebSecurityConfigurer instances from the current ApplicationContext but ignoring the parent.
awaitTermination(long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
AZP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
azp - the Authorized party to which the ID Token was issued

B

backChannel(Customizer<OidcLogoutConfigurer.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
Configure OIDC Back-Channel Logout using the provided Consumer
backChannel(Customizer<ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
Configure OIDC Back-Channel Logout using the provided Consumer
BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
 
BackChannelLogoutConfigurer() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
 
BadCredentialsException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the credentials are invalid.
BadCredentialsException(String) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
Constructs a BadCredentialsException with the specified message.
BadCredentialsException(String, Throwable) - Constructor for exception org.springframework.security.authentication.BadCredentialsException
Constructs a BadCredentialsException with the specified message and root cause.
BadJwtException - Exception in org.springframework.security.oauth2.jwt
An exception similar to BadCredentialsException that indicates a Jwt that is invalid in some way.
BadJwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
 
BadJwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.BadJwtException
 
BadOpaqueTokenException - Exception in org.springframework.security.oauth2.server.resource.introspection
An exception similar to BadCredentialsException that indicates an opaque token that is invalid in some way.
BadOpaqueTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
 
BadOpaqueTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException
 
Base64 - Class in org.springframework.security.crypto.codec
Deprecated.
Use java.util.Base64
Base64StringKeyGenerator - Class in org.springframework.security.crypto.keygen
A StringKeyGenerator that generates base64-encoded String keys.
Base64StringKeyGenerator() - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with keyLength of 32 bytes and standard Base64 encoding.
Base64StringKeyGenerator(int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with the provided key length in bytes and standard Base64 encoding.
Base64StringKeyGenerator(Base64.Encoder) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with keyLength of 32 bytes and the provided encoder.
Base64StringKeyGenerator(Base64.Encoder, int) - Constructor for class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
Creates an instance with the provided key length and encoder.
BasePermission - Class in org.springframework.security.acls.domain
A set of standard permissions.
BasePermission(int) - Constructor for class org.springframework.security.acls.domain.BasePermission
 
BasePermission(int, char) - Constructor for class org.springframework.security.acls.domain.BasePermission
 
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig
Sets the base URI used for authorization requests.
baseUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig
Sets the URI where the authorization response will be processed.
BASIC - Static variable in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Deprecated.
 
BASIC_AUTH - Static variable in class org.springframework.security.config.Elements
 
BASIC_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
Where basic authentication is placed.
BASIC_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
Deprecated.
Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
BasicAuthenticationConverter - Class in org.springframework.security.web.authentication.www
Converts from a HttpServletRequest to UsernamePasswordAuthenticationToken that can be authenticated.
BasicAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
BasicAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?>) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
BasicAuthenticationDecoder - Class in org.springframework.security.rsocket.metadata
Deprecated.
Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
BasicAuthenticationDecoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
Deprecated.
 
BasicAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
Deprecated.
Basic Authentication did not evolve into a standard. use SimpleAuthenticationEncoder
BasicAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
Deprecated.
 
BasicAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
Used by the ExceptionTranslationFilter to commence authentication via the BasicAuthenticationFilter.
BasicAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
BasicAuthenticationFilter - Class in org.springframework.security.web.authentication.www
Processes a HTTP request's BASIC authorization headers, putting the result into the SecurityContextHolder.
BasicAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Creates an instance which will authenticate against the supplied AuthenticationManager and which will ignore failed authentication attempts, allowing the request to proceed down the filter chain.
BasicAuthenticationFilter(AuthenticationManager, AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Creates an instance which will authenticate against the supplied AuthenticationManager and use the supplied AuthenticationEntryPoint to handle authentication failures.
BasicAuthenticationPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
BasicAuthenticationPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
 
BasicLookupStrategy - Class in org.springframework.security.acls.jdbc
Performs lookups in a manner that is compatible with ANSI SQL.
BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, AuditLogger) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
Constructor accepting mandatory arguments
BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, PermissionGrantingStrategy) - Constructor for class org.springframework.security.acls.jdbc.BasicLookupStrategy
Creates a new instance
BCrypt - Class in org.springframework.security.crypto.bcrypt
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
BCrypt() - Constructor for class org.springframework.security.crypto.bcrypt.BCrypt
 
BCryptPasswordEncoder - Class in org.springframework.security.crypto.bcrypt
Implementation of PasswordEncoder that uses the BCrypt strong hashing function.
BCryptPasswordEncoder() - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, int, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder(BCryptPasswordEncoder.BCryptVersion, SecureRandom) - Constructor for class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
BCryptPasswordEncoder.BCryptVersion - Enum Class in org.springframework.security.crypto.bcrypt
Stores the default bcrypt version for use in configuration.
BeanIds - Class in org.springframework.security.config
Contains globally used default Bean IDs for beans created by the namespace support in Spring Security 2.
BeanIds() - Constructor for class org.springframework.security.config.BeanIds
 
BEARER - Static variable in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
 
BEARER_AUTHENTICATION_MIME_TYPE - Static variable in class org.springframework.security.rsocket.metadata.BearerTokenMetadata
Deprecated.
Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
BearerPayloadExchangeConverter - Class in org.springframework.security.rsocket.authentication
BearerPayloadExchangeConverter() - Constructor for class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
 
bearerToken(String) - Static method in class org.springframework.security.web.http.SecurityHeaders
Sets the provided value as a Bearer token in a header with the name of HttpHeaders.AUTHORIZATION
BearerTokenAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access
Translates any AccessDeniedException into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate.
BearerTokenAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
 
BearerTokenAuthentication - Class in org.springframework.security.oauth2.server.resource.authentication
An Authentication token that represents a successful authentication as obtained through a bearer token.
BearerTokenAuthentication(OAuth2AuthenticatedPrincipal, OAuth2AccessToken, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
Constructs a BearerTokenAuthentication with the provided arguments
BearerTokenAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
BearerTokenAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
 
BearerTokenAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web
An AuthenticationEntryPoint implementation used to commence authentication of protected resource requests using BearerTokenAuthenticationFilter.
BearerTokenAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
 
BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web.authentication
Authenticates requests that contain an OAuth 2.0 Bearer Token.
BearerTokenAuthenticationFilter - Class in org.springframework.security.oauth2.server.resource.web
Deprecated.
BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
Deprecated.
Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationFilter(AuthenticationManagerResolver<HttpServletRequest>) - Constructor for class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter
Deprecated.
Construct a BearerTokenAuthenticationFilter using the provided parameter(s)
BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication
An Authentication that contains a Bearer Token.
BearerTokenAuthenticationToken - Class in org.springframework.security.oauth2.server.resource
Deprecated.
BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
Create a BearerTokenAuthenticationToken using the provided parameter(s)
BearerTokenAuthenticationToken(String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken
Deprecated.
Create a BearerTokenAuthenticationToken using the provided parameter(s)
bearerTokenConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Configures the ServerAuthenticationConverter to use for requests authenticating with Bearer Tokens.
BearerTokenError - Class in org.springframework.security.oauth2.server.resource
A representation of a Bearer Token Error.
BearerTokenError(String, HttpStatus, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
Create a BearerTokenError using the provided parameters
BearerTokenError(String, HttpStatus, String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.BearerTokenError
Create a BearerTokenError using the provided parameters
BearerTokenErrorCodes - Class in org.springframework.security.oauth2.server.resource
Standard error codes defined by the OAuth 2.0 Authorization Framework: Bearer Token Usage.
BearerTokenErrors - Class in org.springframework.security.oauth2.server.resource
A factory for creating BearerTokenError instances that correspond to the registered Bearer Token Error Codes.
BearerTokenMetadata - Class in org.springframework.security.rsocket.metadata
Represents a bearer token that has been encoded into a Payload#metadata().
BearerTokenMetadata(String) - Constructor for class org.springframework.security.rsocket.metadata.BearerTokenMetadata
 
bearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
BearerTokenResolver - Interface in org.springframework.security.oauth2.server.resource.web
A strategy for resolving Bearer Tokens from the HttpServletRequest.
BearerTokenServerAccessDeniedHandler - Class in org.springframework.security.oauth2.server.resource.web.access.server
Translates any AccessDeniedException into an HTTP response in accordance with RFC 6750 Section 3: The WWW-Authenticate.
BearerTokenServerAccessDeniedHandler() - Constructor for class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
 
BearerTokenServerAuthenticationEntryPoint - Class in org.springframework.security.oauth2.server.resource.web.server
An AuthenticationEntryPoint implementation used to commence authentication of protected resource requests using BearerTokenAuthenticationFilter.
BearerTokenServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
 
before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
Deprecated.
 
before(Authentication, MethodInvocation, PreInvocationAttribute) - Method in interface org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice
Deprecated.
The "before" advice which should be executed to perform any filtering necessary and to decide whether the method call is authorised.
beforeConcurrentHandling(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
 
beforeConfigure() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Invoked prior to invoking each SecurityConfigurer.configure(SecurityBuilder) method.
beforeConfigure() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
beforeHandle(Message<?>, MessageChannel, MessageHandler) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
 
beforeHandshake(ServerHttpRequest, ServerHttpResponse, WebSocketHandler, Map<String, Object>) - Method in class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
 
beforeInit() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Invoked prior to invoking each SecurityConfigurer.init(SecurityBuilder) method.
beforeInvocation(Object) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.CsrfMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
 
beforeServerCreated(WebHttpHandlerBuilder) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
beforeSpringSecurityFilterChain(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Invoked before the springSecurityFilterChain is added.
beforeTestClass(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
beforeTestExecution(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
If configured before test execution sets the SecurityContext
beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
beforeTestMethod(TestContext) - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
Sets up the SecurityContext for each test method.
BindAuthenticator - Class in org.springframework.security.ldap.authentication
An authenticator which binds as a user.
BindAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.BindAuthenticator
Create an initialized instance using the BaseLdapPathContextSource provided.
binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used
binding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
Use this SAML 2.0 Message Binding By default, the asserting party's configured binding is used
birthdate(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this birthdate in the resulting OidcUserInfo
BIRTHDATE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
birthdate - the user's birth date
BouncyCastleAesCbcBytesEncryptor - Class in org.springframework.security.crypto.encrypt
An Encryptor equivalent to AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.CBC that uses Bouncy Castle instead of JCE.
BouncyCastleAesCbcBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
 
BouncyCastleAesCbcBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
 
BouncyCastleAesGcmBytesEncryptor - Class in org.springframework.security.crypto.encrypt
An Encryptor equivalent to AesBytesEncryptor using AesBytesEncryptor.CipherAlgorithm.GCM that uses Bouncy Castle instead of JCE.
BouncyCastleAesGcmBytesEncryptor(String, CharSequence) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
 
BouncyCastleAesGcmBytesEncryptor(String, CharSequence, BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
 
build() - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder
Builds and returns a RoleHierarchyImpl describing the defined role hierarchy.
build() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.BasicAuthenticationSpec
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.JwtSpec
 
build() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.SimpleAuthenticationSpec
 
build() - Method in interface org.springframework.security.config.annotation.SecurityBuilder
Builds the object and returns it or null.
build() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
build() - Method in class org.springframework.security.core.userdetails.User.UserBuilder
 
build() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
 
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Builds an instance of DelegatingOAuth2AuthorizedClientProvider composed of one or more OAuth2AuthorizedClientProvider(s).
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
build() - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
 
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
build() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Builds a new ClientRegistration.
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
build() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
build() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
build() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Build the OidcIdToken
build() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Build the OidcUserInfo
build() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Builds a new JwsHeader.
build() - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Build the Jwt
build() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Builds a new JwtClaimsSet.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Build the configured NimbusJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
Build the configured NimbusJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
Build the configured NimbusJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
Build the configured NimbusReactiveJwtDecoder.
build() - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager.Builder
 
build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
build() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder
 
build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.Builder
Constructs an immutable Saml2PostAuthenticationRequest object.
build() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
Constructs an immutable Saml2RedirectAuthenticationRequest object.
build() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
build() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Creates an immutable ProviderDetails object representing the configuration for an Identity Provider, IDP
build() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Constructs a RelyingPartyRegistration object based on the builder configurations
build() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
build() - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver.Builder
build() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
build() - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder
build() - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager.Builder
 
build() - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
 
buildDetails(C) - Method in interface org.springframework.security.authentication.AuthenticationDetailsSource
Called by a class when it wishes a new authentication details instance to be created.
buildDetails(HttpServletRequest) - Method in class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
 
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
Builds the authentication details object.
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 
buildDetails(HttpServletRequest) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 
buildDn(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
buildDn(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper
builder() - Static method in class org.springframework.security.core.userdetails.User
Creates a UserBuilder
builder() - Static method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager
builder() - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Returns a new OAuth2AuthorizedClientProviderBuilder for configuring the supported authorization grant(s).
builder() - Static method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Returns a new ReactiveOAuth2AuthorizedClientProviderBuilder for configuring the supported authorization grant(s).
builder() - Static method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
builder() - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
Returns a new JwtClaimsSet.Builder.
builder() - Static method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
 
builder() - Static method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
builder() - Static method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
builder() - Static method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
builder() - Static method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
 
builder() - Static method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
 
Builder() - Constructor for class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
 
Builder() - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Default constructor.
Builder() - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Deprecated.
Builder() - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
 
Builder() - Constructor for class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
 
Builder() - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
Builder() - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
 
Builder(String, AssertingPartyMetadata.Builder<?>) - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
 
Builder(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Constructs and initializes the address attributes using the provided addressFields.
Builder(RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Creates a new Builder with relying party registration
Builder(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
Construct a new instance of this builder
buildFromMask(int) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
buildFromMask(int) - Method in interface org.springframework.security.acls.domain.PermissionFactory
Dynamically creates a CumulativePermission or BasePermission representing the active bits in the passed mask.
buildFromName(String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
buildFromName(String) - Method in interface org.springframework.security.acls.domain.PermissionFactory
 
buildFromNames(List<String>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
buildFromNames(List<String>) - Method in interface org.springframework.security.acls.domain.PermissionFactory
 
buildFullRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
 
buildFullRequestUrl(String, String, int, String, String) - Static method in class org.springframework.security.web.util.UrlUtils
Obtains the full URL the client used to make the request.
buildGroupDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Deprecated. 
buildGroupName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
buildHttpsRedirectUrlForRequest(HttpServletRequest) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Builds a URL to redirect the supplied request to HTTPS.
buildLdapName(String) - Method in class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
 
buildLdapName(String) - Method in interface org.springframework.security.ldap.LdapUsernameToDnMapper
 
buildRedirectUrlToLoginPage(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
 
buildRequest(ServletContext) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
 
buildRequestUrl(HttpServletRequest) - Static method in class org.springframework.security.web.util.UrlUtils
Obtains the web application-specific fragment of the request URL.
buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.intercept.RunAsManager
Deprecated.
Returns a replacement Authentication object for the current secure object invocation, or null if replacement not required.
buildRunAs(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
BytesEncryptor - Interface in org.springframework.security.crypto.encrypt
Service interface for symmetric data encryption.
BytesKeyGenerator - Interface in org.springframework.security.crypto.keygen
A generator for unique byte array-based keys.

C

C_HASH - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
c_hash - the Authorization Code hash value
cache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.cache(Customizer) or cache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
cache(Cache) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Use the given Cache to store JWK Set.
cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures cache control headers
CACHE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
 
CACHE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
 
CACHE_CONTRTOL_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
The value for cache control value
cacheControl() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
cacheControl(Customizer<HeadersConfigurer.CacheControlConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows customizing the CacheControlHeadersWriter.
CacheControlHeadersWriter - Class in org.springframework.security.web.header.writers
Inserts headers to prevent caching if no cache control headers have been specified.
CacheControlHeadersWriter() - Constructor for class org.springframework.security.web.header.writers.CacheControlHeadersWriter
Creates a new instance
CacheControlServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes cache control related headers.
CacheControlServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
 
cachePermissionsFor(Authentication, Collection<?>) - Method in interface org.springframework.security.access.PermissionCacheOptimizer
Optimises the permission cache for anticipated operation on the supplied collection of objects.
cachePermissionsFor(Authentication, Collection<?>) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
 
CACHING_SUFFIX - Static variable in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
CachingRelyingPartyRegistrationRepository - Class in org.springframework.security.saml2.provider.service.registration
An IterableRelyingPartyRegistrationRepository that lazily queries and caches metadata from a backing IterableRelyingPartyRegistrationRepository.
CachingRelyingPartyRegistrationRepository(Callable<IterableRelyingPartyRegistrationRepository>) - Constructor for class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
 
CachingUserDetailsService - Class in org.springframework.security.authentication
Implementation of UserDetailsService that utilizes caching through a UserCache
CachingUserDetailsService(UserDetailsService) - Constructor for class org.springframework.security.authentication.CachingUserDetailsService
 
calculateLoginLifetime(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
Calculates the validity period in seconds for a newly generated remember-me login.
calculateRedirectUrl(String, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
 
call() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
 
cancelCookie(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Sets a "cancel cookie" (with maxAge = 0) on the response to disable persistent logins.
canDecrypt() - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
canRead(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
canWrite(Class<?>, MediaType) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
CAS_GATEWAY_AUTHENTICATION_ATTR - Static variable in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
 
CasAssertionAuthenticationToken - Class in org.springframework.security.cas.authentication
Temporary authentication object needed to load the user details service.
CasAssertionAuthenticationToken(Assertion, String) - Constructor for class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
 
CasAuthenticationEntryPoint - Class in org.springframework.security.cas.web
Used by the ExceptionTranslationFilter to commence authentication via the JA-SIG Central Authentication Service (CAS).
CasAuthenticationEntryPoint() - Constructor for class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
CasAuthenticationFilter - Class in org.springframework.security.cas.web
Processes a CAS service ticket, obtains proxy granting tickets, and processes proxy tickets.
CasAuthenticationFilter() - Constructor for class org.springframework.security.cas.web.CasAuthenticationFilter
 
CasAuthenticationProvider - Class in org.springframework.security.cas.authentication
An AuthenticationProvider implementation that integrates with JA-SIG Central Authentication Service (CAS).
CasAuthenticationProvider() - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
CasAuthenticationToken - Class in org.springframework.security.cas.authentication
Represents a successful CAS Authentication.
CasAuthenticationToken(String, Object, Object, Collection<? extends GrantedAuthority>, UserDetails, Assertion) - Constructor for class org.springframework.security.cas.authentication.CasAuthenticationToken
Constructor.
CasGatewayAuthenticationRedirectFilter - Class in org.springframework.security.cas.web
Redirects the request to the CAS server appending gateway=true to the URL.
CasGatewayAuthenticationRedirectFilter(String, ServiceProperties) - Constructor for class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
Constructs a new instance of this class
CasGatewayResolverRequestMatcher - Class in org.springframework.security.cas.web
A RequestMatcher implementation that delegates the check to an instance of GatewayResolver.
CasGatewayResolverRequestMatcher(ServiceProperties) - Constructor for class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher
 
CasJackson2Module - Class in org.springframework.security.cas.jackson2
Jackson module for spring-security-cas.
CasJackson2Module() - Constructor for class org.springframework.security.cas.jackson2.CasJackson2Module
 
CasServiceTicketAuthenticationToken - Class in org.springframework.security.cas.authentication
An Authentication implementation that is designed to process CAS service ticket.
CasServiceTicketAuthenticationToken(String, Object) - Constructor for class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
This constructor can be safely used by any code that wishes to create a CasServiceTicketAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.
CasServiceTicketAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e.
CBC - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
 
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer
 
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
chainRequestMatchers(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
 
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry
Subclasses should implement this method for returning the object that is chained to the creation of the RequestMatcher instances.
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
 
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
Deprecated.
 
chainRequestMatchersInternal(List<RequestMatcher>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
 
CHANGE_AFTER_RESET - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
CHANGE_AUDITING - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
CHANGE_GENERAL - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
CHANGE_OWNERSHIP - Static variable in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
changePassword(String, String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Changes the password for the current user.
changePassword(String, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
changePassword(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
changePassword(String, String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Modify the current user's password.
changePasswordPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
Sets the change password page.
changePasswordPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
Sets the change password page.
changeSessionId() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
Specifies that the Servlet container-provided session fixation protection should be used.
ChangeSessionIdAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
Uses HttpServletRequest.changeSessionId() to protect against session fixation attacks.
ChangeSessionIdAuthenticationStrategy() - Constructor for class org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy
 
ChannelAttributeFactory - Class in org.springframework.security.config.http
Used as a factory bean to create config attribute values for the requires-channel attribute.
ChannelDecisionManager - Interface in org.springframework.security.web.access.channel
Decides whether a web channel provides sufficient security.
ChannelDecisionManagerImpl - Class in org.springframework.security.web.access.channel
Implementation of ChannelDecisionManager.
ChannelDecisionManagerImpl() - Constructor for class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
ChannelEntryPoint - Interface in org.springframework.security.web.access.channel
May be used by a ChannelProcessor to launch a web channel.
ChannelProcessingFilter - Class in org.springframework.security.web.access.channel
Ensures a web request is delivered over the required channel.
ChannelProcessingFilter() - Constructor for class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
ChannelProcessor - Interface in org.springframework.security.web.access.channel
Decides whether a web channel meets a specific security condition.
channelProcessors(List<ChannelProcessor>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
Sets the ChannelProcessor instances to use in ChannelDecisionManagerImpl
ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds channel security (i.e.
ChannelSecurityConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
Creates a new instance
ChannelSecurityConfigurer.ChannelRequestMatcherRegistry - Class in org.springframework.security.config.annotation.web.configurers
 
ChannelSecurityConfigurer.RequiresChannelUrl - Class in org.springframework.security.config.annotation.web.configurers
 
ChannelSecurityInterceptor - Class in org.springframework.security.messaging.access.intercept
Deprecated.
ChannelSecurityInterceptor(MessageSecurityMetadataSource) - Constructor for class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
Creates a new instance
check(String) - Method in interface org.springframework.security.authentication.password.CompromisedPasswordChecker
Check whether the password is compromised
check(String) - Method in interface org.springframework.security.authentication.password.ReactiveCompromisedPasswordChecker
Check whether the password is compromised
check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
 
check(String) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
 
check(Supplier<Authentication>, HttpServletRequest) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager
Delegates to a specific AuthorizationManager based on a RequestMatcher evaluation.
check(Supplier<Authentication>, Collection<String>) - Method in class org.springframework.security.authorization.AuthoritiesAuthorizationManager
Determines if the current user is authorized by evaluating if the Authentication contains any of specified authorities.
check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
Determine if an Authentication has access to a method by evaluating the DenyAll, PermitAll, and RolesAllowed annotations that MethodInvocation specifies.
check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
Determines the access by evaluating the provided expression.
check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
Determine if an Authentication has access to a method by evaluating an expression from the PreAuthorize annotation that the MethodInvocation specifies.
check(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager
Determine if an Authentication has access to a method by evaluating the Secured annotation that MethodInvocation specifies.
check(Supplier<Authentication>, Message<?>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager
Delegates to a specific AuthorizationManager based on a MessageMatcher evaluation.
check(Supplier<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
Determine if an Authentication has access to the returned object by evaluating the PostAuthorize annotation that the MethodInvocation specifies.
check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
Determines the access by evaluating the provided expression.
check(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.IpAddressAuthorizationManager
 
check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Determines if the current user is authorized according to the given strategy.
check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Determines if the current user is authorized by evaluating if the Authentication contains a specified authority.
check(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager
Determines if access is granted for a specific authentication and object.
check(Supplier<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
 
check(UserDetails) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
 
check(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserDetailsChecker
Examines the User
check(Mono<Authentication>, MethodInvocation) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
Determines if an Authentication has access to the MethodInvocation by evaluating an expression from the PreAuthorize annotation.
check(Mono<Authentication>, MethodInvocationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
Determines if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.
check(Mono<Authentication>, PayloadExchange) - Method in class org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager
 
check(Mono<Authentication>, AuthorizationContext) - Method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager
 
check(Mono<Authentication>, ServerWebExchange) - Method in class org.springframework.security.web.server.authorization.DelegatingReactiveAuthorizationManager
 
check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager
 
check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
 
check(Mono<Authentication>, T) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
 
check(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
Determines if access is granted for a specific authentication and object.
checkAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
checkpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Check that a password (as a byte array) matches a previously hashed one
checkpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Check that a plaintext password matches a previously hashed one
ChildAuthenticationManagerFactoryBean(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
 
ChildrenExistException - Exception in org.springframework.security.acls.model
Thrown if an Acl cannot be deleted because children Acls exist.
ChildrenExistException(String) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
Constructs an ChildrenExistException with the specified message.
ChildrenExistException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.ChildrenExistException
Constructs an ChildrenExistException with the specified message and root cause.
ciRegex - Enum constant in enum class org.springframework.security.config.http.MatcherType
 
claim(String, Object) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this claim in the resulting OidcLogoutToken
claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this claim in the resulting OidcIdToken
claim(String, Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this claim in the resulting OidcUserInfo
claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this claim in the resulting Jwt
claim(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the claim.
ClaimAccessor - Interface in org.springframework.security.oauth2.core
An "accessor" for a set of claims that may be used for assertions.
ClaimConversionService - Class in org.springframework.security.oauth2.core.converter
A ConversionService configured with converters that provide type conversion for claim values.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Provides access to every OidcLogoutToken.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Provides access to every OidcIdToken.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Provides access to every OidcUserInfo.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Provides access to every Jwt.Builder.claim(String, Object) declared so far with the possibility to add, replace, or remove.
claims(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
A Consumer to be provided access to the claims allowing the ability to add, replace, or remove.
ClaimTypeConverter - Class in org.springframework.security.oauth2.core.converter
A Converter that provides type conversion for claim values.
ClaimTypeConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
Constructs a ClaimTypeConverter using the provided parameters.
clear() - Method in class org.springframework.security.acls.domain.CumulativePermission
 
clear(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission
 
CLEAR_SITE_DATA_HEADER - Static variable in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
 
clearAuthentication(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Specifies if SecurityContextLogoutHandler should clear the Authentication at the time of logout.
clearAuthenticationAttributes(HttpServletRequest) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
Removes temporary authentication-related data which may have been stored in the session during the authentication process.
clearCache() - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
clearCache() - Method in interface org.springframework.security.acls.model.AclCache
 
clearContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Clears the current context.
clearContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
Clears the Mono<SecurityContext> from Reactor Context
clearContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Explicitly clears the context value from the current thread.
clearContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Clears the current context.
clearContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
clearContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
 
ClearSiteDataHeaderWriter - Class in org.springframework.security.web.header.writers
Provides support for Clear Site Data.
ClearSiteDataHeaderWriter(ClearSiteDataHeaderWriter.Directive...) - Constructor for class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
Creates a new instance of ClearSiteDataHeaderWriter with given sources.
ClearSiteDataHeaderWriter.Directive - Enum Class in org.springframework.security.web.header.writers
Represents the directive values expected by the ClearSiteDataHeaderWriter.
ClearSiteDataServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Clear-Site-Data response header when the request is secure.
ClearSiteDataServerHttpHeadersWriter(ClearSiteDataServerHttpHeadersWriter.Directive...) - Constructor for class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
Constructs a new instance using the given directives.
ClearSiteDataServerHttpHeadersWriter.Directive - Enum Class in org.springframework.security.web.server.header
Represents the directive values expected by the ClearSiteDataServerHttpHeadersWriter
CLIENT_ASSERTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
client_assertion - used in Access Token Request.
CLIENT_ASSERTION_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
client_assertion_type - used in Access Token Request.
CLIENT_CREDENTIALS - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
client_id - used in Authorization Request and Access Token Request.
CLIENT_ID - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
client_id - The Client identifier for the token
CLIENT_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
 
CLIENT_SECRET - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
client_secret - used in Access Token Request.
CLIENT_SECRET_BASIC - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
CLIENT_SECRET_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
CLIENT_SECRET_POST - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
clientAuthenticationMethod(ClientAuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the authentication method used when authenticating the client with the authorization server.
ClientAuthenticationMethod - Class in org.springframework.security.oauth2.core
The authentication method used when authenticating the client with the authorization server.
ClientAuthenticationMethod(String) - Constructor for class org.springframework.security.oauth2.core.ClientAuthenticationMethod
Constructs a ClientAuthenticationMethod using the provided value.
ClientAuthorizationException - Exception in org.springframework.security.oauth2.client
This exception is thrown on the client side when an attempt to authenticate or authorize an OAuth 2.0 client fails.
ClientAuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationException(OAuth2Error, String, String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationException(OAuth2Error, String, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationException
Constructs a ClientAuthorizationException using the provided parameters.
ClientAuthorizationRequiredException - Exception in org.springframework.security.oauth2.client
This exception is thrown when an OAuth 2.0 Client is required to obtain authorization from the Resource Owner.
ClientAuthorizationRequiredException(String) - Constructor for exception org.springframework.security.oauth2.client.ClientAuthorizationRequiredException
Constructs a ClientAuthorizationRequiredException using the provided parameters.
clientCredentials() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
clientCredentials() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
clientCredentials(Consumer<OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
clientCredentials(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the client_credentials grant.
ClientCredentialsOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the client_credentials grant.
ClientCredentialsOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
 
ClientCredentialsReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientProvider for the client_credentials grant.
ClientCredentialsReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
 
clientId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the client identifier.
clientId(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the client identifier.
clientName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the logical name of the client or registration.
clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
Use this Consumer to configure a ClientRegistration
clientRegistration(Consumer<ClientRegistration.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
Use this Consumer to configure a ClientRegistration
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided ClientRegistration as the client to authorize.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided ClientRegistration as the client to authorize.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided ClientRegistration as the client to authorize.
clientRegistration(ClientRegistration) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided ClientRegistration as the client to authorize.
ClientRegistration - Class in org.springframework.security.oauth2.client.registration
A representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider.
ClientRegistration.Builder - Class in org.springframework.security.oauth2.client.registration
A builder for ClientRegistration.
ClientRegistration.ProviderDetails - Class in org.springframework.security.oauth2.client.registration
Details of the Provider.
ClientRegistration.ProviderDetails.UserInfoEndpoint - Class in org.springframework.security.oauth2.client.registration
Details of the UserInfo Endpoint.
clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver
Modifies the attributes to include the clientRegistrationId to be used to look up the OAuth2AuthorizedClient.
clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.
clientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the ClientRegistration.getRegistrationId() to be used to look up the OAuth2AuthorizedClient.
clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
clientRegistrationRepository - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the repository of client registrations.
clientRegistrationRepository(ClientRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
Sets the repository of client registrations.
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
clientRegistrationRepository(ReactiveClientRegistrationRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
ClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration
A repository for OAuth 2.0 / OpenID Connect 1.0 ClientRegistration(s).
ClientRegistrations - Class in org.springframework.security.oauth2.client.registration
Allows creating a ClientRegistration.Builder from an OpenID Provider Configuration or Authorization Server Metadata based on provided issuer.
ClientRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.oauth2.client
 
ClientRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
 
clientSecret(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the client secret.
clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clock(Clock) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
clockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
closeContext(Context) - Static method in class org.springframework.security.ldap.LdapUtils
 
closeEnumeration(NamingEnumeration) - Static method in class org.springframework.security.ldap.LdapUtils
 
code - Variable in class org.springframework.security.acls.domain.AbstractPermission
 
code(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the authorization code.
CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
 
CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
code - used in Authorization Response and Access Token Request.
CODE_CHALLENGE - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
code_challenge - used in Authorization Request.
CODE_CHALLENGE_METHOD - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
code_challenge_method - used in Authorization Request.
CODE_VERIFIER - Static variable in class org.springframework.security.oauth2.core.endpoint.PkceParameterNames
code_verifier - used in Token Request.
collectionFromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
Return a Collection of RelyingPartyRegistration.Builders based off of the given SAML 2.0 Asserting Party (IDP) metadata.
collectionFromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
Return a Collection of RelyingPartyRegistration.Builders based off of the given SAML 2.0 Asserting Party (IDP) metadata location.
commaSeparatedStringToAuthorityList(String) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Creates a array of GrantedAuthority objects from a comma-separated string representation (e.g.
commence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
commence(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.access.channel.ChannelEntryPoint
Commences a secure channel.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
Collect error details from the provided parameters and format according to RFC 6750, specifically error, error_description, error_uri, and scope.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
Always returns a 403 error code to the client.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.HttpStatusEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Performs the redirect (or forward) to the login form URL.
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
commence(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.AuthenticationEntryPoint
Commences an authentication scheme.
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
 
commence(ServerWebExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.ServerAuthenticationEntryPoint
Initiates the authentication flow
commit() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Authenticate the Subject (phase two) by adding the Spring Security Authentication to the Subject's principals.
CommonOAuth2Provider - Enum Class in org.springframework.security.config.oauth2.client
Common OAuth2 Providers that can be used to create builders pre-configured with sensible defaults for the HttpSecurity.oauth2Login() flow.
compare(String, String, Object) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Performs an LDAP compare operation of the value of an attribute for a particular directory entry.
CompositeAccessDeniedHandler - Class in org.springframework.security.web.access
 
CompositeAccessDeniedHandler(Collection<AccessDeniedHandler>) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
 
CompositeAccessDeniedHandler(AccessDeniedHandler...) - Constructor for class org.springframework.security.web.access.CompositeAccessDeniedHandler
 
CompositeHeaderWriter - Class in org.springframework.security.web.header.writers
A HeaderWriter that delegates to several other HeaderWriters.
CompositeHeaderWriter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.writers.CompositeHeaderWriter
Creates a new instance.
CompositeLogoutHandler - Class in org.springframework.security.web.authentication.logout
Performs a logout through all the LogoutHandler implementations.
CompositeLogoutHandler(List<LogoutHandler>) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
 
CompositeLogoutHandler(LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
 
CompositeRequestRejectedHandler - Class in org.springframework.security.web.firewall
A RequestRejectedHandler that delegates to several other RequestRejectedHandlers.
CompositeRequestRejectedHandler(RequestRejectedHandler...) - Constructor for class org.springframework.security.web.firewall.CompositeRequestRejectedHandler
Creates a new instance.
CompositeServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Combines multiple ServerHttpHeadersWriter instances into a single instance.
CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
 
CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter...) - Constructor for class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
 
CompositeSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
A SessionAuthenticationStrategy that accepts multiple SessionAuthenticationStrategy implementations to delegate to.
CompositeSessionAuthenticationStrategy(List<SessionAuthenticationStrategy>) - Constructor for class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 
CompromisedPasswordChecker - Interface in org.springframework.security.authentication.password
An API for checking if a password has been compromised.
CompromisedPasswordDecision - Class in org.springframework.security.authentication.password
 
CompromisedPasswordDecision(boolean) - Constructor for class org.springframework.security.authentication.password.CompromisedPasswordDecision
 
CompromisedPasswordException - Exception in org.springframework.security.authentication.password
Indicates that the provided password is compromised
CompromisedPasswordException(String) - Constructor for exception org.springframework.security.authentication.password.CompromisedPasswordException
 
CompromisedPasswordException(String, Throwable) - Constructor for exception org.springframework.security.authentication.password.CompromisedPasswordException
 
concat(Saml2Error) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Return a new Saml2ResponseValidatorResult that contains both the given Saml2Error and the errors from the result
concat(Saml2ResponseValidatorResult) - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Return a new Saml2ResponseValidatorResult that contains the errors from the given Saml2ResponseValidatorResult as well as this result.
concatenate(byte[]...) - Static method in class org.springframework.security.crypto.util.EncodingUtils
Combine the individual byte arrays into one array.
CONCURRENT_SESSIONS - Static variable in class org.springframework.security.config.Elements
 
ConcurrentSessionControlAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
Strategy which handles concurrent session-control.
ConcurrentSessionControlAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
 
ConcurrentSessionControlServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
Controls the number of sessions a user can have concurrently authenticated in an application.
ConcurrentSessionControlServerAuthenticationSuccessHandler(ReactiveSessionRegistry, ServerMaximumSessionsExceededHandler) - Constructor for class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
 
ConcurrentSessionFilter - Class in org.springframework.security.web.session
Filter required by concurrent session handling package.
ConcurrentSessionFilter(SessionRegistry) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
 
ConcurrentSessionFilter(SessionRegistry, String) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) - Constructor for class org.springframework.security.web.session.ConcurrentSessionFilter
 
concurrentSessions(Customizer<ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec
Configures how many sessions are allowed for a given user.
ConcurrentSessionsSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
 
ConfigAttribute - Interface in org.springframework.security.access
Stores a security system related configuration attribute.
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 
configurationSource(CorsConfigurationSource) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
Configures the CorsConfigurationSource to be used
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
 
configure(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
 
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
Deprecated.
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
 
configure(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
 
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
 
configure(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Sub classes can override this method to register different types of authentication.
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
 
configure(ServerHttpSecurity) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
 
configureClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
configureInbound(MessageSecurityMetadataSourceRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
configureJaas(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
Hook method for configuring Jaas.
ConsensusBased - Class in org.springframework.security.access.vote
Deprecated.
ConsensusBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.ConsensusBased
Deprecated.
 
ConsoleAuditLogger - Class in org.springframework.security.acls.domain
A basic implementation of AuditLogger.
ConsoleAuditLogger() - Constructor for class org.springframework.security.acls.domain.ConsoleAuditLogger
 
consume(OneTimeTokenAuthenticationToken) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
 
consume(OneTimeTokenAuthenticationToken) - Method in interface org.springframework.security.authentication.ott.OneTimeTokenService
Consumes a one-time token based on the provided authentication token.
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
 
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
 
containsContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
 
containsContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
Allows the repository to be queried as to whether it contains a security context for the current request.
containsMapping() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Allows determining if a mapping was added.
CONTENT_SECURITY_POLICY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
CONTENT_SECURITY_POLICY_REPORT_ONLY - Static variable in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
contentSecurityPolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
contentSecurityPolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
contentSecurityPolicy(Customizer<HeadersConfigurer.ContentSecurityPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Content Security Policy (CSP) Level 2.
contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures Content-Security-Policy response header.
ContentSecurityPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
ContentSecurityPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
Creates a new instance.
ContentSecurityPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
Creates a new instance
ContentSecurityPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Contet-Security-Policy response header with configured policy directives.
ContentSecurityPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
contentType(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the content type header that declares the media type of the secured content (the payload).
contentTypeOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) or contentTypeOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
contentTypeOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
contentTypeOptions(Customizer<HeadersConfigurer.ContentTypeOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures content type response headers
ContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Adds X-Content-Type-Options: nosniff
ContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
 
CONTEXT_SOURCE - Static variable in class org.springframework.security.config.BeanIds
 
CONTEXT_SOURCE_SETTING_POST_PROCESSOR - Static variable in class org.springframework.security.config.BeanIds
 
contextSource() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Allows easily configuring of a BaseLdapPathContextSource with defaults pointing to an embedded LDAP server that is created.
contextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Specifies the BaseLdapPathContextSource to be used.
ContextSourceSettingPostProcessor - Class in org.springframework.security.config.ldap
Checks for the presence of a ContextSource instance.
conversionServicePostProcessor() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
convert(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
 
convert(HttpServletRequest) - Method in interface org.springframework.security.web.authentication.AuthenticationConverter
 
convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
 
convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter
 
convert(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenAuthenticationConverter
Converts a successful introspection result into an authentication result.
convert(String, OAuth2AuthenticatedPrincipal) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenAuthenticationConverter
Converts a successful introspection result into an authentication result.
convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.converter.ClaimTypeConverter
 
convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter
 
convert(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
 
convert(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter
Returns the RequestEntity used for the UserInfo Request.
convert(OAuth2AccessTokenResponse) - Method in class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
Extract GrantedAuthoritys from the given Jwt.
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
Extract GrantedAuthoritys from the given Jwt.
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
 
convert(Jwt) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter
 
convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter
 
convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BasicAuthenticationPayloadExchangeConverter
 
convert(PayloadExchange) - Method in class org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter
 
convert(PayloadExchange) - Method in interface org.springframework.security.rsocket.authentication.PayloadExchangeAuthenticationConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
 
convert(ServerWebExchange) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationConverter
Converts a ServerWebExchange to an Authentication
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
 
convert(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
 
convert(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
 
convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter
Populates the default headers for the token request.
convert(T) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
 
convertPasswordToString(Object) - Static method in class org.springframework.security.ldap.LdapUtils
 
CookieClearingLogoutHandler - Class in org.springframework.security.web.authentication.logout
A logout handler which clears either - A defined list of cookie names, using the context path as the cookie path OR - A given list of Cookies
CookieClearingLogoutHandler(Cookie...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
 
CookieClearingLogoutHandler(String...) - Constructor for class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
 
CookieCsrfTokenRepository - Class in org.springframework.security.web.csrf
A CsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CookieCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.CookieCsrfTokenRepository
 
CookieRequestCache - Class in org.springframework.security.web.savedrequest
An Implementation of RequestCache which saves the original request URI in a cookie.
CookieRequestCache() - Constructor for class org.springframework.security.web.savedrequest.CookieRequestCache
 
COOKIES - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
 
COOKIES - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
 
CookieServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS.
CookieServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
 
CookieServerRequestCache - Class in org.springframework.security.web.server.savedrequest
An implementation of ServerRequestCache that saves the requested URI in a cookie.
CookieServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
 
CookieTheftException - Exception in org.springframework.security.web.authentication.rememberme
 
CookieTheftException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.CookieTheftException
 
copyToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
CoreJackson2Module - Class in org.springframework.security.jackson2
Jackson module for spring-security-core.
CoreJackson2Module() - Constructor for class org.springframework.security.jackson2.CoreJackson2Module
 
cors() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
cors() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
cors(Customizer<CorsConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds a CorsFilter to be used.
cors(Customizer<ServerHttpSecurity.CorsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures CORS headers.
CORS - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
CorsWebFilter
CORS - Static variable in class org.springframework.security.config.Elements
 
CorsBeanDefinitionParser - Class in org.springframework.security.config.http
Parser for the CorsFilter.
CorsBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CorsBeanDefinitionParser
 
CorsConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds CorsFilter to the Spring Security filter chain.
CorsConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.CorsConfigurer
Creates a new instance
country(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the country.
create - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
create(Object, String, Object...) - Static method in class org.springframework.security.util.MethodInvocationUtils
Generates a MethodInvocation for specified methodName on the passed object, using the args to locate the method.
create(Runnable, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
Factory method for creating a DelegatingSecurityContextRunnable.
create(Callable<V>, SecurityContext) - Static method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
Creates a DelegatingSecurityContextCallable and with the given Callable and SecurityContext, but if the securityContext is null will defaults to the current SecurityContext on the SecurityContextHolder
CREATE - Static variable in class org.springframework.security.acls.domain.BasePermission
 
CREATE_TABLE_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
Default SQL for creating the database table to store the tokens
createAcl(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
createAcl(ObjectIdentity) - Method in interface org.springframework.security.acls.model.MutableAclService
Creates an empty Acl object in the database.
createAuthentication(HttpServletRequest) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
createAuthentication(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
 
createAuthenticationManager() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Returns the configured AuthenticationManager that can be used to perform LDAP authentication.
createAuthority(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
Creates a GrantedAuthority from a role attribute.
createAuthorityList(String...) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Converts authorities into a List of GrantedAuthority objects.
createAuthorityList(Collection<String>) - Static method in class org.springframework.security.core.authority.AuthorityUtils
Converts authorities into a List of GrantedAuthority objects.
createChannelAttributes(String) - Static method in class org.springframework.security.config.http.ChannelAttributeFactory
 
createCipher() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
createCurrentUser(Authentication) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
Creates a principal-like sid from the authentication information.
createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoderFactory
Creates a JwtDecoder using the supplied "contextual" type.
createDecoder(C) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory
Creates a ReactiveJwtDecoder using the supplied "contextual" type.
createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
 
createDecoder(ClientRegistration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
 
createDefault() - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
Create a Jwt Validator that contains all standard validators.
createDefaultClaimTypeConverter() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
Returns the default Converter's used for type conversion of claim values for an OidcIdToken.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
Returns the default Converter's used for type conversion of claim values for an OidcIdToken.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
Returns the default Converter's used for type conversion of claim values for an OidcIdToken.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.
createDefaultClaimTypeConverters() - Static method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Returns the default Converter's used for type conversion of claim values for an OidcUserInfo.
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Allows subclasses to supply the default AbstractLdapAuthenticator.
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
 
createDefaultLdapAuthenticator() - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
 
createDefaultWithIssuer(String) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
Create a Jwt Validator that contains all standard validators when an issuer is known.
createDefaultWithValidators(List<OAuth2TokenValidator<Jwt>>) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
Create a Jwt default validator with standard validators and additional validators.
createDefaultWithValidators(OAuth2TokenValidator<Jwt>...) - Static method in class org.springframework.security.oauth2.jwt.JwtValidators
Create a Jwt default validator with standard validators and additional validators.
createDelegatingPasswordEncoder() - Static method in class org.springframework.security.crypto.factory.PasswordEncoderFactories
Creates a DelegatingPasswordEncoder with default mappings.
createELContext(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
Subclasses can override this methode if they want to use a different EL root context
createEmptyContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
createEmptyContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Delegates the creation of a new, empty context to the configured strategy.
createEmptyContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Creates a new, empty context implementation, for use by SecurityContextRepository implementations, when creating a new context for the first time.
createEmptyContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
 
createEntries(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Creates a new row in acl_entry for every ACE defined in the passed MutableAcl object.
createEvaluationContext(Supplier<Authentication>, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
createEvaluationContext(Supplier<Authentication>, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
 
createEvaluationContext(Supplier<Authentication>, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
 
createEvaluationContext(Supplier<Authentication>, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
 
createEvaluationContext(Supplier<Authentication>, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type.
createEvaluationContext(Authentication, MessageAuthorizationContext<?>) - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
 
createEvaluationContext(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
Invokes the internal template methods to create StandardEvaluationContext and SecurityExpressionRoot objects.
createEvaluationContext(Authentication, T) - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
Provides an evaluation context in which to evaluate security expressions for the invocation type.
createEvaluationContextInternal(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Uses a MethodSecurityEvaluationContext as the EvaluationContext implementation.
createEvaluationContextInternal(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
Override to create a custom instance of StandardEvaluationContext.
createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
Allows the EvaluationContext to be customized for variable lookup etc.
createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
createExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
Deprecated.
Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.
createExpressionMessageMetadataSource(LinkedHashMap<MessageMatcher<?>, String>, SecurityExpressionHandler<Message<Object>>) - Static method in class org.springframework.security.messaging.access.expression.ExpressionBasedMessageSecurityMetadataSourceFactory
Deprecated.
Create a MessageSecurityMetadataSource that uses MessageMatcher mapped to Spring Expressions.
createFromClass(Class<?>, String) - Static method in class org.springframework.security.util.MethodInvocationUtils
Generates a MethodInvocation for the specified methodName on the passed class.
createFromClass(Object, Class<?>, String, Class<?>[], Object[]) - Static method in class org.springframework.security.util.MethodInvocationUtils
Generates a MethodInvocation for specified methodName on the passed class, using the args to locate the method.
createGroup(String, List<GrantedAuthority>) - Method in interface org.springframework.security.provisioning.GroupManager
Creates a new group with the specified list of authorities.
createGroup(String, List<GrantedAuthority>) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
createList(String...) - Static method in class org.springframework.security.access.SecurityConfig
 
createListFromCommaDelimitedString(String) - Static method in class org.springframework.security.access.SecurityConfig
 
createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Creates the LoginContext to be used for authentication.
createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
Creates a LoginContext using the Configuration that was specified in DefaultJaasAuthenticationProvider.setConfiguration(Configuration).
createLoginContext(CallbackHandler) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Create the RequestMatcher given a loginProcessingUrl
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
createLoginProcessingUrlMatcher(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
 
createMatcher(ParserContext, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
 
createMatcher(ParserContext, String, String, String) - Method in enum class org.springframework.security.config.http.MatcherType
 
createMessageMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
Creates a new instance with the specified pattern, SimpMessageType.MESSAGE, and PathMatcher.
createMetadataSource() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Allows subclasses to create creating a MessageSecurityMetadataSource.
createMvcMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Creates MvcRequestMatcher instances for the method and patterns passed in
createNewAuthentication(Authentication, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
 
createNewToken(PersistentRememberMeToken) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
 
createNewToken(PersistentRememberMeToken) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
 
createObjectIdentity(Serializable, String) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
 
createObjectIdentity(Serializable, String) - Method in interface org.springframework.security.acls.model.ObjectIdentityGenerator
 
createObjectIdentity(ObjectIdentity, Sid) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Creates an entry in the acl_object_identity table for the passed ObjectIdentity.
createOrRetrieveClassPrimaryKey(String, boolean, Class) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from acl_class, creating a new row if needed and the allowCreate property is true.
createOrRetrieveSidPrimaryKey(String, boolean, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
createOrRetrieveSidPrimaryKey(Sid, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from acl_sid, creating a new row if needed and the allowCreate property is true.
createParameters(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter
 
createParameters(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
 
createParameters(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
 
createParameters(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter
 
createParameters(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter
 
createParameters(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
 
createPasswordEncoderBeanDefinition(String) - Static method in class org.springframework.security.config.authentication.PasswordEncoderParser
 
createPostInvocationAttribute(String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
Deprecated.
 
createPostInvocationAttribute(String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory
Deprecated.
 
createPreInvocationAttribute(String, String, String) - Method in class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
Deprecated.
 
createPreInvocationAttribute(String, String, String) - Method in interface org.springframework.security.access.prepost.PrePostInvocationAttributeFactory
Deprecated.
 
createRedirectUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Constructs the Url for Redirection to the CAS server.
createSecurityContext(A) - Method in interface org.springframework.security.test.context.support.WithSecurityContextFactory
Create a SecurityContext given an Annotation.
createSecurityExpressionRoot(Authentication, MethodInvocation) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Creates the root object for expression evaluation.
createSecurityExpressionRoot(Authentication, Message<T>) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
 
createSecurityExpressionRoot(Authentication, RequestAuthorizationContext) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
 
createSecurityExpressionRoot(Authentication, FilterInvocation) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
 
createSecurityExpressionRoot(Authentication, T) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
Implement in order to create a root object of the correct type for the supported invocation type.
createServiceUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Constructs a new Service Url.
createSid(boolean, String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
Creates a particular implementation of Sid depending on the arguments.
createSubscribeMatcher(String, PathMatcher) - Static method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
Creates a new instance with the specified pattern, SimpMessageType.SUBSCRIBE, and PathMatcher.
createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Creates a successful Authentication object.
createSuccessAuthentication(Object, Authentication, UserDetails) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
createSuccessfulAuthentication(HttpServletRequest, UserDetails) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Creates the final Authentication object returned from the autoLogin method.
createSuccessfulAuthentication(UsernamePasswordAuthenticationToken, UserDetails) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Creates the final Authentication object which will be returned from the authenticate method.
createTarget() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
createTarget() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
createTarget() - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
createUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
createUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
createUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
createUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Create a new user with the supplied details.
createUserDetails() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
createUserDetails() - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
createUserDetails(String, UserDetails, List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Can be overridden to customize the creation of the final UserDetailsObject which is returned by the loadUserByUsername method.
createUserDetails(Authentication, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
Creates the final UserDetails object.
CredentialsContainer - Interface in org.springframework.security.core
Indicates that the implementing object contains sensitive data, which can be erased using the eraseCredentials method.
credentialsExpired(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the credentials are expired or not.
credentialsExpired(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the credentials are expired or not.
credentialsExpired(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
CredentialsExpiredException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the account's credentials have expired.
CredentialsExpiredException(String) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException
Constructs a CredentialsExpiredException with the specified message.
CredentialsExpiredException(String, Throwable) - Constructor for exception org.springframework.security.authentication.CredentialsExpiredException
Constructs a CredentialsExpiredException with the specified message and root cause.
CRIT - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
crit - the critical header indicates that extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed
criticalHeader(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the critical header that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
 
CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
 
crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
crossOriginEmbedderPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
crossOriginEmbedderPolicy(Customizer<HeadersConfigurer.CrossOriginEmbedderPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Cross-Origin-Embedder-Policy header.
crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures the Cross-Origin-Embedder-Policy header.
CrossOriginEmbedderPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
 
CrossOriginEmbedderPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
Inserts Cross-Origin-Embedder-Policy header.
CrossOriginEmbedderPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
 
CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.header.writers
 
CrossOriginEmbedderPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Inserts Cross-Origin-Embedder-Policy headers.
CrossOriginEmbedderPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
 
CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy - Enum Class in org.springframework.security.web.server.header
 
crossOriginOpenerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
crossOriginOpenerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
crossOriginOpenerPolicy(Customizer<HeadersConfigurer.CrossOriginOpenerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Cross-Origin-Opener-Policy header.
crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures the Cross-Origin-Opener-Policy header.
CrossOriginOpenerPolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
 
CrossOriginOpenerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
Inserts the Cross-Origin-Opener-Policy header
CrossOriginOpenerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
 
CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.header.writers
 
CrossOriginOpenerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Inserts Cross-Origin-Opener-Policy header.
CrossOriginOpenerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
 
CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy - Enum Class in org.springframework.security.web.server.header
 
crossOriginResourcePolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
crossOriginResourcePolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
crossOriginResourcePolicy(Customizer<HeadersConfigurer.CrossOriginResourcePolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Cross-Origin-Resource-Policy header.
crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures the Cross-Origin-Resource-Policy header.
CrossOriginResourcePolicyConfig() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
 
CrossOriginResourcePolicyHeaderWriter - Class in org.springframework.security.web.header.writers
Inserts Cross-Origin-Resource-Policy header
CrossOriginResourcePolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
 
CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.header.writers
 
CrossOriginResourcePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Inserts Cross-Origin-Resource-Policy headers.
CrossOriginResourcePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
 
CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy - Enum Class in org.springframework.security.web.server.header
 
csrf() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
csrf() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
csrf() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
 
csrf() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.
csrf(Customizer<CsrfConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Enables CSRF protection.
csrf(Customizer<ServerHttpSecurity.CsrfSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures CSRF Protection which is enabled by default.
CSRF - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
CSRF - Static variable in class org.springframework.security.config.Elements
 
CsrfAuthenticationStrategy - Class in org.springframework.security.web.csrf
CsrfAuthenticationStrategy is in charge of removing the CsrfToken upon authenticating.
CsrfAuthenticationStrategy(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
Creates a new instance
CsrfBeanDefinitionParser - Class in org.springframework.security.config.http
Parser for the CsrfFilter.
CsrfBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.CsrfBeanDefinitionParser
 
csrfChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
CsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf
ChannelInterceptor that validates that a valid CSRF is included in the header of any SimpMessageType.CONNECT message.
CsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor
 
CsrfConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds CSRF protection for the methods as specified by CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
CsrfConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Creates a new instance
CsrfException - Exception in org.springframework.security.web.csrf
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfException - Exception in org.springframework.security.web.server.csrf
Thrown when an invalid or missing CsrfToken is found in the HttpServletRequest
CsrfException(String) - Constructor for exception org.springframework.security.web.csrf.CsrfException
 
CsrfException(String) - Constructor for exception org.springframework.security.web.server.csrf.CsrfException
 
CsrfFilter - Class in org.springframework.security.web.csrf
Applies CSRF protection using a synchronizer token pattern.
CsrfFilter(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfFilter
Creates a new instance.
CsrfInputTag - Class in org.springframework.security.taglibs.csrf
A JSP tag that prints out a hidden form field for the CSRF token.
CsrfInputTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfInputTag
 
CsrfLogoutHandler - Class in org.springframework.security.web.csrf
CsrfLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfLogoutHandler(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.CsrfLogoutHandler
Creates a new instance
CsrfMetaTagsTag - Class in org.springframework.security.taglibs.csrf
A JSP tag that prints out a meta tags holding the CSRF form field name and token value for use in JavaScrip code.
CsrfMetaTagsTag() - Constructor for class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
 
CsrfRequestDataValueProcessor - Class in org.springframework.security.web.reactive.result.view
 
CsrfRequestDataValueProcessor - Class in org.springframework.security.web.servlet.support.csrf
Integration with Spring Web MVC that automatically adds the CsrfToken into forms with hidden inputs when using Spring tag libraries.
CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
 
CsrfRequestDataValueProcessor() - Constructor for class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
CsrfServerLogoutHandler - Class in org.springframework.security.web.server.csrf
CsrfServerLogoutHandler is in charge of removing the CsrfToken upon logout.
CsrfServerLogoutHandler(ServerCsrfTokenRepository) - Constructor for class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
Creates a new instance
CsrfToken - Interface in org.springframework.security.web.csrf
Provides the information about an expected CSRF token.
CsrfToken - Interface in org.springframework.security.web.server.csrf
 
CsrfTokenArgumentResolver - Class in org.springframework.security.web.method.annotation
Allows resolving the current CsrfToken.
CsrfTokenArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
 
CsrfTokenHandshakeInterceptor - Class in org.springframework.security.messaging.web.socket.server
Loads a CsrfToken from the HttpServletRequest and HttpServletResponse to populate the WebSocket attributes.
CsrfTokenHandshakeInterceptor() - Constructor for class org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
 
csrfTokenRepository(CsrfTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Specify the CsrfTokenRepository to use.
csrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Configures the ServerCsrfTokenRepository used to persist the CSRF Token.
CsrfTokenRepository - Interface in org.springframework.security.web.csrf
An API to allow changing the method in which the expected CsrfToken is associated to the HttpServletRequest.
CsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf
An implementation of the CsrfTokenRequestHandler interface that is capable of making the CsrfToken available as a request attribute and resolving the token value as either a header or parameter value of the request.
CsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
 
csrfTokenRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.
csrfTokenRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.
CsrfTokenRequestHandler - Interface in org.springframework.security.web.csrf
A callback interface that is used to make the CsrfToken created by the CsrfTokenRepository available as a request attribute.
CsrfTokenRequestResolver - Interface in org.springframework.security.web.csrf
Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided HttpServletRequest.
CsrfWebFilter - Class in org.springframework.security.web.server.csrf
Applies CSRF protection using a synchronizer token pattern.
CsrfWebFilter() - Constructor for class org.springframework.security.web.server.csrf.CsrfWebFilter
 
css() - Static method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
Create an instance of DefaultResourcesFilter serving Spring Security's default CSS stylesheet.
css() - Static method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter
Create an instance of DefaultResourcesWebFilter serving Spring Security's default CSS stylesheet.
CTY - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
cty - the content type header is used by JWS/JWE applications to declare the media type of the secured content (the payload)
CumulativePermission - Class in org.springframework.security.acls.domain
Represents a Permission that is constructed at runtime from other permissions.
CumulativePermission() - Constructor for class org.springframework.security.acls.domain.CumulativePermission
 
currentDate - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Current formatted date.
currentDateGenerated - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Instant on which the currentDate object was generated.
CurrentSecurityContext - Annotation Interface in org.springframework.security.core.annotation
Annotation that is used to resolve the SecurityContext as a method argument.
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.messaging.handler.invocation.reactive
Allows resolving the Authentication.getPrincipal() using the CurrentSecurityContext annotation.
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.method.annotation
Allows resolving the SecurityContext using the CurrentSecurityContext annotation.
CurrentSecurityContextArgumentResolver - Class in org.springframework.security.web.reactive.result.method.annotation
Resolves the SecurityContext
CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
 
CurrentSecurityContextArgumentResolver() - Constructor for class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
 
CurrentSecurityContextArgumentResolver(ReactiveAdapterRegistry) - Constructor for class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
 
CUSTOM_FILTER - Static variable in class org.springframework.security.config.Elements
 
customize(WebSecurity) - Method in interface org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
Performs the customizations on WebSecurity.
customize(T) - Method in interface org.springframework.security.config.Customizer
Performs the customizations on the input argument.
customizeClientInboundChannel(ChannelRegistration) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
Allows subclasses to customize the configuration of the ChannelRegistration .
Customizer<T> - Interface in org.springframework.security.config
Callback interface that accepts a single input argument and returns no result.
customMethodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
CycleInRoleHierarchyException - Exception in org.springframework.security.access.hierarchicalroles
Exception that is thrown because of a cycle in the role hierarchy definition
CycleInRoleHierarchyException() - Constructor for exception org.springframework.security.access.hierarchicalroles.CycleInRoleHierarchyException
 

D

DaoAuthenticationConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails
Allows configuring a DaoAuthenticationProvider
DaoAuthenticationConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer
Creates a new instance
DaoAuthenticationProvider - Class in org.springframework.security.authentication.dao
An AuthenticationProvider implementation that retrieves user details from a UserDetailsService.
DaoAuthenticationProvider() - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
DaoAuthenticationProvider(PasswordEncoder) - Constructor for class org.springframework.security.authentication.dao.DaoAuthenticationProvider
Creates a new instance using the provided PasswordEncoder
databaseClient - Variable in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
dataSource(DataSource) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Populates the DataSource to be used.
debug() - Element in annotation interface org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
Controls debugging support for Spring Security.
debug(boolean) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Controls debugging support for Spring Security.
DEBUG - Static variable in class org.springframework.security.config.Elements
 
DEBUG_FILTER - Static variable in class org.springframework.security.config.BeanIds
 
DebugBeanDefinitionParser - Class in org.springframework.security.config
 
DebugBeanDefinitionParser() - Constructor for class org.springframework.security.config.DebugBeanDefinitionParser
 
DebugFilter - Class in org.springframework.security.web.debug
Spring Security debugging filter.
DebugFilter(FilterChainProxy) - Constructor for class org.springframework.security.web.debug.DebugFilter
 
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionManager
Deprecated.
Resolves an access control decision for the passed parameters.
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AffirmativeBased
Deprecated.
This concrete implementation simply polls all configured AccessDecisionVoters and grants access if any AccessDecisionVoter voted affirmatively.
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.ConsensusBased
Deprecated.
This concrete implementation simply polls all configured AccessDecisionVoters and upon completion determines the consensus of granted against denied responses.
decide(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.UnanimousBased
Deprecated.
This concrete implementation polls all configured AccessDecisionVoters for each ConfigAttribute and grants access if only grant (or abstain) votes were received.
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.AfterInvocationProvider
Deprecated.
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
Deprecated.
Given the details of a secure object invocation including its returned Object, make an access control decision or optionally modify the returned Object.
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
Deprecated.
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
 
decide(Authentication, Object, Collection<ConfigAttribute>, Object) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
Decided whether the presented FilterInvocation provides the appropriate level of channel security based on the requested list of ConfigAttributes.
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
decide(FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
decode(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64
Deprecated.
 
decode(byte[]) - Static method in class org.springframework.security.crypto.codec.Utf8
Decode the bytes in UTF-8 form into a String.
decode(CharSequence) - Static method in class org.springframework.security.crypto.codec.Hex
 
decode(String) - Method in interface org.springframework.security.oauth2.jwt.JwtDecoder
Decodes the JWT from it's compact claims representation format and returns a Jwt.
decode(String) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Decode and validate the JWT from its compact claims representation format
decode(String) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
 
decode(String) - Method in interface org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
Decodes the JWT from it's compact claims representation format and returns a Jwt.
decode(String) - Method in class org.springframework.security.oauth2.jwt.SupplierJwtDecoder
Decodes the JWT from it's compact claims representation format and returns a Jwt.
decode(String) - Method in class org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder
Decodes the JWT from it's compact claims representation format and returns a Jwt.
decode(Publisher<DataBuffer>, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
Deprecated.
 
DECODE - Static variable in class org.springframework.security.crypto.codec.Base64
Deprecated.
Specify decoding in first bit.
decodeCookie(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Decodes the cookie and splits it into a set of token strings using the ":" delimiter.
decoder(JwtDecoder) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
 
decodeToMono(Publisher<DataBuffer>, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
Deprecated.
 
decorate(FilterChain) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator
Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(FilterChain) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator
Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(FilterChain) - Method in class org.springframework.security.web.ObservationFilterChainDecorator
 
decorate(FilterChain, List<Filter>) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainDecorator
Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator
Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(FilterChain, List<Filter>) - Method in class org.springframework.security.web.ObservationFilterChainDecorator
 
decorate(WebFilterChain) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator
 
decorate(WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(WebFilterChain) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator
Provide a new FilterChain that accounts for needed security considerations when there are no security filters.
decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.ObservationWebFilterChainDecorator
 
decorate(WebFilterChain, List<WebFilter>) - Method in class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(WebFilterChain, List<WebFilter>) - Method in interface org.springframework.security.web.server.WebFilterChainProxy.WebFilterChainDecorator
Provide a new FilterChain that accounts for the provided filters as well as the original filter chain.
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
 
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
 
decorate(Node, BeanDefinitionHolder, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
 
decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.AesBytesEncryptor
 
decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
 
decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
 
decrypt(byte[]) - Method in interface org.springframework.security.crypto.encrypt.BytesEncryptor
Decrypt the byte array.
decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
decrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
decrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
decrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
decrypt(String) - Method in interface org.springframework.security.crypto.encrypt.TextEncryptor
Decrypt the encrypted text string.
decryption(PrivateKey, X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
Create a Saml2X509Credential that can be used for decryption.
DECRYPTION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
 
DECRYPTION_ERROR - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The system failed to decrypt an assertion or a name identifier.
decryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
decryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Apply this Consumer to the Collection of Saml2X509Credentials for the purposes of modifying the Collection
DEF_AUTHORITIES_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
DEF_CHANGE_PASSWORD_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_CREATE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_GROUP_AUTHORITIES_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_GROUP_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_GROUP_MEMBER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_GROUP_MEMBERS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_USER_AUTHORITIES_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_DELETE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_FIND_GROUP_ID_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_FIND_GROUPS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_FIND_USERS_IN_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
DEF_GROUP_AUTHORITIES_QUERY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_GROUP_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
DEF_GROUP_SEARCH_FILTER - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
DEF_INSERT_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_INSERT_GROUP_AUTHORITY_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_INSERT_GROUP_MEMBER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_INSERT_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_INSERT_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
The default SQL used by createNewToken
DEF_REMOVE_USER_TOKENS_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
The default SQL used by removeUserTokens
DEF_RENAME_GROUP_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_TOKEN_BY_SERIES_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
The default SQL used by the getTokenBySeries query
DEF_UPDATE_TOKEN_SQL - Static variable in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
The default SQL used by updateToken
DEF_UPDATE_USER_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_USER_EXISTS_SQL - Static variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
DEF_USER_SEARCH_BASE - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
DEF_USERS_BY_USERNAME_QUERY - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
DEFAULT - Enum constant in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
 
DEFAULT_ACL_CLASS_ID_SELECT_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
DEFAULT_AUTHENTICATION_REQUEST_URI - Static variable in interface org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver
 
DEFAULT_AUTHORIZATION_REQUEST_BASE_URI - Static variable in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
The default base URI used for authorization requests.
DEFAULT_AUTHORIZATION_REQUEST_PATTERN - Static variable in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
The default pattern used to resolve the ClientRegistration.getRegistrationId()
DEFAULT_CAS_ARTIFACT_PARAMETER - Static variable in class org.springframework.security.cas.ServiceProperties
 
DEFAULT_CAS_SERVICE_PARAMETER - Static variable in class org.springframework.security.cas.ServiceProperties
 
DEFAULT_CSRF_ATTR_NAME - Static variable in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
The default request attribute to look for a CsrfToken.
DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.csrf.CsrfFilter
The default RequestMatcher that indicates if CSRF protection is required or not.
DEFAULT_CSRF_MATCHER - Static variable in class org.springframework.security.web.server.csrf.CsrfWebFilter
 
DEFAULT_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer
Default extractor for Throwable instances.
DEFAULT_FILTER_NAME - Static variable in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
 
DEFAULT_FILTER_PROCESSES_URI - Static variable in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
The default URI where this Filter processes authentication requests.
DEFAULT_FILTER_PROCESSES_URI - Static variable in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
 
DEFAULT_LOGIN_PAGE_URL - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
DEFAULT_LOGOUT_SUCCESS_URL - Static variable in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
 
DEFAULT_METADATA_FILE_NAME - Static variable in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
 
DEFAULT_ORDER_BY_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
DEFAULT_PARAMETER - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME - Static variable in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
The name of the path variable that contains the ClientRegistration.getRegistrationId()
DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES - Static variable in class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
The default OAuth 2.0 error codes that will trigger removal of an OAuth2AuthorizedClient.
DEFAULT_REMOVE_AUTHORIZED_CLIENT_ERROR_CODES - Static variable in class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
The default OAuth 2.0 error codes that will trigger removal of the authorized client.
DEFAULT_REQUEST_ATTR_NAME - Static variable in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
The default request attribute name to use.
DEFAULT_SAML_ARTIFACT_PARAMETER - Static variable in class org.springframework.security.cas.SamlServiceProperties
 
DEFAULT_SAML_SERVICE_PARAMETER - Static variable in class org.springframework.security.cas.SamlServiceProperties
 
DEFAULT_SELECT_CLAUSE - Static variable in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
DEFAULT_SERIES_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
DEFAULT_SPRING_SECURITY_CONTEXT_ATTR_NAME - Static variable in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
The default session attribute name to save and load the SecurityContext
DEFAULT_TOKEN_LENGTH - Static variable in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
DEFAULT_USER_SCHEMA_DDL_LOCATION - Static variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
defaultAccessDeniedHandlerFor(AccessDeniedHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Sets a default AccessDeniedHandler to be used which prefers being invoked for the provided RequestMatcher.
DefaultActiveDirectoryAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication.ad
The default strategy for obtaining user role information from the active directory.
DefaultActiveDirectoryAuthoritiesPopulator() - Constructor for class org.springframework.security.ldap.authentication.ad.DefaultActiveDirectoryAuthoritiesPopulator
 
DefaultAddressStandardClaim - Class in org.springframework.security.oauth2.core.oidc
The default implementation of an Address Claim.
DefaultAddressStandardClaim.Builder - Class in org.springframework.security.oauth2.core.oidc
defaultAuthenticationEntryPointFor(AuthenticationEntryPoint, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Sets a default AuthenticationEntryPoint to be used which prefers being invoked for the provided RequestMatcher.
DefaultAuthenticationEventPublisher - Class in org.springframework.security.authentication
The default strategy for publishing authentication events.
DefaultAuthenticationEventPublisher() - Constructor for class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
 
DefaultAuthenticationEventPublisher(ApplicationEventPublisher) - Constructor for class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
 
DefaultAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
DefaultAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
Deprecated.
 
DefaultBearerTokenResolver - Class in org.springframework.security.oauth2.server.resource.web
The default BearerTokenResolver implementation based on RFC 6750.
DefaultBearerTokenResolver() - Constructor for class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
 
DefaultClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
DefaultClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
Deprecated.
 
DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
DefaultContextAttributesMapper() - Constructor for class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper
 
DefaultCsrfToken - Class in org.springframework.security.web.csrf
A CSRF token that is used to protect against CSRF attacks.
DefaultCsrfToken - Class in org.springframework.security.web.server.csrf
A CSRF token that is used to protect against CSRF attacks.
DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.csrf.DefaultCsrfToken
Creates a new instance
DefaultCsrfToken(String, String, String) - Constructor for class org.springframework.security.web.server.csrf.DefaultCsrfToken
Creates a new instance
DefaultFilterChainValidator - Class in org.springframework.security.config.http
 
DefaultFilterChainValidator() - Constructor for class org.springframework.security.config.http.DefaultFilterChainValidator
 
DefaultFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.intercept
Default implementation of FilterInvocationDefinitionSource.
DefaultFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
Sets the internal request map from the supplied map.
DefaultHttpFirewall - Class in org.springframework.security.web.firewall
User's should consider using StrictHttpFirewall because rather than trying to sanitize a malicious URL it rejects the malicious URL providing better security guarantees.
DefaultHttpFirewall() - Constructor for class org.springframework.security.web.firewall.DefaultHttpFirewall
 
DefaultHttpSecurityExpressionHandler - Class in org.springframework.security.web.access.expression
DefaultHttpSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
 
defaultIvGenerator() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
DefaultJaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
Creates a LoginContext using the Configuration provided to it.
DefaultJaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
 
DefaultJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
DefaultJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
Deprecated.
 
DefaultLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.userdetails
The default strategy for obtaining user role information from the directory.
DefaultLdapAuthoritiesPopulator(ContextSource, String) - Constructor for class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Constructor for group search scenarios.
DefaultLdapUsernameToDnMapper - Class in org.springframework.security.ldap
This implementation appends a name component to the userDnBase context using the usernameAttributeName property.
DefaultLdapUsernameToDnMapper(String, String) - Constructor for class org.springframework.security.ldap.DefaultLdapUsernameToDnMapper
 
DefaultLoginExceptionResolver - Class in org.springframework.security.authentication.jaas
This LoginExceptionResolver simply wraps the LoginException with an AuthenticationServiceException.
DefaultLoginExceptionResolver() - Constructor for class org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver
 
DefaultLoginPageConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds a Filter that will generate a login page if one is not specified otherwise when using EnableWebSecurity.
DefaultLoginPageConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
 
DefaultLoginPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
For internal use with namespace configuration in the case where a user doesn't configure a login page.
DefaultLoginPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
DefaultLoginPageGeneratingFilter(UsernamePasswordAuthenticationFilter) - Constructor for class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
DefaultLogoutPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
Generates a default log out page.
DefaultLogoutPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
 
defaultLogoutSuccessHandlerFor(LogoutSuccessHandler, RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Sets a default LogoutSuccessHandler to be used which prefers being invoked for the provided RequestMatcher.
DefaultMapOAuth2AccessTokenResponseConverter - Class in org.springframework.security.oauth2.core.endpoint
A Converter that converts the provided OAuth 2.0 Access Token Response parameters to an OAuth2AccessTokenResponse.
DefaultMapOAuth2AccessTokenResponseConverter() - Constructor for class org.springframework.security.oauth2.core.endpoint.DefaultMapOAuth2AccessTokenResponseConverter
 
DefaultMessageSecurityExpressionHandler<T> - Class in org.springframework.security.messaging.access.expression
The default implementation of SecurityExpressionHandler which uses a MessageSecurityExpressionRoot.
DefaultMessageSecurityExpressionHandler() - Constructor for class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
 
DefaultMessageSecurityMetadataSource - Class in org.springframework.security.messaging.access.intercept
DefaultMessageSecurityMetadataSource(LinkedHashMap<MessageMatcher<?>, Collection<ConfigAttribute>>) - Constructor for class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
Deprecated.
 
DefaultMethodSecurityExpressionHandler - Class in org.springframework.security.access.expression.method
The standard implementation of MethodSecurityExpressionHandler.
DefaultMethodSecurityExpressionHandler() - Constructor for class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
DefaultOAuth2AccessTokenResponseMapConverter - Class in org.springframework.security.oauth2.core.endpoint
A Converter that converts the provided OAuth2AccessTokenResponse to a Map representation of the OAuth 2.0 Access Token Response parameters.
DefaultOAuth2AccessTokenResponseMapConverter() - Constructor for class org.springframework.security.oauth2.core.endpoint.DefaultOAuth2AccessTokenResponseMapConverter
 
DefaultOAuth2AuthenticatedPrincipal - Class in org.springframework.security.oauth2.core
A domain object that wraps the attributes of an OAuth 2.0 token.
DefaultOAuth2AuthenticatedPrincipal(String, Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
Constructs an DefaultOAuth2AuthenticatedPrincipal using the provided parameters.
DefaultOAuth2AuthenticatedPrincipal(Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
Constructs an DefaultOAuth2AuthenticatedPrincipal using the provided parameters.
DefaultOAuth2AuthorizationRequestResolver - Class in org.springframework.security.oauth2.client.web
An implementation of an OAuth2AuthorizationRequestResolver that attempts to resolve an OAuth2AuthorizationRequest from the provided HttpServletRequest using the default request URI pattern /oauth2/authorization/{registrationId}.
DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
Constructs a DefaultOAuth2AuthorizationRequestResolver using the provided parameters.
DefaultOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client.web
The default implementation of an OAuth2AuthorizedClientManager for use within the context of a HttpServletRequest.
DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
Constructs a DefaultOAuth2AuthorizedClientManager using the provided parameters.
DefaultOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client.web
The default implementation of the contextAttributesMapper.
DefaultOAuth2TokenRequestHeadersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
Default Converter used to convert an AbstractOAuth2AuthorizationGrantRequest to the HttpHeaders of a RequestEntity representation of an OAuth 2.0 Access Token Request for the specific Authorization Grant.
DefaultOAuth2TokenRequestHeadersConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter
 
DefaultOAuth2User - Class in org.springframework.security.oauth2.core.user
The default implementation of an OAuth2User.
DefaultOAuth2User(Collection<? extends GrantedAuthority>, Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.DefaultOAuth2User
Constructs a DefaultOAuth2User using the provided parameters.
DefaultOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo
An implementation of an OAuth2UserService that supports standard OAuth 2.0 Provider's.
DefaultOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
 
DefaultOidcUser - Class in org.springframework.security.oauth2.core.oidc.user
The default implementation of an OidcUser.
DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
Constructs a DefaultOidcUser using the provided parameters.
DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
Constructs a DefaultOidcUser using the provided parameters.
DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
Constructs a DefaultOidcUser using the provided parameters.
DefaultOidcUser(Collection<? extends GrantedAuthority>, OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
Constructs a DefaultOidcUser using the provided parameters.
DefaultOneTimeToken - Class in org.springframework.security.authentication.ott
A default implementation of OneTimeToken
DefaultOneTimeToken(String, String, Instant) - Constructor for class org.springframework.security.authentication.ott.DefaultOneTimeToken
 
DefaultOneTimeTokenSubmitPageGeneratingFilter - Class in org.springframework.security.web.authentication.ui
Creates a default one-time token submit page.
DefaultOneTimeTokenSubmitPageGeneratingFilter() - Constructor for class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
 
DefaultPasswordTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
DefaultPasswordTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
Deprecated.
 
DefaultPayloadExchange - Class in org.springframework.security.rsocket.core
Default implementation of PayloadExchange
DefaultPayloadExchange(PayloadExchangeType, Payload, MimeType, MimeType) - Constructor for class org.springframework.security.rsocket.core.DefaultPayloadExchange
 
DefaultPermissionFactory - Class in org.springframework.security.acls.domain
Default implementation of PermissionFactory.
DefaultPermissionFactory() - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory
Registers the Permission fields from the BasePermission class.
DefaultPermissionFactory(Class<? extends Permission>) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory
Registers the Permission fields from the supplied class.
DefaultPermissionFactory(Map<String, ? extends Permission>) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionFactory
Registers a map of named Permission instances.
DefaultPermissionGrantingStrategy - Class in org.springframework.security.acls.domain
 
DefaultPermissionGrantingStrategy(AuditLogger) - Constructor for class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy
Creates an instance with the logger which will be used to record granting and denial of requested permissions.
DefaultReactiveOAuth2AuthorizedClientManager - Class in org.springframework.security.oauth2.client.web
The default implementation of a ReactiveOAuth2AuthorizedClientManager for use within the context of a ServerWebExchange.
DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
Constructs a DefaultReactiveOAuth2AuthorizedClientManager using the provided parameters.
DefaultReactiveOAuth2AuthorizedClientManager.DefaultContextAttributesMapper - Class in org.springframework.security.oauth2.client.web
The default implementation of the contextAttributesMapper.
DefaultReactiveOAuth2UserService - Class in org.springframework.security.oauth2.client.userinfo
An implementation of an ReactiveOAuth2UserService that supports standard OAuth 2.0 Provider's.
DefaultReactiveOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
 
DefaultRedirectStrategy - Class in org.springframework.security.web
Simple implementation of RedirectStrategy which is the default used throughout the framework.
DefaultRedirectStrategy() - Constructor for class org.springframework.security.web.DefaultRedirectStrategy
 
DefaultRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
DefaultRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
Deprecated.
 
DefaultRelyingPartyRegistrationResolver - Class in org.springframework.security.saml2.provider.service.web
A Converter that resolves a RelyingPartyRegistration by extracting the registration id from the request, querying a RelyingPartyRegistrationRepository, and resolving any template values.
DefaultRelyingPartyRegistrationResolver(RelyingPartyRegistrationRepository) - Constructor for class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
 
defaultRequest() - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Provides defaults for the HttpServletRequest and the HttpServletResponse using RequestContextHolder.
DefaultRequestRejectedHandler - Class in org.springframework.security.web.firewall
Default implementation of RequestRejectedHandler that simply rethrows the exception.
DefaultRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
 
DefaultResourcesFilter - Class in org.springframework.security.web.authentication.ui
Serve common static assets used in default UIs, such as CSS or Javascript files.
DefaultResourcesWebFilter - Class in org.springframework.security.web.server.ui
Serve common static assets used in default UIs, such as CSS or Javascript files.
defaults() - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
The default AuthorizationAdvisorProxyFactory.TargetVisitor, which will proxy Class instances as well as instances contained in reactive types (if reactor is present), collection types, and other container types like Optional and Supplier
DefaultSaml2AuthenticatedPrincipal - Class in org.springframework.security.saml2.provider.service.authentication
Default implementation of a Saml2AuthenticatedPrincipal.
DefaultSaml2AuthenticatedPrincipal(String, Map<String, List<Object>>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
DefaultSaml2AuthenticatedPrincipal(String, Map<String, List<Object>>, List<String>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
DefaultSavedRequest - Class in org.springframework.security.web.savedrequest
Represents central information from a HttpServletRequest.
DefaultSavedRequest(HttpServletRequest, PortResolver) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
DefaultSavedRequest(HttpServletRequest, PortResolver, String) - Constructor for class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
DefaultSavedRequest.Builder - Class in org.springframework.security.web.savedrequest
 
defaultsDisabled() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Clears all of the default headers from the response.
DefaultSecurityFilterChain - Class in org.springframework.security.web
Standard implementation of SecurityFilterChain.
DefaultSecurityFilterChain(RequestMatcher, Filter...) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
 
DefaultSecurityFilterChain(RequestMatcher, List<Filter>) - Constructor for class org.springframework.security.web.DefaultSecurityFilterChain
 
DefaultSecurityParameterNameDiscoverer - Class in org.springframework.security.core.parameters
Spring Security's default ParameterNameDiscoverer which tries a number of ParameterNameDiscoverer depending on what is found on the classpath.
DefaultSecurityParameterNameDiscoverer() - Constructor for class org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer
Creates a new instance with only the default ParameterNameDiscoverer instances.
DefaultSecurityParameterNameDiscoverer(List<? extends ParameterNameDiscoverer>) - Constructor for class org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer
Creates a new instance that first tries the passed in ParameterNameDiscoverer instances.
DefaultServerOAuth2AuthorizationRequestResolver - Class in org.springframework.security.oauth2.client.web.server
The default implementation of ServerOAuth2AuthorizationRequestResolver.
DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
Creates a new instance
DefaultServerOAuth2AuthorizationRequestResolver(ReactiveClientRegistrationRepository, ServerWebExchangeMatcher) - Constructor for class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
Creates a new instance
DefaultServerRedirectStrategy - Class in org.springframework.security.web.server
The default ServerRedirectStrategy to use.
DefaultServerRedirectStrategy() - Constructor for class org.springframework.security.web.server.DefaultServerRedirectStrategy
 
defaultsForSpringSecurity_v4_1() - Static method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
defaultsForSpringSecurity_v5_2() - Static method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
defaultsForSpringSecurity_v5_5() - Static method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length of 32 bytes, parallelism of 1, memory cost of 1 << 14 and 2 iterations.
defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
Constructs a PBKDF2 password encoder with no additional secret value.
defaultsForSpringSecurity_v5_8() - Static method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
Constructs a SCrypt password encoder with cpu cost of 65,536, memory cost of 8, parallelization of 1, a key length of 32 and a salt length of 16 bytes.
DefaultSpringSecurityContextSource - Class in org.springframework.security.ldap
ContextSource implementation which uses Spring LDAP's LdapContextSource as a base class.
DefaultSpringSecurityContextSource(String) - Constructor for class org.springframework.security.ldap.DefaultSpringSecurityContextSource
Create and initialize an instance which will connect to the supplied LDAP URL.
DefaultSpringSecurityContextSource(List<String>, String) - Constructor for class org.springframework.security.ldap.DefaultSpringSecurityContextSource
Create and initialize an instance which will connect of the LDAP Spring Security Context Source.
defaultsSkipValueTypes() - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
The default AuthorizationAdvisorProxyFactory.TargetVisitor that also skips any value types (for example, String, Integer).
defaultSubmitPageUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Sets the URL that the default submit page will be generated.
defaultSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating.
defaultSuccessUrl(String, boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies where users will be redirected after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.
DefaultToken - Class in org.springframework.security.core.token
The default implementation of Token.
DefaultToken(String, long, String) - Constructor for class org.springframework.security.core.token.DefaultToken
 
DefaultTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
DefaultTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
Deprecated.
 
DefaultWebFilterChainDecorator() - Constructor for class org.springframework.security.web.server.WebFilterChainProxy.DefaultWebFilterChainDecorator
 
DefaultWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
DefaultWebInvocationPrivilegeEvaluator(AbstractSecurityInterceptor) - Constructor for class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
Deprecated.
 
DefaultWebSecurityExpressionHandler - Class in org.springframework.security.web.access.expression
 
DefaultWebSecurityExpressionHandler() - Constructor for class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
 
DeferredCsrfToken - Interface in org.springframework.security.web.csrf
An interface that allows delayed access to a CsrfToken that may be generated.
DeferredSecurityContext - Interface in org.springframework.security.core.context
An interface that allows delayed access to a SecurityContext that may be generated.
DelegateEntry(ServerWebExchangeMatcher, ServerAccessDeniedHandler) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
 
DelegateEntry(ServerWebExchangeMatcher, ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
 
DelegatingAccessDeniedHandler - Class in org.springframework.security.web.access
DelegatingAccessDeniedHandler(LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.DelegatingAccessDeniedHandler
Creates a new instance
delegatingApplicationListener() - Static method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
DelegatingApplicationListener - Class in org.springframework.security.context
Used for delegating to a number of SmartApplicationListener instances.
DelegatingApplicationListener() - Constructor for class org.springframework.security.context.DelegatingApplicationListener
 
DelegatingAuthenticationConverter - Class in org.springframework.security.web.authentication
A AuthenticationConverter, that iterates over multiple AuthenticationConverter.
DelegatingAuthenticationConverter(List<AuthenticationConverter>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
 
DelegatingAuthenticationConverter(AuthenticationConverter...) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationConverter
 
DelegatingAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
An AuthenticationEntryPoint which selects a concrete AuthenticationEntryPoint based on a RequestMatcher evaluation.
DelegatingAuthenticationEntryPoint(LinkedHashMap<RequestMatcher, AuthenticationEntryPoint>) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
 
DelegatingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
DelegatingAuthenticationFailureHandler(LinkedHashMap<Class<? extends AuthenticationException>, AuthenticationFailureHandler>, AuthenticationFailureHandler) - Constructor for class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
Creates a new instance
DelegatingJwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication
A Jwt to GrantedAuthority Converter that is a composite of converters.
DelegatingJwtGrantedAuthoritiesConverter(Collection<Converter<Jwt, Collection<GrantedAuthority>>>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
Constructs a DelegatingJwtGrantedAuthoritiesConverter using the provided Collection of Converters
DelegatingJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>>...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.DelegatingJwtGrantedAuthoritiesConverter
Constructs a DelegatingJwtGrantedAuthoritiesConverter using the provided array of Converters
DelegatingLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
Delegates to logout handlers based on matched request matchers
DelegatingLogoutSuccessHandler(LinkedHashMap<RequestMatcher, LogoutSuccessHandler>) - Constructor for class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
 
DelegatingMethodSecurityMetadataSource - Class in org.springframework.security.access.method
Deprecated.
Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
DelegatingMethodSecurityMetadataSource(List<MethodSecurityMetadataSource>) - Constructor for class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
Deprecated.
 
DelegatingOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider that simply delegates to it's internal List of OAuth2AuthorizedClientProvider(s).
DelegatingOAuth2AuthorizedClientProvider(List<OAuth2AuthorizedClientProvider>) - Constructor for class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
Constructs a DelegatingOAuth2AuthorizedClientProvider using the provided parameters.
DelegatingOAuth2AuthorizedClientProvider(OAuth2AuthorizedClientProvider...) - Constructor for class org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider
Constructs a DelegatingOAuth2AuthorizedClientProvider using the provided parameters.
DelegatingOAuth2TokenValidator<T extends OAuth2Token> - Class in org.springframework.security.oauth2.core
A composite validator
DelegatingOAuth2TokenValidator(Collection<OAuth2TokenValidator<T>>) - Constructor for class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
Constructs a DelegatingOAuth2TokenValidator using the provided validators.
DelegatingOAuth2TokenValidator(OAuth2TokenValidator<T>...) - Constructor for class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
Constructs a DelegatingOAuth2TokenValidator using the provided validators.
DelegatingOAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> - Class in org.springframework.security.oauth2.client.userinfo
An implementation of an OAuth2UserService that simply delegates to it's internal List of OAuth2UserService(s).
DelegatingOAuth2UserService(List<OAuth2UserService<R, U>>) - Constructor for class org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService
Constructs a DelegatingOAuth2UserService using the provided parameters.
DelegatingPasswordEncoder - Class in org.springframework.security.crypto.password
A password encoder that delegates to another PasswordEncoder based upon a prefixed identifier.
DelegatingPasswordEncoder(String, Map<String, PasswordEncoder>) - Constructor for class org.springframework.security.crypto.password.DelegatingPasswordEncoder
Creates a new instance
DelegatingPasswordEncoder(String, Map<String, PasswordEncoder>, String, String) - Constructor for class org.springframework.security.crypto.password.DelegatingPasswordEncoder
Creates a new instance
DelegatingReactiveAuthenticationManager - Class in org.springframework.security.authentication
DelegatingReactiveAuthenticationManager(List<ReactiveAuthenticationManager>) - Constructor for class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
 
DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager...) - Constructor for class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
 
DelegatingReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization
 
DelegatingReactiveAuthorizationManager.Builder - Class in org.springframework.security.web.server.authorization
 
DelegatingReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientProvider that simply delegates to it's internal List of ReactiveOAuth2AuthorizedClientProvider(s).
DelegatingReactiveOAuth2AuthorizedClientProvider(List<ReactiveOAuth2AuthorizedClientProvider>) - Constructor for class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
Constructs a DelegatingReactiveOAuth2AuthorizedClientProvider using the provided parameters.
DelegatingReactiveOAuth2AuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider...) - Constructor for class org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider
Constructs a DelegatingReactiveOAuth2AuthorizedClientProvider using the provided parameters.
DelegatingRequestMatcherHeaderWriter - Class in org.springframework.security.web.header.writers
Delegates to the provided HeaderWriter when RequestMatcher.matches(HttpServletRequest) returns true.
DelegatingRequestMatcherHeaderWriter(RequestMatcher, HeaderWriter) - Constructor for class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
Creates a new instance
DelegatingSecurityContextAsyncTaskExecutor - Class in org.springframework.security.task
An AsyncTaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.
DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor) - Constructor for class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
Creates a new DelegatingSecurityContextAsyncTaskExecutor that uses the current SecurityContext.
DelegatingSecurityContextAsyncTaskExecutor(AsyncTaskExecutor, SecurityContext) - Constructor for class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
Creates a new DelegatingSecurityContextAsyncTaskExecutor that uses the specified SecurityContext.
DelegatingSecurityContextCallable<V> - Class in org.springframework.security.concurrent
Wraps a delegate Callable with logic for setting up a SecurityContext before invoking the delegate Callable and then removing the SecurityContext after the delegate has completed.
DelegatingSecurityContextCallable(Callable<V>) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextCallable
DelegatingSecurityContextCallable(Callable<V>, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextCallable
Creates a new DelegatingSecurityContextCallable with a specific SecurityContext.
DelegatingSecurityContextExecutor - Class in org.springframework.security.concurrent
DelegatingSecurityContextExecutor(Executor) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
Creates a new DelegatingSecurityContextExecutor that uses the current SecurityContext from the SecurityContextHolder at the time the task is submitted.
DelegatingSecurityContextExecutor(Executor, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
Creates a new DelegatingSecurityContextExecutor that uses the specified SecurityContext.
DelegatingSecurityContextExecutorService - Class in org.springframework.security.concurrent
DelegatingSecurityContextExecutorService(ExecutorService) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
DelegatingSecurityContextExecutorService(ExecutorService, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
Creates a new DelegatingSecurityContextExecutorService that uses the specified SecurityContext.
DelegatingSecurityContextRepository - Class in org.springframework.security.web.context
 
DelegatingSecurityContextRepository(List<SecurityContextRepository>) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository
 
DelegatingSecurityContextRepository(SecurityContextRepository...) - Constructor for class org.springframework.security.web.context.DelegatingSecurityContextRepository
 
DelegatingSecurityContextRunnable - Class in org.springframework.security.concurrent
Wraps a delegate Runnable with logic for setting up a SecurityContext before invoking the delegate Runnable and then removing the SecurityContext after the delegate has completed.
DelegatingSecurityContextRunnable(Runnable) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
DelegatingSecurityContextRunnable(Runnable, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
Creates a new DelegatingSecurityContextRunnable with a specific SecurityContext.
DelegatingSecurityContextScheduledExecutorService - Class in org.springframework.security.concurrent
DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
DelegatingSecurityContextScheduledExecutorService(ScheduledExecutorService, SecurityContext) - Constructor for class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
DelegatingSecurityContextSchedulingTaskExecutor - Class in org.springframework.security.scheduling
An SchedulingTaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable and each Callable in a DelegatingSecurityContextCallable.
DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
DelegatingSecurityContextSchedulingTaskExecutor(SchedulingTaskExecutor, SecurityContext) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
DelegatingSecurityContextTaskExecutor - Class in org.springframework.security.task
An TaskExecutor which wraps each Runnable in a DelegatingSecurityContextRunnable.
DelegatingSecurityContextTaskExecutor(TaskExecutor) - Constructor for class org.springframework.security.task.DelegatingSecurityContextTaskExecutor
DelegatingSecurityContextTaskExecutor(TaskExecutor, SecurityContext) - Constructor for class org.springframework.security.task.DelegatingSecurityContextTaskExecutor
Creates a new DelegatingSecurityContextTaskExecutor that uses the specified SecurityContext.
DelegatingSecurityContextTaskScheduler - Class in org.springframework.security.scheduling
An implementation of TaskScheduler invoking it whenever the trigger indicates a next execution time.
DelegatingSecurityContextTaskScheduler(TaskScheduler) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
DelegatingSecurityContextTaskScheduler(TaskScheduler, SecurityContext) - Constructor for class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
Creates a new DelegatingSecurityContextTaskScheduler that uses the specified SecurityContext.
DelegatingServerAuthenticationConverter - Class in org.springframework.security.web.server.authentication
DelegatingServerAuthenticationConverter(List<ServerAuthenticationConverter>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
 
DelegatingServerAuthenticationConverter(ServerAuthenticationConverter...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
 
DelegatingServerAuthenticationEntryPoint - Class in org.springframework.security.web.server
DelegatingServerAuthenticationEntryPoint(List<DelegatingServerAuthenticationEntryPoint.DelegateEntry>) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
 
DelegatingServerAuthenticationEntryPoint(DelegatingServerAuthenticationEntryPoint.DelegateEntry...) - Constructor for class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
 
DelegatingServerAuthenticationEntryPoint.DelegateEntry - Class in org.springframework.security.web.server
 
DelegatingServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
Delegates to a collection of ServerAuthenticationSuccessHandler implementations.
DelegatingServerAuthenticationSuccessHandler(List<ServerAuthenticationSuccessHandler>) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
Creates a new instance with the provided list of delegates
DelegatingServerAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler...) - Constructor for class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
 
DelegatingServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
Delegates to a collection of ServerLogoutHandler implementations.
DelegatingServerLogoutHandler(Collection<ServerLogoutHandler>) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
 
DelegatingServerLogoutHandler(ServerLogoutHandler...) - Constructor for class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
 
delete - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
DELETE - Static variable in class org.springframework.security.acls.domain.BasePermission
 
deleteAce(int) - Method in class org.springframework.security.acls.domain.AclImpl
 
deleteAce(int) - Method in interface org.springframework.security.acls.model.MutableAcl
 
deleteAcl(ObjectIdentity, boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
deleteAcl(ObjectIdentity, boolean) - Method in interface org.springframework.security.acls.model.MutableAclService
Removes the specified entry from the database.
deleteCookies(String...) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Allows specifying the names of cookies to be removed on logout success.
deleteEntries(Long) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Deletes all ACEs defined in the acl_entry table belonging to the presented ObjectIdentity primary key.
deleteGroup(String) - Method in interface org.springframework.security.provisioning.GroupManager
Removes a group, including all members and authorities.
deleteGroup(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
deleteObjectIdentity(Long) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Deletes a single row from acl_object_identity that is associated with the presented ObjectIdentity primary key.
deleteUser(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
deleteUser(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
deleteUser(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
deleteUser(String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Remove the user with the given login name from the system.
delux(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
Creates a text encryptor that uses "stronger" password-based encryption.
demergePatterns(String, String) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
 
deny() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
Specify to DENY framing any content from this application.
DENY - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
 
DENY - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
A browser receiving content with this header field MUST NOT display this content in any frame.
DENY_ALL_ATTRIBUTE - Static variable in class org.springframework.security.access.annotation.Jsr250SecurityConfig
Deprecated.
 
denyAll - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
Allows "denyAll" expression
denyAll() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Always denies access
denyAll() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
denyAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that URLs are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Messages are not allowed by anyone.
denyAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Deny access for everyone
denyAll() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Messages are not allowed by anyone.
denyAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specify that URLs are not allowed by anyone.
DenyAllPermissionEvaluator - Class in org.springframework.security.access.expression
A null PermissionEvaluator which denies all access.
DenyAllPermissionEvaluator() - Constructor for class org.springframework.security.access.expression.DenyAllPermissionEvaluator
 
destroy() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
 
destroy() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
destroy() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
destroy() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
Not used (we rely on IoC container lifecycle services instead)
destroy() - Method in class org.springframework.security.web.debug.DebugFilter
 
determineCauseChain(Throwable) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
Determines the cause chain of the provided Throwable.
determineExpiredUrl(HttpServletRequest, SessionInformation) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
determineTargetUrl(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
Builds the target URL according to the logic defined in the main class Javadoc.
determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler
 
determineTargetUrl(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
Builds the target URL according to the logic defined in the main class Javadoc
determineUrlToUseForThisRequest(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Allows subclasses to modify the login form URL that should be applicable for a given request.
DEVICE_CODE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
DEVICE_CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
device_code - used in Device Authorization Response and Device Access Token Request.
digest() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
digest(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a request.
DigestAuthenticationEntryPoint - Class in org.springframework.security.web.authentication.www
Used by the SecurityEnforcementFilter to commence authentication via the DigestAuthenticationFilter.
DigestAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
DigestAuthenticationFilter - Class in org.springframework.security.web.authentication.www
Processes a HTTP request's Digest authorization headers, putting the result into the SecurityContextHolder.
DigestAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
DigestRequestPostProcessor() - Constructor for class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
 
disable() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
Disables the AbstractHttpConfigurer by removing it.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig
Disables Cache Control
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig
Removes the X-XSS-Protection header.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
Prevents the header from being added to the response.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Prevents the header from being added to the response.
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
Disables Strict Transport Security
disable() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
Disables X-XSS-Protection header (does not include it)
disable() - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
 
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Disables anonymous authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec
Disables CORS support within Spring Security.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Disables CSRF Protection.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Disables HTTP Basic authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CacheSpec
Disables cache control response headers
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec
Disables the content type options response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Disables http response headers
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
Disables frame options response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
Disables strict transport security response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec
Disables the x-xss-protection response header
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
Disables HTTP Basic authentication.
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
Disables log out
disable() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
disabled(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Defines if the account is disabled or not.
disabled(boolean) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Defines if the account is disabled or not.
disabled(boolean) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
 
DISABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
 
DISABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
 
DisabledException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the account is disabled.
DisabledException(String) - Constructor for exception org.springframework.security.authentication.DisabledException
Constructs a DisabledException with the specified message.
DisabledException(String, Throwable) - Constructor for exception org.springframework.security.authentication.DisabledException
Constructs a DisabledException with the specified message and root cause.
DisableEncodeUrlFilter - Class in org.springframework.security.web.session
Disables encoding URLs using the HttpServletResponse to prevent including the session id in URLs which is not considered URL because the session id can be leaked in things like HTTP access logs.
DisableEncodeUrlFilter() - Constructor for class org.springframework.security.web.session.DisableEncodeUrlFilter
 
disableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Invoke this method to disable invoking OnCommittedResponseWrapper.onResponseCommitted() when the HttpServletResponse is committed.
disableSaveOnResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
Invoke this method to disable automatic saving of the SecurityContext when the HttpServletResponse is committed.
dispatcherTypeMatchers(DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Create a List of DispatcherTypeRequestMatcher instances that do not specify an HttpMethod.
dispatcherTypeMatchers(HttpMethod, DispatcherType...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Maps a List of DispatcherTypeRequestMatcher instances.
DispatcherTypeRequestMatcher - Class in org.springframework.security.web.util.matcher
Checks the DispatcherType to decide whether to match a given request.
DispatcherTypeRequestMatcher(DispatcherType) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
Creates an instance which matches requests with the provided DispatcherType
DispatcherTypeRequestMatcher(DispatcherType, HttpMethod) - Constructor for class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
Creates an instance which matches requests with the provided DispatcherType and HttpMethod
DN_KEY - Static variable in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Every search results where a record is defined by a Map<String,String[]> contains at least this key - the DN of the record itself.
DO_BREAK_LINES - Static variable in class org.springframework.security.crypto.codec.Base64
Deprecated.
Do break lines when encoding.
doAfterPropertiesSet() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
doAfterPropertiesSet() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
 
doAuthentication(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
 
doBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Executes the build using the SecurityConfigurer's that have been applied using the following steps: Invokes AbstractConfiguredSecurityBuilder.beforeInit() for any subclass to hook into Invokes SecurityConfigurer.init(SecurityBuilder) for any SecurityConfigurer that was applied to this builder. Invokes AbstractConfiguredSecurityBuilder.beforeConfigure() for any subclass to hook into Invokes AbstractConfiguredSecurityBuilder.performBuild() which actually builds the Object
doBuild() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
Subclasses should implement this to perform the build.
doEndTag() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
doEndTag() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
Default processing of the end tag returning EVAL_PAGE.
doEndTag() - Method in class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
 
doesRequestMatch(HttpServletRequest, PortResolver) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
Determines if the current request matches the DefaultSavedRequest.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
Method that is actually called by the filter chain.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Invokes the requiresAuthentication method to determine whether the request is for authentication and should be handled by this filter.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Try to authenticate a pre-authenticated user with Spring Security if the user has not yet been authenticated.
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
Deprecated.
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.debug.DebugFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.FilterChainProxy
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
Attempts to obtain and run as a JAAS Subject using JaasApiIntegrationFilter.obtainSubject(ServletRequest).
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.springframework.security.web.session.SessionManagementFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
Extract any Bearer Token from the request and attempt an authentication.
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.csrf.CsrfFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.header.HeaderWriterFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.RequestMatcherRedirectFilter
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.DisableEncodeUrlFilter
 
doFilterInternal(HttpServletRequest, HttpServletResponse, FilterChain) - Method in class org.springframework.security.web.session.ForceEagerSessionCreationFilter
 
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
 
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
 
doParse(Element, ParserContext, BeanDefinitionBuilder) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
doStartTag() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
 
doStartTag() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
doStartTag() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
Invokes the base class AbstractAuthorizeTag.authorize() method to decide if the body of the tag should be skipped or not.

E

Elements - Class in org.springframework.security.config
Contains all the element names used by Spring Security 3 namespace support.
Elements() - Constructor for class org.springframework.security.config.Elements
 
ELRequestMatcher - Class in org.springframework.security.web.util.matcher
A RequestMatcher implementation which uses a SpEL expression
ELRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ELRequestMatcher
 
email(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this email in the resulting OidcUserInfo
EMAIL - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
The email scope requests access to the email and email_verified claims.
EMAIL - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
email - the user's preferred e-mail address
EMAIL_VERIFIED - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
email_verified - true if the user's e-mail address has been verified, otherwise false
emailVerified(Boolean) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this verified-email indicator in the resulting OidcUserInfo
EMBEDDED_APACHE_DS - Static variable in class org.springframework.security.config.BeanIds
 
EMBEDDED_UNBOUNDID - Static variable in class org.springframework.security.config.BeanIds
 
EmbeddedLdapServerContainer - Interface in org.springframework.security.ldap.server
Provides lifecycle services for an embedded LDAP server.
EmbeddedLdapServerContextSourceFactoryBean - Class in org.springframework.security.config.ldap
Creates a DefaultSpringSecurityContextSource used to perform LDAP authentication and starts and in-memory LDAP server.
EmbeddedLdapServerContextSourceFactoryBean() - Constructor for class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
 
EMBEDDER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
 
ENABLED - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
 
ENABLED - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
 
ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
 
ENABLED_MODE_BLOCK - Enum constant in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
 
enableDefaultTyping(ObjectMapper) - Static method in class org.springframework.security.jackson2.SecurityJackson2Modules
 
EnableGlobalAuthentication - Annotation Interface in org.springframework.security.config.annotation.authentication.configuration
The EnableGlobalAuthentication annotation signals that the annotated class can be used to configure a global instance of AuthenticationManagerBuilder.
enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
EnableGlobalMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
Deprecated.
enableHttpSessionEventPublisher() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Override this if HttpSessionEventPublisher should be added as a listener.
EnableMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
Enables Spring Security Method Security.
EnableReactiveMethodSecurity - Annotation Interface in org.springframework.security.config.annotation.method.configuration
 
EnableRSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.rsocket
Add this annotation to a Configuration class to have Spring Security RSocketSecurity support added.
enableSessionUrlRewriting(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
If set to true, allows HTTP sessions to be rewritten in the URLs when using HttpServletResponse.encodeRedirectURL(String) or HttpServletResponse.encodeURL(String), otherwise disallows HTTP sessions to be included in the URL.
EnableWebFluxSecurity - Annotation Interface in org.springframework.security.config.annotation.web.reactive
Add this annotation to a Configuration class to have Spring Security WebFlux support added.
EnableWebMvcSecurity - Annotation Interface in org.springframework.security.config.annotation.web.servlet.configuration
Deprecated.
Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.
EnableWebSecurity - Annotation Interface in org.springframework.security.config.annotation.web.configuration
Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:
EnableWebSocketSecurity - Annotation Interface in org.springframework.security.config.annotation.web.socket
Allows configuring WebSocket Authorization.
encode(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64
Deprecated.
 
encode(byte[]) - Static method in class org.springframework.security.crypto.codec.Hex
 
encode(CharSequence) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
 
encode(CharSequence) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
encode(CharSequence) - Static method in class org.springframework.security.crypto.codec.Utf8
Get the bytes of the String in UTF-8 encoded form.
encode(CharSequence) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
 
encode(CharSequence) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
 
encode(CharSequence) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder
Deprecated.
Calculates the hash of password (and salt bytes, if supplied) and returns a base64 encoded concatenation of the hash and salt, prefixed with {SHA} (or {SSHA} if salt was used).
encode(CharSequence) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder
Deprecated.
Encodes the rawPass using a MessageDigest.
encode(CharSequence) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Deprecated.
Encodes the rawPass using a MessageDigest.
encode(CharSequence) - Method in class org.springframework.security.crypto.password.NoOpPasswordEncoder
Deprecated.
 
encode(CharSequence) - Method in interface org.springframework.security.crypto.password.PasswordEncoder
Encode the raw password.
encode(CharSequence) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
 
encode(CharSequence) - Method in class org.springframework.security.crypto.password.StandardPasswordEncoder
Deprecated.
 
encode(CharSequence) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
 
encode(CharSequence, byte[]) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
 
encode(Publisher<? extends BearerTokenMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
 
encode(Publisher<? extends UsernamePasswordMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
Deprecated.
 
encode(Publisher<? extends UsernamePasswordMetadata>, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder
 
encode(JwtEncoderParameters) - Method in interface org.springframework.security.oauth2.jwt.JwtEncoder
Encode the JWT to it's compact claims representation format.
encode(JwtEncoderParameters) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtEncoder
 
ENCODE - Static variable in class org.springframework.security.crypto.codec.Base64
Deprecated.
Specify encoding in first bit.
encodeAndConcatenate(CharSequence, byte[]) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
 
encodeCookie(String[]) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Inverse operation of decodeCookie.
encodeRedirectURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
 
encodeURL(String) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
 
encodeValue(BearerTokenMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BearerTokenAuthenticationEncoder
 
encodeValue(UsernamePasswordMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
Deprecated.
 
encodeValue(UsernamePasswordMetadata, DataBufferFactory, ResolvableType, MimeType, Map<String, Object>) - Method in class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder
 
EncodingUtils - Class in org.springframework.security.crypto.util
Static helper for encoding data.
encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.AesBytesEncryptor
 
encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesCbcBytesEncryptor
 
encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor
 
encrypt(byte[]) - Method in interface org.springframework.security.crypto.encrypt.BytesEncryptor
Encrypt the byte array.
encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
encrypt(byte[]) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
encrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
encrypt(String) - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
encrypt(String) - Method in interface org.springframework.security.crypto.encrypt.TextEncryptor
Encrypt the raw text string.
encryption(X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
Create a Saml2X509Credential that can be used for encryption.
ENCRYPTION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
 
encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Apply this Consumer to the list of Saml2X509Credentials
encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Apply this Consumer to the list of Saml2X509Credentials
encryptionX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Apply this Consumer to the list of Saml2X509Credentials
Encryptors - Class in org.springframework.security.crypto.encrypt
Factory for commonly used encryptors.
entityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Set the asserting party's EntityID.
entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Set the asserting party's EntityID.
entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Set the asserting party's EntityID.
entityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Set the relying party's EntityID.
Enumerator<T> - Class in org.springframework.security.web.savedrequest
Adapter that wraps an Enumeration around a Java 2 collection Iterator.
Enumerator(Collection<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
Return an Enumeration over the values of the specified Collection.
Enumerator(Collection<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
Return an Enumeration over the values of the specified Collection.
Enumerator(Iterator<T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
Return an Enumeration over the values returned by the specified Iterator.
Enumerator(Iterator<T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
Return an Enumeration over the values returned by the specified Iterator.
Enumerator(Map<?, T>) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
Return an Enumeration over the values of the specified Map.
Enumerator(Map<?, T>, boolean) - Constructor for class org.springframework.security.web.savedrequest.Enumerator
Return an Enumeration over the values of the specified Map.
equals(Object) - Method in class org.springframework.security.access.SecurityConfig
 
equals(Object) - Method in class org.springframework.security.acls.domain.AbstractPermission
 
equals(Object) - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
equals(Object) - Method in class org.springframework.security.acls.domain.AclImpl
 
equals(Object) - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
 
equals(Object) - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
Important so caching operates properly.
equals(Object) - Method in class org.springframework.security.acls.domain.PrincipalSid
 
equals(Object) - Method in interface org.springframework.security.acls.model.ObjectIdentity
 
equals(Object) - Method in interface org.springframework.security.acls.model.Sid
Refer to the java.lang.Object documentation for the interface contract.
equals(Object) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
equals(Object) - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
 
equals(Object) - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
 
equals(Object) - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
 
equals(Object) - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
equals(Object) - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
 
equals(Object) - Method in class org.springframework.security.core.context.SecurityContextImpl
 
equals(Object) - Method in class org.springframework.security.core.token.DefaultToken
 
equals(Object) - Method in class org.springframework.security.core.userdetails.User
Returns true if the supplied object is a User instance with the same username value.
equals(Object) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
Compares the LdapAuthority based on LdapAuthority.getAuthority() and LdapAuthority.getDn() values.
equals(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
equals(Object) - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
 
equals(Object) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
 
equals(Object) - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
 
equals(Object) - Method in class org.springframework.security.oauth2.core.AuthenticationMethod
 
equals(Object) - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
equals(Object) - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
equals(Object) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
 
equals(Object) - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
 
equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
 
equals(Object) - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
 
equals(Object) - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
 
equals(Object) - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
 
equals(Object) - Method in class org.springframework.security.saml2.core.Saml2X509Credential
 
equals(Object) - Method in class org.springframework.security.util.InMemoryResource
 
equals(Object) - Method in class org.springframework.security.web.access.intercept.RequestKey
 
equals(Object) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
 
equals(Object) - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
 
equals(Object) - Method in class org.springframework.security.web.header.Header
 
equals(Object) - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
 
equals(Object) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
equals(Object) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
 
equals(Object) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
 
equalTo(Function<Authentication, String>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl.AuthorizedUrlVariable
Compares the value of a path variable in the URI with an `Authentication` attribute
eraseCredentials() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
Checks the credentials, principal and details objects, invoking the eraseCredentials method on any which implement CredentialsContainer.
eraseCredentials() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 
eraseCredentials() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
eraseCredentials() - Method in interface org.springframework.security.core.CredentialsContainer
 
eraseCredentials() - Method in class org.springframework.security.core.userdetails.User
 
eraseCredentials() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
eraseCredentials(boolean) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 
error(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns a new OAuth2AuthorizationResponse.Builder, initialized with the error code.
ERROR - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
error - used in Authorization Response and Access Token Response.
ERROR_DESCRIPTION - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
error_description - used in Authorization Response and Access Token Response.
ERROR_PARAMETER_NAME - Static variable in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
ERROR_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
error_uri - used in Authorization Response and Access Token Response.
errorCode(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the error code.
errorConverter - Variable in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
 
errorDescription(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the error description.
errorOnInvalidType() - Element in annotation interface org.springframework.security.core.annotation.AuthenticationPrincipal
True if a ClassCastException should be thrown when the current Authentication.getPrincipal() is the incorrect type.
errorOnInvalidType() - Element in annotation interface org.springframework.security.core.annotation.CurrentSecurityContext
True if a ClassCastException should be thrown when the current SecurityContext is the incorrect type.
errorOnInvalidType() - Element in annotation interface org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Deprecated.
True if a ClassCastException should be thrown when the current Authentication.getPrincipal() is the incorrect type.
errorParametersConverter - Variable in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
 
errors(Consumer<Collection<Saml2Error>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult.Builder
 
errorUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the error uri.
ES256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
ECDSA using P-256 and SHA-256 (Recommended+)
ES256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
ECDSA using P-256 and SHA-256 (Recommended+)
ES384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
ECDSA using P-384 and SHA-384 (Optional)
ES384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
ECDSA using P-384 and SHA-384 (Optional)
ES512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
ECDSA using P-521 and SHA-512 (Optional)
ES512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
ECDSA using P-521 and SHA-512 (Optional)
escapeEntities(String) - Static method in class org.springframework.security.web.util.TextEscapeUtils
 
Essence() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
Essence() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
Essence() - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence
 
Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
Essence(DirContextOperations) - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence
 
Essence(InetOrgPerson) - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
Essence(LdapUserDetails) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
Essence(Person) - Constructor for class org.springframework.security.ldap.userdetails.Person.Essence
 
evalOrSkip(boolean) - Static method in class org.springframework.security.taglibs.TagLibConfig
Returns EVAL_BODY_INCLUDE if the authorized flag is true or UI security has been disabled.
evaluateAsBoolean(Expression, EvaluationContext) - Static method in class org.springframework.security.access.expression.ExpressionUtils
 
eventPublisher - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
events(Map<String, Object>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
A JSON object that identifies this token as a logout token
EVENTS - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
events - a JSON object that identifies this token as a logout token
evictFromCache(Serializable) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
evictFromCache(Serializable) - Method in interface org.springframework.security.acls.model.AclCache
 
evictFromCache(ObjectIdentity) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
evictFromCache(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclCache
 
EXCEPTION_TRANSLATION - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
exceptionHandling() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
exceptionHandling() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
exceptionHandling(Customizer<ExceptionHandlingConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring exception handling.
exceptionHandling(Customizer<ServerHttpSecurity.ExceptionHandlingSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures exception handling (i.e.
ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds exception handling for Spring Security related exceptions to an application.
ExceptionHandlingConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
Creates a new instance
ExceptionMappingAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
Uses the internal map of exceptions types to URLs to determine the destination on authentication failure.
ExceptionMappingAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
 
ExceptionTranslationFilter - Class in org.springframework.security.web.access
Handles any AccessDeniedException and AuthenticationException thrown within the filter chain.
ExceptionTranslationFilter(AuthenticationEntryPoint) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
 
ExceptionTranslationFilter(AuthenticationEntryPoint, RequestCache) - Constructor for class org.springframework.security.web.access.ExceptionTranslationFilter
 
ExceptionTranslationWebFilter - Class in org.springframework.security.web.server.authorization
 
ExceptionTranslationWebFilter() - Constructor for class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
 
ExchangeMatcherRedirectWebFilter - Class in org.springframework.security.web.server
Web filter that redirects requests that match ServerWebExchangeMatcher to the specified URL.
ExchangeMatcherRedirectWebFilter(ServerWebExchangeMatcher, String) - Constructor for class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter
Create and initialize an instance of the web filter.
execute(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
 
execute(Runnable, long) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
 
EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
 
EXECUTION_CONTEXTS - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
 
exitSwitchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Attempt to exit from an already switched user.
EXP - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
exp - A timestamp indicating when the token expires
EXP - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
exp - the Expiration time on or after which the ID Token MUST NOT be accepted
EXP - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
exp - the Expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing
expiredSessionStrategy(SessionInformationExpiredStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
Determines the behaviour when an expired session is detected.
expiredUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
The URL to redirect to if a user tries to access a resource and their session has been expired due to too many sessions for the current user.
expireNow() - Method in class org.springframework.security.core.session.SessionInformation
 
EXPIRES_IN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
expires_in - used in Authorization Response and Access Token Response.
EXPIRES_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
The value for expires value
expiresAt(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this expiration in the resulting OidcIdToken
expiresAt(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this expiration in the resulting Jwt
expiresAt(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the expiration time (exp) claim, which identifies the time on or after which the JWT MUST NOT be accepted for processing.
expiresIn(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
Sets the lifetime (in seconds) of the access token.
expiresIn(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
Sets the lifetime (in seconds) of the device code and user code.
exportTestSecurityContext() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultHandlers
expression() - Element in annotation interface org.springframework.security.core.annotation.AuthenticationPrincipal
If specified will use the provided SpEL expression to resolve the principal.
expression() - Element in annotation interface org.springframework.security.core.annotation.CurrentSecurityContext
If specified, will use the provided SpEL expression to resolve the security context.
EXPRESSION_HANDLER - Static variable in class org.springframework.security.config.Elements
 
ExpressionAttributeAuthorizationDecision - Class in org.springframework.security.authorization.method
Deprecated.
ExpressionAttributeAuthorizationDecision(boolean, ExpressionAttribute) - Constructor for class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision
Deprecated.
 
ExpressionAuthorizationDecision - Class in org.springframework.security.authorization
Represents an AuthorizationDecision based on a Expression
ExpressionAuthorizationDecision(boolean, Expression) - Constructor for class org.springframework.security.authorization.ExpressionAuthorizationDecision
 
ExpressionBasedAnnotationAttributeFactory - Class in org.springframework.security.access.expression.method
Deprecated.
Use AuthorizationManager interceptors instead
ExpressionBasedAnnotationAttributeFactory(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory
Deprecated.
 
ExpressionBasedFilterInvocationSecurityMetadataSource - Class in org.springframework.security.web.access.expression
Expression-based FilterInvocationSecurityMetadataSource.
ExpressionBasedFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>, SecurityExpressionHandler<FilterInvocation>) - Constructor for class org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource
 
ExpressionBasedMessageSecurityMetadataSourceFactory - Class in org.springframework.security.messaging.access.expression
ExpressionBasedPostInvocationAdvice - Class in org.springframework.security.access.expression.method
ExpressionBasedPostInvocationAdvice(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
Deprecated.
 
ExpressionBasedPreInvocationAdvice - Class in org.springframework.security.access.expression.method
ExpressionBasedPreInvocationAdvice() - Constructor for class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
Deprecated.
 
expressionHandler(SecurityExpressionHandler<Message<Object>>) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Set the SecurityExpressionHandler to be used.
expressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
Deprecated.
Allows customization of the SecurityExpressionHandler to be used.
ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
ExpressionUrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer
Deprecated.
Creates a new instance
ExpressionUrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
 
ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
 
ExpressionUtils - Class in org.springframework.security.access.expression
 
extractAttributes(A) - Method in interface org.springframework.security.access.annotation.AnnotationMetadataExtractor
Deprecated.
 
extractAttributes(HttpSession) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
Called to extract the existing attributes from the session, prior to invalidating it.
extractCause(Throwable) - Method in interface org.springframework.security.web.util.ThrowableCauseExtractor
Extracts the cause from the provided Throwable.
extractControl(DirContext) - Static method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControlExtractor
 
extractPathVariables(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
 
extractPrincipal(X509Certificate) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
 
extractPrincipal(X509Certificate) - Method in interface org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor
Returns the principal (usually a String) for the given certificate.
extractRememberMeCookie(HttpServletRequest) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Locates the Spring Security remember me cookie in the request and returns its value.
extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
Deprecated.
extractUriTemplateVariables(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Deprecated.
extractUriTemplateVariables(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestVariablesExtractor
Deprecated.
Extract URL template variables from the request.

F

FACEBOOK - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 
factory() - Element in annotation interface org.springframework.security.test.context.support.WithSecurityContext
The WithUserDetailsSecurityContextFactory to use to create the SecurityContext.
failure(Collection<OAuth2Error>) - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
Construct a failure OAuth2TokenValidatorResult with the provided detail
failure(Collection<Saml2Error>) - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Construct a failure Saml2ResponseValidatorResult with the provided detail
failure(OAuth2Error...) - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
Construct a failure OAuth2TokenValidatorResult with the provided detail
failure(Saml2Error...) - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Construct a failure Saml2ResponseValidatorResult with the provided detail
failureForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
Forward Authentication Failure Handler
failureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies the AuthenticationFailureHandler to use when authentication fails.
failureUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
The URL to send users if authentication fails.
FAMILY_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
family_name - the user's surname(s) or last name(s)
familyName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this family name in the resulting OidcUserInfo
FastHttpDateFormat - Class in org.springframework.security.web.savedrequest
Utility class to generate HTTP dates.
FEATURE_POLICY - Static variable in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
 
featurePolicy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated.
For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
featurePolicy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated.
FeaturePolicyHeaderWriter - Class in org.springframework.security.web.header.writers
Provides support for Feature Policy.
FeaturePolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
Create a new instance of FeaturePolicyHeaderWriter with supplied security policy directive(s).
FeaturePolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Feature-Policy response header with configured policy directives.
FeaturePolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
 
FieldUtils - Class in org.springframework.security.util
Offers static methods for directly manipulating fields.
filter(Object, Expression, EvaluationContext) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Filters the filterTarget object (which must be either a Collection, Array, Map or Stream), by evaluating the supplied expression.
filter(Object, Expression, EvaluationContext) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
Filters a target collection or array.
filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
 
filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
 
filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServerBearerExchangeFilterFunction
 
filter(ClientRequest, ExchangeFunction) - Method in class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.AuthorizationWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.ReactorContextWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
 
filter(ServerWebExchange, WebFilterChain) - Method in class org.springframework.security.web.server.WebFilterChainProxy
 
FILTER_CHAIN - Static variable in class org.springframework.security.config.Elements
 
FILTER_CHAIN_MAP - Static variable in class org.springframework.security.config.Elements
 
FILTER_CHAIN_PROXY - Static variable in class org.springframework.security.config.BeanIds
 
FILTER_CHAINS - Static variable in class org.springframework.security.config.BeanIds
 
FILTER_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
 
FilterBasedLdapUserSearch - Class in org.springframework.security.ldap.search
LdapUserSearch implementation which uses an Ldap filter to locate the user.
FilterBasedLdapUserSearch(String, String, BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
 
FilterChainBeanDefinitionParser - Class in org.springframework.security.config.http
 
FilterChainBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.FilterChainBeanDefinitionParser
 
FilterChainDecoratorFactory() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
 
FilterChainMapBeanDefinitionDecorator - Class in org.springframework.security.config.http
Sets the filter chain Map for a FilterChainProxy bean declaration.
FilterChainMapBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.http.FilterChainMapBeanDefinitionDecorator
 
FilterChainProxy - Class in org.springframework.security.web
Delegates Filter requests to a list of Spring-managed filter beans.
FilterChainProxy() - Constructor for class org.springframework.security.web.FilterChainProxy
 
FilterChainProxy(List<SecurityFilterChain>) - Constructor for class org.springframework.security.web.FilterChainProxy
 
FilterChainProxy(SecurityFilterChain) - Constructor for class org.springframework.security.web.FilterChainProxy
 
FilterChainProxy.FilterChainDecorator - Interface in org.springframework.security.web
A strategy for decorating the provided filter chain with one that accounts for the SecurityFilterChain for a given request.
FilterChainProxy.FilterChainValidator - Interface in org.springframework.security.web
 
FilterChainProxy.VirtualFilterChainDecorator - Class in org.springframework.security.web
A FilterChainProxy.FilterChainDecorator that uses the FilterChainProxy.VirtualFilterChain
FilterInvocation - Class in org.springframework.security.web
Holds objects associated with a HTTP filter.
FilterInvocation(ServletRequest, ServletResponse, FilterChain) - Constructor for class org.springframework.security.web.FilterInvocation
 
FilterInvocation(String, String) - Constructor for class org.springframework.security.web.FilterInvocation
 
FilterInvocation(String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
 
FilterInvocation(String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
 
FilterInvocation(String, String, String, String, String) - Constructor for class org.springframework.security.web.FilterInvocation
 
FilterInvocation(String, String, String, String, String, ServletContext) - Constructor for class org.springframework.security.web.FilterInvocation
 
FilterInvocationSecurityMetadataSource - Interface in org.springframework.security.web.access.intercept
Marker interface for SecurityMetadataSource implementations that are designed to perform lookups keyed on FilterInvocations.
FilterInvocationSecurityMetadataSourceParser - Class in org.springframework.security.config.http
Deprecated.
Use `use-authorization-manager` property instead
FilterInvocationSecurityMetadataSourceParser() - Constructor for class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser
Deprecated.
 
FilterSecurityInterceptor - Class in org.springframework.security.web.access.intercept
Deprecated.
FilterSecurityInterceptor() - Constructor for class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
filterSecurityInterceptorOncePerRequest(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
Deprecated.
Allows setting if the FilterSecurityInterceptor should be only applied once per request (i.e.
filterTarget() - Element in annotation interface org.springframework.security.access.prepost.PreFilter
 
finallyInvocation(InterceptorStatusToken) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
Cleans up the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
findAllGroups() - Method in interface org.springframework.security.provisioning.GroupManager
Returns the names of all groups that this group manager controls.
findAllGroups() - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
findAttributes(Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
Deprecated.
 
findAttributes(Class<?>) - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
Deprecated.
 
findAttributes(Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
Deprecated.
Obtains the security metadata registered against the specified class.
findAttributes(Class<?>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Implementation does not support class-level attributes.
findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
Deprecated.
 
findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
Deprecated.
 
findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
Deprecated.
Obtains the security metadata applicable to the specified method invocation.
findAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Will walk the method inheritance tree to find the most specific declaration applicable.
findByEntityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadataRepository
Retrieve an AssertingPartyMetadata by its EntityID.
findByRegistrationId(String) - Method in interface org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
Returns the client registration identified by the provided registrationId, or null if not found.
findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
 
findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
 
findByRegistrationId(String) - Method in interface org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository
Returns the client registration identified by the provided registrationId, or null if not found.
findByRegistrationId(String) - Method in class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository
 
findByRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
Returns the relying party registration identified by the provided registrationId, or null if not found.
findByRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
 
findByRegistrationId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
Returns the relying party registration identified by the provided registrationId, or null if not found.
findByUsername(String) - Method in class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
 
findByUsername(String) - Method in interface org.springframework.security.core.userdetails.ReactiveUserDetailsService
Find the UserDetails by username.
findChildren(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
findChildren(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclService
Locates all object identities that use the specified parent.
findGroupAuthorities(String) - Method in interface org.springframework.security.provisioning.GroupManager
Obtains the list of authorities which are assigned to a group.
findGroupAuthorities(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
findRequiredWebApplicationContext(ServletContext) - Static method in class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils
Find a unique WebApplicationContext for this web app: either the root web app context (preferred) or a unique WebApplicationContext among the registered ServletContext attributes (typically coming from a single DispatcherServlet in the current web application).
findUniqueByAssertingPartyEntityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
 
findUniqueByAssertingPartyEntityId(String) - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
 
findUniqueByAssertingPartyEntityId(String) - Method in interface org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
Returns the unique relying party registration associated with the asserting party's entityId or null if there is no unique match.
findUsersInGroup(String) - Method in interface org.springframework.security.provisioning.GroupManager
Locates the users who are members of a group
findUsersInGroup(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
FIRE_AND_FORGET - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
A Fire and Forget exchange.
FirewalledRequest - Class in org.springframework.security.web.firewall
Request wrapper which is returned by the HttpFirewall interface.
FirewalledRequest(HttpServletRequest) - Constructor for class org.springframework.security.web.firewall.FirewalledRequest
Constructs a request object wrapping the given request.
FIRST - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
FIRST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
flushBuffer() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass flushBuffer()
ForceEagerSessionCreationFilter - Class in org.springframework.security.web.session
Eagerly creates HttpSession if it does not already exist.
ForceEagerSessionCreationFilter() - Constructor for class org.springframework.security.web.session.ForceEagerSessionCreationFilter
 
forEach(Consumer<? super RelyingPartyRegistration>) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
 
FORM - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod
 
FORM_LOGIN - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
Instance of AuthenticationWebFilter
FORM_LOGIN - Static variable in class org.springframework.security.config.Elements
 
format - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
HTTP date format.
formatCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Formatter cache.
formatDate(long, DateFormat) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Formats a specified date to HTTP format.
formats - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
The set of SimpleDateFormat formats to use in getDateHeader().
formatted(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the full mailing address, formatted for display.
formLogin() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
formLogin() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
formLogin() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
Creates a request (including any necessary CsrfToken) that will submit a form based login to POST "/login".
formLogin(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
Creates a request (including any necessary CsrfToken) that will submit a form based login to POST loginProcessingUrl.
formLogin(Customizer<FormLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Specifies to support form based authentication.
formLogin(Customizer<ServerHttpSecurity.FormLoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures form based authentication.
FormLoginBeanDefinitionParser - Class in org.springframework.security.config.http
 
FormLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds form based authentication.
FormLoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
Creates a new instance
ForwardAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
Forward Authentication Failure Handler
ForwardAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
 
ForwardAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
Forward Authentication Success Handler
ForwardAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
 
ForwardLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
LogoutSuccessHandler implementation that will perform a request dispatcher "forward" to the specified target URL.
ForwardLogoutSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
Construct a new ForwardLogoutSuccessHandler with the given target URL.
frameOptions() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
frameOptions() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
frameOptions(Customizer<HeadersConfigurer.FrameOptionsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows customizing the XFrameOptionsHeaderWriter.
frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures frame options response headers
from(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
Attempt to resolve the provided algorithm name to a MacAlgorithm.
from(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
Attempt to resolve the provided algorithm name to a SignatureAlgorithm.
from(String) - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
Attempt to resolve the provided algorithm name to a Saml2MessageBinding.
from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
 
from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
 
from(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
 
from(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
 
from(OAuth2AuthorizationRequest) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns a new OAuth2AuthorizationRequest.Builder, initialized with the values from the provided authorizationRequest.
from(JwsHeader) - Static method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns a new JwsHeader.Builder, initialized with the provided headers.
from(JwsHeader, JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
Returns a new JwtEncoderParameters, initialized with the provided JwsHeader and JwtClaimsSet.
from(JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
Returns a new JwtClaimsSet.Builder, initialized with the provided claims.
from(JwtClaimsSet) - Static method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
Returns a new JwtEncoderParameters, initialized with the provided JwtClaimsSet.
fromEmbeddedLdapServer() - Static method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
Create an EmbeddedLdapServerContextSourceFactoryBean that will use an embedded LDAP server to perform LDAP authentication.
fromHierarchy(String) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
Create a role hierarchy instance with the given definition, similar to the following:
fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations
Creates a ClientRegistration.Builder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.
fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.JwtDecoders
Creates a JwtDecoder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.
fromIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
Creates a ReactiveJwtDecoder using the provided Issuer by querying three different discovery endpoints serially, using the values in the first successful response to initialize.
fromMetadata(InputStream) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata.
fromMetadataLocation(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations
Return a RelyingPartyRegistration.Builder based off of the given SAML 2.0 Asserting Party (IDP) metadata location.
fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistrations
Creates a ClientRegistration.Builder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ClientRegistration.Builder.
fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.JwtDecoders
Creates a JwtDecoder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the JwtDecoder.
fromOidcIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
Creates a ReactiveJwtDecoder using the provided Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to initialize the ReactiveJwtDecoder.
fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
Create a ReactiveUserDetailsServiceResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResource(Resource) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
Create a UserDetailsResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResource(Resource) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
Create a UserDetailsManagerResourceFactoryBean with a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
Create a ReactiveUserDetailsServiceResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
Create a UserDetailsResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromResourceLocation(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
Create a UserDetailsManagerResourceFactoryBean with the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
fromString(String) - Static method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
Create a ReactiveUserDetailsServiceResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.
fromString(String) - Static method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
Creates a UserDetailsResourceFactoryBean with a resource from the provided String
fromString(String) - Static method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
Create a UserDetailsManagerResourceFactoryBean with a String that is in the format defined in UserDetailsResourceFactoryBean.
fromTrustedIssuers(String...) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters
fromTrustedIssuers(String...) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters
fromTrustedIssuers(Collection<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters
fromTrustedIssuers(Collection<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters
fromTrustedIssuers(Predicate<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters
fromTrustedIssuers(Predicate<String>) - Static method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters
fullyAuthenticated() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Creates an instance of AuthenticatedAuthorizationManager that determines if the Authentication is authenticated without using remember me.
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that URLs are allowed by users who have authenticated and were not "remembered".
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs are allowed by users who have authenticated and were not "remembered".
fullyAuthenticated() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Messages are allowed by users who have authenticated and were not "remembered".
fullyAuthenticated() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Messages are allowed by users who have authenticated and were not "remembered".
fullyAuthenticated() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specify that URLs are allowed by users who have authenticated and were not "remembered".

G

GCM - Enum constant in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
gender(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this gender in the resulting OidcUserInfo
GENDER - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
gender - the user's gender
generate(GenerateOneTimeTokenRequest) - Method in class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
 
generate(GenerateOneTimeTokenRequest) - Method in interface org.springframework.security.authentication.ott.OneTimeTokenService
Generates a one-time token based on the provided generate request.
generatedOneTimeTokenHandler(GeneratedOneTimeTokenHandler) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Specifies strategy to be used to handle generated one-time tokens.
GeneratedOneTimeTokenHandler - Interface in org.springframework.security.web.authentication.ott
Defines a strategy to handle generated one-time tokens.
generateKey() - Method in class org.springframework.security.crypto.keygen.Base64StringKeyGenerator
 
generateKey() - Method in interface org.springframework.security.crypto.keygen.BytesKeyGenerator
Generate a new key.
generateKey() - Method in interface org.springframework.security.crypto.keygen.StringKeyGenerator
 
generateNewContext() - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
By default, calls SecurityContextHolder.createEmptyContext() to obtain a new context (there should be no context present in the holder when this method is called).
GenerateOneTimeTokenFilter - Class in org.springframework.security.web.authentication.ott
Filter that process a One-Time Token generation request.
GenerateOneTimeTokenFilter(OneTimeTokenService) - Constructor for class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
 
GenerateOneTimeTokenRequest - Class in org.springframework.security.authentication.ott
Class to store information related to an One-Time Token authentication request
GenerateOneTimeTokenRequest(String) - Constructor for class org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest
 
generateSeriesData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
 
generateToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
Generates a CsrfToken
generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
 
generateToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
Deprecated.
Generates a new token
generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
 
generateToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
Generates a CsrfToken
generateToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
 
generateTokenData() - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
generateTokenUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Specifies the URL that a One-Time Token generate request will be processed.
gensalt() - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
gensalt(int) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Generate a salt for use with the BCrypt.hashpw() method
gensalt(int, SecureRandom) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Generate a salt for use with the BCrypt.hashpw() method
gensalt(String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
 
gensalt(String, int) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Generate a salt for use with the BCrypt.hashpw() method
gensalt(String, int, SecureRandom) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Generate a salt for use with the BCrypt.hashpw() method
get() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken
Gets the CsrfToken
get(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
getAccess() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
getAccessDecisionManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
getAccessDeniedException() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent
Deprecated.
 
getAccessDeniedHandler() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
 
getAccessor() - Static method in class org.springframework.security.core.SpringSecurityMessageSource
 
getAccessToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
Returns the access token.
getAccessToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
Returns the access token.
getAccessToken() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
Returns the access token credential granted.
getAccessToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
Returns the access token credential granted.
getAccessToken() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
 
getAccessToken() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
Returns the access token.
getAccessToken() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
Returns the Access Token.
getAccessTokenHash() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Access Token hash value (at_hash).
getAcl() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
getAcl() - Method in interface org.springframework.security.acls.model.AccessControlEntry
 
getActorToken() - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest
Returns the actor token.
getAdditionalParameters() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
Returns the additional parameters
getAdditionalParameters() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
Returns the additional parameters that may be used in the request.
getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
Returns the additional parameters returned in the response.
getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the additional parameter(s) used in the request.
getAdditionalParameters() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns the additional parameters returned in the response.
getAdditionalRoles(DirContextOperations, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
This method should be overridden if required to obtain any additional roles for the given user (on top of those obtained from the standard search implemented by this class).
getAddress() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's preferred postal address (address).
getAdvice() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
Deprecated.
 
getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
 
getAdvice() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
 
getAfterInvocationManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
getAlgorithm() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
 
getAllConfigAttributes() - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
Deprecated.
 
getAllConfigAttributes() - Method in class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
Deprecated.
 
getAllConfigAttributes() - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
Deprecated.
 
getAllConfigAttributes() - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Obtains the configuration attributes explicitly defined against this bean.
getAllConfigAttributes() - Method in class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
Deprecated.
 
getAllConfigAttributes() - Method in interface org.springframework.security.access.SecurityMetadataSource
If available, returns all of the ConfigAttributes defined by the implementing class.
getAllConfigAttributes() - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
Deprecated.
 
getAllConfigAttributes() - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
 
getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
Deprecated.
 
getAllowFromValue(HttpServletRequest) - Method in interface org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy
Deprecated.
Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
getAllowFromValue(HttpServletRequest) - Method in class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
Deprecated.
 
getAllowSessionCreation() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
getAllPrincipals() - Method in interface org.springframework.security.core.session.SessionRegistry
Obtains all the known principals in the SessionRegistry.
getAllPrincipals() - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
getAllSessions(Object) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
getAllSessions(Object) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
Gets all the known ReactiveSessionInformation instances for the specified principal.
getAllSessions(Object, boolean) - Method in interface org.springframework.security.core.session.SessionRegistry
Obtains all the known sessions for the specified principal.
getAllSessions(Object, boolean) - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
getAppConfigurationEntry(String) - Method in class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
 
getApplicationContext() - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Gets the ApplicationContext
getApplicationEventPublisher() - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
getArguments() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
Deprecated.
 
getArguments() - Method in class org.springframework.security.util.SimpleMethodInvocation
 
getArtifactParameter() - Method in class org.springframework.security.cas.ServiceProperties
 
getAssertingPartyDetails() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration
Deprecated.
Get the configuration details for the Asserting Party
getAssertingPartyDetails() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
getAssertingPartyMetadata() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the metadata for the Asserting Party
getAssertion() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
 
getAssertion() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
getAssertionConsumerServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the AssertionConsumerService Binding.
getAssertionConsumerServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the AssertionConsumerService Location.
getAttribute() - Method in interface org.springframework.security.access.ConfigAttribute
If the ConfigAttribute can be represented as a String and that String is sufficient in precision to be relied upon as a configuration parameter by a RunAsManager, AccessDecisionManager or AccessDecisionManager delegate, this method should return such a String.
getAttribute() - Method in class org.springframework.security.access.SecurityConfig
 
getAttribute(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
Returns the value of an attribute associated to the context or null if not available.
getAttribute(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns the value of an attribute associated to the request or null if not available.
getAttribute(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the value of an attribute associated to the request.
getAttribute(String) - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal
Get the OAuth 2.0 token attribute by name
getAttribute(String) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
Get the Saml2 token attribute by name
getAttributes() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
Deprecated.
 
getAttributes() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
Returns the LDAP attributes
getAttributes() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
Returns the attributes associated to the context.
getAttributes() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns the attributes associated to the request.
getAttributes() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
Gets the attributes of the OAuth 2.0 token in map form.
getAttributes() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the attribute(s) associated to the request.
getAttributes() - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal
Get the OAuth 2.0 token attributes
getAttributes() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
 
getAttributes() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
Returns the attributes about the user.
getAttributes() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
Gets the attributes of the OAuth 2.0 Token Introspection in map form.
getAttributes() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
getAttributes() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
Get the Saml2 token attributes
getAttributes(Object) - Method in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
Deprecated.
 
getAttributes(Object) - Method in interface org.springframework.security.access.SecurityMetadataSource
Accesses the ConfigAttributes that apply to a given secure object.
getAttributes(Object) - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
Deprecated.
 
getAttributes(Object) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
 
getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource
Deprecated.
 
getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
Deprecated.
 
getAttributes(Method, Class<?>) - Method in interface org.springframework.security.access.method.MethodSecurityMetadataSource
Deprecated.
 
getAttributes(Method, Class<?>) - Method in class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
Deprecated.
 
getAttributes2grantedAuthoritiesMap() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
getAttributeValues(String) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
Returns the values for a specific attribute
getAudience() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns the Audience(s) (aud) that this ID Token is intended for.
getAudience() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the intended audience (aud) for the token
getAudience() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Audience(s) (aud) that this ID Token is intended for.
getAudience() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the Audience (aud) claim which identifies the recipient(s) that the JWT is intended for.
getAuthenticatedAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the time when the End-User authentication occurred (auth_time).
getAuthenticatedEnv(String, String) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource
 
getAuthentication() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent
Deprecated.
 
getAuthentication() - Method in class org.springframework.security.access.event.AuthorizedEvent
Deprecated.
 
getAuthentication() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Gets the Authentication used for evaluating the expressions
getAuthentication() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
getAuthentication() - Method in class org.springframework.security.authentication.event.AbstractAuthenticationEvent
Getters for the Authentication request that caused the event.
getAuthentication() - Method in class org.springframework.security.authentication.jaas.event.JaasAuthenticationEvent
Pre-casted method that returns the 'source' of the event.
getAuthentication() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
Get the observed Authentication for this authorization
getAuthentication() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
Get the principal requiring access
getAuthentication() - Method in interface org.springframework.security.core.context.SecurityContext
Obtains the currently authenticated principal, or an authentication request token.
getAuthentication() - Method in class org.springframework.security.core.context.SecurityContextImpl
 
getAuthentication() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
The current Authentication
getAuthentication() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
 
getAuthenticationContextClass() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Authentication Context Class Reference (acr).
getAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
getAuthenticationConverter() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 
getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
getAuthenticationDetailsSource() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
getAuthenticationEntryPoint() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Gets the Authentication Entry Point
getAuthenticationEntryPoint() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
getAuthenticationEntryPoint() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
getAuthenticationEntryPointMatcher(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
getAuthenticationFilter() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Gets the Authentication Filter
getAuthenticationManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
getAuthenticationManager() - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
getAuthenticationManager() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
getAuthenticationManager() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
getAuthenticationManager() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
getAuthenticationManagerClass() - Method in class org.springframework.security.authentication.AuthenticationObservationContext
Get the AuthenticationManager class that processed the authentication
getAuthenticationManagerResolver() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
getAuthenticationMethod() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint
Returns the authentication method for the user info endpoint.
getAuthenticationMethods() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Authentication Methods References (amr).
getAuthenticationRequest() - Method in class org.springframework.security.authentication.AuthenticationObservationContext
Get the Authentication request that was observed
getAuthenticationRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Returns the authentication request sent to the assertion party or null if no authentication request is present
getAuthenticationRequestUri() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
Returns the URI endpoint that this AuthNRequest should be sent to.
getAuthenticationResult() - Method in class org.springframework.security.authentication.AuthenticationObservationContext
Get the Authentication result that was observed
getAuthenticationTrustResolver() - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
getAuthorities() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
getAuthorities() - Method in class org.springframework.security.authorization.AuthorityAuthorizationDecision
 
getAuthorities() - Method in interface org.springframework.security.core.Authentication
Set by an AuthenticationManager to indicate the authorities that the principal has been granted.
getAuthorities() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
getAuthorities() - Method in class org.springframework.security.core.userdetails.User
 
getAuthorities() - Method in interface org.springframework.security.core.userdetails.UserDetails
Returns the authorities granted to the user.
getAuthorities() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
getAuthorities() - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
Any material needed to authorize operations on this session
getAuthorities() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
 
getAuthorities() - Method in interface org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal
Get the Collection of GrantedAuthoritys associated with this OAuth 2.0 token
getAuthorities() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
 
getAuthorities() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
Get the Collection of GrantedAuthoritys associated with this OAuth 2.0 Token Introspection
getAuthorities() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
getAuthoritiesByUsernameQuery() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
getAuthoritiesMapper() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
getAuthoritiesPopulator() - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
 
getAuthority() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
 
getAuthority() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
 
getAuthority() - Method in interface org.springframework.security.core.GrantedAuthority
If the GrantedAuthority can be represented as a String and that String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String.
getAuthority() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
 
getAuthority() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
 
getAuthority() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
 
getAuthorizationCodeHash() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Authorization Code hash value (c_hash).
getAuthorizationDecision() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
Get the response to the principal's request
getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
getAuthorizationExchange() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
getAuthorizationGrantRequest() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
getAuthorizationGrantType() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the authorization grant type used for the client.
getAuthorizationManager() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
Gets the AuthorizationManager used by this filter
getAuthorizationRequest() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange
getAuthorizationRequestUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the URI string representation of the OAuth 2.0 Authorization Request.
getAuthorizationResponse() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange
getAuthorizationResult() - Method in exception org.springframework.security.authorization.AuthorizationDeniedException
 
getAuthorizationUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
Returns the uri for the authorization endpoint.
getAuthorizationUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the uri for the authorization endpoint.
getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
Returns the authorized client or null if the client registration was supplied.
getAuthorizedClient() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns the authorized client or null if it was not provided.
getAuthorizedClientRegistrationId() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
Returns the registration identifier of the Authorized Client.
getAuthorizedParty() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Authorized party (azp) to which the ID Token was issued.
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
 
getBeanClassName(Element) - Method in class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
 
getBeanClassName(Element) - Method in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
getBeanResolver() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
Returns the binding this AuthNRequest will be sent and encoded with.
getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Get the binding for the asserting party's SingleLogoutService
getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Get the binding for the asserting party's SingleLogoutService
getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest
 
getBinding() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
 
getBirthdate() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's birth date (birthdate).
getBuilder() - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Gets the SecurityBuilder.
getBuilder(String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
Create a new ClientRegistration.Builder pre-configured with provider defaults.
getBuilder(String, ClientAuthenticationMethod, String) - Method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 
getByteLength(RSAKey) - Static method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
getByTicketId(String) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
 
getByTicketId(String) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
 
getByTicketId(String) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
Retrieves the CasAuthenticationToken associated with the specified ticket.
getCarLicense() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getCertificate() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
Get the public certificate for this credential
getChain() - Method in class org.springframework.security.web.FilterInvocation
 
getChain() - Method in class org.springframework.security.web.server.WebFilterExchange
The filter chain
getChannelDecisionManager() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
getChannelProcessors() - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
getClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as a T type.
getClaimAsBoolean(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as a Boolean or null if the claim does not exist.
getClaimAsInstant(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as an Instant or null if it does not exist.
getClaimAsMap(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as a Map<String, Object> or null if the claim does not exist.
getClaimAsString(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as a String or null if it does not exist or is equal to null.
getClaimAsStringList(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as a List<String> or null if the claim does not exist.
getClaimAsURL(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns the claim value as an URL or null if it does not exist.
getClaims() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
Returns the JwtClaimsSet.Builder to be used to customize claims of the JSON Web Token (JWS).
getClaims() - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken
 
getClaims() - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns a set of claims that may be used for assertions.
getClaims() - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken
 
getClaims() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
 
getClaims() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
 
getClaims() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser
Returns the claims about the user.
getClaims() - Method in class org.springframework.security.oauth2.jwt.Jwt
Returns the JWT Claims Set.
getClaims() - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet
 
getClaims() - Method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
Returns the claims.
getClaims() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
 
getClientAuthenticationMethod() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the authentication method used when authenticating the client with the authorization server.
getClientId() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the client identifier.
getClientId() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the client identifier.
getClientId() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the client identifier (client_id) for the token
getClientName() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the logical name of the client or registration.
getClientRegistration() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
Returns the client registration.
getClientRegistration() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
Returns the client registration.
getClientRegistration() - Method in class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
Returns the client registration.
getClientRegistration() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
Returns the client registration.
getClientRegistration() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
Returns the authorized client's registration.
getClientRegistration() - Method in class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
Returns the client registration.
getClientRegistrationId() - Method in exception org.springframework.security.oauth2.client.ClientAuthorizationException
Returns the identifier for the client's registration.
getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
Returns the identifier for the client registration.
getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns the identifier for the client registration.
getClientRegistrationId() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
 
getClientSecret() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the client secret.
getClock() - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
getCn() - Method in class org.springframework.security.ldap.userdetails.Person
 
getCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns the authorization code.
getComment() - Method in class org.springframework.security.web.savedrequest.SavedCookie
Deprecated, for removal: This API element is subject to removal in a future version.
getConfigAttributes() - Method in class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
Deprecated.
 
getConfigAttributes() - Method in class org.springframework.security.access.event.AuthorizationFailureEvent
Deprecated.
 
getConfigAttributes() - Method in class org.springframework.security.access.event.AuthorizedEvent
Deprecated.
 
getConfiguration() - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
 
getConfigurationMetadata() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
Returns a Map of the metadata describing the provider's configuration.
getConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Gets the SecurityConfigurer by its class name or null if not found.
getConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Gets the SecurityConfigurer by its class name or null if not found.
getConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Gets all the SecurityConfigurer instances by its class name or an empty List if not found.
getContentType() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the content type header that declares the media type of the secured content (the payload).
getContext() - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
 
getContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Obtains the current context.
getContext() - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
Gets the Mono<SecurityContext> from Reactor Context
getContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Obtain the current SecurityContext.
getContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Obtains the current context.
getContext() - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
getContext() - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
 
getContext(PageContext) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
Allows test cases to override where application context obtained from.
getContext(String, String) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource
 
getContextHolderStrategy() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Allows retrieval of the context strategy.
getContextPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getContextSource() - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Gets the BaseLdapPathContextSource used to perform LDAP authentication.
getContextSource() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
getContextSource() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
 
getContextualName(AuthenticationObservationContext) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
 
getContextualName(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
 
getControlInstance(Control) - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControlFactory
Creates an instance of PasswordPolicyResponseControl if the passed control is a response control of this type.
getCookie() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
getCookieName() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
getCookiePath() - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Get the path that the CSRF cookie will be set to.
getCookies() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getCookies() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getCookies() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getCountry() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
Returns the country.
getCountry() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
getCredentials() - Method in class org.springframework.security.access.intercept.RunAsUserToken
Deprecated.
 
getCredentials() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
Always returns an empty String
getCredentials() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
Always returns an empty String
getCredentials() - Method in class org.springframework.security.authentication.TestingAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
getCredentials() - Method in interface org.springframework.security.core.Authentication
The credentials that prove the principal is correct.
getCredentials() - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
 
getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
 
getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
 
getCredentials() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
 
getCredentials() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Returns the decoded and inflated SAML 2.0 Response XML object as a string
getCredentials() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
Get the credentials
getCredentialsCharset() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
getCredentialsCharset(HttpServletRequest) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
getCredentialsNotFoundException() - Method in class org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent
Deprecated.
 
getCredentialTypes() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
List all this credential's intended usages
getCritical() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the critical headers that indicates which extensions to the JWS/JWE/JWA specifications are being used that MUST be understood and processed.
getCsrfTokenRepository(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils
Gets the CsrfTokenRepository for the specified HttpServletRequest.
getCsrfTokenRequestHandler(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils
Gets the CsrfTokenRequestHandler for the specified HttpServletRequest.
getCurrentDate() - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Gets the current date in HTTP format.
getCurrentSession() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
 
getDatabasePopulator() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
 
getDataCode() - Method in exception org.springframework.security.ldap.authentication.ad.ActiveDirectoryAuthenticationException
 
getDataMimeType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
 
getDataMimeType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
 
getDate() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
 
getDecision() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
Get the observed AuthorizationDecision
getDecisionVoters() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
getDecodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Provides the existing decoded url blocklist which can add/remove entries from
getDecodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Provides the existing decoded url blocklist which can add/remove entries from
getDecryptionX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the Collection of decryption Saml2X509Credentials associated with this relying party
getDefaultMessage() - Method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
getDefaultRolePrefix() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
getDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
Supplies the default target Url that will be used if no saved request is found or the alwaysUseDefaultTargetUrl property is set to true.
getDefaultUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
getDeferredContext() - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Obtains a Supplier that returns the current context.
getDeferredContext() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Obtains a Supplier that returns the current context.
getDeferredContext() - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Obtains a Supplier that returns the current context.
getDelegateExecutor() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
 
getDepartmentNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getDescription() - Method in class org.springframework.security.ldap.userdetails.Person
 
getDescription() - Method in class org.springframework.security.oauth2.core.OAuth2Error
Returns the error description.
getDescription() - Method in class org.springframework.security.saml2.core.Saml2Error
Returns the error description.
getDescription() - Method in class org.springframework.security.util.InMemoryResource
 
getDestinationIndicator() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getDetails() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
getDetails() - Method in interface org.springframework.security.core.Authentication
Stores additional details about the authentication request.
getDeviceCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns the Device Code.
getDigestAlgorithm() - Method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
 
getDispatcherWebApplicationContextSuffix() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Return the <servlet-name> to use the DispatcherServlet's WebApplicationContext to find the DelegatingFilterProxy or null to use the parent ApplicationContext.
getDisplayName() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getDn() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
Returns the DN for this LDAP authority
getDn() - Method in interface org.springframework.security.ldap.userdetails.LdapUserDetails
The DN of the entry for this user's account.
getDn() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
getDomain() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
getDomainObject() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
 
getDomainObjectInstance(MethodInvocation) - Method in class org.springframework.security.access.vote.AbstractAclVoter
Deprecated.
 
getEmail() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's preferred e-mail address (email).
getEmailVerified() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns true if the user's e-mail address has been verified (email_verified), otherwise false.
getEmployeeNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getEnableAuthorities() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
getEnableGroups() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
getEncodedUrlBlacklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
getEncodedUrlBlocklist() - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Provides the existing encoded url blocklist which can add/remove entries from
getEncodedValue() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
Retrieves the ASN.1 BER encoded value of the LDAP control.
getEncodedValue() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Returns the unchanged value of the response control.
getEncodeServiceUrlWithSessionId() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Sets whether to encode the service url with the session id or not.
getEncryptionX509Credentials() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get all encryption Saml2X509Credentials associated with this asserting party
getEncryptionX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get all encryption Saml2X509Credentials associated with this asserting party
getEntityDescriptor() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails
Get the EntityDescriptor that underlies this RelyingPartyRegistration.AssertingPartyDetails
getEntityId() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get the asserting party's EntityID.
getEntityId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get the asserting party's EntityID.
getEntityId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the relying party's EntityID.
getEntries() - Method in class org.springframework.security.acls.domain.AclImpl
 
getEntries() - Method in interface org.springframework.security.acls.model.Acl
Returns all of the entries represented by the present Acl.
getEntry() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry
 
getEntry() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
 
getEntry() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
 
getEntryPoint() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
getEntryPoint() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
getEntryPoint() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
 
getError() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns the OAuth 2.0 Error if the Authorization Request failed, otherwise null.
getError() - Method in exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
Returns the OAuth 2.0 Error.
getError() - Method in exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
Returns the OAuth 2.0 Error.
getErrorCode() - Method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
getErrorCode() - Method in class org.springframework.security.oauth2.core.OAuth2Error
Returns the error code.
getErrorCode() - Method in class org.springframework.security.saml2.core.Saml2Error
Returns the error code.
getErrors() - Method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
Return error details regarding the validation attempt
getErrors() - Method in exception org.springframework.security.oauth2.jwt.JwtValidationException
Return the list of OAuth2Errors associated with this exception
getErrors() - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Return error details regarding the validation attempt
getErrors() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
Return error details regarding the validation attempt
getErrorStatus() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
 
getEvents() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns a Map that identifies this token as a logout token
getException() - Method in class org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent
 
getException() - Method in class org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent
 
getExchange() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
 
getExchange() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
 
getExchange() - Method in class org.springframework.security.web.server.WebFilterExchange
Get the exchange
getExpiresAt() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken
 
getExpiresAt() - Method in interface org.springframework.security.authentication.ott.OneTimeToken
 
getExpiresAt() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
Returns the expiration time on or after which the token MUST NOT be accepted.
getExpiresAt() - Method in interface org.springframework.security.oauth2.core.OAuth2Token
Returns the expiration time on or after which the token MUST NOT be accepted.
getExpiresAt() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns a timestamp (exp) indicating when the token expires
getExpiresAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Expiration time (exp) on or after which the ID Token MUST NOT be accepted.
getExpiresAt() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the Expiration time (exp) claim which identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.
getExpression() - Method in class org.springframework.security.authorization.ExpressionAuthorizationDecision
 
getExpressionAttribute() - Method in class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision
Deprecated.
 
getExpressionHandler() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Gets the MethodSecurityExpressionHandler or creates it using GlobalMethodSecurityConfiguration.expressionHandler.
getExpressionHandler() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Gets the SecurityExpressionHandler to be used.
getExpressionParser() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
getExpressionParser() - Method in interface org.springframework.security.access.expression.SecurityExpressionHandler
 
getExpressionParser() - Method in class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
 
getExtendedInformation() - Method in class org.springframework.security.core.token.DefaultToken
 
getExtendedInformation() - Method in interface org.springframework.security.core.token.Token
Obtains the extended information associated within the token, which was presented when the token was first created.
getExtensionId() - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
 
getExtraHiddenFields(HttpServletRequest) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
getExtraHiddenFields(ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
 
getFailureHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
getFailureHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
getFailureUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Gets the URL to send users to if authentication fails
getFamilyName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's surname(s) or last name(s) (family_name).
getField(Class<?>, String) - Static method in class org.springframework.security.util.FieldUtils
Attempts to locate the specified field on the class.
getFieldValue(Object, String) - Static method in class org.springframework.security.util.FieldUtils
Returns the value of a (nested) field on a bean.
getFileName() - Method in class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse
 
getFilterChain() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
 
getFilterChainProxy() - Method in class org.springframework.security.web.debug.DebugFilter
 
getFilterChains() - Method in class org.springframework.security.web.FilterChainProxy
 
getFilterObject() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
 
getFilters() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
 
getFilters() - Method in interface org.springframework.security.web.SecurityFilterChain
 
getFilters(String) - Method in class org.springframework.security.web.FilterChainProxy
Convenience method, mainly for testing.
getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
 
getFirewalledRequest(HttpServletRequest) - Method in interface org.springframework.security.web.firewall.HttpFirewall
Provides the request object which will be passed through the filter chain.
getFirewalledRequest(HttpServletRequest) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
 
getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
 
getFirewalledResponse(HttpServletResponse) - Method in interface org.springframework.security.web.firewall.HttpFirewall
Provides the response which will be passed through the filter chain.
getFirewalledResponse(HttpServletResponse) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
 
getFirstAttribute(String) - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
Get the first value of Saml2 token attribute by name
getFirstAttributeValue(String) - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
Returns the first attribute value for a specified attribute
getFirstThrowableOfType(Class<? extends Throwable>, Throwable[]) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
Returns the first throwable from the passed in array that is assignable to the provided type.
getFormatted() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
Returns the full mailing address, formatted for display.
getFormatted() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
getFromCache(Serializable) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
getFromCache(Serializable) - Method in interface org.springframework.security.acls.model.AclCache
 
getFromCache(ObjectIdentity) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
getFromCache(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclCache
 
getFullDn(LdapName, Context) - Static method in class org.springframework.security.ldap.LdapUtils
 
getFullDn(DistinguishedName, Context) - Static method in class org.springframework.security.ldap.LdapUtils
getFullName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's full name (name) in displayable form.
getFullRequestUrl() - Method in class org.springframework.security.web.FilterInvocation
Indicates the URL that the user agent used for this request.
getGender() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's gender (gender).
getGeneratedBy() - Method in class org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
Getter for the Class that generated this event.
getGivenName() - Method in class org.springframework.security.ldap.userdetails.Person
 
getGivenName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's given name(s) or first name(s) (given_name).
getGraceLoginsRemaining() - Method in interface org.springframework.security.ldap.ppolicy.PasswordPolicyData
 
getGraceLoginsRemaining() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Returns the graceLoginsRemaining.
getGraceLoginsRemaining() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
getGrantedAuthorities() - Method in interface org.springframework.security.core.authority.GrantedAuthoritiesContainer
 
getGrantedAuthorities() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
getGrantedAuthorities() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
 
getGrantedAuthorities(Collection<String>) - Method in interface org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper
Implementations of this method should map the given collection of attributes to a collection of Spring Security GrantedAuthorities.
getGrantedAuthorities(Collection<String>) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
Map the given array of attributes to Spring Security GrantedAuthorities.
getGrantedAuthorities(Collection<String>) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
Map the given list of string attributes one-to-one to Spring Security GrantedAuthorities.
getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.ad.DefaultActiveDirectoryAuthoritiesPopulator
 
getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator
 
getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
 
getGrantedAuthorities(DirContextOperations, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Obtains the authorities for the user who's directory entry is represented by the supplied LdapUserDetails object.
getGrantedAuthorities(DirContextOperations, String) - Method in interface org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
Get the list of authorities for the user.
getGrantedAuthority() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
 
getGrantType() - Method in class org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest
Returns the authorization grant type.
getGrantType() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the grant type.
getGroupMembershipRoles(String, String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
 
getGroupMembershipRoles(String, String) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
 
getGroupRoleAttribute() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Returns the attribute name of the LDAP attribute that will be mapped to the role name Method available so that classes extending this can override
getGroupSearchBase() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
 
getGroupSearchFilter() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Returns the search filter configured for this populator Method available so that classes extending this can override
getHasPermission() - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
 
getHeader(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the header value.
getHeaderName() - Method in interface org.springframework.security.web.csrf.CsrfToken
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
getHeaderName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
 
getHeaderName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
getHeaderName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
 
getHeaderNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getHeaderNames() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getHeaderNames() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getHeaders() - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext
Returns the JwsHeader.Builder to be used to customize headers of the JSON Web Token (JWS).
getHeaders() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
 
getHeaders() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the headers.
getHeaders() - Method in class org.springframework.security.oauth2.jwt.Jwt
Returns the JOSE header(s).
getHeaderValue() - Method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
 
getHeaderValue() - Method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
 
getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getHeaderValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getHeaderValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getHighCardinalityKeyValues(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
getHomePhone() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getHomePostalAddress() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getHttpRequest() - Method in class org.springframework.security.web.FilterInvocation
 
getHttpResponse() - Method in class org.springframework.security.web.FilterInvocation
 
getHttpStatus() - Method in class org.springframework.security.oauth2.server.resource.BearerTokenError
Return the HTTP status.
getId() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
getId() - Method in class org.springframework.security.acls.domain.AclImpl
 
getId() - Method in interface org.springframework.security.acls.model.AccessControlEntry
Obtains an identifier that represents this ACE.
getId() - Method in interface org.springframework.security.acls.model.MutableAcl
Obtains an identifier that represents this MutableAcl.
getId() - Method in class org.springframework.security.core.session.SessionDestroyedEvent
 
getId() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns the JWT ID (jti) claim which provides a unique identifier for the JWT.
getId() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the identifier (jti) for the token
getId() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the JWT ID (jti) claim which provides a unique identifier for the JWT.
getId() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
The unique identifier for this Authentication Request
getId() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
The unique identifier for this Logout Request
getId() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
getId() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
 
getID() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
Returns the OID of the Password Policy Control ("1.3.6.1.4.1.42.2.27.8.5.1").
getIdentifier() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
 
getIdentifier() - Method in interface org.springframework.security.acls.model.ObjectIdentity
Obtains the actual identifier.
getIdToken() - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
Returns the ID Token containing claims about the user.
getIdToken() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
 
getIdToken() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser
Returns the ID Token containing claims about the user.
getIdToken() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Returns the ID Token containing claims about the user.
getInitializeCount() - Static method in class org.springframework.security.core.context.SecurityContextHolder
Primarily for troubleshooting purposes, this method shows how many times the class has re-initialized its SecurityContextHolderStrategy.
getInitials() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getInputStream() - Method in class org.springframework.security.util.InMemoryResource
 
getInsecureKeyword() - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
getInstance() - Static method in class org.springframework.security.crypto.password.NoOpPasswordEncoder
Deprecated.
Get the singleton NoOpPasswordEncoder.
getInstance() - Static method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
 
getInstance() - Static method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
 
getInternalMethod() - Method in class org.springframework.security.acls.AclEntryVoter
Optionally specifies a method of the domain object that will be used to obtain a contained domain object.
getInterval() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns the minimum amount of time (in seconds) that the client should wait between polling requests to the token endpoint.
getIntrospector() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
getIssuedAt() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns the time at which the ID Token was issued (iat).
getIssuedAt() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
Returns the time at which the token was issued.
getIssuedAt() - Method in interface org.springframework.security.oauth2.core.OAuth2Token
Returns the time at which the token was issued.
getIssuedAt() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns a timestamp (iat) indicating when the token was issued
getIssuedAt() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the time at which the ID Token was issued (iat).
getIssuedAt() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the Issued at (iat) claim which identifies the time at which the JWT was issued.
getIssuer() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns the Issuer identifier (iss).
getIssuer() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the issuer (iss) of the token
getIssuer() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Issuer identifier (iss).
getIssuer() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the Issuer (iss) claim which identifies the principal that issued the JWT.
getIssuerUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
Returns the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server.
getJceName() - Method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
 
getJwk() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
getJwkSetUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
Returns the uri for the JSON Web Key (JWK) Set endpoint.
getJwkSetUrl() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
getJwsHeader() - Method in class org.springframework.security.oauth2.jwt.JwtEncoderParameters
Returns the JWS headers.
getJwt() - Method in class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest
Returns the JWT assertion.
getJwtAuthenticationConverter() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
 
getJwtDecoder() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
 
getKey() - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
getKey() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
getKey() - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
getKey() - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
getKey() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
getKey() - Method in class org.springframework.security.core.token.DefaultToken
 
getKey() - Method in interface org.springframework.security.core.token.Token
Obtains the randomised, secure key assigned to this token.
getKey() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
getKey() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
getKeyCreationTime() - Method in class org.springframework.security.core.token.DefaultToken
 
getKeyCreationTime() - Method in interface org.springframework.security.core.token.Token
The time the token key was initially created is available from this method.
getKeyHash() - Method in class org.springframework.security.access.intercept.RunAsUserToken
Deprecated.
 
getKeyHash() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
 
getKeyHash() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
 
getKeyHash() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
getKeyId() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the key ID that is a hint indicating which key was used to secure the JWS or JWE.
getKeyLength() - Method in interface org.springframework.security.crypto.keygen.BytesKeyGenerator
Get the length, in bytes, of keys created by this generator.
getKeyPair(String) - Method in class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
 
getKeyPair(String, char[]) - Method in class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
 
getLastAccessTime() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
getLastRequest() - Method in class org.springframework.security.core.session.SessionInformation
 
getLdapTemplate() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Returns the current LDAP template.
getLocale() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's locale (locale).
getLocales() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getLocales() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getLocales() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getLocality() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
Returns the city or locality.
getLocality() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
getLocalPort() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
Returns the port that is resolved by TcpTransport.
getLocation() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Get the location of the asserting party's SingleLogoutService
getLoginConfig() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
getLoginContext() - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationToken
 
getLoginFormUrl() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
getLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Gets the login page
getLoginPageUrl() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
getLoginProcessingUrl() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Gets the URL to submit an authentication request to (i.e.
getLoginUrl() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
The enterprise-wide CAS login URL.
getLogoutHandlers() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Gets the LogoutHandler instances that will be used.
getLogoutRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
The SAML 2.0 Logout Request sent by the asserting party
getLogoutRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
The SAML 2.0 Logout Request sent by this application
getLogoutResponse() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
The SAML 2.0 Logout Response received from the asserting party
getLogoutSuccessHandler() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
getLowCardinalityKeyValues(AuthenticationObservationContext) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
getLowCardinalityKeyValues(AuthorizationObservationContext<?>) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
getMail() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getMappableAttributes() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
getMappableAttributes() - Method in interface org.springframework.security.core.authority.mapping.MappableAttributesRetriever
Implementations of this method should return a set of all string attributes which can be mapped to GrantedAuthoritys.
getMappableAttributes() - Method in class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever
 
getMappableAttributes() - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
 
getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
 
getMappedPort(Integer) - Method in class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
 
getMask() - Method in class org.springframework.security.acls.domain.AbstractPermission
 
getMask() - Method in interface org.springframework.security.acls.model.Permission
Returns the bits that represents the permission.
getMatcher() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry
 
getMatcher() - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry
 
getMatcher() - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint.DelegateEntry
 
getMatcher() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
 
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
 
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
 
getMatchers() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
 
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
 
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
 
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
 
getMatchingRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
Returns a wrapper around the saved request, if it matches the current request.
getMaxAge() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
getMaximumSessionsAllowed() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
 
getMaximumSessionsForThisUser(Authentication) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
Method intended for use by subclasses to override the maximum number of sessions that are permitted for a particular authentication.
getMaxLength() - Method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
 
getMessage() - Method in class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
Returns the HttpServletRequest.
getMessageMatchers() - Method in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
 
getMessages() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
getMessageTypeMatcher() - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
 
getMetadata() - Method in class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse
 
getMetadataMimeType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
 
getMetadataMimeType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
 
getMethod() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
Deprecated.
 
getMethod() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
getMethod() - Method in class org.springframework.security.util.SimpleMethodInvocation
 
getMethod() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getMethod() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getMethod() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getMethodInvocation() - Method in class org.springframework.security.authorization.method.MethodInvocationResult
Return the already-invoked MethodInvocation
getMethodMapSize() - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
 
getMethodSecurityMetadataSources() - Method in class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource
Deprecated.
 
getMiddleName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's middle name(s) (middle_name).
getMobile() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getModules(ClassLoader) - Static method in class org.springframework.security.jackson2.SecurityJackson2Modules
 
getName() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
getName() - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
getName() - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
getName() - Method in interface org.springframework.security.core.AuthenticatedPrincipal
Returns the name of the authenticated Principal.
getName() - Method in class org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal
 
getName() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
 
getName() - Method in interface org.springframework.security.oauth2.jose.JwaAlgorithm
Returns the algorithm name.
getName() - Method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
Returns the algorithm name.
getName() - Method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
Returns the algorithm name.
getName() - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
The principal name which is, by default, the Jwt's subject
getName() - Method in class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
 
getName() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
getName() - Method in class org.springframework.security.web.header.Header
Gets the name of the header.
getName() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
getNameIdFormat() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the NameID format.
getNewContext() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent
Get the SecurityContext set on the SecurityContextHolder as of this event
getNewSessionId() - Method in class org.springframework.security.core.session.SessionIdChangedEvent
Returns the new session ID.
getNewSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
Getter for the session ID after it was changed.
getNewSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
 
getNickName() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's nick name (nickname) that may or may not be the same as the (given_name).
getNonce() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns a String value (nonce) used to associate a Client session with an ID Token, and to mitigate replay attacks.
getNonceValiditySeconds() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
getNotBefore() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns a timestamp (nbf) indicating when the token is not to be used before
getNotBefore() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the Not Before (nbf) claim which identifies the time before which the JWT MUST NOT be accepted for processing.
getO() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getObject() - Method in class org.springframework.security.authorization.AuthorizationObservationContext
Get the object for which access was requested
getObject() - Method in class org.springframework.security.authorization.event.AuthorizationDeniedEvent
Get the object to which access was requested
getObject() - Method in class org.springframework.security.authorization.event.AuthorizationEvent
Get the object to which access was requested
getObject() - Method in class org.springframework.security.authorization.event.AuthorizationGrantedEvent
Get the object to which access was requested
getObject() - Method in class org.springframework.security.config.annotation.AbstractSecurityBuilder
Gets the object that was built.
getObject() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
getObject() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
 
getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
 
getObject() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
 
getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
 
getObject() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
 
getObject() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
 
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
 
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
 
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
 
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
 
getObject() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
 
getObject() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
 
getObject() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
 
getObjectIdentity() - Method in class org.springframework.security.acls.domain.AclImpl
 
getObjectIdentity() - Method in interface org.springframework.security.acls.model.Acl
Obtains the domain object this Acl provides entries for.
getObjectIdentity(Object) - Method in class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
 
getObjectIdentity(Object) - Method in interface org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy
 
getObjectType() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
getObjectType() - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
 
getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
 
getObjectType() - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
 
getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
 
getObjectType() - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
 
getObjectType() - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
 
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
 
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
 
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
 
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
 
getObjectType() - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
 
getObjectType() - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
 
getObjectType() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
 
getOldContext() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent
Get the SecurityContext set on the SecurityContextHolder immediately previous to this event
getOldSessionId() - Method in class org.springframework.security.core.session.SessionIdChangedEvent
Returns the old session ID.
getOldSessionId() - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
Getter for the session ID before it was changed.
getOldSessionId() - Method in class org.springframework.security.web.session.HttpSessionIdChangedEvent
 
getOrBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Similar to AbstractSecurityBuilder.build() and AbstractSecurityBuilder.getObject() but checks the state to determine if AbstractSecurityBuilder.build() needs to be called first.
getOrder() - Method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 
getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
 
getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 
getOrder() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
 
getOrder() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
getOrder() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
getOrder() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
 
getOrder() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
getOrder() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
 
getOrder() - Method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
 
getOrder() - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
 
getOrder() - Method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
getOrder() - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
 
getOrder() - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
 
getOrder() - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
 
getOrder() - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
Returns 11000.
getOrder() - Method in class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
Returns 10000.
getOrder() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
 
getOrder() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
getOriginalAuthentication() - Method in class org.springframework.security.access.intercept.RunAsUserToken
Deprecated.
 
getOu() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getOutputStream() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the calling getOutputStream().close() or getOutputStream().flush()
getOwner() - Method in class org.springframework.security.acls.domain.AclImpl
 
getOwner() - Method in interface org.springframework.security.acls.model.Acl
Determines the owner of the Acl.
getParameter() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
getParameter(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Get the name parameters, a short-hand for getParameters().get(name) Useful when specifying additional query parameters for the Logout Request
getParameter(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Get the name parameter, a short-hand for getParameters().get(name) Useful when specifying additional query parameters for the Logout Response
getParameterMap() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getParameterMap() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getParameterMap() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getParameterName() - Method in interface org.springframework.security.web.csrf.CsrfToken
Gets the HTTP parameter name that should contain the token.
getParameterName() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
 
getParameterName() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
Gets the HTTP parameter name that should contain the token.
getParameterName() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
 
getParameterNameDiscoverer() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
getParameterNames() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getParameterNames(Constructor<?>) - Method in class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
 
getParameterNames(Method) - Method in class org.springframework.security.core.parameters.AnnotationParameterNameDiscoverer
 
getParameters() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Get all parameters Useful when specifying additional query parameters for the Logout Request
getParameters() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Get all parameters Useful when specifying additional query parameters for the Logout Response
getParameterSpec(byte[]) - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
getParametersQuery() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Get an encoded query string of all parameters.
getParametersQuery() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Get an encoded query string of all parameters.
getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getParameterValues(String) - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getParameterValues(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getParent() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
getParentAcl() - Method in class org.springframework.security.acls.domain.AclImpl
 
getParentAcl() - Method in interface org.springframework.security.acls.model.Acl
A domain object may have a parent for the purpose of ACL inheritance.
getPassword() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
getPassword() - Method in class org.springframework.security.core.userdetails.User
 
getPassword() - Method in interface org.springframework.security.core.userdetails.UserDetails
Returns the password used to authenticate the user.
getPassword() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
getPassword() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest
Deprecated.
Returns the resource owner's password.
getPassword() - Method in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
 
getPasswordEncoder() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
getPasswordEncoder() - Method in class org.springframework.security.config.authentication.PasswordEncoderParser
 
getPasswordParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
getPath() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
getPathInfo() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getPathPatternParser() - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
 
getPathPatternParser() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 
getPattern() - Method in class org.springframework.security.acls.domain.AbstractPermission
 
getPattern() - Method in class org.springframework.security.acls.domain.CumulativePermission
 
getPattern() - Method in interface org.springframework.security.acls.model.Permission
Returns a 32-character long bit pattern String representing this permission.
getPattern() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
 
getPayload() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
 
getPayload() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
 
getPermission() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
getPermission() - Method in interface org.springframework.security.acls.model.AccessControlEntry
 
getPermissionEvaluator() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
getPhoneNumber() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's preferred phone number (phone_number).
getPhoneNumberVerified() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns true if the user's phone number has been verified (phone_number_verified), otherwise false.
getPicture() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the URL of the user's profile picture (picture).
getPointcut() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
Deprecated.
 
getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
 
getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
 
getPointcut() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
getPointcut() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
getPointcut() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
 
getPointcut() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
getPointcut() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
 
getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
 
getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
 
getPolicy() - Method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
 
getPolicy() - Method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
 
getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
 
getPolicy() - Method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
 
getPolicy() - Method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
getPort() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
getPort() - Method in interface org.springframework.security.ldap.server.EmbeddedLdapServerContainer
Returns the embedded LDAP server port.
getPort() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
getPortMapper() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
getPortMapper() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
getPortMapper() - Method in class org.springframework.security.web.PortResolverImpl
 
getPortResolver() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
getPortResolver() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
getPostalAddress() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getPostalCode() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getPostalCode() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
Returns the zip code or postal code.
getPostalCode() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
getPostAuthenticationChecks() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Override to extract the credentials (if applicable) from the current request.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
Credentials aren't usually applicable, but if a credentialsEnvironmentVariable is set, this will be read and used as the credentials value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
Credentials aren't usually applicable, but if a credentialsRequestHeader is set, this will be read and used as the credentials value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
For J2EE container-based authentication there is no generic way to retrieve the credentials, as such this method returns a fixed dummy value.
getPreAuthenticatedCredentials(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
 
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Override to extract the principal information from the current request
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
Return the J2EE user name.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
Read and returns the variable named by principalEnvironmentVariable from the request.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
Read and returns the header named by principalRequestHeader from the request.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
Return the WebSphere user name.
getPreAuthenticatedPrincipal(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
 
getPreAuthenticationChecks() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
getPreferredUsername() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the preferred username (preferred_username) that the user wishes to be referred to.
getPrincipal() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
getPrincipal() - Method in class org.springframework.security.access.intercept.RunAsUserToken
Deprecated.
 
getPrincipal() - Method in class org.springframework.security.acls.domain.PrincipalSid
 
getPrincipal() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
 
getPrincipal() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.authentication.TestingAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.cas.authentication.CasAssertionAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
getPrincipal() - Method in interface org.springframework.security.core.Authentication
The identity of the principal being authenticated.
getPrincipal() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
getPrincipal() - Method in class org.springframework.security.core.session.SessionInformation
 
getPrincipal() - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
Get the principals of the logged in user, in this case the distinguished name.
getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
Returns the End-User Authentication (Resource Owner).
getPrincipal() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
Returns the Principal (to be) associated to the authorized client.
getPrincipal() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns the Principal (to be) associated to the authorized client.
getPrincipal() - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
getPrincipal() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
 
getPrincipal() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
 
getPrincipal() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Always returns null.
getPrincipal() - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
getPrincipal() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
Get the principal
getPrincipal() - Method in class org.springframework.security.web.server.context.SecurityContextServerWebExchange
 
getPrincipalName() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
Returns the End-User's Principal name.
getPrincipalName() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
Returns the name of the End-User Principal (Resource Owner).
getPrincipalName() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
 
getPrivateKey() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
Get the private key for this credential
getPrivilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Gets the WebInvocationPrivilegeEvaluator to be used.
getProcessConfigAttribute() - Method in class org.springframework.security.acls.AclEntryVoter
 
getProcessDomainObjectClass() - Method in class org.springframework.security.access.vote.AbstractAclVoter
Deprecated.
 
getProcessDomainObjectClass() - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
getProfile() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the URL of the user's profile page (profile).
getProtectedFieldValue(String, Object) - Static method in class org.springframework.security.util.FieldUtils
 
getProviderDetails() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the details of the provider.
getProviders() - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
getProviders() - Method in class org.springframework.security.authentication.ProviderManager
 
getPublicKey() - Method in interface org.springframework.security.crypto.encrypt.RsaKeyHolder
 
getPublicKey() - Method in class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
getPublicKey() - Method in class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
getQueryString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.NullRoleHierarchy
 
getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.access.hierarchicalroles.RoleHierarchy
Returns an array of all reachable authorities.
getReachableGrantedAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
 
getRealmName() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
getRealmName() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
getRedirectStrategy() - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
getRedirectStrategy() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
 
getRedirectStrategy() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
getRedirectUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the uri (or uri template) for the redirection endpoint.
getRedirectUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the uri for the redirection endpoint.
getRedirectUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns the uri where the response was redirected to.
getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
 
getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
 
getRedirectUri(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
Get the URI that can be redirected to trigger the saved request to be used
getRedirectUri(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
 
getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
Indicates the URL that the user agent used for this request.
getRedirectUrl() - Method in interface org.springframework.security.web.savedrequest.SavedRequest
 
getRedirectUrl() - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
getRefreshToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
Returns the refresh token.
getRefreshToken() - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
Returns the refresh token.
getRefreshToken() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
Returns the refresh token credential granted.
getRefreshToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
Returns the refresh token credential granted.
getRefreshToken() - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
 
getRefreshToken() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
Returns the Refresh Token.
getRegion() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
Returns the state, province, prefecture, or region.
getRegion() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
getRegistrationId() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the identifier for the registration.
getRegistrationId() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the unique registration id for this RP/AP pair
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer
 
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer
Deprecated.
 
getRegistry() - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
Deprecated.
The StandardInterceptUrlRegistry is what users will interact with after applying the UrlAuthorizationConfigurer.
getRelativeName(String, Context) - Static method in class org.springframework.security.ldap.LdapUtils
Obtains the part of a DN relative to a supplied base context.
getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
Returns the RelayState value, if present in the parameters
getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
The relay state associated with this Logout Request
getRelayState() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
The relay state associated with this Logout Request
getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
The RelyingPartyRegistration representing this relying party
getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
The RelyingPartyRegistration representing this relying party
getRelyingPartyRegistration() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Get the resolved RelyingPartyRegistration associated with the request
getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
The identifier for the RelyingPartyRegistration associated with this request
getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
getRelyingPartyRegistrationId() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
The identifier for the RelyingPartyRegistration associated with this Logout Request
getRelyingPartyRegistrationId() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
Get the RelyingPartyRegistration identifier
getRememberMeServices() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
getRememberMeServices() - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
 
getRemoteAddress() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
Indicates the TCP/IP address the authentication request was received from.
getRemoteUser() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
Returns the principal's name, as obtained from the SecurityContextHolder.
getRequest() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
getRequest() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
getRequest() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext
Returns the HttpServletRequest.
getRequest() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
Deprecated.
 
getRequest() - Method in class org.springframework.security.web.FilterInvocation
 
getRequest() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
 
getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
 
getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
 
getRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
 
getRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
Returns the saved request, leaving it cached.
getRequestMatcher() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
getRequestMatcher() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
 
getRequestMatcher() - Method in class org.springframework.security.web.util.matcher.RequestMatcherEntry
 
getRequestURI() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getRequestUrl() - Method in class org.springframework.security.web.FilterInvocation
Obtains the web application-specific fragment of the URL.
getRequestURL() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getResponse() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
getResponse() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
getResponse() - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
Deprecated.
 
getResponse() - Method in class org.springframework.security.web.FilterInvocation
 
getResponse() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
 
getResponseLocation() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Get the response location of the asserting party's SingleLogoutService
getResponseType() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the response type.
getResult() - Method in class org.springframework.security.authorization.method.MethodInvocationResult
Return the result of the already-invoked MethodInvocation
getReturnObject() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
 
getRoleHierarchy() - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
getRolePrefix() - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
getRolePrefix() - Method in class org.springframework.security.access.vote.RoleVoter
Deprecated.
 
getRolePrefix() - Method in class org.springframework.security.config.core.GrantedAuthorityDefaults
The default prefix used with role based authorization.
getRolePrefix() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
getRolePrefix() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Returns the role prefix used by this populator Method available so that classes extending this can override
getRoomNumber() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getRootObject() - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
 
getRunAsManager() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
getSaml2Error() - Method in exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
Get the associated Saml2Error
getSaml2Response() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
Returns the SAML response object, as decoded XML.
getSaml2Response() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Returns inflated and decoded XML representation of the SAML 2 Response
getSamlRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest
Returns the AuthNRequest XML value to be sent.
getSamlRequest() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Get the signed and serialized <saml2:LogoutRequest> payload
getSamlResponse() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Get the signed and serialized <saml2:LogoutResponse> payload
getScheme() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getScope() - Method in class org.springframework.security.oauth2.server.resource.BearerTokenError
Return the scope.
getScopes() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
Returns the scope(s) to request.
getScopes() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns the scope(s) used for the client.
getScopes() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the scope(s).
getScopes() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken
Returns the scope(s) associated to the token.
getScopes() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the scopes (scope) associated with the token
getSecuredUiPrefix() - Static method in class org.springframework.security.taglibs.TagLibConfig
 
getSecuredUiSuffix() - Static method in class org.springframework.security.taglibs.TagLibConfig
 
getSecureKeyword() - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
getSecureObject() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
Deprecated.
 
getSecureObjectClass() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.
getSecureObjectClass() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
Deprecated.
 
getSecureObjectClass() - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
getSecureObjectClass() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
getSecurityContext() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
Deprecated.
 
getSecurityContextHolderStrategy() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
 
getSecurityContextRepository(HttpServletRequest) - Static method in class org.springframework.security.test.web.support.WebTestUtils
Gets the SecurityContextRepository for the specified HttpServletRequest.
getSecurityContexts() - Method in class org.springframework.security.core.session.SessionDestroyedEvent
Provides the SecurityContext instances which were associated with the destroyed session.
getSecurityContexts() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
 
getSecurityDispatcherTypes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Get the DispatcherType for the springSecurityFilterChain.
getSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
Deprecated.
 
getSecurityMetadataSource() - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
getSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
getSeries() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
 
getServerName() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getServerPort() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getServerPort(ServletRequest) - Method in interface org.springframework.security.web.PortResolver
Indicates the port the ServletRequest was received on.
getServerPort(ServletRequest) - Method in class org.springframework.security.web.PortResolverImpl
 
getService() - Method in class org.springframework.security.cas.ServiceProperties
Represents the service the user is authenticating to.
getService() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
getServiceParameter() - Method in class org.springframework.security.cas.ServiceProperties
Configures the Request parameter to look for when attempting to send a request to CAS.
getServiceProperties() - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
getServiceUrl() - Method in interface org.springframework.security.cas.authentication.ServiceAuthenticationDetails
Gets the absolute service url (i.e.
getServiceUrl() - Method in interface org.springframework.security.cas.web.authentication.ServiceAuthenticationDetails
Deprecated.
Gets the absolute service url (i.e.
getServletContext() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
getServletContext() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
getServletPath() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
getServletPath() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
getSession() - Method in class org.springframework.security.web.session.HttpSessionCreatedEvent
 
getSession() - Method in class org.springframework.security.web.session.HttpSessionDestroyedEvent
 
getSessionId() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
getSessionId() - Method in class org.springframework.security.core.session.SessionInformation
 
getSessionId() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns a String value (sid) representing the OIDC Provider session
getSessionId() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
Indicates the HttpSession id the authentication request was received from.
getSessionIndexes() - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
getSessionIndexes() - Method in interface org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal
 
getSessionInformation() - Method in class org.springframework.security.web.session.SessionInformationExpiredEvent
 
getSessionInformation(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
getSessionInformation(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
Gets the ReactiveSessionInformation for the specified session identifier.
getSessionInformation(String) - Method in interface org.springframework.security.core.session.SessionRegistry
Obtains the session information for the specified sessionId.
getSessionInformation(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
getSessions() - Method in class org.springframework.security.web.server.authentication.MaximumSessionsContext
 
getSessionTrackingModes() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Determines how a session should be tracked.
getSharedInstance() - Static method in class org.springframework.security.oauth2.core.converter.ClaimConversionService
Returns a shared instance of ClaimConversionService.
getSharedObject(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Gets a shared Object.
getSharedObject(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Gets a shared Object.
getSharedObjects() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Gets the shared objects
getSid() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
getSid() - Method in interface org.springframework.security.acls.model.AccessControlEntry
 
getSids(Authentication) - Method in class org.springframework.security.acls.domain.SidRetrievalStrategyImpl
 
getSids(Authentication) - Method in interface org.springframework.security.acls.model.SidRetrievalStrategy
 
getSigAlg() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
Returns the SigAlg value for Saml2MessageBinding.REDIRECT requests
getSignature() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
Returns the Signature value for Saml2MessageBinding.REDIRECT requests
getSigningAlgorithms() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get the list of org.opensaml.saml.ext.saml2alg.SigningMethod Algorithms for this asserting party, in preference order.
getSigningAlgorithms() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get the list of org.opensaml.saml.ext.saml2alg.SigningMethod Algorithms for this asserting party, in preference order.
getSigningX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the Collection of signing Saml2X509Credentials associated with this relying party
getSingleLogoutServiceBinding() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
getSingleLogoutServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
getSingleLogoutServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
getSingleLogoutServiceBindings() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
getSingleLogoutServiceLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
getSingleLogoutServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
getSingleLogoutServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
getSingleLogoutServiceResponseLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
getSingleLogoutServiceResponseLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
getSingleLogoutServiceResponseLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
getSingleSignOnServiceBinding() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get the SingleSignOnService Binding.
getSingleSignOnServiceBinding() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get the SingleSignOnService Binding.
getSingleSignOnServiceLocation() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get the SingleSignOnService Location.
getSingleSignOnServiceLocation() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get the SingleSignOnService Location.
getSn() - Method in class org.springframework.security.ldap.userdetails.Person
 
getSource() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
Returns the original user associated with a successful user switch.
getSource(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
 
getState() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
Returns the state.
getState() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns the state.
getStatelessTicketCache() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
getStaticPart() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
Deprecated.
 
getStaticPart() - Method in class org.springframework.security.util.SimpleMethodInvocation
 
getStatus() - Method in exception org.springframework.security.ldap.ppolicy.PasswordPolicyException
 
getStreet() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getStreetAddress() - Method in interface org.springframework.security.oauth2.core.oidc.AddressStandardClaim
Returns the full street address, which may include house number, street name, P.O.
getStreetAddress() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
getStringSeparator() - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
getSubject() - Method in interface org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimAccessor
Returns the Subject identifier (sub).
getSubject() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns usually a machine-readable identifier (sub) of the resource owner who authorized the token
getSubject() - Method in interface org.springframework.security.oauth2.core.oidc.IdTokenClaimAccessor
Returns the Subject identifier (sub).
getSubject() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the Subject identifier (sub).
getSubject() - Method in interface org.springframework.security.oauth2.jwt.JwtClaimAccessor
Returns the Subject (sub) claim which identifies the principal that is the subject of the JWT.
getSubjectToken() - Method in class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest
Returns the subject token.
getSuccessHandler() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
getSuccessHandler() - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
getSupportedMediaTypes() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
getTargetUrlParameter() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
 
getTargetUser() - Method in class org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent
 
getTelephoneNumber() - Method in class org.springframework.security.ldap.userdetails.Person
 
getThis() - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
 
getThis() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
Deprecated.
 
getThis() - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
 
getThis() - Method in class org.springframework.security.util.SimpleMethodInvocation
 
getTicketValidator() - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
getTimeBeforeExpiration() - Method in interface org.springframework.security.ldap.ppolicy.PasswordPolicyData
 
getTimeBeforeExpiration() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Returns the timeBeforeExpiration.
getTimeBeforeExpiration() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
getTitle() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getToken() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
Get the token bound to this Authentication.
getToken() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken
Get the Bearer Token
getToken() - Method in class org.springframework.security.rsocket.metadata.BearerTokenMetadata
 
getToken() - Method in interface org.springframework.security.web.csrf.CsrfToken
Gets the token value.
getToken() - Method in class org.springframework.security.web.csrf.DefaultCsrfToken
 
getToken() - Method in interface org.springframework.security.web.server.csrf.CsrfToken
Gets the token value.
getToken() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
 
getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken
Returns the attributes of the access token.
getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication
 
getTokenAttributes() - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
 
getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
 
getTokenForSeries(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
Loads the token data for the supplied series identifier.
getTokenForSeries(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
 
getTokenResponse(JwtBearerGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
Deprecated.
 
getTokenResponse(OAuth2AuthorizationCodeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
Deprecated.
 
getTokenResponse(OAuth2ClientCredentialsGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
Deprecated.
 
getTokenResponse(OAuth2PasswordGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
Deprecated.
 
getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
Deprecated.
 
getTokenResponse(OAuth2RefreshTokenGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient
 
getTokenResponse(TokenExchangeGrantRequest) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
Deprecated.
 
getTokenResponse(T) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
 
getTokenResponse(T) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
 
getTokenResponse(T) - Method in interface org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
Exchanges the authorization grant credential, provided in the authorization grant request, for an access token credential at the Authorization Server's Token Endpoint.
getTokenResponse(T) - Method in interface org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient
Exchanges the authorization grant credential, provided in the authorization grant request, for an access token credential at the Authorization Server's Token Endpoint.
getTokenType() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken
Returns the token type.
getTokenType() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the type of the token (token_type), for example bearer.
getTokenUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
Returns the uri for the token endpoint.
getTokenValiditySeconds() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
getTokenValue() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken
 
getTokenValue() - Method in interface org.springframework.security.authentication.ott.OneTimeToken
 
getTokenValue() - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
Returns the one-time token value
getTokenValue() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
Returns the token value.
getTokenValue() - Method in interface org.springframework.security.oauth2.core.OAuth2Token
Returns the token value.
getTokenValue() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
 
getTranslatedPortMappings() - Method in class org.springframework.security.web.PortMapperImpl
Returns the translated (Integer -> Integer) version of the original port mapping specified via setHttpsPortMapping()
getTrustResolver() - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
getType() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
 
getType() - Method in interface org.springframework.security.acls.model.ObjectIdentity
Obtains the "type" metadata for the domain object.
getType() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the type header that declares the media type of the JWS/JWE.
getType() - Method in interface org.springframework.security.rsocket.api.PayloadExchange
 
getType() - Method in class org.springframework.security.rsocket.core.DefaultPayloadExchange
 
getUid() - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
getUpdatedAt() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the time the user's information was last updated (updated_at).
getUri() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint
Returns the uri for the user info endpoint.
getUri() - Method in class org.springframework.security.oauth2.core.OAuth2Error
Returns the error uri.
getUrl() - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
getUrl() - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
getUrn() - Method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
Returns the URN value from the SAML 2 specification for this binding.
getUserAttributes() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
getUserCache() - Method in class org.springframework.security.authentication.CachingUserDetailsService
 
getUserCache() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
getUserCache() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
getUserCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns the User Code.
getUserDetails() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
getUserDetailsContextMapper() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Provides access to the injected UserDetailsContextMapper strategy for use by subclasses.
getUserDetailsService() - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
 
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
Gets the UserDetailsService that is used with the DaoAuthenticationProvider
getUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer
Gets the UserDetailsService or null if it is not available
getUserDetailsService() - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
getUserDetailsService() - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
getUserDns(String) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
Builds list of possible DNs for the user, worked out from the userDnPatterns property.
getUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache
 
getUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
 
getUserFromCache(String) - Method in interface org.springframework.security.core.userdetails.UserCache
Obtains a UserDetails from the cache.
getUserInfo() - Method in class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser
 
getUserInfo() - Method in interface org.springframework.security.oauth2.core.oidc.user.OidcUser
Returns the UserInfo containing claims about the user.
getUserInfo() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Returns the UserInfo containing claims about the user, may be null.
getUserInfoEndpoint() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails
Returns the details of the UserInfo Endpoint.
getUsername() - Method in class org.springframework.security.authentication.ott.DefaultOneTimeToken
 
getUsername() - Method in class org.springframework.security.authentication.ott.GenerateOneTimeTokenRequest
 
getUsername() - Method in interface org.springframework.security.authentication.ott.OneTimeToken
 
getUsername() - Method in class org.springframework.security.core.userdetails.User
 
getUsername() - Method in interface org.springframework.security.core.userdetails.UserDetails
Returns the username used to authenticate the user.
getUsername() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
getUsername() - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest
Deprecated.
Returns the resource owner's username.
getUsername() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns a human-readable identifier (username) for the resource owner that authorized the token
getUsername() - Method in class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
 
getUsername() - Method in class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
 
getUsername(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Returns the name of the target user.
getUserNameAttributeName() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint
Returns the attribute name used to access the user's name from the user info response.
getUserNameAttributeName() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
Returns the attribute name used to access the user's name from the attributes.
getUsernameParameter() - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
getUserPrincipal() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
Returns the Authentication (which is a subclass of Principal), or null if unavailable.
getUserRoles(HttpServletRequest) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
Obtains the list of user roles based on the current user's JEE roles.
getUsersByUsernameQuery() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
getUserSearch() - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
getValue() - Method in class org.springframework.security.oauth2.core.AuthenticationMethod
Returns the value of the authentication method type.
getValue() - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType
Returns the value of the authorization grant type.
getValue() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
Returns the value of the client authentication method.
getValue() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
Returns the value of the authorization response type.
getValue() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
Returns the value of the token type.
getValue() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
getValues() - Method in class org.springframework.security.web.header.Header
Gets the values of the header.
getVar() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
getVariables() - Method in class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
Returns the extracted variable values where the key is the variable name and the value is the variable value.
getVariables() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
 
getVariables() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
Gets potential variables and their values
getVariables() - Method in class org.springframework.security.web.access.intercept.RequestAuthorizationContext
Returns the extracted variable values where the key is the variable name and the value is the variable value.
getVariables() - Method in class org.springframework.security.web.server.authorization.AuthorizationContext
 
getVariables() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
Gets potential variables and their values
getVariables() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
Returns the extracted variable values where the key is the variable name and the value is the variable value
getVerificationUri() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns the end-user verification URI.
getVerificationUriComplete() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns the end-user verification URI that includes the user code.
getVerificationX509Credentials() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get all verification Saml2X509Credentials associated with this asserting party
getVerificationX509Credentials() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get all verification Saml2X509Credentials associated with this asserting party
getVersion() - Static method in class org.springframework.security.core.SpringSecurityCoreVersion
 
getVersion() - Method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
 
getVersion() - Method in class org.springframework.security.web.savedrequest.SavedCookie
Deprecated, for removal: This API element is subject to removal in a future version.
getWantAuthnRequestsSigned() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
getWantAuthnRequestsSigned() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
Get the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
getWebFilters() - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
 
getWebFilters() - Method in interface org.springframework.security.web.server.SecurityWebFilterChain
The WebFilter to use
getWebSecurityConfigurers() - Method in class org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents
 
getWebsite() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the URL of the user's web page or blog (website).
getWriter() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the getWriter().close() or getWriter().flush()
getX509CertificateChain() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
getX509SHA1Thumbprint() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a.
getX509SHA256Thumbprint() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.
getX509Url() - Method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
getZoneInfo() - Method in interface org.springframework.security.oauth2.core.oidc.StandardClaimAccessor
Returns the user's time zone (zoneinfo).
GITHUB - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 
GIVEN_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
given_name - the user's given name(s) or first name(s)
givenName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this given name in the resulting OidcUserInfo
GLOBAL_METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
 
GlobalAuthenticationConfigurerAdapter - Class in org.springframework.security.config.annotation.authentication.configuration
A SecurityConfigurer that can be exposed as a bean to configure the global AuthenticationManagerBuilder.
GlobalAuthenticationConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
 
GlobalMethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method
Deprecated.
GlobalMethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser
Deprecated.
 
GlobalMethodSecurityConfiguration - Class in org.springframework.security.config.annotation.method.configuration
Deprecated.
Use PrePostMethodSecurityConfiguration, SecuredMethodSecurityConfiguration, or Jsr250MethodSecurityConfiguration instead
GlobalMethodSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
 
gmtZone - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
GMT time zone - all HTTP dates are on GMT
GOOGLE - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 
grant(Principal) - Method in interface org.springframework.security.authentication.jaas.AuthorityGranter
The grant method is called for each principal returned from the LoginContext subject.
GRANT_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
grant_type - used in Access Token Request.
GrantedAuthoritiesContainer - Interface in org.springframework.security.core.authority
Indicates that a object stores GrantedAuthority objects.
GrantedAuthoritiesMapper - Interface in org.springframework.security.core.authority.mapping
Mapping interface which can be injected into the authentication layer to convert the authorities loaded from storage into those which will be used in the Authentication object.
GrantedAuthority - Interface in org.springframework.security.core
Represents an authority granted to an Authentication object.
GrantedAuthorityDefaults - Class in org.springframework.security.config.core
Allows providing defaults for GrantedAuthority
GrantedAuthorityDefaults(String) - Constructor for class org.springframework.security.config.core.GrantedAuthorityDefaults
 
GrantedAuthorityFromAssertionAttributesUserDetailsService - Class in org.springframework.security.cas.userdetails
Populates the GrantedAuthoritys for a user by reading a list of attributes that were returned as part of the CAS response.
GrantedAuthorityFromAssertionAttributesUserDetailsService(String[]) - Constructor for class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService
 
GrantedAuthoritySid - Class in org.springframework.security.acls.domain
Represents a GrantedAuthority as a Sid.
GrantedAuthoritySid(String) - Constructor for class org.springframework.security.acls.domain.GrantedAuthoritySid
 
GrantedAuthoritySid(GrantedAuthority) - Constructor for class org.springframework.security.acls.domain.GrantedAuthoritySid
 
groupAuthoritiesByUsername(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
An SQL statement to query user's group authorities given a username.
GroupManager - Interface in org.springframework.security.provisioning
Allows management of groups of authorities and their members.
groupRoleAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Specifies the attribute name which contains the role name.
groupSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
The search base for group membership searches.
groupSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
The LDAP filter to search for groups.
groupSearchSubtree(boolean) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
If set to true, a subtree scope search will be performed for group membership.

H

handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
 
handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler
Handles a request using a CsrfToken.
handle(HttpServletRequest, HttpServletResponse, Supplier<CsrfToken>) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
Collect error details from the provided parameters and format according to RFC 6750, specifically error, error_description, error_uri, and scope.
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in interface org.springframework.security.web.access.AccessDeniedHandler
Handles an access denied failure.
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.CompositeAccessDeniedHandler
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.DelegatingAccessDeniedHandler
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.NoOpAccessDeniedHandler
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
 
handle(HttpServletRequest, HttpServletResponse, AccessDeniedException) - Method in class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
 
handle(HttpServletRequest, HttpServletResponse, OneTimeToken) - Method in interface org.springframework.security.web.authentication.ott.GeneratedOneTimeTokenHandler
Handles generated one-time tokens
handle(HttpServletRequest, HttpServletResponse, OneTimeToken) - Method in class org.springframework.security.web.authentication.ott.RedirectGeneratedOneTimeTokenHandler
 
handle(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
Invokes the configured RedirectStrategy with the URL returned by the determineTargetUrl method.
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.CompositeRequestRejectedHandler
 
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.DefaultRequestRejectedHandler
 
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
 
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler
 
handle(HttpServletRequest, HttpServletResponse, RequestRejectedException) - Method in interface org.springframework.security.web.firewall.RequestRejectedHandler
Handles an request rejected failure.
handle(Callback, Authentication) - Method in interface org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler
Handle the Callback.
handle(Callback, Authentication) - Method in class org.springframework.security.authentication.jaas.JaasNameCallbackHandler
If the callback passed to the 'handle' method is an instance of NameCallback, the JaasNameCallbackHandler will call, callback.setName(authentication.getPrincipal().toString()).
handle(Callback, Authentication) - Method in class org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
If the callback passed to the 'handle' method is an instance of PasswordCallback, the JaasPasswordCallbackHandler will call, callback.setPassword(authentication.getCredentials().toString()).
handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler
 
handle(MaximumSessionsContext) - Method in class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler
 
handle(MaximumSessionsContext) - Method in interface org.springframework.security.web.server.authentication.ServerMaximumSessionsExceededHandler
Handles the scenario when the maximum number of sessions for a user has been reached.
handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
 
handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
 
handle(ServerWebExchange, AccessDeniedException) - Method in interface org.springframework.security.web.server.authorization.ServerAccessDeniedHandler
 
handle(ServerWebExchange, AccessDeniedException) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
 
handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
 
handle(ServerWebExchange, Mono<CsrfToken>) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
Handles a request using a CsrfToken.
handle(ServerWebExchange, Mono<CsrfToken>) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
 
HandleAuthorizationDenied - Annotation Interface in org.springframework.security.authorization.method
Annotation for specifying handling behavior when an authorization denied happens in method security or an AuthorizationDeniedException is thrown during method invocation
handleBindException(String, String, Throwable) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
Allows subclasses to inspect the exception thrown by an attempt to bind with a particular DN.
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
 
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
 
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
 
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
 
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler
 
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
 
handleDeniedInvocation(MethodInvocation, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
 
handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in interface org.springframework.security.authorization.method.MethodAuthorizationDeniedHandler
Handle denied method invocations, implementations might either throw an AuthorizationDeniedException or a replacement result instead of invoking the method, e.g.
handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
 
handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
 
handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler
 
handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
 
handleDeniedInvocationResult(MethodInvocationResult, AuthorizationResult) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
 
handleError(ClientHttpResponse) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
 
handleLogout(SessionDestroyedEvent) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Handles the logout by getting the security contexts for the destroyed session and invoking LoginContext.logout() for any which contain a JaasAuthenticationToken.
handlerClass() - Element in annotation interface org.springframework.security.authorization.method.HandleAuthorizationDenied
The MethodAuthorizationDeniedHandler used to handle denied authorization results
HandlerMappingIntrospectorRequestTransformer - Class in org.springframework.security.web.access
Transforms by passing it into HandlerMappingIntrospector.setCache(HttpServletRequest).
HandlerMappingIntrospectorRequestTransformer(HandlerMappingIntrospector) - Constructor for class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer
 
handleToken(CsrfToken) - Method in class org.springframework.security.taglibs.csrf.CsrfInputTag
 
handleToken(CsrfToken) - Method in class org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
 
hasAnyAuthority(String...) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
hasAnyAuthority(String...) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
hasAnyAuthority(String...) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Creates an instance of AuthorityAuthorizationManager with the provided authorities.
hasAnyAuthority(String...) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
Creates an instance of AuthorityReactiveAuthorizationManager with the provided authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specifies that a user requires one of many authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs requires any of a number authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specifies that a user requires one of many authorities
hasAnyAuthority(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Message instances requires any of a number authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require any authority
hasAnyAuthority(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Message instances requires any of a number authorities.
hasAnyAuthority(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specifies that a user requires one of many authorities.
hasAnyRole(String...) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() has any of the specified authorities within Authentication.getAuthorities().
hasAnyRole(String...) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
hasAnyRole(String...) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Creates an instance of AuthorityAuthorizationManager with the provided authorities.
hasAnyRole(String...) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
Creates an instance of AuthorityReactiveAuthorizationManager with the provided authorities.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specifies that a user requires one of many roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Shortcut for specifying URLs require any of a number of roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specifies that a user requires one of many roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Shortcut for specifying Message instances require any of a number of roles.
hasAnyRole(String...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require any specific role.
hasAnyRole(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Shortcut for specifying Message instances require any of a number of roles.
hasAnyRole(String...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specifies that a user requires one of many roles.
hasAnyRole(String, String[]) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Creates an instance of AuthorityAuthorizationManager with the provided authorities.
hasAnyScope(String...) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers
Create an AuthorizationManager that requires an Authentication to have at least one authority among SCOPE_scope1, SCOPE_scope2, ...
hasAnyScope(String...) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers
Create a ReactiveAuthorizationManager that requires an Authentication to have at least one authority among SCOPE_scope1, SCOPE_scope2, ...
hasAuthority(String) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().
hasAuthority(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
hasAuthority(String) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Creates an instance of AuthorityAuthorizationManager with the provided authority.
hasAuthority(String) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
Creates an instance of AuthorityReactiveAuthorizationManager with the provided authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specifies a user requires an authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs require a particular authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specifies a user requires an authority.
hasAuthority(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Message instances require a particular authority.
hasAuthority(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require a specific authority.
hasAuthority(String) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Message instances require a particular authority.
hasAuthority(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specifies a user requires an authority.
hasClaim(String) - Method in interface org.springframework.security.oauth2.core.ClaimAccessor
Returns true if the claim exists in ClaimAccessor.getClaims(), otherwise false.
hasError() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Checks whether an error is present.
hasError(ClientHttpResponse) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
 
hasErrors() - Method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
Say whether this result indicates success
hasErrors() - Method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Say whether this result indicates success
hasErrors() - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
Say whether this result indicates success
hashCode() - Method in class org.springframework.security.access.SecurityConfig
 
hashCode() - Method in class org.springframework.security.acls.domain.AbstractPermission
 
hashCode() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
hashCode() - Method in class org.springframework.security.acls.domain.AclImpl
 
hashCode() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
 
hashCode() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
Important so caching operates properly.
hashCode() - Method in class org.springframework.security.acls.domain.PrincipalSid
 
hashCode() - Method in interface org.springframework.security.acls.model.ObjectIdentity
 
hashCode() - Method in interface org.springframework.security.acls.model.Sid
Refer to the java.lang.Object documentation for the interface contract.
hashCode() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
hashCode() - Method in class org.springframework.security.authentication.AnonymousAuthenticationToken
 
hashCode() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
 
hashCode() - Method in class org.springframework.security.authentication.RememberMeAuthenticationToken
 
hashCode() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
hashCode() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
 
hashCode() - Method in class org.springframework.security.core.context.SecurityContextImpl
 
hashCode() - Method in class org.springframework.security.core.token.DefaultToken
 
hashCode() - Method in class org.springframework.security.core.userdetails.User
Returns the hashcode of the username.
hashCode() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
 
hashCode() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
hashCode() - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
 
hashCode() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
 
hashCode() - Method in class org.springframework.security.oauth2.core.AbstractOAuth2Token
 
hashCode() - Method in class org.springframework.security.oauth2.core.AuthenticationMethod
 
hashCode() - Method in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
hashCode() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
hashCode() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
 
hashCode() - Method in class org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType
 
hashCode() - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim
 
hashCode() - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo
 
hashCode() - Method in class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
 
hashCode() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
 
hashCode() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
 
hashCode() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
 
hashCode() - Method in class org.springframework.security.util.InMemoryResource
 
hashCode() - Method in class org.springframework.security.web.access.intercept.RequestKey
 
hashCode() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
 
hashCode() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
 
hashCode() - Method in class org.springframework.security.web.header.Header
 
hashCode() - Method in class org.springframework.security.web.server.csrf.DefaultCsrfToken
 
hashCode() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
hashCode() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
 
hashCode() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
 
hashpw(byte[], String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Hash a password using the OpenBSD bcrypt scheme
hashpw(String, String) - Static method in class org.springframework.security.crypto.bcrypt.BCrypt
Hash a password using the OpenBSD bcrypt scheme
hasIpAddress(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs requires a specific IP Address or subnet.
hasIpAddress(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require a specific IP address or range using an IP/Netmask (e.g.
hasIpAddress(String) - Method in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
Takes a specific IP address or a range using the IP/Netmask (e.g.
hasIpAddress(String) - Static method in class org.springframework.security.web.access.IpAddressAuthorizationManager
Creates an instance of IpAddressAuthorizationManager with the provided IP address.
hasIpAddress(String) - Static method in class org.springframework.security.web.server.authorization.IpAddressReactiveAuthorizationManager
Creates an instance of IpAddressReactiveAuthorizationManager with the provided IP address.
hasMoreElements() - Method in class org.springframework.security.web.savedrequest.Enumerator
Tests if this enumeration contains more elements.
hasPermission(Object, Object) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the target given the permission
hasPermission(Object, Object) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
hasPermission(Object, String, Object) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() has permission to access the domain object with a given id, type, and permission.
hasPermission(Object, String, Object) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
hasPermission(Authentication, Serializable, String, Object) - Method in class org.springframework.security.access.expression.DenyAllPermissionEvaluator
 
hasPermission(Authentication, Serializable, String, Object) - Method in interface org.springframework.security.access.PermissionEvaluator
Alternative method for evaluating a permission where only the identifier of the target object is available, rather than the target instance itself.
hasPermission(Authentication, Serializable, String, Object) - Method in class org.springframework.security.acls.AclPermissionEvaluator
 
hasPermission(Authentication, Object) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
hasPermission(Authentication, Object, Object) - Method in class org.springframework.security.access.expression.DenyAllPermissionEvaluator
 
hasPermission(Authentication, Object, Object) - Method in interface org.springframework.security.access.PermissionEvaluator
 
hasPermission(Authentication, Object, Object) - Method in class org.springframework.security.acls.AclPermissionEvaluator
Determines whether the user has the given permission(s) on the domain object using the ACL configuration.
hasRole(String) - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() has a particular authority within Authentication.getAuthorities().
hasRole(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
hasRole(String) - Static method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Creates an instance of AuthorityAuthorizationManager with the provided authority.
hasRole(String) - Static method in class org.springframework.security.authorization.AuthorityReactiveAuthorizationManager
Creates an instance of AuthorityReactiveAuthorizationManager with the provided authority.
hasRole(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specifies a user requires a role.
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Shortcut for specifying URLs require a particular role.
hasRole(String) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specifies a user requires a role.
hasRole(String) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Shortcut for specifying Message instances require a particular role.
hasRole(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Require a specific role.
hasRole(String) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Shortcut for specifying Message instances require a particular role.
hasRole(String) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specifies a user requires a role.
hasScope(String) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers
Create an AuthorizationManager that requires an Authentication to have a SCOPE_scope authority.
hasScope(String) - Static method in class org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers
Create a ReactiveAuthorizationManager that requires an Authentication to have a SCOPE_scope authority.
hasVariable(String) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that a path variable in URL to be compared.
hasWarning() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Checks whether a warning is present.
HaveIBeenPwnedRestApiPasswordChecker - Class in org.springframework.security.web.authentication.password
Checks if the provided password was leaked by relying on Have I Been Pwned REST API.
HaveIBeenPwnedRestApiPasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
 
HaveIBeenPwnedRestApiReactivePasswordChecker - Class in org.springframework.security.web.authentication.password
Checks if the provided password was leaked by relying on Have I Been Pwned REST API.
HaveIBeenPwnedRestApiReactivePasswordChecker() - Constructor for class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
 
header(String, Object) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the header.
header(String, Object) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this header in the resulting Jwt
header(String, String...) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter.Builder
 
Header - Class in org.springframework.security.web.header
Represents a Header to be added to the HttpServletResponse
Header(String, String...) - Constructor for class org.springframework.security.web.header.Header
Creates a new instance
HEADER - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod
 
HeaderBearerTokenResolver - Class in org.springframework.security.oauth2.server.resource.web
Generic resolver extracting pre-authenticated JWT identity from a custom header.
HeaderBearerTokenResolver(String) - Constructor for class org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver
 
headers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
headers() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
headers(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
A Consumer to be provided access to the headers allowing the ability to add, replace, or remove.
headers(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Provides access to every Jwt.Builder.header(String, Object) declared so far with the possibility to add, replace, or remove.
headers(Customizer<HeadersConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds the Security headers to the response.
headers(Customizer<ServerHttpSecurity.HeaderSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures HTTP Response Headers.
HEADERS - Static variable in class org.springframework.security.config.Elements
 
HeadersBeanDefinitionParser - Class in org.springframework.security.config.http
Parser for the HeadersFilter.
HeadersBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HeadersBeanDefinitionParser
 
HeadersConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds the Security HTTP headers to the response.
HeadersConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Creates a new instance
HeadersConfigurer.CacheControlConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.ContentSecurityPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.ContentTypeOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.CrossOriginEmbedderPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.CrossOriginOpenerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.CrossOriginResourcePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.FeaturePolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.FrameOptionsConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.HpkpConfig - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
HeadersConfigurer.HstsConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.PermissionsPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.ReferrerPolicyConfig - Class in org.springframework.security.config.annotation.web.configurers
 
HeadersConfigurer.XXssConfig - Class in org.springframework.security.config.annotation.web.configurers
 
headerValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig
Sets the value of the X-XSS-PROTECTION header.
headerValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.XssProtectionSpec
Sets the value of x-xss-protection header.
HeaderWriter - Interface in org.springframework.security.web.header
Contract for writing headers to a HttpServletResponse
HeaderWriterFilter - Class in org.springframework.security.web.header
Filter implementation to add headers to the current response.
HeaderWriterFilter(List<HeaderWriter>) - Constructor for class org.springframework.security.web.header.HeaderWriterFilter
Creates a new instance.
HeaderWriterLogoutHandler - Class in org.springframework.security.web.authentication.logout
 
HeaderWriterLogoutHandler(HeaderWriter) - Constructor for class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
Constructs a new instance using the passed HeaderWriter implementation
HeaderWriterServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
A ServerLogoutHandler implementation which writes HTTP headers during logout.
HeaderWriterServerLogoutHandler(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
Constructs a new instance using the ServerHttpHeadersWriter implementation.
Hex - Class in org.springframework.security.crypto.codec
Hex data encoder.
hideUserNotFoundExceptions - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
HpkpHeaderWriter - Class in org.springframework.security.web.header.writers
Deprecated.
HpkpHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Creates a new instance
HpkpHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Creates a new instance
HpkpHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Creates a new instance
HpkpHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Creates a new instance
HS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
HMAC using SHA-256 (Required)
HS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
HMAC using SHA-256 (Required)
HS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
HMAC using SHA-384 (Optional)
HS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
HMAC using SHA-384 (Optional)
HS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
HMAC using SHA-512 (Optional)
HS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
HMAC using SHA-512 (Optional)
hsts() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures the Strict Transport Security response headers
HstsHeaderWriter - Class in org.springframework.security.web.header.writers
HstsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
HstsHeaderWriter(boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
HstsHeaderWriter(long) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
HstsHeaderWriter(long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
HstsHeaderWriter(long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
HstsHeaderWriter(RequestMatcher, long, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
HstsHeaderWriter(RequestMatcher, long, boolean, boolean) - Constructor for class org.springframework.security.web.header.writers.HstsHeaderWriter
Creates a new instance
http() - Static method in class org.springframework.security.config.web.server.ServerHttpSecurity
Creates a new instance.
http(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
Adds a port mapping
HTTP - Static variable in class org.springframework.security.config.Elements
 
HTTP_BASIC - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
Instance of AuthenticationWebFilter
HTTP_FIREWALL - Static variable in class org.springframework.security.config.Elements
 
HTTP_HEADERS_WRITER - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
Http403ForbiddenEntryPoint - Class in org.springframework.security.web.authentication
In the pre-authenticated authentication case (unlike CAS, for example) the user will already have been identified through some external mechanism and a secure context established by the time the security-enforcement filter is invoked.
Http403ForbiddenEntryPoint() - Constructor for class org.springframework.security.web.authentication.Http403ForbiddenEntryPoint
 
httpBasic() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
httpBasic() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
httpBasic(String, String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username and password.
httpBasic(Customizer<HttpBasicConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures HTTP Basic authentication.
httpBasic(Customizer<ServerHttpSecurity.HttpBasicSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures HTTP Basic authentication.
HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers
Adds HTTP basic based authentication.
HttpBasicConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
Creates a new instance
HttpBasicServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication
Prompts a user for HTTP Basic authentication.
HttpBasicServerAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
 
httpFirewall(HttpFirewall) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Allows customizing the HttpFirewall.
HttpFirewall - Interface in org.springframework.security.web.firewall
Interface which can be used to reject potentially dangerous requests and/or wrap them to control their behaviour.
HttpFirewallBeanDefinitionParser - Class in org.springframework.security.config.http
Injects the supplied HttpFirewall bean reference into the FilterChainProxy.
HttpFirewallBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
 
HttpHeaderWriterWebFilter - Class in org.springframework.security.web.server.header
Invokes a ServerHttpHeadersWriter on ReactiveHttpOutputMessage.beforeCommit(java.util.function.Supplier).
HttpHeaderWriterWebFilter(ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.HttpHeaderWriterWebFilter
 
httpPublicKeyPinning() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated.
httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated.
HttpRequestResponseHolder - Class in org.springframework.security.web.context
HttpRequestResponseHolder(HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.context.HttpRequestResponseHolder
Deprecated.
 
HTTPS_REDIRECT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
HttpSecurity - Class in org.springframework.security.config.annotation.web.builders
A HttpSecurity is similar to Spring Security's XML <http> element in the namespace configuration.
HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.HttpSecurity
Creates a new instance
HttpSecurity.RequestMatcherConfigurer - Class in org.springframework.security.config.annotation.web.builders
Allows mapping HTTP requests that this HttpSecurity will be used for
HttpSecurityBeanDefinitionParser - Class in org.springframework.security.config.http
Sets up HTTP security: filter stack and protected URLs.
HttpSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser
 
HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean - Class in org.springframework.security.config.http
 
HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory - Class in org.springframework.security.config.http
 
HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor - Class in org.springframework.security.config.http
 
HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> - Interface in org.springframework.security.config.annotation.web
 
httpServletRequest(HttpServletRequest) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the HttpServletRequest used to look up and save the OAuth2AuthorizedClient.
httpServletResponse(HttpServletResponse) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the HttpServletResponse used to save the OAuth2AuthorizedClient.
HttpSessionCreatedEvent - Class in org.springframework.security.web.session
Published by the HttpSessionEventPublisher when an HttpSession is created by the container
HttpSessionCreatedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionCreatedEvent
 
HttpSessionCsrfTokenRepository - Class in org.springframework.security.web.csrf
A CsrfTokenRepository that stores the CsrfToken in the HttpSession.
HttpSessionCsrfTokenRepository() - Constructor for class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
 
HttpSessionDestroyedEvent - Class in org.springframework.security.web.session
Published by the HttpSessionEventPublisher when a HttpSession is removed from the container
HttpSessionDestroyedEvent(HttpSession) - Constructor for class org.springframework.security.web.session.HttpSessionDestroyedEvent
 
HttpSessionEventPublisher - Class in org.springframework.security.web.session
Declared in web.xml as
HttpSessionEventPublisher() - Constructor for class org.springframework.security.web.session.HttpSessionEventPublisher
 
HttpSessionIdChangedEvent - Class in org.springframework.security.web.session
Published by the HttpSessionEventPublisher when an HttpSession ID is changed.
HttpSessionIdChangedEvent(HttpSession, String) - Constructor for class org.springframework.security.web.session.HttpSessionIdChangedEvent
 
HttpSessionLogoutRequestRepository - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
An implementation of an Saml2LogoutRequestRepository that stores Saml2LogoutRequest in the HttpSession.
HttpSessionLogoutRequestRepository() - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
 
HttpSessionOAuth2AuthorizationRequestRepository - Class in org.springframework.security.oauth2.client.web
An implementation of an AuthorizationRequestRepository that stores OAuth2AuthorizationRequest in the HttpSession.
HttpSessionOAuth2AuthorizationRequestRepository() - Constructor for class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
 
HttpSessionOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web
An implementation of an OAuth2AuthorizedClientRepository that stores OAuth2AuthorizedClient's in the HttpSession.
HttpSessionOAuth2AuthorizedClientRepository() - Constructor for class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
 
HttpSessionRequestCache - Class in org.springframework.security.web.savedrequest
RequestCache which stores the SavedRequest in the HttpSession.
HttpSessionRequestCache() - Constructor for class org.springframework.security.web.savedrequest.HttpSessionRequestCache
 
HttpSessionSaml2AuthenticationRequestRepository - Class in org.springframework.security.saml2.provider.service.web
A Saml2AuthenticationRequestRepository implementation that uses HttpSession to store and retrieve the AbstractSaml2AuthenticationRequest
HttpSessionSaml2AuthenticationRequestRepository() - Constructor for class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
 
HttpSessionSecurityContextRepository - Class in org.springframework.security.web.context
A SecurityContextRepository implementation which stores the security context in the HttpSession between requests.
HttpSessionSecurityContextRepository() - Constructor for class org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
HttpsRedirectSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
 
HttpsRedirectWebFilter - Class in org.springframework.security.web.server.transport
Redirects any non-HTTPS request to its HTTPS equivalent.
HttpsRedirectWebFilter() - Constructor for class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
 
httpsRedirectWhen(Function<ServerWebExchange, Boolean>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
httpsRedirectWhen(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
Configures when this filter should redirect to https By default, the filter will redirect whenever an exchange's scheme is not https
HttpStatusEntryPoint - Class in org.springframework.security.web.authentication
An AuthenticationEntryPoint that sends a generic HttpStatus as a response.
HttpStatusEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.authentication.HttpStatusEntryPoint
Creates a new instance.
HttpStatusRequestRejectedHandler - Class in org.springframework.security.web.firewall
A simple implementation of RequestRejectedHandler that sends an error with configurable status code.
HttpStatusRequestRejectedHandler() - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
Constructs an instance which uses 400 as response code.
HttpStatusRequestRejectedHandler(int) - Constructor for class org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler
Constructs an instance which uses a configurable http code as response.
HttpStatusReturningLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
Implementation of the LogoutSuccessHandler.
HttpStatusReturningLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
Initialize the HttpStatusLogoutSuccessHandler with the default HttpStatus.OK.
HttpStatusReturningLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
Initialize the HttpStatusLogoutSuccessHandler with a user-defined HttpStatus.
HttpStatusReturningServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout
Implementation of the ServerLogoutSuccessHandler.
HttpStatusReturningServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
Initialize the HttpStatusReturningServerLogoutSuccessHandler with the default HttpStatus.OK.
HttpStatusReturningServerLogoutSuccessHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
Initialize the HttpStatusReturningServerLogoutSuccessHandler with a user-defined HttpStatus.
HttpStatusServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization
Sets the provided HTTP Status when access is denied.
HttpStatusServerAccessDeniedHandler(HttpStatus) - Constructor for class org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler
Creates an instance with the provided status
HttpStatusServerEntryPoint - Class in org.springframework.security.web.server.authentication
A ServerAuthenticationEntryPoint that sends a generic HttpStatus as a response.
HttpStatusServerEntryPoint(HttpStatus) - Constructor for class org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint
 
httpStrictTransportSecurity() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
httpStrictTransportSecurity(Customizer<HeadersConfigurer.HstsConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows customizing the HstsHeaderWriter which provides support for HTTP Strict Transport Security (HSTS).

I

IAT - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
iat - the time at which the ID Token was issued
IAT - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
iat - A timestamp indicating when the token was issued
IAT - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
iat - the time at which the ID Token was issued
IAT - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
iat - The Issued at claim identifies the time at which the JWT was issued
id - Variable in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
id(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the JWT ID (jti) claim, which provides a unique identifier for the JWT.
id(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
This is the unique id used in the AbstractSaml2AuthenticationRequest.Builder.samlRequest
id(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
ID_TOKEN - Static variable in class org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
id_token - used in the Access Token Response.
IDENTITY - Static variable in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
 
IdentityUnavailableException - Exception in org.springframework.security.acls.domain
Thrown if an ACL identity could not be extracted from an object.
IdentityUnavailableException(String) - Constructor for exception org.springframework.security.acls.domain.IdentityUnavailableException
Constructs an IdentityUnavailableException with the specified message.
IdentityUnavailableException(String, Throwable) - Constructor for exception org.springframework.security.acls.domain.IdentityUnavailableException
Constructs an IdentityUnavailableException with the specified message and root cause.
idToken(Consumer<OidcIdToken.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided OidcIdToken when constructing the authenticated user
idToken(Consumer<OidcIdToken.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided OidcIdToken when constructing the authenticated user
IdTokenClaimAccessor - Interface in org.springframework.security.oauth2.core.oidc
A ClaimAccessor for the "claims" that can be returned in the ID Token, which provides information about the authentication of an End-User by an Authorization Server.
IdTokenClaimNames - Class in org.springframework.security.oauth2.core.oidc
The names of the "claims" defined by the OpenID Connect Core 1.0 specification that can be returned in the ID Token.
IF_REQUIRED - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
Spring Security will only create an HttpSession if required
ignoring() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Allows adding RequestMatcher instances that Spring Security should ignore.
ignoringRequestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Allows specifying HttpServletRequest that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
ignoringRequestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Allows specifying HttpServletRequests that should not use CSRF Protection even if they match the CsrfConfigurer.requireCsrfProtectionMatcher(RequestMatcher).
implies(String...) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder.ImpliedRoles
Specifies implied role(s) for the current role in the hierarchy.
inboundChannelSecurity(MessageSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
inboundMessageSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
includeSubdomains(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
Configures if subdomains should be included.
includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
includeSubDomains(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
If true, subdomains should be considered HSTS Hosts too.
INET_ORG_PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
InetOrgPerson - Class in org.springframework.security.ldap.userdetails
UserDetails implementation whose properties are based on a subset of the LDAP schema for inetOrgPerson.
InetOrgPerson() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPerson
 
InetOrgPerson.Essence - Class in org.springframework.security.ldap.userdetails
 
InetOrgPersonContextMapper - Class in org.springframework.security.ldap.userdetails
 
InetOrgPersonContextMapper() - Constructor for class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper
 
init() - Method in class org.springframework.security.config.SecurityNamespaceHandler
 
init(B) - Method in interface org.springframework.security.config.annotation.SecurityConfigurer
Initialize the SecurityBuilder.
init(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
 
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
 
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
 
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
init(B) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Initialize the SecurityBuilder.
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.DefaultLoginPageConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
 
init(H) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
 
init(FilterConfig) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
Not used (we rely on IoC container lifecycle services instead)
init(FilterConfig) - Method in class org.springframework.security.web.debug.DebugFilter
 
init(AuthenticationManagerBuilder) - Method in class org.springframework.security.config.annotation.authentication.configuration.GlobalAuthenticationConfigurerAdapter
 
initDao() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
initDao() - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
initDao() - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
 
initExtractorMap() - Method in class org.springframework.security.web.util.ThrowableAnalyzer
Initializes associations between Throwables and ThrowableCauseExtractors.
initialize() - Static method in class org.springframework.security.saml2.core.OpenSamlInitializationService
Ready OpenSAML for use and configure it with reasonable defaults.
initialize(Subject, CallbackHandler, Map, Map) - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Initialize this LoginModule.
initializeAuthenticationProviderBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
initializeUserDetailsBeanManagerConfigurer(ApplicationContext) - Static method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
 
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
Populates the users that have been added.
initUserDetailsService() - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
Allows subclasses to initialize the UserDetailsService.
inMemoryAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Add in memory authentication to the AuthenticationManagerBuilder and return a InMemoryUserDetailsManagerConfigurer to allow customization of the in memory authentication.
InMemoryClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration
InMemoryClientRegistrationRepository(List<ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
Constructs an InMemoryClientRegistrationRepository using the provided parameters.
InMemoryClientRegistrationRepository(Map<String, ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
Constructs an InMemoryClientRegistrationRepository using the provided Map of registration id to ClientRegistration.
InMemoryClientRegistrationRepository(ClientRegistration...) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
Constructs an InMemoryClientRegistrationRepository using the provided parameters.
InMemoryConfiguration - Class in org.springframework.security.authentication.jaas.memory
An in memory representation of a JAAS configuration.
InMemoryConfiguration(Map<String, AppConfigurationEntry[]>) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
Creates a new instance with a mapping of login context name to an array of AppConfigurationEntrys.
InMemoryConfiguration(Map<String, AppConfigurationEntry[]>, AppConfigurationEntry[]) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
Creates a new instance with a mapping of login context name to an array of AppConfigurationEntrys along with a default configuration that will be used if no mapping is found for the given login context name.
InMemoryConfiguration(AppConfigurationEntry[]) - Constructor for class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
Creates a new instance with only a defaultConfiguration.
InMemoryOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
Constructs an InMemoryOAuth2AuthorizedClientService using the provided parameters.
InMemoryOAuth2AuthorizedClientService(ClientRegistrationRepository, Map<OAuth2AuthorizedClientId, OAuth2AuthorizedClient>) - Constructor for class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
Constructs an InMemoryOAuth2AuthorizedClientService using the provided parameters.
InMemoryOidcSessionRegistry - Class in org.springframework.security.oauth2.client.oidc.session
An in-memory implementation of OidcSessionRegistry
InMemoryOidcSessionRegistry() - Constructor for class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
 
InMemoryOneTimeTokenService - Class in org.springframework.security.authentication.ott
Provides an in-memory implementation of the OneTimeTokenService interface that uses a ConcurrentHashMap to store the generated OneTimeToken.
InMemoryOneTimeTokenService() - Constructor for class org.springframework.security.authentication.ott.InMemoryOneTimeTokenService
 
InMemoryReactiveClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration
A Reactive ClientRegistrationRepository that stores ClientRegistration(s) in-memory.
InMemoryReactiveClientRegistrationRepository(List<ClientRegistration>) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
Constructs an InMemoryReactiveClientRegistrationRepository using the provided parameters.
InMemoryReactiveClientRegistrationRepository(ClientRegistration...) - Constructor for class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
Constructs an InMemoryReactiveClientRegistrationRepository using the provided parameters.
InMemoryReactiveOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
InMemoryReactiveOAuth2AuthorizedClientService(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
Constructs an InMemoryReactiveOAuth2AuthorizedClientService using the provided parameters.
InMemoryReactiveOidcSessionRegistry - Class in org.springframework.security.oauth2.client.oidc.server.session
An in-memory implementation of ReactiveOidcSessionRegistry
InMemoryReactiveOidcSessionRegistry() - Constructor for class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
 
InMemoryReactiveSessionRegistry - Class in org.springframework.security.core.session
Provides an in-memory implementation of ReactiveSessionRegistry.
InMemoryReactiveSessionRegistry() - Constructor for class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
InMemoryReactiveSessionRegistry(ConcurrentMap<Object, Set<String>>, Map<String, ReactiveSessionInformation>) - Constructor for class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
InMemoryRelyingPartyRegistrationRepository - Class in org.springframework.security.saml2.provider.service.registration
An in-memory implementation of RelyingPartyRegistrationRepository.
InMemoryRelyingPartyRegistrationRepository(Collection<RelyingPartyRegistration>) - Constructor for class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
 
InMemoryRelyingPartyRegistrationRepository(RelyingPartyRegistration...) - Constructor for class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
 
InMemoryResource - Class in org.springframework.security.util
An in memory implementation of Spring's Resource interface.
InMemoryResource(byte[]) - Constructor for class org.springframework.security.util.InMemoryResource
 
InMemoryResource(byte[], String) - Constructor for class org.springframework.security.util.InMemoryResource
 
InMemoryResource(String) - Constructor for class org.springframework.security.util.InMemoryResource
 
InMemoryTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme
Simple PersistentTokenRepository implementation backed by a Map.
InMemoryTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
 
InMemoryUserDetailsManager - Class in org.springframework.security.provisioning
Non-persistent implementation of UserDetailsManager which is backed by an in-memory map.
InMemoryUserDetailsManager() - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
InMemoryUserDetailsManager(Collection<UserDetails>) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
InMemoryUserDetailsManager(Properties) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
InMemoryUserDetailsManager(UserDetails...) - Constructor for class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
Configures an AuthenticationManagerBuilder to have in memory authentication.
InMemoryUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer
Creates a new instance
InsecureChannelProcessor - Class in org.springframework.security.web.access.channel
Ensures channel security is inactive by review of HttpServletRequest.isSecure() responses.
InsecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
insertAce(int, Permission, Sid, boolean) - Method in class org.springframework.security.acls.domain.AclImpl
 
insertAce(int, Permission, Sid, boolean) - Method in interface org.springframework.security.acls.model.MutableAcl
 
insertFilters(ServletContext, Filter...) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
instance - Variable in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
INSTANCE - Static variable in class org.springframework.security.web.util.matcher.AnyRequestMatcher
 
INSUFFICIENT_PASSWORD_QUALITY - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
INSUFFICIENT_SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
insufficient_scope - The request requires higher privileges than provided by the access token.
INSUFFICIENT_SCOPE - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
insufficient_scope - The request requires higher privileges than provided by the access token.
InsufficientAuthenticationException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.
InsufficientAuthenticationException(String) - Constructor for exception org.springframework.security.authentication.InsufficientAuthenticationException
Constructs an InsufficientAuthenticationException with the specified message.
InsufficientAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.authentication.InsufficientAuthenticationException
Constructs an InsufficientAuthenticationException with the specified message and root cause.
insufficientScope(String, String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors
Create a BearerTokenError caused by an invalid token
InteractiveAuthenticationSuccessEvent - Class in org.springframework.security.authentication.event
Indicates an interactive authentication was successful.
InteractiveAuthenticationSuccessEvent(Authentication, Class<?>) - Constructor for class org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent
 
intercept(HttpRequest, byte[], ClientHttpRequestExecution) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
 
intercept(PayloadExchange, PayloadInterceptorChain) - Method in interface org.springframework.security.rsocket.api.PayloadInterceptor
Process the Web request and (optionally) delegate to the next PayloadInterceptor through the given PayloadInterceptorChain.
intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
 
intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
 
intercept(PayloadExchange, PayloadInterceptorChain) - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
 
INTERCEPT_MESSAGE - Static variable in class org.springframework.security.config.Elements
 
INTERCEPT_METHODS - Static variable in class org.springframework.security.config.Elements
 
INTERCEPT_URL - Static variable in class org.springframework.security.config.Elements
 
InterceptMethodsBeanDefinitionDecorator - Class in org.springframework.security.config.method
 
InterceptMethodsBeanDefinitionDecorator() - Constructor for class org.springframework.security.config.method.InterceptMethodsBeanDefinitionDecorator
 
InterceptorStatusToken - Class in org.springframework.security.access.intercept
Deprecated.
Use delegation with AuthorizationManager
InterceptorStatusToken(SecurityContext, boolean, Collection<ConfigAttribute>, Object) - Constructor for class org.springframework.security.access.intercept.InterceptorStatusToken
Deprecated.
 
INTERNAL_VALIDATION_ERROR - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
An error happened during validation.
InternalAuthenticationServiceException - Exception in org.springframework.security.authentication
Thrown if an authentication request could not be processed due to a system problem that occurred internally.
InternalAuthenticationServiceException(String) - Constructor for exception org.springframework.security.authentication.InternalAuthenticationServiceException
 
InternalAuthenticationServiceException(String, Throwable) - Constructor for exception org.springframework.security.authentication.InternalAuthenticationServiceException
 
interval(long) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
Sets the minimum amount of time (in seconds) that the client should wait between polling requests to the token endpoint.
INTERVAL - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
interval - used in Device Authorization Response.
introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
 
introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
 
introspect(String) - Method in interface org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
Introspect and verify the given token, returning its attributes.
introspect(String) - Method in interface org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector
Introspect and verify the given token, returning its attributes.
introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
 
introspect(String) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
 
introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
 
introspectionClientCredentials(String, String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
Configures the credentials for Introspection endpoint
introspectionUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
 
introspectionUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
Configures the URI of the Introspection endpoint
introspector(OpaqueTokenIntrospector) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer
 
introspector(ReactiveOpaqueTokenIntrospector) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec
 
INVALID_ASSERTION - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The assertion was not valid.
INVALID_CLIENT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
invalid_client - Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).
INVALID_DESTINATION - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
Response destination does not match the request URL.
INVALID_GRANT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
invalid_grant - The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
INVALID_IN_RESPONSE_TO - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The InResponseTo content of the response does not match the ID of the AuthNRequest.
INVALID_ISSUER - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
An Issuer element contained a value that didn't https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15
INVALID_REDIRECT_URI - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
invalid_redirect_uri - The value of one or more redirection URIs is invalid.
INVALID_REQUEST - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
invalid_request - The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
INVALID_REQUEST - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
invalid_request - The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.
INVALID_REQUEST - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
Request is invalid in a general way.
INVALID_RESPONSE - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
Response is invalid in a general way.
INVALID_SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
invalid_scope - The requested scope is invalid, unknown, malformed or exceeds the scope granted by the resource owner.
INVALID_SIGNATURE - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The signature of response or assertion was invalid.
INVALID_TOKEN - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
invalid_token - The access token provided is expired, revoked, malformed, or invalid for other reasons.
INVALID_TOKEN - Static variable in class org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes
invalid_token - The access token provided is expired, revoked, malformed, or invalid for other reasons.
invalidate() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
invalidateHttpSession(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Configures SecurityContextLogoutHandler to invalidate the HttpSession at the time of logout.
InvalidateLeastUsedServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication
Implementation of ServerMaximumSessionsExceededHandler that invalidates the least recently used ReactiveSessionInformation and removes the related sessions from the WebSessionStore.
InvalidateLeastUsedServerMaximumSessionsExceededHandler(WebSessionStore) - Constructor for class org.springframework.security.web.server.authentication.InvalidateLeastUsedServerMaximumSessionsExceededHandler
 
InvalidBearerTokenException - Exception in org.springframework.security.oauth2.server.resource
An OAuth2AuthenticationException that indicates an invalid bearer token.
InvalidBearerTokenException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.InvalidBearerTokenException
Construct an instance of InvalidBearerTokenException given the provided description.
InvalidBearerTokenException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.InvalidBearerTokenException
Construct an instance of InvalidBearerTokenException given the provided description and cause The description will be wrapped into an OAuth2Error instance as the error_description.
InvalidCookieException - Exception in org.springframework.security.web.authentication.rememberme
Exception thrown by a RememberMeServices implementation to indicate that a submitted cookie is of an invalid format or has expired.
InvalidCookieException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.InvalidCookieException
 
InvalidCsrfTokenException - Exception in org.springframework.security.web.csrf
Thrown when an expected CsrfToken exists, but it does not match the value present on the HttpServletRequest
InvalidCsrfTokenException(CsrfToken, String) - Constructor for exception org.springframework.security.web.csrf.InvalidCsrfTokenException
 
InvalidOneTimeTokenException - Exception in org.springframework.security.authentication.ott
An AuthenticationException that indicates an invalid one-time token.
InvalidOneTimeTokenException(String) - Constructor for exception org.springframework.security.authentication.ott.InvalidOneTimeTokenException
 
invalidRequest(String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors
Create a BearerTokenError caused by an invalid request
InvalidSessionAccessDeniedHandler - Class in org.springframework.security.web.session
InvalidSessionAccessDeniedHandler(InvalidSessionStrategy) - Constructor for class org.springframework.security.web.session.InvalidSessionAccessDeniedHandler
Creates a new instance
invalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Setting this attribute will inject the provided invalidSessionStrategy into the SessionManagementFilter.
InvalidSessionStrategy - Interface in org.springframework.security.web.session
Determines the behaviour of the SessionManagementFilter when an invalid session Id is submitted and detected in the SessionManagementFilter.
invalidSessionUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Setting this attribute will inject the SessionManagementFilter with a SimpleRedirectInvalidSessionStrategy configured with the attribute value.
invalidToken(String) - Static method in class org.springframework.security.oauth2.server.resource.BearerTokenErrors
Create a BearerTokenError caused by an invalid token
INVOCATION_ATTRIBUTE_FACTORY - Static variable in class org.springframework.security.config.Elements
 
INVOCATION_HANDLING - Static variable in class org.springframework.security.config.Elements
 
INVOCATIONTARGET_EXTRACTOR - Static variable in class org.springframework.security.web.util.ThrowableAnalyzer
Default extractor for InvocationTargetException instances.
invoke(MethodInvocation) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
Deprecated.
This method should be used to enforce security on a MethodInvocation.
invoke(MethodInvocation) - Method in class org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor
Deprecated.
 
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
Determine if an Authentication has access to the MethodInvocation using the AuthorizationManager.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
Determines if an Authentication has access to the returned object from the MethodInvocation using the configured ReactiveAuthorizationManager.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Determine if an Authentication has access to the MethodInvocation using the configured AuthorizationManager.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
Determines if an Authentication has access to the MethodInvocation using the configured ReactiveAuthorizationManager.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
Filter a returnedObject using the PostFilter annotation that the MethodInvocation specifies.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
Filters the returned object from the MethodInvocation by evaluating an expression from the PostFilter annotation.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
Filter the method argument specified in the PreFilter annotation that MethodInvocation specifies.
invoke(MethodInvocation) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
Filters a reactive method argument by evaluating an expression from the PreFilter annotation.
invoke(JoinPoint) - Method in class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
Deprecated.
Method that is suitable for user with @Aspect notation.
invoke(JoinPoint, AspectJCallback) - Method in class org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor
Deprecated.
Method that is suitable for user with traditional AspectJ-code aspects.
invoke(FilterInvocation) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
invokeAll(Collection) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
invokeAll(Collection, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
invokeAny(Collection) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
invokeAny(Collection, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
IpAddressAuthorizationManager - Class in org.springframework.security.web.access
A AuthorizationManager, that determines if the current request contains the specified address or range of addresses
IpAddressMatcher - Class in org.springframework.security.web.util.matcher
Matches a request based on IP Address or subnet mask matching against the remote address.
IpAddressMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.IpAddressMatcher
Takes a specific IP address or a range specified using the IP/Netmask (e.g.
IpAddressReactiveAuthorizationManager - Class in org.springframework.security.web.server.authorization
A ReactiveAuthorizationManager, that determines if the current request contains the specified address or range of addresses
IpAddressServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Matches a request based on IP Address or subnet mask matching against the remote address.
IpAddressServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
Takes a specific IP address or a range specified using the IP/Netmask (e.g.
IS_AUTHENTICATED_ANONYMOUSLY - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
IS_AUTHENTICATED_FULLY - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
IS_AUTHENTICATED_REMEMBERED - Static variable in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
isAbsoluteUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils
Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
isAccountNonExpired() - Method in class org.springframework.security.core.userdetails.User
 
isAccountNonExpired() - Method in interface org.springframework.security.core.userdetails.UserDetails
Indicates whether the user's account has expired.
isAccountNonExpired() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
isAccountNonLocked() - Method in class org.springframework.security.core.userdetails.User
 
isAccountNonLocked() - Method in interface org.springframework.security.core.userdetails.UserDetails
Indicates whether the user is locked or unlocked.
isAccountNonLocked() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
isAclClassIdSupported() - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
isActive() - Method in interface org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor
Returns the indicator (active) whether or not the token is currently active
isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
 
isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
Deprecated.
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
isAllowed(String, String, String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(String, String, String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI, with the given .
isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
 
isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
Deprecated.
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(String, Authentication) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(String, Authentication) - Method in interface org.springframework.security.web.access.WebInvocationPrivilegeEvaluator
Determines whether the user represented by the supplied Authentication object is allowed to invoke the supplied URI.
isAllowed(MethodInvocation, Authentication) - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
Deprecated.
 
isAllowIfAllAbstainDecisions() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
isAllowIfEqualGrantedDeniedDecisions() - Method in class org.springframework.security.access.vote.ConsensusBased
Deprecated.
 
isAllowSessionCreation() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
isAlwaysReauthenticate() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
isAlwaysUseDefaultTargetUrl() - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
 
isAnonymous() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
isAnonymous() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
isAnonymous(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
Indicates whether the passed Authentication token represents an anonymous user.
isAnonymous(Authentication) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
 
isAsyncSecuritySupported() - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
Determine if the springSecurityFilterChain should be marked as supporting asynch.
isAuditFailure() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
isAuditFailure() - Method in interface org.springframework.security.acls.model.AuditableAccessControlEntry
 
isAuditSuccess() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
isAuditSuccess() - Method in interface org.springframework.security.acls.model.AuditableAccessControlEntry
 
isAuthenticateAllArtifacts() - Method in class org.springframework.security.cas.ServiceProperties
 
isAuthenticated() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines ifthe SecurityExpressionOperations.getAuthentication() is authenticated
isAuthenticated() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
isAuthenticated() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
isAuthenticated() - Method in interface org.springframework.security.core.Authentication
Used to indicate to AbstractSecurityInterceptor whether it should present the authentication token to the AuthenticationManager.
isAuthenticated() - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
 
isAuthenticated(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
Checks if the Authentication is not null, authenticated, and not anonymous.
isAuthnRequestsSigned() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Get the AuthnRequestsSigned setting.
isBase64(byte[]) - Static method in class org.springframework.security.crypto.codec.Base64
Deprecated.
 
isChangeAfterReset() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
 
isCleared() - Method in class org.springframework.security.core.context.SecurityContextChangedEvent
Say whether the event is a context-clearing event.
isCompromised() - Method in class org.springframework.security.authentication.password.CompromisedPasswordDecision
 
isConfigured() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Determines if the AuthenticationManagerBuilder is configured to build a non null AuthenticationManager.
isContextHolderRefreshRequired() - Method in class org.springframework.security.access.intercept.InterceptorStatusToken
Deprecated.
 
isContextRelative() - Method in class org.springframework.security.web.DefaultRedirectStrategy
Returns true, if the redirection URL should be calculated minus the protocol and context path (defaults to false).
isContextSaved() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
Tells if the response wrapper has called saveContext() because of this wrapper.
isConvertToUpperCase() - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Returns true if role names are converted to uppercase Method available so that classes extending this can override
isCredentialsNonExpired() - Method in class org.springframework.security.core.userdetails.User
 
isCredentialsNonExpired() - Method in interface org.springframework.security.core.userdetails.UserDetails
Indicates whether the user's credentials (password) has expired.
isCredentialsNonExpired() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
isCritical() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
Returns whether the control is critical for the client.
isCustomLoginPage() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
isDecryptionCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
Indicate whether this credential can be used for decryption
isDisableOnResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Returns true if OnCommittedResponseWrapper.onResponseCommitted() will be invoked when the response is committed, else false.
isEnabled() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
isEnabled() - Method in class org.springframework.security.core.userdetails.User
 
isEnabled() - Method in interface org.springframework.security.core.userdetails.UserDetails
Indicates whether the user is enabled or disabled.
isEnabled() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
isEnabled() - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
isEncryptionCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
Indicate whether this credential can be used for encryption
isEntriesInheriting() - Method in class org.springframework.security.acls.domain.AclImpl
 
isEntriesInheriting() - Method in interface org.springframework.security.acls.model.Acl
Indicates whether the ACL entries from the Acl.getParentAcl() should flow down into the current Acl.
isEraseCredentialsAfterAuthentication() - Method in class org.springframework.security.authentication.ProviderManager
 
isExpired() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
isExpired() - Method in class org.springframework.security.core.session.SessionInformation
 
isExpired() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
 
isForceHttps() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
isForcePrincipalAsString() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
isFullyAuthenticated() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() authenticated without the use of remember me
isFullyAuthenticated() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
isFullyAuthenticated(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
Indicates whether the passed Authentication token represents a fully authenticated user (that is, neither anonymous or remember-me).
isGenerated() - Method in interface org.springframework.security.core.context.DeferredSecurityContext
Returns true if Supplier.get() refers to a generated SecurityContext or false if it already existed.
isGenerated() - Method in interface org.springframework.security.web.csrf.DeferredCsrfToken
Returns true if DeferredCsrfToken.get() refers to a generated CsrfToken or false if it already existed.
isGranted() - Method in class org.springframework.security.authorization.AuthorizationDecision
 
isGranted() - Method in exception org.springframework.security.authorization.AuthorizationDeniedException
 
isGranted() - Method in interface org.springframework.security.authorization.AuthorizationResult
 
isGranted(List<Permission>, List<Sid>, boolean) - Method in class org.springframework.security.acls.domain.AclImpl
Delegates to the PermissionGrantingStrategy.
isGranted(List<Permission>, List<Sid>, boolean) - Method in interface org.springframework.security.acls.model.Acl
This is the actual authorization logic method, and must be used whenever ACL authorization decisions are required.
isGranted(AccessControlEntry, Permission) - Method in class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy
Compares an ACE Permission to the given Permission.
isGranted(Acl, List<Permission>, List<Sid>, boolean) - Method in class org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy
Determines authorization.
isGranted(Acl, List<Permission>, List<Sid>, boolean) - Method in interface org.springframework.security.acls.model.PermissionGrantingStrategy
Returns true if the supplied strategy decides that the supplied Acl grants access based on the supplied list of permissions and sids.
isGranting() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
isGranting() - Method in interface org.springframework.security.acls.model.AccessControlEntry
Indicates the permission is being granted to the relevant Sid.
isHideUserNotFoundExceptions() - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
isHtmlEscape() - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
Return the HTML escaping setting for this tag, or the default setting if not overridden.
isIgnoreFailure() - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
isIgnoreUnknown() - Method in class org.springframework.security.authorization.method.PrePostTemplateDefaults
Deprecated.
Whether template resolution should ignore placeholders it doesn't recognize.
isIgnoreUnknown() - Method in class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults
Whether template resolution should ignore placeholders it doesn't recognize.
isInvalidateHttpSession() - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
 
isLocked() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Determines whether an account locked error has been returned.
isLogInteractiveAuthenticationSuccessEvents() - Method in class org.springframework.security.authentication.event.LoggerListener
 
isMatch() - Method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
 
isMatch() - Method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
 
isMatch() - Method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
 
isMergeEnabled() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
 
isMergeEnabled() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
 
isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
 
isObserveOncePerRequest() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
Indicates whether once-per-request handling will be observed.
isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
 
isPerInstance() - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
 
isRejectPublicInvocations() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
isRememberMe() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Determines if the SecurityExpressionOperations.getAuthentication() was authenticated using remember me
isRememberMe() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
isRememberMe(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationTrustResolver
Indicates whether the passed Authentication token represents user that has been remembered (i.e.
isRememberMe(Authentication) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
 
isRequest() - Method in enum class org.springframework.security.rsocket.api.PayloadExchangeType
Determines if this exchange is a type of request (i.e.
isRunning() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
isRunning() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
ISS - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
iss - the Issuer identifier
ISS - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
iss - The issuer of the token
ISS - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
iss - the Issuer identifier
ISS - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
iss - the Issuer claim identifies the principal that issued the JWT
isSecure() - Method in class org.springframework.security.web.savedrequest.SavedCookie
 
isSendRenew() - Method in class org.springframework.security.cas.ServiceProperties
Indicates whether the renew parameter should be sent to the CAS login URL and CAS validation URL.
isShutdown() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
isSidLoaded(List<Sid>) - Method in class org.springframework.security.acls.domain.AclImpl
 
isSidLoaded(List<Sid>) - Method in interface org.springframework.security.acls.model.Acl
For efficiency reasons an Acl may be loaded and not contain entries for every Sid in the system.
isSigningCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
Indicate whether this credential can be used for signing
isSimpDestPathMatcherConfigured() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
isSingleton() - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
isSingleton() - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
 
isStateless() - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
ISSUED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
issued_token_type - used in Token Exchange Access Token Response.
issuedAt(Instant) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this issued-at timestamp in the resulting OidcLogoutToken
issuedAt(Instant) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this issued-at timestamp in the resulting OidcIdToken
issuedAt(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this issued-at timestamp in the resulting Jwt
issuedAt(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the issued at (iat) claim, which identifies the time at which the JWT was issued.
issuer(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this issuer in the resulting OidcLogoutToken
issuer(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this issuer in the resulting OidcIdToken
issuer(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this issuer in the resulting Jwt
issuer(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the issuer (iss) claim, which identifies the principal that issued the JWT.
issuerUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the issuer identifier uri for the OpenID Connect 1.0 provider or the OAuth 2.0 Authorization Server.
isTerminated() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
isTokenExpired(long) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
 
isUiSecurityDisabled() - Static method in class org.springframework.security.taglibs.TagLibConfig
 
isUseForward() - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
isUseForward() - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
isUserInRole(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
Simple searches for an exactly matching GrantedAuthority.getAuthority().
isUsernameBasedPrimaryKey() - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
isUsingGraceLogins() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
 
isValid() - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
isValidateConfigAttributes() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
isValidRedirectUrl(String) - Static method in class org.springframework.security.web.util.UrlUtils
Returns true if the supplied URL starts with a "/" or is absolute.
isVerificationCredential() - Method in class org.springframework.security.saml2.core.Saml2X509Credential
Indicate whether this credential can be used for verification
IterableRelyingPartyRegistrationRepository - Interface in org.springframework.security.saml2.provider.service.registration
An interface that simplifies APIs which require the RelyingPartyRegistrationRepository to also be Iterable
iterator() - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
 
iterator() - Method in class org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
Returns an Iterator of ClientRegistration.
iterator() - Method in class org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository
Returns an Iterator of ClientRegistration.
iterator() - Method in class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository
Returns an Iterator of ClientRegistration.
iterator() - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
iterator() - Method in class org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository
 

J

J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.j2ee
Implementation of AuthenticationDetailsSource which converts the user's J2EE roles (as obtained by calling HttpServletRequest.isUserInRole(String)) into GrantedAuthoritys and stores these in the authentication details object.
J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 
j2eeMappableRoles - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
The role attributes returned by the configured MappableAttributesRetriever
j2eePreAuthenticatedProcessingFilter(J2eePreAuthenticatedProcessingFilter) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
Allows specifying the J2eePreAuthenticatedProcessingFilter to use.
J2eePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.j2ee
This AbstractPreAuthenticatedProcessingFilter implementation is based on the J2EE container-based authentication mechanism.
J2eePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter
 
j2eeUserRoles2GrantedAuthoritiesMapper - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 
JaasApiIntegrationFilter - Class in org.springframework.security.web.jaasapi
A Filter which attempts to obtain a JAAS Subject and continue the FilterChain running as that Subject.
JaasApiIntegrationFilter() - Constructor for class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
 
JaasAuthenticationCallbackHandler - Interface in org.springframework.security.authentication.jaas
The JaasAuthenticationCallbackHandler is similar to the javax.security.auth.callback.CallbackHandler interface in that it defines a handle method.
JaasAuthenticationEvent - Class in org.springframework.security.authentication.jaas.event
Parent class for events fired by the JaasAuthenticationProvider.
JaasAuthenticationEvent(Authentication) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationEvent
The Authentication object is stored as the ApplicationEvent 'source'.
JaasAuthenticationFailedEvent - Class in org.springframework.security.authentication.jaas.event
Fired when LoginContext.login throws a LoginException, or if any other exception is thrown during that time.
JaasAuthenticationFailedEvent(Authentication, Exception) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent
 
JaasAuthenticationProvider - Class in org.springframework.security.authentication.jaas
An AuthenticationProvider implementation that retrieves user details from a JAAS login configuration.
JaasAuthenticationProvider() - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
JaasAuthenticationSuccessEvent - Class in org.springframework.security.authentication.jaas.event
Fired by the JaasAuthenticationProvider after successfully logging the user into the LoginContext, handling all callbacks, and calling all AuthorityGranters.
JaasAuthenticationSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent
 
JaasAuthenticationToken - Class in org.springframework.security.authentication.jaas
UsernamePasswordAuthenticationToken extension to carry the Jaas LoginContext that the user was logged into
JaasAuthenticationToken(Object, Object, List<GrantedAuthority>, LoginContext) - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationToken
 
JaasAuthenticationToken(Object, Object, LoginContext) - Constructor for class org.springframework.security.authentication.jaas.JaasAuthenticationToken
 
JaasGrantedAuthority - Class in org.springframework.security.authentication.jaas
GrantedAuthority which, in addition to the assigned role, holds the principal that an AuthorityGranter used as a reason to grant this authority.
JaasGrantedAuthority(String, Principal) - Constructor for class org.springframework.security.authentication.jaas.JaasGrantedAuthority
 
JaasNameCallbackHandler - Class in org.springframework.security.authentication.jaas
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
JaasNameCallbackHandler() - Constructor for class org.springframework.security.authentication.jaas.JaasNameCallbackHandler
 
JaasPasswordCallbackHandler - Class in org.springframework.security.authentication.jaas
The most basic Callbacks to be handled when using a LoginContext from JAAS, are the NameCallback and PasswordCallback.
JaasPasswordCallbackHandler() - Constructor for class org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler
 
JDBC_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
 
JdbcAclService - Class in org.springframework.security.acls.jdbc
Simple JDBC-based implementation of AclService.
JdbcAclService(DataSource, LookupStrategy) - Constructor for class org.springframework.security.acls.jdbc.JdbcAclService
 
JdbcAclService(JdbcOperations, LookupStrategy) - Constructor for class org.springframework.security.acls.jdbc.JdbcAclService
 
jdbcAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Add JDBC authentication to the AuthenticationManagerBuilder and return a JdbcUserDetailsManagerConfigurer to allow customization of the JDBC authentication.
JdbcDaoImpl - Class in org.springframework.security.core.userdetails.jdbc
UserDetailsService implementation which retrieves the user details (username, password, enabled flag, and authorities) from a database using JDBC queries.
JdbcDaoImpl() - Constructor for class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
JdbcMutableAclService - Class in org.springframework.security.acls.jdbc
Provides a base JDBC implementation of MutableAclService.
JdbcMutableAclService(DataSource, LookupStrategy, AclCache) - Constructor for class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
JdbcOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
A JDBC implementation of an OAuth2AuthorizedClientService that uses a JdbcOperations for OAuth2AuthorizedClient persistence.
JdbcOAuth2AuthorizedClientService(JdbcOperations, ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
Constructs a JdbcOAuth2AuthorizedClientService using the provided parameters.
JdbcOAuth2AuthorizedClientService(JdbcOperations, ClientRegistrationRepository, LobHandler) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
Constructs a JdbcOAuth2AuthorizedClientService using the provided parameters.
JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder - Class in org.springframework.security.oauth2.client
A holder for an OAuth2AuthorizedClient and End-User Authentication (Resource Owner).
JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper - Class in org.springframework.security.oauth2.client
The default Function that maps JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a List of SqlParameterValue.
JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper - Class in org.springframework.security.oauth2.client
The default RowMapper that maps the current row in java.sql.ResultSet to OAuth2AuthorizedClient.
jdbcOperations - Variable in class org.springframework.security.acls.jdbc.JdbcAclService
 
jdbcOperations - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
JdbcTokenRepositoryImpl - Class in org.springframework.security.web.authentication.rememberme
JDBC based persistent login token repository implementation.
JdbcTokenRepositoryImpl() - Constructor for class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
 
JdbcUserDetailsManager - Class in org.springframework.security.provisioning
Jdbc user management service, based on the same table structure as its parent class, JdbcDaoImpl.
JdbcUserDetailsManager() - Constructor for class org.springframework.security.provisioning.JdbcUserDetailsManager
 
JdbcUserDetailsManager(DataSource) - Constructor for class org.springframework.security.provisioning.JdbcUserDetailsManager
 
JdbcUserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
Configures an AuthenticationManagerBuilder to have JDBC authentication.
JdbcUserDetailsManagerConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
 
JdbcUserDetailsManagerConfigurer(JdbcUserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
 
JdbcUserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
 
JdbcUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.JdbcUserServiceBeanDefinitionParser
 
jee() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.jee(Customizer) or jee(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
jee(Customizer<JeeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures container based pre authentication.
JEE - Static variable in class org.springframework.security.config.Elements
 
JeeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds support for J2EE pre authentication.
JeeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
Creates a new instance
JKU - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
jku - the JWK Set URL header is a URI that refers to a resource for a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign a JWS or encrypt a JWE
JoseHeaderNames - Class in org.springframework.security.oauth2.jwt
The Registered Header Parameter Names defined by the JSON Web Token (JWT), JSON Web Signature (JWS) and JSON Web Encryption (JWE) specifications that may be contained in the JOSE Header of a JWT.
JspAuthorizeTag - Class in org.springframework.security.taglibs.authz
A JSP Tag implementation of AbstractAuthorizeTag.
JspAuthorizeTag() - Constructor for class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
jsr250() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the JSR-250 annotations
jsr250(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the JSR-250 annotations
jsr250(Jsr250AuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the JSR-250 annotations
JSR250 - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
Jsr250AuthorizationManager - Class in org.springframework.security.authorization.method
An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the JSR-250 security annotations.
Jsr250AuthorizationManager() - Constructor for class org.springframework.security.authorization.method.Jsr250AuthorizationManager
 
Jsr250AuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
 
jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
Deprecated.
Determines if JSR-250 annotations should be enabled.
jsr250Enabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
Determines if JSR-250 annotations should be enabled.
Jsr250MethodSecurityMetadataSource - Class in org.springframework.security.access.annotation
Deprecated.
Jsr250MethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
Deprecated.
 
Jsr250SecurityConfig - Class in org.springframework.security.access.annotation
Jsr250SecurityConfig(String) - Constructor for class org.springframework.security.access.annotation.Jsr250SecurityConfig
Deprecated.
 
Jsr250Voter - Class in org.springframework.security.access.annotation
Deprecated.
Jsr250Voter() - Constructor for class org.springframework.security.access.annotation.Jsr250Voter
Deprecated.
 
jti(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this id to identify the resulting OidcLogoutToken
jti(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this identifier in the resulting Jwt
JTI - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
jti - the JTI identifier
JTI - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
jti - The identifier for the token
JTI - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
jti - The JWT ID claim provides a unique identifier for the JWT
JwaAlgorithm - Interface in org.springframework.security.oauth2.jose
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents and JSON Web Encryption (JWE) to encrypt the contents.
jwk(Map<String, Object>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the JSON Web Key which is the public key that corresponds to the key used to digitally sign the JWS or encrypt the JWE.
JWK - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
jwk - the JSON Web Key header is the public key that corresponds to the key used to digitally sign a JWS or encrypt a JWE
jwkSetUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
 
jwkSetUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Configures a ReactiveJwtDecoder using JSON Web Key (JWK) URL
jwkSetUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the uri for the JSON Web Key (JWK) Set endpoint.
jwkSetUrl(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the JWK Set URL that refers to the resource of a set of JSON-encoded public keys, one of which corresponds to the key used to digitally sign the JWS or encrypt the JWE.
jwsAlgorithm(JwsAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
Use the given signing algorithm.
jwsAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Append the given signing algorithm to the set of algorithms to use.
jwsAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
Append the given signing algorithm to the set of algorithms to use.
JwsAlgorithm - Interface in org.springframework.security.oauth2.jose.jws
Super interface for cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
jwsAlgorithms(Consumer<Set<SignatureAlgorithm>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Configure the list of algorithms to use with the given Consumer.
jwsAlgorithms(Consumer<Set<SignatureAlgorithm>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
Configure the list of algorithms to use with the given Consumer.
JwsAlgorithms - Class in org.springframework.security.oauth2.jose.jws
The cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
JwsHeader - Class in org.springframework.security.oauth2.jwt
The JSON Web Signature (JWS) header is a JSON object representing the header parameters of a JSON Web Token, that describe the cryptographic operations used to digitally sign or create a MAC of the contents of the JWS Protected Header and JWS Payload.
JwsHeader.Builder - Class in org.springframework.security.oauth2.jwt
A builder for JwsHeader.
jwt() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
jwt() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
jwt() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
jwt(Consumer<Jwt.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Use the given Jwt.Builder Consumer to configure the underlying Jwt This method first creates a default Jwt.Builder instance with default values for the alg, sub, and scope claims.
jwt(Consumer<Jwt.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Use the given Jwt.Builder Consumer to configure the underlying Jwt This method first creates a default Jwt.Builder instance with default values for the alg, sub, and scope claims.
jwt(Customizer<RSocketSecurity.JwtSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
jwt(Customizer<OAuth2ResourceServerConfigurer.JwtConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
Enables Jwt-encoded bearer token support.
jwt(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Enables JWT Resource Server support.
jwt(Jwt) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.JwtMutator
Use the given Jwt
jwt(Jwt) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
Use the given Jwt
Jwt - Class in org.springframework.security.oauth2.jwt
An implementation of an AbstractOAuth2Token representing a JSON Web Token (JWT).
Jwt(String, Instant, Instant, Map<String, Object>, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.jwt.Jwt
Constructs a Jwt using the provided parameters.
JWT - Static variable in class org.springframework.security.config.Elements
 
JWT_AUTHENTICATION - Enum constant in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
Where JWT based authentication is performed.
JWT_BEARER - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
Jwt.Builder - Class in org.springframework.security.oauth2.jwt
Helps configure a Jwt
jwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer
 
jwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Configures the Converter to use for converting a Jwt into an AbstractAuthenticationToken.
JwtAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication
 
JwtAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
 
JwtAuthenticationProvider - Class in org.springframework.security.oauth2.server.resource.authentication
An AuthenticationProvider implementation of the Jwt-encoded Bearer Tokens for protecting OAuth 2.0 Resource Servers.
JwtAuthenticationProvider(JwtDecoder) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
 
JwtAuthenticationToken - Class in org.springframework.security.oauth2.server.resource.authentication
An implementation of an AbstractOAuth2TokenAuthenticationToken representing a Jwt Authentication.
JwtAuthenticationToken(Jwt) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
Constructs a JwtAuthenticationToken using the provided parameters.
JwtAuthenticationToken(Jwt, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
Constructs a JwtAuthenticationToken using the provided parameters.
JwtAuthenticationToken(Jwt, Collection<? extends GrantedAuthority>, String) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
Constructs a JwtAuthenticationToken using the provided parameters.
JwtBearerGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
A JWT Bearer Grant request that holds a Jwt assertion.
JwtBearerGrantRequest(ClientRegistration, Jwt) - Constructor for class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest
Constructs a JwtBearerGrantRequest using the provided parameters.
JwtBearerGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter that converts the provided JwtBearerGrantRequest to a RequestEntity representation of an OAuth 2.0 Access Token Request for the JWT Bearer Grant.
JwtBearerGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequestEntityConverter
 
JwtBearerOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the jwt-bearer grant.
JwtBearerOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
 
JwtBearerReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an ReactiveOAuth2AuthorizedClientProvider for the jwt-bearer grant.
JwtBearerReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
 
JwtBearerTokenAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication
A Converter that takes a Jwt and converts it into a BearerTokenAuthentication.
JwtBearerTokenAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter
 
JwtClaimAccessor - Interface in org.springframework.security.oauth2.jwt
A ClaimAccessor for the "claims" that may be contained in the JSON object JWT Claims Set of a JSON Web Token (JWT).
JwtClaimNames - Class in org.springframework.security.oauth2.jwt
The Registered Claim Names defined by the JSON Web Token (JWT) specification that may be contained in the JSON object JWT Claims Set.
JwtClaimsSet - Class in org.springframework.security.oauth2.jwt
The JWT Claims Set is a JSON object representing the claims conveyed by a JSON Web Token.
JwtClaimsSet.Builder - Class in org.springframework.security.oauth2.jwt
A builder for JwtClaimsSet.
JwtClaimValidator<T> - Class in org.springframework.security.oauth2.jwt
Validates a claim in a Jwt against a provided Predicate
JwtClaimValidator(String, Predicate<T>) - Constructor for class org.springframework.security.oauth2.jwt.JwtClaimValidator
Constructs a JwtClaimValidator using the provided parameters
jwtDecoder(ReactiveJwtDecoder) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Configures the ReactiveJwtDecoder to use
JwtDecoder - Interface in org.springframework.security.oauth2.jwt
Implementations of this interface are responsible for "decoding" a JSON Web Token (JWT) from its compact claims representation format to a Jwt.
JwtDecoderFactory<C> - Interface in org.springframework.security.oauth2.jwt
A factory for JwtDecoder(s).
JwtDecoderInitializationException - Exception in org.springframework.security.oauth2.jwt
An exception thrown when a JwtDecoder or ReactiveJwtDecoder's lazy initialization fails.
JwtDecoderInitializationException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtDecoderInitializationException
 
JwtDecoders - Class in org.springframework.security.oauth2.jwt
Allows creating a JwtDecoder from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked.
JwtEncoder - Interface in org.springframework.security.oauth2.jwt
Implementations of this interface are responsible for encoding a JSON Web Token (JWT) to it's compact claims representation format.
JwtEncoderParameters - Class in org.springframework.security.oauth2.jwt
A holder of parameters containing the JWS headers and JWT Claims Set.
JwtEncodingException - Exception in org.springframework.security.oauth2.jwt
This exception is thrown when an error occurs while attempting to encode a JSON Web Token (JWT).
JwtEncodingException(String) - Constructor for exception org.springframework.security.oauth2.jwt.JwtEncodingException
Constructs a JwtEncodingException using the provided parameters.
JwtEncodingException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtEncodingException
Constructs a JwtEncodingException using the provided parameters.
JwtException - Exception in org.springframework.security.oauth2.jwt
Base exception for all JSON Web Token (JWT) related errors.
JwtException(String) - Constructor for exception org.springframework.security.oauth2.jwt.JwtException
Constructs a JwtException using the provided parameters.
JwtException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.jwt.JwtException
Constructs a JwtException using the provided parameters.
JwtGrantedAuthoritiesConverter - Class in org.springframework.security.oauth2.server.resource.authentication
Extracts the GrantedAuthoritys from scope attributes typically found in a Jwt.
JwtGrantedAuthoritiesConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
 
JwtIssuerAuthenticationManagerResolver - Class in org.springframework.security.oauth2.server.resource.authentication
An implementation of AuthenticationManagerResolver that resolves a JWT-based AuthenticationManager based on the Issuer in a signed JWT (JWS).
JwtIssuerAuthenticationManagerResolver(String...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Deprecated, for removal: This API element is subject to removal in a future version.
JwtIssuerAuthenticationManagerResolver(Collection<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Deprecated, for removal: This API element is subject to removal in a future version.
JwtIssuerAuthenticationManagerResolver(AuthenticationManagerResolver<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Construct a JwtIssuerAuthenticationManagerResolver using the provided parameters Note that the AuthenticationManagerResolver provided in this constructor will need to verify that the issuer is trusted.
JwtIssuerReactiveAuthenticationManagerResolver - Class in org.springframework.security.oauth2.server.resource.authentication
An implementation of ReactiveAuthenticationManagerResolver that resolves a JWT-based ReactiveAuthenticationManager based on the Issuer in a signed JWT (JWS).
JwtIssuerReactiveAuthenticationManagerResolver(String...) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Deprecated, for removal: This API element is subject to removal in a future version.
JwtIssuerReactiveAuthenticationManagerResolver(Collection<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Deprecated, for removal: This API element is subject to removal in a future version.
JwtIssuerReactiveAuthenticationManagerResolver(ReactiveAuthenticationManagerResolver<String>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Construct a JwtIssuerReactiveAuthenticationManagerResolver using the provided parameters Note that the ReactiveAuthenticationManagerResolver provided in this constructor will need to verify that the issuer is trusted.
JwtIssuerValidator - Class in org.springframework.security.oauth2.jwt
Validates the "iss" claim in a Jwt, that is matches a configured value
JwtIssuerValidator(String) - Constructor for class org.springframework.security.oauth2.jwt.JwtIssuerValidator
Constructs a JwtIssuerValidator using the provided parameters
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<JWKSecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusJwtDecoder.
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
jwtProcessorCustomizer(Consumer<ConfigurableJWTProcessor<SecurityContext>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
Use the given Consumer to customize the ConfigurableJWTProcessor before passing it to the build NimbusReactiveJwtDecoder.
JwtReactiveAuthenticationManager - Class in org.springframework.security.oauth2.server.resource.authentication
JwtReactiveAuthenticationManager(ReactiveJwtDecoder) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
 
JwtSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
 
JwtTimestampValidator - Class in org.springframework.security.oauth2.jwt
An implementation of OAuth2TokenValidator for verifying claims in a Jwt-based access token
JwtTimestampValidator() - Constructor for class org.springframework.security.oauth2.jwt.JwtTimestampValidator
A basic instance with no custom verification and the default max clock skew
JwtTimestampValidator(Duration) - Constructor for class org.springframework.security.oauth2.jwt.JwtTimestampValidator
 
JwtValidationException - Exception in org.springframework.security.oauth2.jwt
An exception that results from an unsuccessful OAuth2TokenValidatorResult
JwtValidationException(String, Collection<OAuth2Error>) - Constructor for exception org.springframework.security.oauth2.jwt.JwtValidationException
Constructs a JwtValidationException using the provided parameters While each OAuth2Error does contain an error description, this constructor can take an overarching description that encapsulates the composition of failures That said, it is appropriate to pass one of the messages from the error list in as the exception description, for example:
JwtValidators - Class in org.springframework.security.oauth2.jwt
Provides factory methods for creating OAuth2TokenValidator<Jwt>

K

key(String) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the key to identify tokens created for anonymous authentication.
key(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Sets the key to identify tokens created for remember me authentication.
key(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the key to identify tokens created for anonymous authentication.
KeyBasedPersistenceTokenService - Class in org.springframework.security.core.token
Basic implementation of TokenService that is compatible with clusters and across machine restarts, without requiring database persistence.
KeyBasedPersistenceTokenService() - Constructor for class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
KeyGenerators - Class in org.springframework.security.crypto.keygen
Factory for commonly used key generators.
keyId(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the key ID that is a hint indicating which key was used to secure the JWS or JWE.
KeyStoreKeyFactory - Class in org.springframework.security.crypto.encrypt
 
KeyStoreKeyFactory(Resource, char[]) - Constructor for class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
 
KeyStoreKeyFactory(Resource, char[], String) - Constructor for class org.springframework.security.crypto.encrypt.KeyStoreKeyFactory
 
KID - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
kid - the key ID header is a hint indicating which key was used to secure a JWS or JWE

L

LAST - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
LAST - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
LazyCsrfTokenRepository - Class in org.springframework.security.web.csrf
LazyCsrfTokenRepository(CsrfTokenRepository) - Constructor for class org.springframework.security.web.csrf.LazyCsrfTokenRepository
Deprecated.
Creates a new instance
LDAP_AUTHORITIES_POPULATOR_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
LDAP_PASSWORD_COMPARE - Static variable in class org.springframework.security.config.Elements
 
LDAP_PROVIDER - Static variable in class org.springframework.security.config.Elements
 
LDAP_SEARCH_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
LDAP_SERVER - Static variable in class org.springframework.security.config.Elements
 
LDAP_USER_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
LDAP_USER_SERVICE - Static variable in class org.springframework.security.config.Elements
 
ldapAuthentication() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Add LDAP authentication to the AuthenticationManagerBuilder and return a LdapAuthenticationProviderConfigurer to allow customization of the LDAP authentication.
LdapAuthenticationProvider - Class in org.springframework.security.ldap.authentication
An AuthenticationProvider implementation that authenticates against an LDAP server.
LdapAuthenticationProvider(LdapAuthenticator) - Constructor for class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
Creates an instance with the supplied authenticator and a null authorities populator.
LdapAuthenticationProvider(LdapAuthenticator, LdapAuthoritiesPopulator) - Constructor for class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
Create an instance with the supplied authenticator and authorities populator implementations.
LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> - Class in org.springframework.security.config.annotation.authentication.configurers.ldap
LdapAuthenticationProviderConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
 
LdapAuthenticationProviderConfigurer.ContextSourceBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.ldap
Allows building a BaseLdapPathContextSource and optionally creating an embedded LDAP instance.
LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer - Class in org.springframework.security.config.annotation.authentication.configurers.ldap
Sets up Password based comparison
LdapAuthenticator - Interface in org.springframework.security.ldap.authentication
The strategy interface for locating and authenticating an Ldap user.
ldapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
LdapAuthoritiesPopulator - Interface in org.springframework.security.ldap.userdetails
Obtains a list of granted authorities for an Ldap user.
LdapAuthority - Class in org.springframework.security.ldap.userdetails
An authority that contains at least a DN and a role name for an LDAP entry but can also contain other desired attributes to be fetched during an LDAP authority search.
LdapAuthority(String, String) - Constructor for class org.springframework.security.ldap.userdetails.LdapAuthority
Constructs an LdapAuthority that has a role and a DN but no other attributes
LdapAuthority(String, String, Map<String, List<String>>) - Constructor for class org.springframework.security.ldap.userdetails.LdapAuthority
Constructs an LdapAuthority with the given role, DN and other LDAP attributes
LdapBindAuthenticationManagerFactory - Class in org.springframework.security.config.ldap
Creates an AuthenticationManager that can perform LDAP authentication using bind authentication.
LdapBindAuthenticationManagerFactory(BaseLdapPathContextSource) - Constructor for class org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
 
LdapJackson2Module - Class in org.springframework.security.ldap.jackson2
Jackson module for spring-security-ldap.
LdapJackson2Module() - Constructor for class org.springframework.security.ldap.jackson2.LdapJackson2Module
 
LdapPasswordComparisonAuthenticationManagerFactory - Class in org.springframework.security.config.ldap
Creates an AuthenticationManager that can perform LDAP authentication using password comparison.
LdapPasswordComparisonAuthenticationManagerFactory(BaseLdapPathContextSource, PasswordEncoder) - Constructor for class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
 
LdapProviderBeanDefinitionParser - Class in org.springframework.security.config.ldap
Ldap authentication provider namespace configuration.
LdapProviderBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
 
LdapServerBeanDefinitionParser - Class in org.springframework.security.config.ldap
 
LdapServerBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
 
LdapShaPasswordEncoder - Class in org.springframework.security.crypto.password
Deprecated.
Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
LdapShaPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.LdapShaPasswordEncoder
Deprecated.
 
LdapShaPasswordEncoder(BytesKeyGenerator) - Constructor for class org.springframework.security.crypto.password.LdapShaPasswordEncoder
Deprecated.
 
LdapUserDetails - Interface in org.springframework.security.ldap.userdetails
Captures the information for a user's LDAP entry.
LdapUserDetailsImpl - Class in org.springframework.security.ldap.userdetails
A UserDetails implementation which is used internally by the Ldap services.
LdapUserDetailsImpl() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
LdapUserDetailsImpl.Essence - Class in org.springframework.security.ldap.userdetails
Variation of essence pattern.
LdapUserDetailsManager - Class in org.springframework.security.ldap.userdetails
An Ldap implementation of UserDetailsManager.
LdapUserDetailsManager(ContextSource) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
LdapUserDetailsMapper - Class in org.springframework.security.ldap.userdetails
The context mapper used by the LDAP authentication provider to create an LDAP user object.
LdapUserDetailsMapper() - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
 
LdapUserDetailsService - Class in org.springframework.security.ldap.userdetails
LDAP implementation of UserDetailsService based around an LdapUserSearch and an LdapAuthoritiesPopulator.
LdapUserDetailsService(LdapUserSearch) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsService
 
LdapUserDetailsService(LdapUserSearch, LdapAuthoritiesPopulator) - Constructor for class org.springframework.security.ldap.userdetails.LdapUserDetailsService
 
LdapUsernameToDnMapper - Interface in org.springframework.security.ldap
Constructs an Ldap Distinguished Name from a username.
LdapUserSearch - Interface in org.springframework.security.ldap.search
Obtains a user's information from the LDAP directory given a login name.
LdapUserServiceBeanDefinitionParser - Class in org.springframework.security.config.ldap
 
LdapUserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
LdapUtils - Class in org.springframework.security.ldap
LDAP Utility methods.
ldif(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Specifies an ldif to load at startup for an embedded LDAP server.
ListeningSecurityContextHolderStrategy - Class in org.springframework.security.core.context
An API for notifying when the SecurityContext changes.
ListeningSecurityContextHolderStrategy(Collection<SecurityContextChangedListener>) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Construct a ListeningSecurityContextHolderStrategy based on ThreadLocalSecurityContextHolderStrategy
ListeningSecurityContextHolderStrategy(SecurityContextChangedListener...) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Construct a ListeningSecurityContextHolderStrategy based on ThreadLocalSecurityContextHolderStrategy
ListeningSecurityContextHolderStrategy(SecurityContextHolderStrategy, Collection<SecurityContextChangedListener>) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
ListeningSecurityContextHolderStrategy(SecurityContextHolderStrategy, SecurityContextChangedListener...) - Constructor for class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
load(MvcResult) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
 
load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
 
load(ServerWebExchange) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository
Loads the SecurityContext associated with the ServerWebExchange
load(ServerWebExchange) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
 
loadAuthenticationRequest(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
 
loadAuthenticationRequest(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository
Loads the AbstractSaml2AuthenticationRequest from the request
loadAuthorizationRequest(HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
Returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest or null if not available.
loadAuthorizationRequest(HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
 
loadAuthorizationRequest(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository
Returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest or null if not available.
loadAuthorizationRequest(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
 
loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
 
loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
 
loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
loadAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name or null if not available.
loadAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
loadAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name or null if not available.
loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
 
loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
 
loadAuthorizedClient(String, Authentication, HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner) or null if not available.
loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 
loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository
Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner) or null if not available.
loadAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
 
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
 
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
Gets the security context for the current request (if available) and returns it.
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
 
loadContext(HttpRequestResponseHolder) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
 
loadContext(HttpRequestResponseHolder) - Method in interface org.springframework.security.web.context.SecurityContextRepository
loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
 
loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
loadDeferredContext(HttpServletRequest) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
 
loadDeferredContext(HttpServletRequest) - Method in interface org.springframework.security.web.context.SecurityContextRepository
Defers loading the SecurityContext using the HttpServletRequest until it is needed by the application.
loadDeferredToken(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
Defers loading the CsrfToken using the HttpServletRequest and HttpServletResponse until it is needed by the application.
loadGroupAuthorities(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Loads authorities by executing the SQL from groupAuthoritiesByUsernameQuery.
loadLogoutRequest(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
Returns the Saml2LogoutRequest associated to the provided HttpServletRequest or null if not available.
loadLogoutRequest(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
Returns the Saml2LogoutRequest associated to the provided HttpServletRequest or null if not available.
loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
 
loadToken(HttpServletRequest) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
Loads the expected CsrfToken from the HttpServletRequest
loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
 
loadToken(HttpServletRequest) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
Deprecated.
Delegates to the injected CsrfTokenRepository
loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
 
loadToken(ServerWebExchange) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
Loads the expected CsrfToken from the ServerWebExchange
loadToken(ServerWebExchange) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
 
loadUser(OidcUserRequest) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
 
loadUser(OidcUserRequest) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
 
loadUser(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
 
loadUser(OAuth2UserRequest) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
 
loadUser(R) - Method in class org.springframework.security.oauth2.client.userinfo.DelegatingOAuth2UserService
 
loadUser(R) - Method in interface org.springframework.security.oauth2.client.userinfo.OAuth2UserService
Returns an OAuth2User after obtaining the user attributes of the End-User from the UserInfo Endpoint.
loadUser(R) - Method in interface org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService
Returns an OAuth2User after obtaining the user attributes of the End-User from the UserInfo Endpoint.
loadUserAuthorities(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Loads authorities by executing the SQL from authoritiesByUsernameQuery.
loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
Creates the user authority list from the values of the memberOf attribute obtained from the user's Active Directory entry.
loadUserAuthorities(DirContextOperations, String, String) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
 
loadUserByAssertion(Assertion) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
Template method for retrieving the UserDetails based on the assertion.
loadUserByUsername(String) - Method in class org.springframework.security.authentication.CachingUserDetailsService
 
loadUserByUsername(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
loadUserByUsername(String) - Method in interface org.springframework.security.core.userdetails.UserDetailsService
Locates the user based on the username.
loadUserByUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
loadUserByUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsService
 
loadUserByUsername(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
loadUserDetails(Assertion) - Method in class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
Protected template method for construct a UserDetails via the supplied CAS assertion.
loadUserDetails(Assertion) - Method in class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService
 
loadUserDetails(CasAssertionAuthenticationToken) - Method in class org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService
 
loadUserDetails(PreAuthenticatedAuthenticationToken) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
Get a UserDetails object based on the user name contained in the given token, and the GrantedAuthorities as returned by the GrantedAuthoritiesContainer implementation as returned by the token.getDetails() method.
loadUserDetails(T) - Method in interface org.springframework.security.core.userdetails.AuthenticationUserDetailsService
 
loadUserDetails(T) - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
Get the UserDetails object from the wrapped UserDetailsService implementation
loadUsersByUsername(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.
loadUsersByUsername(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
Executes the SQL usersByUsernameQuery and returns a list of UserDetails objects.
lobHandler - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
lobHandler - Variable in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
locale(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this locale in the resulting OidcUserInfo
LOCALE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
locale - the user's locale
locality(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the city or locality.
location(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
Use this location for the SAML 2.0 logout endpoint By default, the asserting party's endpoint is used
location(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
Use this location for the SAML 2.0 logout endpoint By default, the asserting party's endpoint is used
LockedException - Exception in org.springframework.security.authentication
Thrown if an authentication request is rejected because the account is locked.
LockedException(String) - Constructor for exception org.springframework.security.authentication.LockedException
Constructs a LockedException with the specified message.
LockedException(String, Throwable) - Constructor for exception org.springframework.security.authentication.LockedException
Constructs a LockedException with the specified message and root cause.
log - Static variable in class org.springframework.security.acls.jdbc.JdbcAclService
 
log - Variable in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
log - Static variable in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
 
log - Variable in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
Deprecated.
Logger for use by subclasses
logger - Variable in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
logger - Variable in class org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice
Deprecated.
 
logger - Variable in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
logger - Static variable in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
logger - Static variable in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
Deprecated.
 
logger - Variable in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
Deprecated.
 
logger - Variable in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
Deprecated.
 
logger - Variable in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
Deprecated.
 
logger - Variable in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
logger - Static variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationCollectionFilteringProvider
 
logger - Static variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
logger - Variable in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
logger - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
logger - Variable in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
 
logger - Variable in class org.springframework.security.core.session.SessionRegistryImpl
 
logger - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
logger - Variable in class org.springframework.security.ldap.DefaultSpringSecurityContextSource
 
logger - Variable in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
 
logger - Variable in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
logger - Variable in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
logger - Static variable in class org.springframework.security.taglibs.authz.AccessControlListTag
 
logger - Static variable in class org.springframework.security.web.access.AccessDeniedHandlerImpl
 
logger - Variable in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
logger - Static variable in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
Deprecated.
 
logger - Variable in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
 
logger - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
 
logger - Variable in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
 
logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 
logger - Variable in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
 
logger - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
 
logger - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
logger - Variable in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
 
logger - Variable in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
 
logger - Variable in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
logger - Variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
logger - Variable in class org.springframework.security.web.DefaultRedirectStrategy
 
logger - Variable in class org.springframework.security.web.savedrequest.CookieRequestCache
 
logger - Static variable in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
logger - Variable in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
 
logger - Variable in class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
 
LOGGER - Variable in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
Deprecated.
LoggerListener - Class in org.springframework.security.access.event
Deprecated.
Logging is now embedded in Spring Security components. If you need further logging, please consider using your own ApplicationListener
LoggerListener - Class in org.springframework.security.authentication.event
Outputs authentication-related application events to Commons Logging.
LoggerListener() - Constructor for class org.springframework.security.access.event.LoggerListener
Deprecated.
 
LoggerListener() - Constructor for class org.springframework.security.authentication.event.LoggerListener
 
logIfNeeded(boolean, AccessControlEntry) - Method in interface org.springframework.security.acls.domain.AuditLogger
 
logIfNeeded(boolean, AccessControlEntry) - Method in class org.springframework.security.acls.domain.ConsoleAuditLogger
 
login() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Authenticate the Subject (phase one) by extracting the Spring Security Authentication from the current SecurityContext.
LOGIN_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
LoginExceptionResolver - Interface in org.springframework.security.authentication.jaas
The JaasAuthenticationProvider takes an instance of LoginExceptionResolver to resolve LoginModule specific exceptions to Spring Security AuthenticationExceptions.
loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
 
loginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
loginFail(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.RememberMeServices
Called whenever an interactive authentication attempt was made, but the credentials supplied by the user were missing or otherwise invalid.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
Specifies the URL to send users to if login is required.
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
loginPage(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
 
loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Configures the log in page to redirect to, the authentication failure page, and when authentication is performed.
loginPage(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Specifies the URL to send users to if login is required.
LoginPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
Generates a default log in page used for authenticating users.
LoginPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
 
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies the URL to validate the credentials.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Specifies the URL to process the login request, defaults to /login/ott.
loginProcessingUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Specifies the URL to validate the credentials.
loginProcessingUrl(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
Specifies the URL to POST to.
loginProcessingUrl(String, Object...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
Specifies the URL to POST to.
loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.NullRememberMeServices
 
loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Called whenever an interactive authentication attempt is successful.
loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.RememberMeServices
Called whenever an interactive authentication attempt is successful.
LoginUrlAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
Used by the ExceptionTranslationFilter to commence a form login authentication via the UsernamePasswordAuthenticationFilter.
LoginUrlAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
logout() - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
Log out the Subject.
logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
logout() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
logout() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
Creates a logout request.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
 
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CompositeLogoutHandler
 
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
 
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler
 
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutHandler
Causes a logout to be completed.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
 
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
Requires the request to be passed in.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Implementation of LogoutHandler.
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
logout(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.csrf.CsrfLogoutHandler
Clears the CsrfToken
logout(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
Creates a logout request (including any necessary CsrfToken) to the specified logoutUrl
logout(Customizer<LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Provides logout support.
logout(Customizer<ServerHttpSecurity.LogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures log out.
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
 
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler
 
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HeaderWriterServerLogoutHandler
 
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
 
logout(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutHandler
Invoked when log out is requested
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler
 
logout(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.csrf.CsrfServerLogoutHandler
Clears the CsrfToken
LOGOUT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
LOGOUT - Static variable in class org.springframework.security.config.Elements
 
LOGOUT_PAGE_GENERATING - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds logout support.
LogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Creates a new instance
LogoutFilter - Class in org.springframework.security.web.authentication.logout
Logs a principal out.
LogoutFilter(String, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
 
LogoutFilter(LogoutSuccessHandler, LogoutHandler...) - Constructor for class org.springframework.security.web.authentication.logout.LogoutFilter
Constructor which takes a LogoutSuccessHandler instance to determine the target destination after logging out.
logoutHandler(LogoutHandler) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
Configure what and how per-session logout will be performed.
logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
Configures the logout handler.
logoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
Configure what and how per-session logout will be performed.
LogoutHandler - Interface in org.springframework.security.web.authentication.logout
Indicates a class that is able to participate in logout handling.
LogoutPageGeneratingWebFilter - Class in org.springframework.security.web.server.ui
Generates a default log out page.
LogoutPageGeneratingWebFilter() - Constructor for class org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter
 
logoutRequest() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
logoutRequest(Customizer<Saml2LogoutConfigurer.LogoutRequestConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Configures SAML 2.0 Logout Request components
logoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
The RequestMatcher that triggers log out to occur.
logoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
Use this Saml2LogoutRequestRepository for storing logout requests
logoutRequestResolver(Saml2LogoutRequestResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
Use this Saml2LogoutRequestResolver for producing a logout request to send to the asserting party
logoutRequestValidator(Saml2LogoutRequestValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
Use this LogoutHandler for processing a logout request from the asserting party
logoutResponse() - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
logoutResponse(Customizer<Saml2LogoutConfigurer.LogoutResponseConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Configures SAML 2.0 Logout Response components
logoutResponseResolver(Saml2LogoutResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
Use this Saml2LogoutRequestResolver for producing a logout response to send to the asserting party
logoutResponseValidator(Saml2LogoutResponseValidator) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
Use this LogoutHandler for processing a logout response from the asserting party
LogoutSuccessEvent - Class in org.springframework.security.authentication.event
Application event which indicates successful logout
LogoutSuccessEvent(Authentication) - Constructor for class org.springframework.security.authentication.event.LogoutSuccessEvent
 
LogoutSuccessEventPublishingLogoutHandler - Class in org.springframework.security.web.authentication.logout
A logout handler which publishes LogoutSuccessEvent
LogoutSuccessEventPublishingLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
 
logoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
Sets the LogoutSuccessHandler to use.
logoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
 
LogoutSuccessHandler - Interface in org.springframework.security.web.authentication.logout
Strategy that is called after a successful logout by the LogoutFilter, to handle redirection or forwarding to the appropriate destination.
logoutSuccessUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
The URL to redirect to after logout has occurred.
LogoutTokenClaimAccessor - Interface in org.springframework.security.oauth2.client.oidc.authentication.logout
A ClaimAccessor for the "claims" that can be returned in OIDC Logout Tokens
LogoutTokenClaimNames - Class in org.springframework.security.oauth2.client.oidc.authentication.logout
The names of the "claims" defined by the OpenID Back-Channel Logout 1.0 specification that can be returned in a Logout Token.
logoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.BackChannelLogoutConfigurer
Use this endpoint when invoking a back-channel logout.
logoutUri(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer
Use this endpoint when invoking a back-channel logout.
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
The URL that triggers log out to occur (default is "/logout").
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer
The URL by which the asserting party can send a SAML 2.0 Logout Request
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer
The URL by which the asserting party can send a SAML 2.0 Logout Response
logoutUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
The URL by which the relying or asserting party can trigger logout.
logoutUrl(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
Configures what URL a POST to will trigger a log out.
logoutUrl(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
Specifies the logout URL to POST to.
logoutUrl(String, Object...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
Specifies the logout URL to POST to.
LogoutWebFilter - Class in org.springframework.security.web.server.authentication.logout
If the request matches, logs an authenticated user out by delegating to a ServerLogoutHandler.
LogoutWebFilter() - Constructor for class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
 
lookupHttpPort(Integer) - Method in interface org.springframework.security.web.PortMapper
Locates the HTTP port associated with the specified HTTPS port.
lookupHttpPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
 
lookupHttpsPort(Integer) - Method in interface org.springframework.security.web.PortMapper
Locates the HTTPS port associated with the specified HTTP port.
lookupHttpsPort(Integer) - Method in class org.springframework.security.web.PortMapperImpl
 
LookupStrategy - Interface in org.springframework.security.acls.jdbc
Performs lookups for AclService.

M

macAlgorithm(MacAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.SecretKeyJwtDecoderBuilder
Use the given algorithm when generating the MAC.
macAlgorithm(MacAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder
Use the given algorithm when generating the MAC.
MacAlgorithm - Enum Class in org.springframework.security.oauth2.jose.jws
An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to create a MAC of the contents of the JWS Protected Header and JWS Payload.
makeTokenSignature(long, String, String) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
Calculates the digital signature to be put in the cookie.
makeTokenSignature(long, String, String, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
Calculates the digital signature to be put in the cookie.
MALFORMED_REQUEST_DATA - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The serialized AuthNRequest could not be deserialized correctly.
MALFORMED_RESPONSE_DATA - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The response data is malformed or incomplete.
managerDn(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Username (DN) of the "manager" user identity (i.e.
managerPassword(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
The password for the manager DN.
mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
 
mapAuthorities(Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
 
mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.authority.mapping.NullAuthoritiesMapper
 
mapAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
Creates a mapping of the supplied authorities based on the case-conversion and prefix settings.
MapBasedAttributes2GrantedAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping
This class implements the Attributes2GrantedAuthoritiesMapper and MappableAttributesRetriever interfaces based on the supplied Map.
MapBasedAttributes2GrantedAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
MapBasedMethodSecurityMetadataSource - Class in org.springframework.security.access.method
Deprecated.
Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
MapBasedMethodSecurityMetadataSource() - Constructor for class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
 
MapBasedMethodSecurityMetadataSource(Map<String, List<ConfigAttribute>>) - Constructor for class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Creates the MapBasedMethodSecurityMetadataSource from a
MappableAttributesRetriever - Interface in org.springframework.security.core.authority.mapping
Interface to be implemented by classes that can retrieve a list of mappable security attribute strings (for example the list of all available J2EE roles in a web or EJB application).
mappableAuthorities(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
Specifies roles to use map from the HttpServletRequest to the UserDetails.
mappableAuthorities(Set<String>) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
Specifies roles to use map from the HttpServletRequest to the UserDetails.
mappableRoles(String...) - Method in class org.springframework.security.config.annotation.web.configurers.JeeConfigurer
Specifies roles to use map from the HttpServletRequest to the UserDetails and automatically prefixes it with "ROLE_".
mapPassword(Object) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
Extension point to allow customized creation of the user's password from the attribute stored in the directory.
MappedJwtClaimSetConverter - Class in org.springframework.security.oauth2.jwt
Converts a JWT claim set, claim by claim.
MappedJwtClaimSetConverter(Map<String, Converter<Object, ?>>) - Constructor for class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
Constructs a MappedJwtClaimSetConverter with the provided arguments This will completely replace any set of default converters.
mappings(Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>>) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
Allows to configure the RequestMatcher to AuthorizationManager mappings.
MapReactiveUserDetailsService - Class in org.springframework.security.core.userdetails
A Map based implementation of ReactiveUserDetailsService
MapReactiveUserDetailsService(Collection<UserDetails>) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
Creates a new instance
MapReactiveUserDetailsService(Map<String, UserDetails>) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
Creates a new instance using a Map that must be non blocking.
MapReactiveUserDetailsService(UserDetails...) - Constructor for class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
Creates a new instance
mapRow(ResultSet, int) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
mapsTo(int) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer.HttpPortMapping
Maps the given HTTP port to the provided HTTPS port and vice versa.
mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper
 
mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
 
mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.PersonContextMapper
 
mapUserFromContext(DirContextOperations, String, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper
Creates a fully populated UserDetails object for use by the security framework.
mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper
 
mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
 
mapUserToContext(UserDetails, DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.PersonContextMapper
 
mapUserToContext(UserDetails, DirContextAdapter) - Method in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper
Reverse of the above operation.
mask - Variable in class org.springframework.security.acls.domain.AbstractPermission
 
match() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
Creates an instance of PayloadExchangeMatcher.MatchResult that is a match with no variables
match() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
Creates an instance of ServerWebExchangeMatcher.MatchResult that is a match with no variables
match() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
Creates an instance of RequestMatcher.MatchResult that is a match with no variables
match(Map<String, ? extends Object>) - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
Creates an instance of PayloadExchangeMatcher.MatchResult that is a match with the specified variables
match(Map<String, Object>) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
Creates an instance of ServerWebExchangeMatcher.MatchResult that is a match with the specified variables
match(Map<String, String>) - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
Creates an instance of RequestMatcher.MatchResult that is a match with the specified variables
match(MvcResult) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
 
matcher(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
Returns a RequestMatcher.MatchResult for this HttpServletRequest.
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
 
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
Returns a RequestMatcher.MatchResult for this HttpServletRequest.
matcher(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ParameterRequestMatcher
 
matcher(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher
Returns a MatchResult for this RequestMatcher The default implementation returns Collections.emptyMap() when RequestMatcher.MatchResult.getVariables() is invoked.
matcher(PayloadExchangeMatcher) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
matchers - Variable in class org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer
 
matchers(MessageMatcher<?>...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps a List of MessageMatcher instances to a security expression.
matchers(MessageMatcher<?>...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps a List of MessageMatcher instances to a security expression.
matchers(ServerWebExchangeMatcher...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
Associates a list of ServerWebExchangeMatcher instances
matchers(ServerWebExchangeMatcher...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Creates a matcher that will match on any of the provided matchers
MatcherSecurityWebFilterChain - Class in org.springframework.security.web.server
A SecurityWebFilterChain that leverages a ServerWebExchangeMatcher to determine which WebFilter to execute.
MatcherSecurityWebFilterChain(ServerWebExchangeMatcher, List<WebFilter>) - Constructor for class org.springframework.security.web.server.MatcherSecurityWebFilterChain
 
MatcherType - Enum Class in org.springframework.security.config.http
Defines the RequestMatcher types supported by the namespace.
matches(byte[], byte[]) - Static method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
Constant time comparison to prevent against timing attacks.
matches(HttpServletRequest) - Method in class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.DefaultSecurityFilterChain
 
matches(HttpServletRequest) - Method in interface org.springframework.security.web.SecurityFilterChain
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
Returns true if the configured pattern (and HTTP-Method) match those of the supplied request.
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
Performs the match against the request's method and dispatcher type.
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.ParameterRequestMatcher
 
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
Performs the match of the request URL (servletPath + pathInfo + queryString ) against the compiled pattern.
matches(HttpServletRequest) - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
 
matches(HttpServletRequest) - Method in interface org.springframework.security.web.util.matcher.RequestMatcher
Decides whether the rule implemented by the strategy matches the supplied request.
matches(CharSequence, String) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
 
matches(CharSequence, String) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.AbstractPasswordEncoder
 
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
 
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder
Deprecated.
Checks the validity of an unencoded password against an encoded one in the form "{SSHA}sQuQF8vj8Eg2Y1hPdh3bkQhCKQBgjhQI".
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder
Deprecated.
Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Deprecated.
Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and encoding that value
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.NoOpPasswordEncoder
Deprecated.
 
matches(CharSequence, String) - Method in interface org.springframework.security.crypto.password.PasswordEncoder
Verify the encoded password obtained from storage matches the submitted raw password after it too is encoded.
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
 
matches(CharSequence, String) - Method in class org.springframework.security.crypto.password.StandardPasswordEncoder
Deprecated.
 
matches(CharSequence, String) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
 
matches(String) - Method in class org.springframework.security.web.util.matcher.IpAddressMatcher
 
matches(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
 
matches(Message<?>) - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
 
matches(Message<? extends T>) - Method in class org.springframework.security.messaging.util.matcher.AndMessageMatcher
 
matches(Message<? extends T>) - Method in interface org.springframework.security.messaging.util.matcher.MessageMatcher
Returns true if the Message matches, else false
matches(Message<? extends T>) - Method in class org.springframework.security.messaging.util.matcher.OrMessageMatcher
 
matches(PayloadExchange) - Method in interface org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher
Determines if a request matches or not
matches(PayloadExchange) - Method in class org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.MatcherSecurityWebFilterChain
 
matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.SecurityWebFilterChain
Determines if this SecurityWebFilterChain matches the provided ServerWebExchange
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
 
matches(ServerWebExchange) - Method in interface org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher
Determines if a request matches or not
maxAge(Duration) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
Configures the max age.
maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
maxAgeInSeconds(long) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
Controls the maximum number of sessions for a user.
maximumSessions(int) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Controls the maximum number of sessions for a user.
maximumSessions(SessionLimit) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
Sets the maximum number of sessions allowed for any user.
MaximumSessionsContext - Class in org.springframework.security.web.server.authentication
 
MaximumSessionsContext(Authentication, List<ReactiveSessionInformation>, int, WebSession) - Constructor for class org.springframework.security.web.server.authentication.MaximumSessionsContext
 
maximumSessionsExceededHandler(ServerMaximumSessionsExceededHandler) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
Sets the ServerMaximumSessionsExceededHandler to use when the maximum number of sessions is exceeded.
maxSessionsPreventsLogin(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
If true, prevents a user from authenticating when the SessionManagementConfigurer.ConcurrencyControlConfigurer.maximumSessions(int) has been reached.
Md4PasswordEncoder - Class in org.springframework.security.crypto.password
Deprecated.
Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
Md4PasswordEncoder() - Constructor for class org.springframework.security.crypto.password.Md4PasswordEncoder
Deprecated.
 
MD5 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
 
MediaTypeRequestMatcher - Class in org.springframework.security.web.util.matcher
Allows matching HttpServletRequest based upon the MediaType's resolved from a ContentNegotiationStrategy.
MediaTypeRequestMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
Creates an instance
MediaTypeRequestMatcher(MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
Creates an instance
MediaTypeRequestMatcher(ContentNegotiationStrategy, Collection<MediaType>) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
Creates an instance
MediaTypeRequestMatcher(ContentNegotiationStrategy, MediaType...) - Constructor for class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
Creates an instance
MediaTypeServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Matches based upon the accept headers.
MediaTypeServerWebExchangeMatcher(Collection<MediaType>) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
Creates a new instance
MediaTypeServerWebExchangeMatcher(MediaType...) - Constructor for class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
Creates a new instance
merge(Object) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
 
merge(Object) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.LogoutRequestBuilder
 
mergePatterns(String, String) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
 
message - Variable in class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot
 
MessageAuthorizationContext<T> - Class in org.springframework.security.messaging.access.intercept
An Message authorization context.
MessageAuthorizationContext(Message<T>) - Constructor for class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
Creates an instance.
MessageAuthorizationContext(Message<T>, Map<String, String>) - Constructor for class org.springframework.security.messaging.access.intercept.MessageAuthorizationContext
Creates an instance.
MessageAuthorizationContextSecurityExpressionHandler - Class in org.springframework.security.messaging.access.expression
An expression handler for MessageAuthorizationContext.
MessageAuthorizationContextSecurityExpressionHandler() - Constructor for class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
 
MessageAuthorizationContextSecurityExpressionHandler(SecurityExpressionHandler<Message<?>>) - Constructor for class org.springframework.security.messaging.access.expression.MessageAuthorizationContextSecurityExpressionHandler
 
MessageDigestPasswordEncoder - Class in org.springframework.security.crypto.password
Deprecated.
Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
MessageDigestPasswordEncoder(String) - Constructor for class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Deprecated.
The digest algorithm to use Supports the named Message Digest Algorithms in the Java environment.
MessageExpressionVoter<T> - Class in org.springframework.security.messaging.access.expression
MessageExpressionVoter() - Constructor for class org.springframework.security.messaging.access.expression.MessageExpressionVoter
Deprecated.
 
MessageMatcher<T> - Interface in org.springframework.security.messaging.util.matcher
API for determining if a Message should be matched on.
MessageMatcherDelegatingAuthorizationManager - Class in org.springframework.security.messaging.access.intercept
 
MessageMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.messaging.access.intercept
MessageMatcherDelegatingAuthorizationManager.Builder.Constraint - Class in org.springframework.security.messaging.access.intercept
Represents the security constraint to be applied to the MessageMatcher instances.
messages - Variable in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
messages - Variable in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
messages - Variable in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
messages - Variable in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
messages - Variable in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
messages - Variable in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
 
messages - Variable in class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
messages - Variable in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
messages - Variable in class org.springframework.security.authentication.ProviderManager
 
messages - Variable in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
messages - Variable in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
messages - Variable in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
messages - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
messages - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
messages - Variable in class org.springframework.security.web.access.ExceptionTranslationFilter
 
messages - Variable in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
messages - Variable in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
 
messages - Variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
messages - Variable in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
 
messages - Variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
messages - Variable in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
MessageSecurityExpressionRoot - Class in org.springframework.security.messaging.access.expression
The SecurityExpressionRoot used for Message expressions.
MessageSecurityExpressionRoot(Supplier<Authentication>, Message<?>) - Constructor for class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot
Creates an instance for the given Supplier of the Authentication and Message.
MessageSecurityExpressionRoot(Authentication, Message<?>) - Constructor for class org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot
 
MessageSecurityMetadataSource - Interface in org.springframework.security.messaging.access.intercept
MessageSecurityMetadataSourceRegistry - Class in org.springframework.security.config.annotation.web.messaging
MessageSecurityMetadataSourceRegistry() - Constructor for class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
 
MessageSecurityMetadataSourceRegistry.Constraint - Class in org.springframework.security.config.annotation.web.messaging
Deprecated.
Represents the security constraint to be applied to the MessageMatcher instances.
METADATA_PUSH - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
A Metadata Push exchange.
metadataResponseResolver(Saml2MetadataResponseResolver) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
Use this Saml2MetadataResponseResolver to parse the request and respond with SAML 2.0 metadata.
metadataUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
Use this endpoint to request relying party metadata.
METHOD_ACCESS_MANAGER - Static variable in class org.springframework.security.config.BeanIds
 
METHOD_SECURITY - Static variable in class org.springframework.security.config.Elements
 
METHOD_SECURITY_METADATA_SOURCE - Static variable in class org.springframework.security.config.Elements
 
METHOD_SECURITY_METADATA_SOURCE_ADVISOR - Static variable in class org.springframework.security.config.BeanIds
 
MethodAuthorizationDeniedHandler - Interface in org.springframework.security.authorization.method
An interface used to define a strategy to handle denied method invocations
MethodExpressionAuthorizationManager - Class in org.springframework.security.authorization.method
An expression-based AuthorizationManager that determines the access by evaluating the provided expression against the MethodInvocation.
MethodExpressionAuthorizationManager(String) - Constructor for class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
Creates an instance.
MethodInvocationAdapter - Class in org.springframework.security.access.intercept.aspectj
Deprecated.
This class will be removed from the public API. See `JoinPointMethodInvocation` in `spring-security-aspects` for its replacement
MethodInvocationPrivilegeEvaluator - Class in org.springframework.security.access.intercept
Deprecated.
MethodInvocationPrivilegeEvaluator() - Constructor for class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
Deprecated.
 
MethodInvocationResult - Class in org.springframework.security.authorization.method
A context object that contains a MethodInvocation and the result of that MethodInvocation.
MethodInvocationResult(MethodInvocation, Object) - Constructor for class org.springframework.security.authorization.method.MethodInvocationResult
Construct a MethodInvocationResult with the provided parameters
MethodInvocationUtils - Class in org.springframework.security.util
Static utility methods for creating MethodInvocations usable within Spring Security.
methodMap - Variable in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
Map from RegisteredMethod to ConfigAttribute list
MethodSecurityBeanDefinitionParser - Class in org.springframework.security.config.method
Processes the top-level "method-security" element.
MethodSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
 
MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor - Class in org.springframework.security.config.method
 
MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean - Class in org.springframework.security.config.method
 
MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
 
MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
 
MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor - Class in org.springframework.security.config.method
 
MethodSecurityExpressionHandler - Interface in org.springframework.security.access.expression.method
Extended expression-handler facade which adds methods which are specific to securing method invocations.
MethodSecurityExpressionHandlerBean() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
 
MethodSecurityExpressionOperations - Interface in org.springframework.security.access.expression.method
Interface which must be implemented if you want to use filtering in method security expressions.
methodSecurityInterceptor(MethodSecurityMetadataSource) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Creates the default MethodInterceptor which is a MethodSecurityInterceptor using the following methods to construct it.
MethodSecurityInterceptor - Class in org.springframework.security.access.intercept.aopalliance
MethodSecurityInterceptor() - Constructor for class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
Deprecated.
 
methodSecurityMetadataSource() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Provides the default MethodSecurityMetadataSource that will be used.
MethodSecurityMetadataSource - Interface in org.springframework.security.access.method
Deprecated.
Use the use-authorization-manager attribute for <method-security> and <intercept-methods> instead or use annotation-based or AuthorizationManager-based authorization
MethodSecurityMetadataSourceAdvisor - Class in org.springframework.security.access.intercept.aopalliance
Deprecated.
Use EnableMethodSecurity or publish interceptors directly
MethodSecurityMetadataSourceAdvisor(String, MethodSecurityMetadataSource, String) - Constructor for class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
Deprecated.
Alternative constructor for situations where we want the advisor decoupled from the advice.
MethodSecurityMetadataSourceBeanDefinitionParser - Class in org.springframework.security.config.method
Deprecated.
Use <intercept-methods>, <method-security>, or @EnableMethodSecurity
MethodSecurityMetadataSourceBeanDefinitionParser() - Constructor for class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser
Deprecated.
 
MIDDLE_NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
middle_name - the user's middle name(s)
middleName(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this middle name in the resulting OidcUserInfo
migrateSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
Specifies that a new session should be created and the session attributes from the original HttpSession should be retained.
MISSING_BEAN_ERROR_MESSAGE - Static variable in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
MissingCsrfTokenException - Exception in org.springframework.security.web.csrf
Thrown when no expected CsrfToken is found but is required.
MissingCsrfTokenException(String) - Constructor for exception org.springframework.security.web.csrf.MissingCsrfTokenException
 
mockAuthentication(Authentication) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to use the provided Authentication as the Principal
mockJwt() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to establish a SecurityContext that has a JwtAuthenticationToken for the Authentication and a Jwt for the Authentication.getPrincipal().
mockOAuth2Client() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to establish a OAuth2AuthorizedClient in the session.
mockOAuth2Client(String) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to establish a OAuth2AuthorizedClient in the session.
mockOAuth2Login() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication.
mockOidcLogin() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication.
mockOpaqueToken() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to establish a SecurityContext that has a BearerTokenAuthentication for the Authentication and an OAuth2AuthenticatedPrincipal for the Authentication.getPrincipal().
mockUser() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as the Principal.
mockUser(String) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to use a UserDetails to create a UsernamePasswordAuthenticationToken as the Principal.
mockUser(UserDetails) - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Updates the ServerWebExchange to use the provided UserDetails to create a UsernamePasswordAuthenticationToken as the Principal
mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
Deprecated.
Indicate how security advice should be applied.
mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
Indicate how security advice should be applied.
mode() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
Indicate how security advice should be applied.
mode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
The mode to configure.
MODE_GLOBAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder
 
MODE_INHERITABLETHREADLOCAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder
 
MODE_THREADLOCAL - Static variable in class org.springframework.security.core.context.SecurityContextHolder
 
modifyGrantedAuthorities(UserDetails, Authentication, Collection<? extends GrantedAuthority>) - Method in interface org.springframework.security.web.authentication.switchuser.SwitchUserAuthorityChanger
Allow subclasses to add or remove authorities that will be granted when in switch user mode.
MUST_SUPPLY_OLD_PASSWORD - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
MutableAcl - Interface in org.springframework.security.acls.model
A mutable Acl.
MutableAclService - Interface in org.springframework.security.acls.model
Provides support for creating and storing Acl instances.
mutate() - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata
 
mutate() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails
 
mutate() - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration
Deprecated.
mutate() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails
 
mutate() - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
mvc - Enum constant in enum class org.springframework.security.config.http.MatcherType
 
MvcRequestMatcher - Class in org.springframework.security.web.servlet.util.matcher
A RequestMatcher that uses Spring MVC's HandlerMappingIntrospector to match the path and extract variables.
MvcRequestMatcher(HandlerMappingIntrospector, String) - Constructor for class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
MvcRequestMatcher.Builder - Class in org.springframework.security.web.servlet.util.matcher
A builder for MvcRequestMatcher

N

name(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this name in the resulting OidcUserInfo
NAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
name - the user's full name
nameIdFormat(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
nameIdFormat(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Set the NameID format
NBF - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
nbf - A timestamp indicating when the token is not to be used before
NBF - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
nbf - the Not Before claim identifies the time before which the JWT MUST NOT be accepted for processing
NegatedRequestMatcher - Class in org.springframework.security.web.util.matcher
A RequestMatcher that will negate the RequestMatcher passed in.
NegatedRequestMatcher(RequestMatcher) - Constructor for class org.springframework.security.web.util.matcher.NegatedRequestMatcher
Creates a new instance
NegatedServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Negates the provided matcher.
NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher) - Constructor for class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
 
NestedLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.userdetails
A LDAP authority populator that can recursively search static nested groups.
NestedLdapAuthoritiesPopulator(ContextSource, String) - Constructor for class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
Constructor for group search scenarios.
NEVER - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
Spring Security will never create an HttpSession, but will use the HttpSession if it already exists
newSession() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
Specifies that a new session should be created, but the session attributes from the original HttpSession should not be retained.
next(PayloadExchange) - Method in interface org.springframework.security.rsocket.api.PayloadInterceptorChain
Process the payload exchange.
nextElement() - Method in class org.springframework.security.web.savedrequest.Enumerator
Returns the next element of this enumeration if this enumeration has at least one more element to provide.
nickname(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this nickname in the resulting OidcUserInfo
NICKNAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
nickname - the user's nick name that may or may not be the same as the given_name
NimbusJwtClientAuthenticationParametersConverter<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
A Converter that customizes the OAuth 2.0 Access Token Request parameters by adding a signed JSON Web Token (JWS) to be used for client authentication at the Authorization Server's Token Endpoint.
NimbusJwtClientAuthenticationParametersConverter(Function<ClientRegistration, JWK>) - Constructor for class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
Constructs a NimbusJwtClientAuthenticationParametersConverter using the provided parameters.
NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T extends AbstractOAuth2AuthorizationGrantRequest> - Class in org.springframework.security.oauth2.client.endpoint
A context that holds client authentication-specific state and is used by NimbusJwtClientAuthenticationParametersConverter when attempting to customize the JSON Web Token (JWS) client assertion.
NimbusJwtDecoder - Class in org.springframework.security.oauth2.jwt
A low-level Nimbus implementation of JwtDecoder which takes a raw Nimbus configuration.
NimbusJwtDecoder(JWTProcessor<SecurityContext>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Configures a NimbusJwtDecoder with the given parameters
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusJwtDecoder instances based on a JWK Set uri.
NimbusJwtDecoder.PublicKeyJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusJwtDecoder instances based on a public key.
NimbusJwtDecoder.SecretKeyJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusJwtDecoder instances based on a SecretKey.
NimbusJwtEncoder - Class in org.springframework.security.oauth2.jwt
An implementation of a JwtEncoder that encodes a JSON Web Token (JWT) using the JSON Web Signature (JWS) Compact Serialization format.
NimbusJwtEncoder(JWKSource<SecurityContext>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusJwtEncoder
Constructs a NimbusJwtEncoder using the provided parameters.
NimbusOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
A Nimbus implementation of OpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.
NimbusOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
Creates a OpaqueTokenAuthenticationProvider with the provided parameters
NimbusOpaqueTokenIntrospector(String, RestOperations) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
Creates a OpaqueTokenAuthenticationProvider with the provided parameters The given RestOperations should perform its own client authentication against the introspection endpoint.
NimbusReactiveJwtDecoder - Class in org.springframework.security.oauth2.jwt
An implementation of a ReactiveJwtDecoder that "decodes" a JSON Web Token (JWT) and additionally verifies it's digital signature if the JWT is a JSON Web Signature (JWS).
NimbusReactiveJwtDecoder(String) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder(RSAPublicKey) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder(Converter<JWT, Mono<JWTClaimsSet>>) - Constructor for class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Constructs a NimbusReactiveJwtDecoder using the provided parameters.
NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusReactiveJwtDecoder instances based on a JWK Set uri.
NimbusReactiveJwtDecoder.JwkSourceReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusReactiveJwtDecoder instances.
NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusReactiveJwtDecoder instances based on a public key.
NimbusReactiveJwtDecoder.SecretKeyReactiveJwtDecoderBuilder - Class in org.springframework.security.oauth2.jwt
A builder for creating NimbusReactiveJwtDecoder instances based on a SecretKey.
NimbusReactiveOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
A Nimbus implementation of ReactiveOpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.
NimbusReactiveOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
NimbusReactiveOpaqueTokenIntrospector(String, WebClient) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector
Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
NO_ATTRS - Static variable in class org.springframework.security.ldap.SpringSecurityLdapTemplate
 
NO_AUTHORITIES - Static variable in class org.springframework.security.core.authority.AuthorityUtils
 
NO_CONTEXT - Static variable in class org.springframework.security.core.context.SecurityContextChangedEvent
 
NO_OPTIONS - Static variable in class org.springframework.security.crypto.codec.Base64
Deprecated.
No options specified.
NO_PASSWORD_ENCODER_MAPPED - Static variable in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
 
NO_PASSWORD_ENCODER_PREFIX - Static variable in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
 
NO_REFERRER - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
NO_REFERRER - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
NO_REFERRER_WHEN_DOWNGRADE - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
nonce(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this nonce in the resulting OidcIdToken
NONCE - Static variable in class org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
nonce - used in the Authentication Request.
NONCE - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
nonce - a String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
NonceExpiredException - Exception in org.springframework.security.web.authentication.www
Thrown if an authentication request is rejected because the digest nonce has expired.
NonceExpiredException(String) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException
Constructs a NonceExpiredException with the specified message.
NonceExpiredException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.www.NonceExpiredException
Constructs a NonceExpiredException with the specified message and root cause.
none() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
Specifies that no session fixation protection should be enabled.
NONE - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
NoOpAccessDeniedHandler - Class in org.springframework.security.web.access
An AccessDeniedHandler implementation that does nothing.
NoOpAccessDeniedHandler() - Constructor for class org.springframework.security.web.access.NoOpAccessDeniedHandler
 
NoOpAuthenticationEntryPoint - Class in org.springframework.security.web.authentication
An AuthenticationEntryPoint implementation that does nothing.
NoOpAuthenticationEntryPoint() - Constructor for class org.springframework.security.web.authentication.NoOpAuthenticationEntryPoint
 
NoOpPasswordEncoder - Class in org.springframework.security.crypto.password
Deprecated.
This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
NoOpServerRequestCache - Class in org.springframework.security.web.server.savedrequest
An implementation of ServerRequestCache that does nothing.
NoOpServerSecurityContextRepository - Class in org.springframework.security.web.server.context
A do nothing implementation of ServerSecurityContextRepository.
noOpText() - Static method in class org.springframework.security.crypto.encrypt.Encryptors
Creates a text encryptor that performs no encryption.
NOSNIFF - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
 
NOSNIFF - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
 
not() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Negates the following authorization rule.
not() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Negates the following expression.
not(AuthorizationManager<T>) - Static method in class org.springframework.security.authorization.AuthorizationManagers
Creates an AuthorizationManager that reverses whatever decision the given AuthorizationManager granted.
not(RequestMatcher) - Static method in class org.springframework.security.web.util.matcher.RequestMatchers
Creates a RequestMatcher that matches if the given RequestMatcher does not match.
notBefore(Instant) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this not-before timestamp in the resulting Jwt
notBefore(Instant) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the not before (nbf) claim, which identifies the time before which the JWT MUST NOT be accepted for processing.
NotFoundException - Exception in org.springframework.security.acls.model
Thrown if an ACL-related object cannot be found.
NotFoundException(String) - Constructor for exception org.springframework.security.acls.model.NotFoundException
Constructs an NotFoundException with the specified message.
NotFoundException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.NotFoundException
Constructs an NotFoundException with the specified message and root cause.
notMatch() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher.MatchResult
Creates an instance of PayloadExchangeMatcher.MatchResult that is not a match.
notMatch() - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult
Creates an instance of ServerWebExchangeMatcher.MatchResult that is not a match.
notMatch() - Static method in class org.springframework.security.web.util.matcher.RequestMatcher.MatchResult
Creates an instance of RequestMatcher.MatchResult that is not a match.
NULL_DESTINATION_MATCHER - Static variable in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
 
NullAuthenticatedSessionStrategy - Class in org.springframework.security.web.authentication.session
 
NullAuthenticatedSessionStrategy() - Constructor for class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
 
NullAuthenticationProvider() - Constructor for class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
 
NullAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping
 
NullAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.NullAuthoritiesMapper
 
nullDestMatcher() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps any Message that has a null SimpMessageHeaderAccessor destination header (i.e.
nullDestMatcher() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps any Message that has a null SimpMessageHeaderAccessor destination header (i.e.
NullEventPublisher() - Constructor for class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
 
NullLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication
 
NullLdapAuthoritiesPopulator() - Constructor for class org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator
 
NullRememberMeServices - Class in org.springframework.security.web.authentication
Implementation of NullRememberMeServices that does nothing.
NullRememberMeServices() - Constructor for class org.springframework.security.web.authentication.NullRememberMeServices
 
NullRequestCache - Class in org.springframework.security.web.savedrequest
Null implementation of RequestCache.
NullRequestCache() - Constructor for class org.springframework.security.web.savedrequest.NullRequestCache
 
NullRoleHierarchy - Class in org.springframework.security.access.hierarchicalroles
 
NullRoleHierarchy() - Constructor for class org.springframework.security.access.hierarchicalroles.NullRoleHierarchy
 
NullSecurityContextRepository - Class in org.springframework.security.web.context
 
NullSecurityContextRepository() - Constructor for class org.springframework.security.web.context.NullSecurityContextRepository
 
NullStatelessTicketCache - Class in org.springframework.security.cas.authentication
Implementation of @link StatelessTicketCache that has no backing cache.
NullStatelessTicketCache() - Constructor for class org.springframework.security.cas.authentication.NullStatelessTicketCache
 
NullUserCache - Class in org.springframework.security.core.userdetails.cache
Does not perform any caching.
NullUserCache() - Constructor for class org.springframework.security.core.userdetails.cache.NullUserCache
 

O

OAEP - Enum constant in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
 
OAUTH2_AUTHORIZATION_CODE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
 
OAUTH2_CLIENT - Static variable in class org.springframework.security.config.Elements
 
OAUTH2_LOGIN - Static variable in class org.springframework.security.config.Elements
 
OAUTH2_RESOURCE_SERVER - Static variable in class org.springframework.security.config.Elements
 
OAuth2AccessToken - Class in org.springframework.security.oauth2.core
An implementation of an AbstractOAuth2Token representing an OAuth 2.0 Access Token.
OAuth2AccessToken(OAuth2AccessToken.TokenType, String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2AccessToken
Constructs an OAuth2AccessToken using the provided parameters.
OAuth2AccessToken(OAuth2AccessToken.TokenType, String, Instant, Instant, Set<String>) - Constructor for class org.springframework.security.oauth2.core.OAuth2AccessToken
Constructs an OAuth2AccessToken using the provided parameters.
OAuth2AccessToken.TokenType - Class in org.springframework.security.oauth2.core
Access Token Types.
oauth2AccessTokenResponse() - Static method in class org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors
Extractor to decode an OAuth2AccessTokenResponse
OAuth2AccessTokenResponse - Class in org.springframework.security.oauth2.core.endpoint
A representation of an OAuth 2.0 Access Token Response.
OAuth2AccessTokenResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint
OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Interface in org.springframework.security.oauth2.client.endpoint
A strategy for "exchanging" an authorization grant credential (e.g.
OAuth2AccessTokenResponseHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter
A HttpMessageConverter for an OAuth 2.0 Access Token Response.
OAuth2AccessTokenResponseHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
 
OAuth2AuthenticatedPrincipal - Interface in org.springframework.security.oauth2.core
An AuthenticatedPrincipal that represents the principal associated with an OAuth 2.0 token.
OAuth2AuthenticationException - Exception in org.springframework.security.oauth2.core
This exception is thrown for all OAuth 2.0 related Authentication errors.
OAuth2AuthenticationException(String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
Constructs an OAuth2AuthenticationException using the provided parameters.
OAuth2AuthenticationException(OAuth2Error) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
Constructs an OAuth2AuthenticationException using the provided parameters.
OAuth2AuthenticationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
Constructs an OAuth2AuthenticationException using the provided parameters.
OAuth2AuthenticationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
Constructs an OAuth2AuthenticationException using the provided parameters.
OAuth2AuthenticationException(OAuth2Error, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
Constructs an OAuth2AuthenticationException using the provided parameters.
OAuth2AuthenticationToken - Class in org.springframework.security.oauth2.client.authentication
An implementation of an AbstractAuthenticationToken that represents an OAuth 2.0 Authentication.
OAuth2AuthenticationToken(OAuth2User, Collection<? extends GrantedAuthority>, String) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
Constructs an OAuth2AuthenticationToken using the provided parameters.
OAuth2AuthorizationCodeAuthenticationProvider - Class in org.springframework.security.oauth2.client.authentication
An implementation of an AuthenticationProvider for the OAuth 2.0 Authorization Code Grant.
OAuth2AuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
Constructs an OAuth2AuthorizationCodeAuthenticationProvider using the provided parameters.
OAuth2AuthorizationCodeAuthenticationToken - Class in org.springframework.security.oauth2.client.authentication
An AbstractAuthenticationToken for the OAuth 2.0 Authorization Code Grant.
OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
This constructor should be used when the Authorization Request/Response is complete.
OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed.
OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed.
OAuth2AuthorizationCodeAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2AccessToken, OAuth2RefreshToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
 
OAuth2AuthorizationCodeGrantFilter - Class in org.springframework.security.oauth2.client.web
A Filter for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Response.
OAuth2AuthorizationCodeGrantFilter(ClientRegistrationRepository, OAuth2AuthorizedClientRepository, AuthenticationManager) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
Constructs an OAuth2AuthorizationCodeGrantFilter using the provided parameters.
OAuth2AuthorizationCodeGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
An OAuth 2.0 Authorization Code Grant request that holds an Authorization Code credential, which was granted by the Resource Owner to the Client.
OAuth2AuthorizationCodeGrantRequest(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
Constructs an OAuth2AuthorizationCodeGrantRequest using the provided parameters.
OAuth2AuthorizationCodeGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter that converts the provided OAuth2AuthorizationCodeGrantRequest to a RequestEntity representation of an OAuth 2.0 Access Token Request for the Authorization Code Grant.
OAuth2AuthorizationCodeGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
 
OAuth2AuthorizationCodeGrantWebFilter - Class in org.springframework.security.oauth2.client.web.server
A Filter for the OAuth 2.0 Authorization Code Grant, which handles the processing of the OAuth 2.0 Authorization Response.
OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager, ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
 
OAuth2AuthorizationCodeGrantWebFilter(ReactiveAuthenticationManager, ServerAuthenticationConverter, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
 
OAuth2AuthorizationCodeReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.authentication
An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2AuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager
 
OAuth2AuthorizationContext - Class in org.springframework.security.oauth2.client
A context that holds authorization-specific state and is used by an OAuth2AuthorizedClientProvider when attempting to authorize (or re-authorize) an OAuth 2.0 Client.
OAuth2AuthorizationContext.Builder - Class in org.springframework.security.oauth2.client
OAuth2AuthorizationException - Exception in org.springframework.security.oauth2.core
Base exception for OAuth 2.0 Authorization errors.
OAuth2AuthorizationException(OAuth2Error) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
Constructs an OAuth2AuthorizationException using the provided parameters.
OAuth2AuthorizationException(OAuth2Error, String) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
Constructs an OAuth2AuthorizationException using the provided parameters.
OAuth2AuthorizationException(OAuth2Error, String, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
Constructs an OAuth2AuthorizationException using the provided parameters.
OAuth2AuthorizationException(OAuth2Error, Throwable) - Constructor for exception org.springframework.security.oauth2.core.OAuth2AuthorizationException
Constructs an OAuth2AuthorizationException using the provided parameters.
OAuth2AuthorizationExchange - Class in org.springframework.security.oauth2.core.endpoint
An "exchange" of an OAuth 2.0 Authorization Request and Response for the authorization code grant type.
OAuth2AuthorizationExchange(OAuth2AuthorizationRequest, OAuth2AuthorizationResponse) - Constructor for class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange
Constructs a new OAuth2AuthorizationExchange with the provided Authorization Request and Authorization Response.
OAuth2AuthorizationFailureHandler - Interface in org.springframework.security.oauth2.client
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the Authorization Server or Resource Server.
OAuth2AuthorizationManagers - Class in org.springframework.security.oauth2.core.authorization
A convenience class for creating OAuth 2.0-specific AuthorizationManagers.
OAuth2AuthorizationRequest - Class in org.springframework.security.oauth2.core.endpoint
A representation of an OAuth 2.0 Authorization Request for the authorization code grant type.
OAuth2AuthorizationRequest.Builder - Class in org.springframework.security.oauth2.core.endpoint
OAuth2AuthorizationRequestCustomizers - Class in org.springframework.security.oauth2.client.web
A factory of customizers that customize the OAuth 2.0 Authorization Request via the OAuth2AuthorizationRequest.Builder.
OAuth2AuthorizationRequestRedirectFilter - Class in org.springframework.security.oauth2.client.web
This Filter initiates the authorization code grant flow by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint.
OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.
OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.
OAuth2AuthorizationRequestRedirectFilter(OAuth2AuthorizationRequestResolver) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.
OAuth2AuthorizationRequestRedirectWebFilter - Class in org.springframework.security.oauth2.client.web.server
This WebFilter initiates the authorization code grant flow by redirecting the End-User's user-agent to the Authorization Server's Authorization Endpoint.
OAuth2AuthorizationRequestRedirectWebFilter(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.
OAuth2AuthorizationRequestRedirectWebFilter(ServerOAuth2AuthorizationRequestResolver) - Constructor for class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
Constructs an OAuth2AuthorizationRequestRedirectFilter using the provided parameters.
OAuth2AuthorizationRequestResolver - Interface in org.springframework.security.oauth2.client.web
Implementations of this interface are capable of resolving an OAuth2AuthorizationRequest from the provided HttpServletRequest.
OAuth2AuthorizationResponse - Class in org.springframework.security.oauth2.core.endpoint
A representation of an OAuth 2.0 Authorization Response for the authorization code grant type.
OAuth2AuthorizationResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint
OAuth2AuthorizationResponseType - Class in org.springframework.security.oauth2.core.endpoint
The response_type parameter is consumed by the authorization endpoint which is used by the authorization code grant type.
OAuth2AuthorizationResponseType(String) - Constructor for class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType
 
OAuth2AuthorizationSuccessHandler - Interface in org.springframework.security.oauth2.client
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the Authorization Server.
oauth2AuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the OAuth2AuthorizedClient to be used for providing the Bearer Token.
oauth2AuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the OAuth2AuthorizedClient to be used for providing the Bearer Token.
OAuth2AuthorizedClient - Class in org.springframework.security.oauth2.client
A representation of an OAuth 2.0 "Authorized Client".
OAuth2AuthorizedClient(ClientRegistration, String, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
Constructs an OAuth2AuthorizedClient using the provided parameters.
OAuth2AuthorizedClient(ClientRegistration, String, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClient
Constructs an OAuth2AuthorizedClient using the provided parameters.
OAuth2AuthorizedClientArgumentResolver - Class in org.springframework.security.oauth2.client.web.method.annotation
An implementation of a HandlerMethodArgumentResolver that is capable of resolving a method parameter to an argument value of type OAuth2AuthorizedClient.
OAuth2AuthorizedClientArgumentResolver - Class in org.springframework.security.oauth2.client.web.reactive.result.method.annotation
An implementation of a HandlerMethodArgumentResolver that is capable of resolving a method parameter to an argument value of type OAuth2AuthorizedClient.
OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.
OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.
OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.
OAuth2AuthorizedClientArgumentResolver(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
Constructs an OAuth2AuthorizedClientArgumentResolver using the provided parameters.
OAuth2AuthorizedClientHolder(String, String, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
Constructs an OAuth2AuthorizedClientHolder using the provided parameters.
OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient, Authentication) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
Constructs an OAuth2AuthorizedClientHolder using the provided parameters.
OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient, Authentication) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder
Constructs an OAuth2AuthorizedClientHolder using the provided parameters.
OAuth2AuthorizedClientId - Class in org.springframework.security.oauth2.client
The identifier for OAuth2AuthorizedClient.
OAuth2AuthorizedClientId(String, String) - Constructor for class org.springframework.security.oauth2.client.OAuth2AuthorizedClientId
Constructs an OAuth2AuthorizedClientId using the provided parameters.
OAuth2AuthorizedClientManager - Interface in org.springframework.security.oauth2.client
Implementations of this interface are responsible for the overall management of Authorized Client(s).
OAuth2AuthorizedClientParametersMapper() - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
 
OAuth2AuthorizedClientParametersMapper() - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper
 
OAuth2AuthorizedClientProvider - Interface in org.springframework.security.oauth2.client
A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
OAuth2AuthorizedClientProviderBuilder - Class in org.springframework.security.oauth2.client
A builder that builds a DelegatingOAuth2AuthorizedClientProvider composed of one or more OAuth2AuthorizedClientProvider(s) that implement specific authorization grants.
OAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the authorization_code grant.
OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the client_credentials grant.
OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the password grant.
OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the refresh_token grant.
OAuth2AuthorizedClientRepository - Interface in org.springframework.security.oauth2.client.web
Implementations of this interface are responsible for the persistence of Authorized Client(s) between requests.
OAuth2AuthorizedClientRowMapper() - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
OAuth2AuthorizedClientRowMapper(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
OAuth2AuthorizedClientService - Interface in org.springframework.security.oauth2.client
Implementations of this interface are responsible for the management of Authorized Client(s), which provide the purpose of associating an Access Token credential to a Client and Resource Owner, who is the Principal that originally granted the authorization.
OAuth2AuthorizeRequest - Class in org.springframework.security.oauth2.client
Represents a request the OAuth2AuthorizedClientManager uses to authorize (or re-authorize) the client identified by the provided clientRegistrationId.
OAuth2AuthorizeRequest.Builder - Class in org.springframework.security.oauth2.client
A builder for OAuth2AuthorizeRequest.
OAuth2BodyExtractors - Class in org.springframework.security.oauth2.core.web.reactive.function
Static factory methods for OAuth2 BodyExtractor implementations.
oauth2Client() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
oauth2Client() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
oauth2Client() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish an OAuth2AuthorizedClient in the session.
oauth2Client(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish an OAuth2AuthorizedClient in the session.
oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures OAuth 2.0 Client support.
oauth2Client(Customizer<ServerHttpSecurity.OAuth2ClientSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures the OAuth2 client.
OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
An AbstractHttpConfigurer for OAuth 2.0 Client support.
OAuth2ClientConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
 
OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
Configuration options for the OAuth 2.0 Authorization Code Grant.
OAuth2ClientCredentialsGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
An OAuth 2.0 Client Credentials Grant request that holds the client's credentials in AbstractOAuth2AuthorizationGrantRequest.getClientRegistration().
OAuth2ClientCredentialsGrantRequest(ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest
Constructs an OAuth2ClientCredentialsGrantRequest using the provided parameters.
OAuth2ClientCredentialsGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter that converts the provided OAuth2ClientCredentialsGrantRequest to a RequestEntity representation of an OAuth 2.0 Access Token Request for the Client Credentials Grant.
OAuth2ClientCredentialsGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter
 
OAuth2ClientHttpRequestInterceptor - Class in org.springframework.security.oauth2.client.web.client
Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth 2.0 requests by including the access token as a bearer token.
OAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
Constructs a OAuth2ClientHttpRequestInterceptor using the provided parameters.
OAuth2ClientHttpRequestInterceptor(OAuth2AuthorizedClientManager, OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver) - Constructor for class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
Constructs a OAuth2ClientHttpRequestInterceptor using the provided parameters.
OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver - Interface in org.springframework.security.oauth2.client.web.client
A strategy for resolving a clientRegistrationId from an intercepted request.
OAuth2ClientJackson2Module - Class in org.springframework.security.oauth2.client.jackson2
Jackson Module for spring-security-oauth2-client, that registers the following mix-in annotations: OAuth2AuthorizationRequestMixin ClientRegistrationMixin OAuth2AccessTokenMixin OAuth2RefreshTokenMixin OAuth2AuthorizedClientMixin OAuth2UserAuthorityMixin DefaultOAuth2UserMixin OidcIdTokenMixin OidcUserInfoMixin OidcUserAuthorityMixin DefaultOidcUserMixin OAuth2AuthenticationTokenMixin OAuth2AuthenticationExceptionMixin OAuth2ErrorMixin If not already enabled, default typing will be automatically enabled as type info is required to properly serialize/deserialize objects.
OAuth2ClientJackson2Module() - Constructor for class org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module
 
oauth2Configuration() - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Configures the builder with ServletOAuth2AuthorizedClientExchangeFilterFunction.defaultRequest() and adds this as a ExchangeFilterFunction
OAuth2DeviceAuthorizationResponse - Class in org.springframework.security.oauth2.core.endpoint
A representation of an OAuth 2.0 Device Authorization Response.
OAuth2DeviceAuthorizationResponse.Builder - Class in org.springframework.security.oauth2.core.endpoint
OAuth2DeviceAuthorizationResponseHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter
A HttpMessageConverter for an OAuth 2.0 Device Authorization Response.
OAuth2DeviceAuthorizationResponseHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
 
OAuth2DeviceCode - Class in org.springframework.security.oauth2.core
An implementation of an AbstractOAuth2Token representing a device code as part of the OAuth 2.0 Device Authorization Grant.
OAuth2DeviceCode(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2DeviceCode
Constructs an OAuth2DeviceCode using the provided parameters.
OAuth2Error - Class in org.springframework.security.oauth2.core
A representation of an OAuth 2.0 Error.
OAuth2Error(String) - Constructor for class org.springframework.security.oauth2.core.OAuth2Error
Constructs an OAuth2Error using the provided parameters.
OAuth2Error(String, String, String) - Constructor for class org.springframework.security.oauth2.core.OAuth2Error
Constructs an OAuth2Error using the provided parameters.
OAuth2ErrorCodes - Class in org.springframework.security.oauth2.core
Standard error codes defined by the OAuth 2.0 Authorization Framework.
OAuth2ErrorHttpMessageConverter - Class in org.springframework.security.oauth2.core.http.converter
A HttpMessageConverter for an OAuth 2.0 Error.
OAuth2ErrorHttpMessageConverter() - Constructor for class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
 
OAuth2ErrorResponseErrorHandler - Class in org.springframework.security.oauth2.client.http
A ResponseErrorHandler that handles an OAuth 2.0 Error.
OAuth2ErrorResponseErrorHandler() - Constructor for class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
 
OAuth2IntrospectionAuthenticatedPrincipal - Class in org.springframework.security.oauth2.server.resource.introspection
A domain object that wraps the attributes of OAuth 2.0 Token Introspection.
OAuth2IntrospectionAuthenticatedPrincipal(String, Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
Constructs an OAuth2IntrospectionAuthenticatedPrincipal using the provided parameters.
OAuth2IntrospectionAuthenticatedPrincipal(Map<String, Object>, Collection<GrantedAuthority>) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal
Constructs an OAuth2IntrospectionAuthenticatedPrincipal using the provided parameters.
OAuth2IntrospectionException - Exception in org.springframework.security.oauth2.server.resource.introspection
Base exception for all OAuth 2.0 Introspection related errors
OAuth2IntrospectionException(String) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException
 
OAuth2IntrospectionException(String, Throwable) - Constructor for exception org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException
 
oauth2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
oauth2Login() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
oauth2Login() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OAuth2User as the principal, and a OAuth2AuthorizedClient in the session.
oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
oauth2Login(Customizer<ServerHttpSecurity.OAuth2LoginSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider.
OAuth2LoginAuthenticationFilter - Class in org.springframework.security.oauth2.client.web
An implementation of an AbstractAuthenticationProcessingFilter for OAuth 2.0 Login.
OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientService) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientService, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
OAuth2LoginAuthenticationFilter(ClientRegistrationRepository, OAuth2AuthorizedClientRepository, String) - Constructor for class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
Constructs an OAuth2LoginAuthenticationFilter using the provided parameters.
OAuth2LoginAuthenticationProvider - Class in org.springframework.security.oauth2.client.authentication
An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2LoginAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
Constructs an OAuth2LoginAuthenticationProvider using the provided parameters.
OAuth2LoginAuthenticationToken - Class in org.springframework.security.oauth2.client.authentication
An AbstractAuthenticationToken for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
This constructor should be used when the Authorization Request/Response is complete.
OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2User, Collection<? extends GrantedAuthority>, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed and OAuth 2.0 Login has been achieved.
OAuth2LoginAuthenticationToken(ClientRegistration, OAuth2AuthorizationExchange, OAuth2User, Collection<? extends GrantedAuthority>, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken
This constructor should be used when the Access Token Request/Response is complete, which indicates that the Authorization Code Grant flow has fully completed and OAuth 2.0 Login has been achieved.
OAuth2LoginAuthenticationWebFilter - Class in org.springframework.security.oauth2.client.web.server.authentication
OAuth2LoginAuthenticationWebFilter(ReactiveAuthenticationManager, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter
Creates an instance
OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
 
OAuth2LoginConfigurer.AuthorizationEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
Configuration options for the Authorization Server's Authorization Endpoint.
OAuth2LoginConfigurer.RedirectionEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
Configuration options for the Client's Redirection Endpoint.
OAuth2LoginConfigurer.TokenEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
Configuration options for the Authorization Server's Token Endpoint.
OAuth2LoginConfigurer.UserInfoEndpointConfig - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
Configuration options for the Authorization Server's UserInfo Endpoint.
OAuth2LoginReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.authentication
An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OAuth2LoginReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>) - Constructor for class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
 
OAuth2ParameterNames - Class in org.springframework.security.oauth2.core.endpoint
Standard and custom (non-standard) parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint, token endpoint and token revocation endpoint.
OAuth2PasswordGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
OAuth2PasswordGrantRequest(ClientRegistration, String, String) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest
Deprecated.
Constructs an OAuth2PasswordGrantRequest using the provided parameters.
OAuth2PasswordGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter that converts the provided OAuth2PasswordGrantRequest to a RequestEntity representation of an OAuth 2.0 Access Token Request for the Resource Owner Password Credentials Grant.
OAuth2PasswordGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter
 
OAuth2ReactiveAuthorizationManagers - Class in org.springframework.security.oauth2.core.authorization
A convenience class for creating OAuth 2.0-specific AuthorizationManagers.
OAuth2RefreshToken - Class in org.springframework.security.oauth2.core
An implementation of an AbstractOAuth2Token representing an OAuth 2.0 Refresh Token.
OAuth2RefreshToken(String, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2RefreshToken
Constructs an OAuth2RefreshToken using the provided parameters.
OAuth2RefreshToken(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2RefreshToken
Constructs an OAuth2RefreshToken using the provided parameters.
OAuth2RefreshTokenGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
An OAuth 2.0 Refresh Token Grant request that holds the refresh token credential granted to the client.
OAuth2RefreshTokenGrantRequest(ClientRegistration, OAuth2AccessToken, OAuth2RefreshToken) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
Constructs an OAuth2RefreshTokenGrantRequest using the provided parameters.
OAuth2RefreshTokenGrantRequest(ClientRegistration, OAuth2AccessToken, OAuth2RefreshToken, Set<String>) - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest
Constructs an OAuth2RefreshTokenGrantRequest using the provided parameters.
OAuth2RefreshTokenGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter that converts the provided OAuth2RefreshTokenGrantRequest to a RequestEntity representation of an OAuth 2.0 Access Token Request for the Refresh Token Grant.
OAuth2RefreshTokenGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter
 
oauth2ResourceServer() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.oauth2ResourceServer(Customizer) instead
oauth2ResourceServer() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
oauth2ResourceServer(Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures OAuth 2.0 Resource Server support.
oauth2ResourceServer(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures OAuth 2.0 Resource Server support.
OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
An AbstractHttpConfigurer for OAuth 2.0 Resource Server Support.
OAuth2ResourceServerConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
 
OAuth2ResourceServerConfigurer.JwtConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
 
OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
 
OAuth2ResourceServerSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
 
OAuth2Token - Interface in org.springframework.security.oauth2.core
Core interface representing an OAuth 2.0 Token.
OAuth2TokenIntrospectionClaimAccessor - Interface in org.springframework.security.oauth2.core
A ClaimAccessor for the "claims" that may be contained in the Introspection Response.
OAuth2TokenIntrospectionClaimNames - Class in org.springframework.security.oauth2.core
The names of the "Introspection Claims" defined by an Introspection Response.
OAuth2TokenValidator<T extends OAuth2Token> - Interface in org.springframework.security.oauth2.core
Implementations of this interface are responsible for "verifying" the validity and/or constraints of the attributes contained in an OAuth 2.0 Token.
OAuth2TokenValidatorResult - Class in org.springframework.security.oauth2.core
A result emitted from an OAuth2TokenValidator validation attempt
oauth2User(OAuth2User) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2LoginMutator
Use the provided OAuth2User as the authenticated user.
oauth2User(OAuth2User) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
Use the provided OAuth2User as the authenticated user.
OAuth2User - Interface in org.springframework.security.oauth2.core.user
A representation of a user Principal that is registered with an OAuth 2.0 Provider.
OAuth2UserAuthority - Class in org.springframework.security.oauth2.core.user
A GrantedAuthority that may be associated to an OAuth2User.
OAuth2UserAuthority(String, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
Constructs a OAuth2UserAuthority using the provided parameters.
OAuth2UserAuthority(String, Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
Constructs a OAuth2UserAuthority using the provided parameters.
OAuth2UserAuthority(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
Constructs a OAuth2UserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OAUTH2_USER.
OAuth2UserAuthority(Map<String, Object>, String) - Constructor for class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
Constructs a OAuth2UserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OAUTH2_USER.
OAuth2UserCode - Class in org.springframework.security.oauth2.core
An implementation of an AbstractOAuth2Token representing a user code as part of the OAuth 2.0 Device Authorization Grant.
OAuth2UserCode(String, Instant, Instant) - Constructor for class org.springframework.security.oauth2.core.OAuth2UserCode
Constructs an OAuth2UserCode using the provided parameters.
OAuth2UserRequest - Class in org.springframework.security.oauth2.client.userinfo
Represents a request the OAuth2UserService uses when initiating a request to the UserInfo Endpoint.
OAuth2UserRequest(ClientRegistration, OAuth2AccessToken) - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
Constructs an OAuth2UserRequest using the provided parameters.
OAuth2UserRequest(ClientRegistration, OAuth2AccessToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest
Constructs an OAuth2UserRequest using the provided parameters.
OAuth2UserRequestEntityConverter - Class in org.springframework.security.oauth2.client.userinfo
A Converter that converts the provided OAuth2UserRequest to a RequestEntity representation of a request for the UserInfo Endpoint.
OAuth2UserRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.userinfo.OAuth2UserRequestEntityConverter
 
OAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> - Interface in org.springframework.security.oauth2.client.userinfo
Implementations of this interface are responsible for obtaining the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using the Access Token granted to the Client and returning an AuthenticatedPrincipal in the form of an OAuth2User.
ObjectIdentity - Interface in org.springframework.security.acls.model
Represents the identity of an individual domain object instance.
ObjectIdentityGenerator - Interface in org.springframework.security.acls.model
Strategy which creates an ObjectIdentity from an object identifier (such as a primary key) and type information.
ObjectIdentityImpl - Class in org.springframework.security.acls.domain
Simple implementation of ObjectIdentity.
ObjectIdentityImpl(Class<?>, Serializable) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl
Constructor which uses the name of the supplied class as the type property.
ObjectIdentityImpl(Object) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl
Creates the ObjectIdentityImpl based on the passed object instance.
ObjectIdentityImpl(String, Serializable) - Constructor for class org.springframework.security.acls.domain.ObjectIdentityImpl
 
objectIdentityRetrievalStrategy - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
ObjectIdentityRetrievalStrategy - Interface in org.springframework.security.acls.model
Strategy interface that provides the ability to determine which ObjectIdentity will be returned for a particular domain object
ObjectIdentityRetrievalStrategyImpl - Class in org.springframework.security.acls.domain
Basic implementation of ObjectIdentityRetrievalStrategy and ObjectIdentityGenerator that uses the constructors of ObjectIdentityImpl to create the ObjectIdentity.
ObjectIdentityRetrievalStrategyImpl() - Constructor for class org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl
 
objectPostProcessor(AutowireCapableBeanFactory) - Method in class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
 
objectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Specifies the ObjectPostProcessor to use.
ObjectPostProcessor<T> - Interface in org.springframework.security.config.annotation
Allows initialization of Objects.
ObjectPostProcessorConfiguration - Class in org.springframework.security.config.annotation.configuration
Spring Configuration that exports the default ObjectPostProcessor.
ObjectPostProcessorConfiguration() - Constructor for class org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration
 
ObservationAuthenticationManager - Class in org.springframework.security.authentication
An AuthenticationManager that observes the authentication
ObservationAuthenticationManager(ObservationRegistry, AuthenticationManager) - Constructor for class org.springframework.security.authentication.ObservationAuthenticationManager
 
ObservationAuthorizationManager<T> - Class in org.springframework.security.authorization
An AuthorizationManager that observes the authorization
ObservationAuthorizationManager(ObservationRegistry, AuthorizationManager<T>) - Constructor for class org.springframework.security.authorization.ObservationAuthorizationManager
 
ObservationFilterChainDecorator - Class in org.springframework.security.web
A FilterChainProxy.FilterChainDecorator that wraps the chain in before and after observations
ObservationFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.ObservationFilterChainDecorator
 
ObservationMarkingAccessDeniedHandler - Class in org.springframework.security.web.access
 
ObservationMarkingAccessDeniedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.access.ObservationMarkingAccessDeniedHandler
 
ObservationMarkingRequestRejectedHandler - Class in org.springframework.security.web.firewall
 
ObservationMarkingRequestRejectedHandler(ObservationRegistry) - Constructor for class org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler
 
ObservationReactiveAuthenticationManager - Class in org.springframework.security.authentication
An ReactiveAuthenticationManager that observes the authentication
ObservationReactiveAuthenticationManager(ObservationRegistry, ReactiveAuthenticationManager) - Constructor for class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
 
ObservationReactiveAuthorizationManager<T> - Class in org.springframework.security.authorization
An ReactiveAuthorizationManager that observes the authentication
ObservationReactiveAuthorizationManager(ObservationRegistry, ReactiveAuthorizationManager<T>) - Constructor for class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
 
ObservationSecurityContextChangedListener - Class in org.springframework.security.core.context
A SecurityContextChangedListener that adds events to an existing Observation If no Observation is present when an event is fired, then the event is unrecorded.
ObservationSecurityContextChangedListener(ObservationRegistry) - Constructor for class org.springframework.security.core.context.ObservationSecurityContextChangedListener
ObservationWebFilterChainDecorator - Class in org.springframework.security.web.server
A WebFilterChainProxy.WebFilterChainDecorator that wraps the chain in before and after observations
ObservationWebFilterChainDecorator(ObservationRegistry) - Constructor for class org.springframework.security.web.server.ObservationWebFilterChainDecorator
 
obtainArtifact(HttpServletRequest) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
If present, gets the artifact (CAS ticket) from the HttpServletRequest.
obtainPassword(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Enables subclasses to override the composition of the password, such as by including additional values and a separator.
obtainSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
obtainSecurityMetadataSource() - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
Deprecated.
 
obtainSecurityMetadataSource() - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
obtainSecurityMetadataSource() - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
obtainSubject(ServletRequest) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
Obtains the Subject to run as or null if no Subject is available.
obtainUsername(HttpServletRequest) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Enables subclasses to override the composition of the username, such as by including additional values and a separator.
of(int) - Static method in interface org.springframework.security.web.server.authentication.SessionLimit
Creates a SessionLimit that always returns the given value for any user
of(AuthorizationAdvisorProxyFactory.TargetVisitor...) - Static method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
Compose a set of visitors.
offset() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
Indicate additional offset in the ordering of the execution of the security interceptors when multiple advices are applied at a specific joinpoint.
OID - Static variable in class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
OID of the Password Policy Control
OidcAuthorizationCodeAuthenticationProvider - Class in org.springframework.security.oauth2.client.oidc.authentication
An implementation of an AuthenticationProvider for the OpenID Connect Core 1.0 Authorization Code Grant Flow.
OidcAuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, OAuth2UserService<OidcUserRequest, OidcUser>) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
Constructs an OidcAuthorizationCodeAuthenticationProvider using the provided parameters.
OidcAuthorizationCodeReactiveAuthenticationManager - Class in org.springframework.security.oauth2.client.oidc.authentication
An implementation of an AuthenticationProvider for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.
OidcAuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>, ReactiveOAuth2UserService<OidcUserRequest, OidcUser>) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
 
OidcBackChannelLogoutHandler - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
A LogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.
OidcBackChannelLogoutHandler(OidcSessionRegistry) - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
 
OidcBackChannelServerLogoutHandler - Class in org.springframework.security.config.web.server
A ServerLogoutHandler that locates the sessions associated with a given OIDC Back-Channel Logout Token and invalidates each one.
OidcBackChannelServerLogoutHandler(ReactiveOidcSessionRegistry) - Constructor for class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
 
OidcClientInitiatedLogoutSuccessHandler - Class in org.springframework.security.oauth2.client.oidc.web.logout
A logout success handler for initiating OIDC logout through the user agent.
OidcClientInitiatedLogoutSuccessHandler(ClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler
 
OidcClientInitiatedServerLogoutSuccessHandler - Class in org.springframework.security.oauth2.client.oidc.web.server.logout
A reactive logout success handler for initiating OIDC logout through the user agent.
OidcClientInitiatedServerLogoutSuccessHandler(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
Constructs an OidcClientInitiatedServerLogoutSuccessHandler with the provided parameters
OidcIdToken - Class in org.springframework.security.oauth2.core.oidc
An implementation of an AbstractOAuth2Token representing an OpenID Connect Core 1.0 ID Token.
OidcIdToken(String, Instant, Instant, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.OidcIdToken
Constructs a OidcIdToken using the provided parameters.
OidcIdToken.Builder - Class in org.springframework.security.oauth2.core.oidc
A builder for OidcIdTokens
OidcIdTokenDecoderFactory - Class in org.springframework.security.oauth2.client.oidc.authentication
A factory that provides a JwtDecoder used for OidcIdToken signature verification.
OidcIdTokenDecoderFactory() - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
 
OidcIdTokenValidator - Class in org.springframework.security.oauth2.client.oidc.authentication
An OAuth2TokenValidator responsible for validating the claims in an ID Token.
OidcIdTokenValidator(ClientRegistration) - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
 
oidcLogin() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish a SecurityContext that has a OAuth2AuthenticationToken for the Authentication, a OidcUser as the principal, and a OAuth2AuthorizedClient in the session.
oidcLogout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
oidcLogout(Customizer<OidcLogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
oidcLogout(Customizer<ServerHttpSecurity.OidcLogoutSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures OIDC Connect 1.0 Logout support.
OidcLogoutConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
An AbstractHttpConfigurer for OIDC Logout flows
OidcLogoutConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
 
OidcLogoutConfigurer.BackChannelLogoutConfigurer - Class in org.springframework.security.config.annotation.web.configurers.oauth2.client
A configurer for configuring OIDC Back-Channel Logout
OidcLogoutSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
 
OidcLogoutToken - Class in org.springframework.security.oauth2.client.oidc.authentication.logout
An implementation of an AbstractOAuth2Token representing an OpenID Backchannel Logout Token.
OidcLogoutToken.Builder - Class in org.springframework.security.oauth2.client.oidc.authentication.logout
A builder for OidcLogoutTokens
OidcParameterNames - Class in org.springframework.security.oauth2.core.oidc.endpoint
Standard parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint and token endpoint.
OidcReactiveOAuth2UserService - Class in org.springframework.security.oauth2.client.oidc.userinfo
An implementation of an ReactiveOAuth2UserService that supports OpenID Connect 1.0 Provider's.
OidcReactiveOAuth2UserService() - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
 
OidcScopes - Class in org.springframework.security.oauth2.core.oidc
The scope values defined by the OpenID Connect Core 1.0 specification that can be used to request claims.
OidcSessionInformation - Class in org.springframework.security.oauth2.client.oidc.session
A SessionInformation extension that enforces the principal be of type OidcUser.
OidcSessionInformation(String, Map<String, String>, OidcUser) - Constructor for class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
Configures the ReactiveOidcSessionRegistry to use when logins use OIDC.
oidcSessionRegistry(ReactiveOidcSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec
oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Sets the registry for managing the OIDC client-provider session link
oidcSessionRegistry(OidcSessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer
Sets the registry for managing the OIDC client-provider session link
OidcSessionRegistry - Interface in org.springframework.security.oauth2.client.oidc.session
A registry to record the tie between the OIDC Provider session and the Client session.
oidcUser(OidcUser) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided OidcUser as the authenticated user.
oidcUser(OidcUser) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided OidcUser as the authenticated user.
OidcUser - Interface in org.springframework.security.oauth2.core.oidc.user
A representation of a user Principal that is registered with an OpenID Connect 1.0 Provider.
OidcUserAuthority - Class in org.springframework.security.oauth2.core.oidc.user
A GrantedAuthority that may be associated to an OidcUser.
OidcUserAuthority(String, OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Constructs a OidcUserAuthority using the provided parameters.
OidcUserAuthority(String, OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Constructs a OidcUserAuthority using the provided parameters.
OidcUserAuthority(OidcIdToken) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Constructs a OidcUserAuthority using the provided parameters.
OidcUserAuthority(OidcIdToken, OidcUserInfo) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Constructs a OidcUserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OIDC_USER.
OidcUserAuthority(OidcIdToken, OidcUserInfo, String) - Constructor for class org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority
Constructs a OidcUserAuthority using the provided parameters and defaults OAuth2UserAuthority.getAuthority() to OIDC_USER.
OidcUserInfo - Class in org.springframework.security.oauth2.core.oidc
A representation of a UserInfo Response that is returned from the OAuth 2.0 Protected Resource UserInfo Endpoint.
OidcUserInfo(Map<String, Object>) - Constructor for class org.springframework.security.oauth2.core.oidc.OidcUserInfo
Constructs a OidcUserInfo using the provided parameters.
OidcUserInfo.Builder - Class in org.springframework.security.oauth2.core.oidc
A builder for OidcUserInfos
OidcUserRequest - Class in org.springframework.security.oauth2.client.oidc.userinfo
Represents a request the OidcUserService uses when initiating a request to the UserInfo Endpoint.
OidcUserRequest(ClientRegistration, OAuth2AccessToken, OidcIdToken) - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
Constructs an OidcUserRequest using the provided parameters.
OidcUserRequest(ClientRegistration, OAuth2AccessToken, OidcIdToken, Map<String, Object>) - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
Constructs an OidcUserRequest using the provided parameters.
oidcUserService(OAuth2UserService<OidcUserRequest, OidcUser>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
Sets the OpenID Connect 1.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
OidcUserService - Class in org.springframework.security.oauth2.client.oidc.userinfo
An implementation of an OAuth2UserService that supports OpenID Connect 1.0 Provider's.
OidcUserService() - Constructor for class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
 
OKTA - Enum constant in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 
onApplicationEvent(ApplicationEvent) - Method in class org.springframework.security.context.DelegatingApplicationListener
 
onApplicationEvent(AbstractAuthorizationEvent) - Method in class org.springframework.security.access.event.LoggerListener
Deprecated.
 
onApplicationEvent(AbstractAuthenticationEvent) - Method in class org.springframework.security.authentication.event.LoggerListener
 
onApplicationEvent(AbstractSessionEvent) - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
onApplicationEvent(SessionDestroyedEvent) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
Called when a user is newly authenticated.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
 
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
In addition to the steps from the superclass, the sessionRegistry will be updated with the new session information.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
Performs Http session-related functionality when a new authentication occurs.
onAuthentication(Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
 
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
 
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in interface org.springframework.security.web.authentication.AuthenticationFailureHandler
Called when an authentication attempt fails.
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationFailureHandler
 
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
 
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler
 
onAuthenticationFailure(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
Performs the redirect or forward to the defaultFailureUrl if set, otherwise returns a 401 error code.
onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
 
onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
 
onAuthenticationFailure(WebFilterExchange, AuthenticationException) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler
Invoked when authentication attempt fails
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
Called when a user has been successfully authenticated.
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.AuthenticationSuccessHandler
Called when a user has been successfully authenticated.
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler
 
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
 
onAuthenticationSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
Calls the parent class handle() method to forward or redirect to the target URL, and then calls clearAuthenticationAttributes() to remove any leftover session data.
onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter
 
onAuthenticationSuccess(Authentication, WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
 
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
 
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationSuccessHandler
 
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
 
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler
 
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler
Invoked when the application authenticates successfully
onAuthenticationSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
 
onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizationFailureHandler
Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the Authorization Server or Resource Server.
onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationFailureHandler
Called when an OAuth 2.0 Client fails to authorize (or re-authorize) via the authorization server or resource server.
onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
 
onAuthorizationFailure(OAuth2AuthorizationException, Authentication, Map<String, Object>) - Method in class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
 
onAuthorizationSuccess(OAuth2AuthorizedClient, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizationSuccessHandler
Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the Authorization Server.
onAuthorizationSuccess(OAuth2AuthorizedClient, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationSuccessHandler
Called when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.
OnCommittedResponseWrapper - Class in org.springframework.security.web.util
Base class for response wrappers which encapsulate the logic for handling an event when the HttpServletResponse is committed.
OnCommittedResponseWrapper(HttpServletResponse) - Constructor for class org.springframework.security.web.util.OnCommittedResponseWrapper
 
OneTimeToken - Interface in org.springframework.security.authentication.ott
Represents a one-time use token with an associated username and expiration time.
OneTimeTokenAuthenticationConverter - Class in org.springframework.security.web.authentication.ott
An implementation of AuthenticationConverter that detects if the request contains a token parameter and constructs a OneTimeTokenAuthenticationToken with it.
OneTimeTokenAuthenticationConverter() - Constructor for class org.springframework.security.web.authentication.ott.OneTimeTokenAuthenticationConverter
 
OneTimeTokenAuthenticationProvider - Class in org.springframework.security.authentication.ott
An AuthenticationProvider responsible for authenticating users based on one-time tokens.
OneTimeTokenAuthenticationProvider(OneTimeTokenService, UserDetailsService) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider
 
OneTimeTokenAuthenticationToken - Class in org.springframework.security.authentication.ott
Represents a One-Time Token authentication that can be authenticated or not.
OneTimeTokenAuthenticationToken(Object, String) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
 
OneTimeTokenAuthenticationToken(Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
 
OneTimeTokenAuthenticationToken(String) - Constructor for class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
 
oneTimeTokenLogin(Customizer<OneTimeTokenLoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures One-Time Token Login Support.
OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.ott
 
OneTimeTokenLoginConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
 
oneTimeTokenService(OneTimeTokenService) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Configures the OneTimeTokenService used to generate and consume OneTimeToken
OneTimeTokenService - Interface in org.springframework.security.authentication.ott
Interface for generating and consuming one-time tokens.
onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in interface org.springframework.security.web.session.SessionInformationExpiredStrategy
 
onExpiredSessionDetected(SessionInformationExpiredEvent) - Method in class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
 
onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.session.InvalidSessionStrategy
 
onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
 
onInvalidSessionDetected(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
 
onLoginFail(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Called from loginSuccess when a remember-me login has been requested.
onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
Creates a new persistent login token with a new series number, stores the data in the persistent token repository and adds the corresponding cookie to the response.
onLoginSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
 
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler
Produce and send a SAML 2.0 Logout Response based on the SAML 2.0 Logout Request received from the asserting party
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
 
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.ForwardLogoutSuccessHandler
 
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in interface org.springframework.security.web.authentication.logout.LogoutSuccessHandler
 
onLogoutSuccess(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
 
onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
 
onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.HttpStatusReturningServerLogoutSuccessHandler
onLogoutSuccess(WebFilterExchange, Authentication) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
 
onLogoutSuccess(WebFilterExchange, Authentication) - Method in interface org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler
Invoked after log out was successful
onResponseCommitted() - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
Calls saveContext() with the current contents of the SecurityContextHolder as long as () was not invoked.
onResponseCommitted() - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Implement the logic for handling the HttpServletResponse being committed
onSessionChange(String, HttpSession, Authentication) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
Called when the session has been changed and the old attributes have been migrated to the new session.
onStartup(ServletContext) - Method in class org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer
 
onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
Called if a remember-me token is presented and successfully authenticated by the RememberMeServices autoLogin method and the AuthenticationManager.
onSuccessfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
Called if the AuthenticationManager rejects the authentication object returned from the RememberMeServices autoLogin method.
onUnsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
OPAQUE_TOKEN - Static variable in class org.springframework.security.config.Elements
 
opaqueToken() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use OAuth2ResourceServerConfigurer.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
opaqueToken() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
opaqueToken() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
opaqueToken(Customizer<OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
Enables opaque bearer token support.
opaqueToken(Customizer<ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec
Enables Opaque Token Resource Server support.
OpaqueTokenAuthenticationConverter - Interface in org.springframework.security.oauth2.server.resource.introspection
Convert a successful introspection result into an authentication result.
OpaqueTokenAuthenticationProvider - Class in org.springframework.security.oauth2.server.resource.authentication
An AuthenticationProvider implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.
OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
Creates a OpaqueTokenAuthenticationProvider with the provided parameters
OpaqueTokenIntrospector - Interface in org.springframework.security.oauth2.server.resource.introspection
A contract for introspecting and verifying an OAuth 2.0 token.
OpaqueTokenReactiveAuthenticationManager - Class in org.springframework.security.oauth2.server.resource.authentication
An ReactiveAuthenticationManager implementation for opaque Bearer Tokens, using an OAuth 2.0 Introspection Endpoint to check the token's validity and reveal its attributes.
OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
OPENER_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
 
OPENID - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
The openid scope is required for OpenID Connect Authentication Requests.
OpenSamlAssertingPartyDetails - Class in org.springframework.security.saml2.provider.service.registration
A RelyingPartyRegistration.AssertingPartyDetails that contains OpenSAML-specific members
OpenSamlAssertingPartyDetails.Builder - Class in org.springframework.security.saml2.provider.service.registration
An OpenSAML version of RelyingPartyRegistration.AssertingPartyDetails.Builder that contains the underlying EntityDescriptor
OpenSamlInitializationService - Class in org.springframework.security.saml2.core
An initialization service for initializing OpenSAML.
OpenSamlRelyingPartyRegistration - Class in org.springframework.security.saml2.provider.service.registration
Deprecated.
This class no longer is needed in order to transmit the EntityDescriptor to OpenSamlAssertingPartyDetails. Instead of doing:
        if (registration instanceof OpenSamlRelyingPartyRegistration openSamlRegistration) {
            EntityDescriptor descriptor = openSamlRegistration.getAssertingPartyDetails.getEntityDescriptor();
        }
 
do instead:
        if (registration.getAssertingPartyMetadata() instanceof openSamlAssertingPartyDetails) {
            EntityDescriptor descriptor = openSamlAssertingPartyDetails.getEntityDescriptor();
        }
 
OpenSamlRelyingPartyRegistration.Builder - Class in org.springframework.security.saml2.provider.service.registration
Deprecated.
An OpenSAML version of RelyingPartyRegistration.AssertingPartyDetails.Builder that contains the underlying EntityDescriptor
OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter - Class in org.springframework.security.saml2.provider.service.registration
An HttpMessageConverter that takes an IDPSSODescriptor in an HTTP response and converts it into a RelyingPartyRegistration.Builder.
OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter() - Constructor for class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
Deprecated.
Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
order() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
Indicate the ordering of the execution of the security advisor when multiple advices are applied at a specific joinpoint.
ORDERED - Static variable in class org.springframework.security.crypto.codec.Base64
Deprecated.
Encode using the special "ordered" dialect of Base64.
org.springframework.security.access - package org.springframework.security.access
Core access-control related code, including security metadata related classes, interception code, access control annotations, EL support and voter-based implementations of the central AccessDecisionManager interface.
org.springframework.security.access.annotation - package org.springframework.security.access.annotation
Support for JSR-250 and Spring Security @Secured annotations.
org.springframework.security.access.event - package org.springframework.security.access.event
Authorization event and listener classes.
org.springframework.security.access.expression - package org.springframework.security.access.expression
Expression handling code to support the use of Spring-EL based expressions in @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.
org.springframework.security.access.expression.method - package org.springframework.security.access.expression.method
Implementation of expression-based method security.
org.springframework.security.access.hierarchicalroles - package org.springframework.security.access.hierarchicalroles
Role hierarchy implementation.
org.springframework.security.access.intercept - package org.springframework.security.access.intercept
Abstract level security interception classes which are responsible for enforcing the configured security constraints for a secure object.
org.springframework.security.access.intercept.aopalliance - package org.springframework.security.access.intercept.aopalliance
Enforces security for AOP Alliance MethodInvocations, such as via Spring AOP.
org.springframework.security.access.intercept.aspectj - package org.springframework.security.access.intercept.aspectj
Enforces security for AspectJ JointPoints, delegating secure object callbacks to the calling aspect.
org.springframework.security.access.method - package org.springframework.security.access.method
Provides SecurityMetadataSource implementations for securing Java method invocations via different AOP libraries.
org.springframework.security.access.prepost - package org.springframework.security.access.prepost
Contains the infrastructure classes for handling the @PreAuthorize, @PreFilter, @PostAuthorize and @PostFilter annotations.
org.springframework.security.access.vote - package org.springframework.security.access.vote
Implements a vote-based approach to authorization decisions.
org.springframework.security.acls - package org.springframework.security.acls
The Spring Security ACL package which implements instance-based security for domain objects.
org.springframework.security.acls.afterinvocation - package org.springframework.security.acls.afterinvocation
After-invocation providers for collection and array filtering.
org.springframework.security.acls.domain - package org.springframework.security.acls.domain
Basic implementation of access control lists (ACLs) interfaces.
org.springframework.security.acls.jdbc - package org.springframework.security.acls.jdbc
JDBC-based persistence of ACL information
org.springframework.security.acls.model - package org.springframework.security.acls.model
Interfaces and shared classes to manage access control lists (ACLs) for domain object instances.
org.springframework.security.aot.hint - package org.springframework.security.aot.hint
 
org.springframework.security.authentication - package org.springframework.security.authentication
Core classes and interfaces related to user authentication, which are used throughout Spring Security.
org.springframework.security.authentication.dao - package org.springframework.security.authentication.dao
An AuthenticationProvider which relies upon a data access object.
org.springframework.security.authentication.event - package org.springframework.security.authentication.event
Authentication success and failure events which can be published to the Spring application context.
org.springframework.security.authentication.jaas - package org.springframework.security.authentication.jaas
An authentication provider for JAAS.
org.springframework.security.authentication.jaas.event - package org.springframework.security.authentication.jaas.event
JAAS authentication events which can be published to the Spring application context by the JAAS authentication provider.
org.springframework.security.authentication.jaas.memory - package org.springframework.security.authentication.jaas.memory
An in memory JAAS implementation.
org.springframework.security.authentication.ott - package org.springframework.security.authentication.ott
 
org.springframework.security.authentication.password - package org.springframework.security.authentication.password
 
org.springframework.security.authorization - package org.springframework.security.authorization
 
org.springframework.security.authorization.event - package org.springframework.security.authorization.event
 
org.springframework.security.authorization.method - package org.springframework.security.authorization.method
 
org.springframework.security.cas - package org.springframework.security.cas
Spring Security support for Apereo's Central Authentication Service (CAS).
org.springframework.security.cas.authentication - package org.springframework.security.cas.authentication
An AuthenticationProvider that can process CAS service tickets and proxy tickets.
org.springframework.security.cas.jackson2 - package org.springframework.security.cas.jackson2
 
org.springframework.security.cas.userdetails - package org.springframework.security.cas.userdetails
 
org.springframework.security.cas.web - package org.springframework.security.cas.web
Authenticates standard web browser users via CAS.
org.springframework.security.cas.web.authentication - package org.springframework.security.cas.web.authentication
Authentication processing mechanisms which respond to the submission of authentication credentials using CAS.
org.springframework.security.concurrent - package org.springframework.security.concurrent
 
org.springframework.security.config - package org.springframework.security.config
Support classes for the Spring Security namespace.
org.springframework.security.config.annotation - package org.springframework.security.config.annotation
 
org.springframework.security.config.annotation.authentication - package org.springframework.security.config.annotation.authentication
 
org.springframework.security.config.annotation.authentication.builders - package org.springframework.security.config.annotation.authentication.builders
 
org.springframework.security.config.annotation.authentication.configuration - package org.springframework.security.config.annotation.authentication.configuration
 
org.springframework.security.config.annotation.authentication.configurers.ldap - package org.springframework.security.config.annotation.authentication.configurers.ldap
 
org.springframework.security.config.annotation.authentication.configurers.provisioning - package org.springframework.security.config.annotation.authentication.configurers.provisioning
 
org.springframework.security.config.annotation.authentication.configurers.userdetails - package org.springframework.security.config.annotation.authentication.configurers.userdetails
 
org.springframework.security.config.annotation.configuration - package org.springframework.security.config.annotation.configuration
 
org.springframework.security.config.annotation.method.configuration - package org.springframework.security.config.annotation.method.configuration
 
org.springframework.security.config.annotation.rsocket - package org.springframework.security.config.annotation.rsocket
 
org.springframework.security.config.annotation.web - package org.springframework.security.config.annotation.web
 
org.springframework.security.config.annotation.web.builders - package org.springframework.security.config.annotation.web.builders
 
org.springframework.security.config.annotation.web.configuration - package org.springframework.security.config.annotation.web.configuration
 
org.springframework.security.config.annotation.web.configurers - package org.springframework.security.config.annotation.web.configurers
 
org.springframework.security.config.annotation.web.configurers.oauth2.client - package org.springframework.security.config.annotation.web.configurers.oauth2.client
 
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource - package org.springframework.security.config.annotation.web.configurers.oauth2.server.resource
 
org.springframework.security.config.annotation.web.configurers.ott - package org.springframework.security.config.annotation.web.configurers.ott
 
org.springframework.security.config.annotation.web.configurers.saml2 - package org.springframework.security.config.annotation.web.configurers.saml2
 
org.springframework.security.config.annotation.web.messaging - package org.springframework.security.config.annotation.web.messaging
 
org.springframework.security.config.annotation.web.reactive - package org.springframework.security.config.annotation.web.reactive
 
org.springframework.security.config.annotation.web.servlet.configuration - package org.springframework.security.config.annotation.web.servlet.configuration
 
org.springframework.security.config.annotation.web.socket - package org.springframework.security.config.annotation.web.socket
 
org.springframework.security.config.authentication - package org.springframework.security.config.authentication
Parsing of <authentication-manager> and related elements.
org.springframework.security.config.core - package org.springframework.security.config.core
 
org.springframework.security.config.core.userdetails - package org.springframework.security.config.core.userdetails
 
org.springframework.security.config.crypto - package org.springframework.security.config.crypto
 
org.springframework.security.config.debug - package org.springframework.security.config.debug
 
org.springframework.security.config.http - package org.springframework.security.config.http
Parsing of the <http> namespace element.
org.springframework.security.config.ldap - package org.springframework.security.config.ldap
Security namespace support for LDAP authentication.
org.springframework.security.config.method - package org.springframework.security.config.method
Support for parsing of the <global-method-security> and <intercept-methods> elements.
org.springframework.security.config.oauth2.client - package org.springframework.security.config.oauth2.client
 
org.springframework.security.config.provisioning - package org.springframework.security.config.provisioning
 
org.springframework.security.config.saml2 - package org.springframework.security.config.saml2
 
org.springframework.security.config.web.server - package org.springframework.security.config.web.server
 
org.springframework.security.config.websocket - package org.springframework.security.config.websocket
 
org.springframework.security.context - package org.springframework.security.context
 
org.springframework.security.converter - package org.springframework.security.converter
 
org.springframework.security.core - package org.springframework.security.core
Core classes and interfaces related to user authentication and authorization, as well as the maintenance of a security context.
org.springframework.security.core.annotation - package org.springframework.security.core.annotation
 
org.springframework.security.core.authority - package org.springframework.security.core.authority
The default implementation of the GrantedAuthority interface.
org.springframework.security.core.authority.mapping - package org.springframework.security.core.authority.mapping
Strategies for mapping a list of attributes (such as roles or LDAP groups) to a list of GrantedAuthoritys.
org.springframework.security.core.context - package org.springframework.security.core.context
Classes related to the establishment of a security context for the duration of a request (such as an HTTP or RMI invocation).
org.springframework.security.core.parameters - package org.springframework.security.core.parameters
 
org.springframework.security.core.session - package org.springframework.security.core.session
Session abstraction which is provided by the org.springframework.security.core.session.SessionInformation SessionInformation class.
org.springframework.security.core.token - package org.springframework.security.core.token
A service for building secure random tokens.
org.springframework.security.core.userdetails - package org.springframework.security.core.userdetails
The standard interfaces for implementing user data DAOs.
org.springframework.security.core.userdetails.cache - package org.springframework.security.core.userdetails.cache
Implementations of UserCache.
org.springframework.security.core.userdetails.jdbc - package org.springframework.security.core.userdetails.jdbc
Exposes a JDBC-based authentication repository, implementing org.springframework.security.core.userdetails.UserDetailsService UserDetailsService.
org.springframework.security.core.userdetails.memory - package org.springframework.security.core.userdetails.memory
Exposes an in-memory authentication repository.
org.springframework.security.crypto.argon2 - package org.springframework.security.crypto.argon2
 
org.springframework.security.crypto.bcrypt - package org.springframework.security.crypto.bcrypt
 
org.springframework.security.crypto.codec - package org.springframework.security.crypto.codec
Internal codec classes.
org.springframework.security.crypto.encrypt - package org.springframework.security.crypto.encrypt
 
org.springframework.security.crypto.factory - package org.springframework.security.crypto.factory
 
org.springframework.security.crypto.keygen - package org.springframework.security.crypto.keygen
 
org.springframework.security.crypto.password - package org.springframework.security.crypto.password
 
org.springframework.security.crypto.scrypt - package org.springframework.security.crypto.scrypt
 
org.springframework.security.crypto.util - package org.springframework.security.crypto.util
 
org.springframework.security.data.aot.hint - package org.springframework.security.data.aot.hint
 
org.springframework.security.data.repository.query - package org.springframework.security.data.repository.query
 
org.springframework.security.jackson2 - package org.springframework.security.jackson2
Mix-in classes to add Jackson serialization support.
org.springframework.security.ldap - package org.springframework.security.ldap
Spring Security's LDAP module.
org.springframework.security.ldap.authentication - package org.springframework.security.ldap.authentication
The LDAP authentication provider package.
org.springframework.security.ldap.authentication.ad - package org.springframework.security.ldap.authentication.ad
 
org.springframework.security.ldap.jackson2 - package org.springframework.security.ldap.jackson2
 
org.springframework.security.ldap.ppolicy - package org.springframework.security.ldap.ppolicy
Implementation of password policy functionality based on the Password Policy for LDAP Directories.
org.springframework.security.ldap.search - package org.springframework.security.ldap.search
LdapUserSearch implementations.
org.springframework.security.ldap.server - package org.springframework.security.ldap.server
Embedded Apache Directory Server implementation, as used by the configuration namespace.
org.springframework.security.ldap.userdetails - package org.springframework.security.ldap.userdetails
LDAP-focused UserDetails implementations which map from a ubset of the data contained in some of the standard LDAP types (such as InetOrgPerson).
org.springframework.security.messaging.access.expression - package org.springframework.security.messaging.access.expression
 
org.springframework.security.messaging.access.intercept - package org.springframework.security.messaging.access.intercept
 
org.springframework.security.messaging.context - package org.springframework.security.messaging.context
 
org.springframework.security.messaging.handler.invocation.reactive - package org.springframework.security.messaging.handler.invocation.reactive
 
org.springframework.security.messaging.util.matcher - package org.springframework.security.messaging.util.matcher
 
org.springframework.security.messaging.web.csrf - package org.springframework.security.messaging.web.csrf
 
org.springframework.security.messaging.web.socket.server - package org.springframework.security.messaging.web.socket.server
 
org.springframework.security.oauth2.client - package org.springframework.security.oauth2.client
Core classes and interfaces providing support for OAuth 2.0 Client.
org.springframework.security.oauth2.client.annotation - package org.springframework.security.oauth2.client.annotation
 
org.springframework.security.oauth2.client.authentication - package org.springframework.security.oauth2.client.authentication
Support classes and interfaces for authenticating and authorizing a client with an OAuth 2.0 Authorization Server using a specific authorization grant flow.
org.springframework.security.oauth2.client.endpoint - package org.springframework.security.oauth2.client.endpoint
Classes and interfaces providing support to the client for initiating requests to the Authorization Server's Protocol Endpoints.
org.springframework.security.oauth2.client.http - package org.springframework.security.oauth2.client.http
 
org.springframework.security.oauth2.client.jackson2 - package org.springframework.security.oauth2.client.jackson2
 
org.springframework.security.oauth2.client.oidc.authentication - package org.springframework.security.oauth2.client.oidc.authentication
Support classes and interfaces for authenticating and authorizing a client with an OpenID Connect 1.0 Provider using a specific authorization grant flow.
org.springframework.security.oauth2.client.oidc.authentication.logout - package org.springframework.security.oauth2.client.oidc.authentication.logout
 
org.springframework.security.oauth2.client.oidc.server.session - package org.springframework.security.oauth2.client.oidc.server.session
 
org.springframework.security.oauth2.client.oidc.session - package org.springframework.security.oauth2.client.oidc.session
 
org.springframework.security.oauth2.client.oidc.userinfo - package org.springframework.security.oauth2.client.oidc.userinfo
Classes and interfaces providing support to the client for initiating requests to the OpenID Connect 1.0 Provider's UserInfo Endpoint.
org.springframework.security.oauth2.client.oidc.web.logout - package org.springframework.security.oauth2.client.oidc.web.logout
 
org.springframework.security.oauth2.client.oidc.web.server.logout - package org.springframework.security.oauth2.client.oidc.web.server.logout
 
org.springframework.security.oauth2.client.registration - package org.springframework.security.oauth2.client.registration
Classes and interfaces that provide support for ClientRegistration.
org.springframework.security.oauth2.client.userinfo - package org.springframework.security.oauth2.client.userinfo
Classes and interfaces providing support to the client for initiating requests to the OAuth 2.0 Authorization Server's UserInfo Endpoint.
org.springframework.security.oauth2.client.web - package org.springframework.security.oauth2.client.web
OAuth 2.0 Client Filter's and supporting classes and interfaces.
org.springframework.security.oauth2.client.web.client - package org.springframework.security.oauth2.client.web.client
 
org.springframework.security.oauth2.client.web.method.annotation - package org.springframework.security.oauth2.client.web.method.annotation
 
org.springframework.security.oauth2.client.web.reactive.function.client - package org.springframework.security.oauth2.client.web.reactive.function.client
 
org.springframework.security.oauth2.client.web.reactive.result.method.annotation - package org.springframework.security.oauth2.client.web.reactive.result.method.annotation
 
org.springframework.security.oauth2.client.web.server - package org.springframework.security.oauth2.client.web.server
 
org.springframework.security.oauth2.client.web.server.authentication - package org.springframework.security.oauth2.client.web.server.authentication
 
org.springframework.security.oauth2.core - package org.springframework.security.oauth2.core
Core classes and interfaces providing support for the OAuth 2.0 Authorization Framework.
org.springframework.security.oauth2.core.authorization - package org.springframework.security.oauth2.core.authorization
 
org.springframework.security.oauth2.core.converter - package org.springframework.security.oauth2.core.converter
 
org.springframework.security.oauth2.core.endpoint - package org.springframework.security.oauth2.core.endpoint
Support classes that model the OAuth 2.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.
org.springframework.security.oauth2.core.http.converter - package org.springframework.security.oauth2.core.http.converter
 
org.springframework.security.oauth2.core.oidc - package org.springframework.security.oauth2.core.oidc
Core classes and interfaces providing support for OpenID Connect Core 1.0.
org.springframework.security.oauth2.core.oidc.endpoint - package org.springframework.security.oauth2.core.oidc.endpoint
Support classes that model the OpenID Connect Core 1.0 Request and Response messages from the Authorization Endpoint and Token Endpoint.
org.springframework.security.oauth2.core.oidc.user - package org.springframework.security.oauth2.core.oidc.user
Provides a model for an OpenID Connect Core 1.0 representation of a user Principal.
org.springframework.security.oauth2.core.user - package org.springframework.security.oauth2.core.user
Provides a model for an OAuth 2.0 representation of a user Principal.
org.springframework.security.oauth2.core.web.reactive.function - package org.springframework.security.oauth2.core.web.reactive.function
 
org.springframework.security.oauth2.jose - package org.springframework.security.oauth2.jose
 
org.springframework.security.oauth2.jose.jws - package org.springframework.security.oauth2.jose.jws
Core classes and interfaces providing support for JSON Web Signature (JWS).
org.springframework.security.oauth2.jwt - package org.springframework.security.oauth2.jwt
Core classes and interfaces providing support for JSON Web Token (JWT).
org.springframework.security.oauth2.server.resource - package org.springframework.security.oauth2.server.resource
OAuth 2.0 Resource Server core classes and interfaces providing support.
org.springframework.security.oauth2.server.resource.authentication - package org.springframework.security.oauth2.server.resource.authentication
OAuth 2.0 Resource Server Authentications and supporting classes and interfaces.
org.springframework.security.oauth2.server.resource.introspection - package org.springframework.security.oauth2.server.resource.introspection
OAuth 2.0 Introspection supporting classes and interfaces.
org.springframework.security.oauth2.server.resource.web - package org.springframework.security.oauth2.server.resource.web
OAuth 2.0 Resource Server Filter's and supporting classes and interfaces.
org.springframework.security.oauth2.server.resource.web.access - package org.springframework.security.oauth2.server.resource.web.access
OAuth 2.0 Resource Server access denial classes and interfaces.
org.springframework.security.oauth2.server.resource.web.access.server - package org.springframework.security.oauth2.server.resource.web.access.server
 
org.springframework.security.oauth2.server.resource.web.authentication - package org.springframework.security.oauth2.server.resource.web.authentication
 
org.springframework.security.oauth2.server.resource.web.reactive.function.client - package org.springframework.security.oauth2.server.resource.web.reactive.function.client
 
org.springframework.security.oauth2.server.resource.web.server - package org.springframework.security.oauth2.server.resource.web.server
 
org.springframework.security.oauth2.server.resource.web.server.authentication - package org.springframework.security.oauth2.server.resource.web.server.authentication
 
org.springframework.security.provisioning - package org.springframework.security.provisioning
Contains simple user and authority group account provisioning interfaces together with a a JDBC-based implementation.
org.springframework.security.rsocket.api - package org.springframework.security.rsocket.api
 
org.springframework.security.rsocket.authentication - package org.springframework.security.rsocket.authentication
 
org.springframework.security.rsocket.authorization - package org.springframework.security.rsocket.authorization
 
org.springframework.security.rsocket.core - package org.springframework.security.rsocket.core
 
org.springframework.security.rsocket.metadata - package org.springframework.security.rsocket.metadata
 
org.springframework.security.rsocket.util.matcher - package org.springframework.security.rsocket.util.matcher
 
org.springframework.security.saml2 - package org.springframework.security.saml2
 
org.springframework.security.saml2.core - package org.springframework.security.saml2.core
 
org.springframework.security.saml2.jackson2 - package org.springframework.security.saml2.jackson2
 
org.springframework.security.saml2.provider.service.authentication - package org.springframework.security.saml2.provider.service.authentication
 
org.springframework.security.saml2.provider.service.authentication.logout - package org.springframework.security.saml2.provider.service.authentication.logout
 
org.springframework.security.saml2.provider.service.metadata - package org.springframework.security.saml2.provider.service.metadata
 
org.springframework.security.saml2.provider.service.registration - package org.springframework.security.saml2.provider.service.registration
 
org.springframework.security.saml2.provider.service.web - package org.springframework.security.saml2.provider.service.web
 
org.springframework.security.saml2.provider.service.web.authentication - package org.springframework.security.saml2.provider.service.web.authentication
 
org.springframework.security.saml2.provider.service.web.authentication.logout - package org.springframework.security.saml2.provider.service.web.authentication.logout
 
org.springframework.security.saml2.provider.service.web.metadata - package org.springframework.security.saml2.provider.service.web.metadata
 
org.springframework.security.scheduling - package org.springframework.security.scheduling
 
org.springframework.security.taglibs - package org.springframework.security.taglibs
Security related tag libraries that can be used in JSPs and templates.
org.springframework.security.taglibs.authz - package org.springframework.security.taglibs.authz
JSP Security tag library implementation.
org.springframework.security.taglibs.csrf - package org.springframework.security.taglibs.csrf
 
org.springframework.security.task - package org.springframework.security.task
 
org.springframework.security.test.context - package org.springframework.security.test.context
 
org.springframework.security.test.context.annotation - package org.springframework.security.test.context.annotation
 
org.springframework.security.test.context.support - package org.springframework.security.test.context.support
 
org.springframework.security.test.web.reactive.server - package org.springframework.security.test.web.reactive.server
 
org.springframework.security.test.web.servlet.request - package org.springframework.security.test.web.servlet.request
 
org.springframework.security.test.web.servlet.response - package org.springframework.security.test.web.servlet.response
 
org.springframework.security.test.web.servlet.setup - package org.springframework.security.test.web.servlet.setup
 
org.springframework.security.test.web.support - package org.springframework.security.test.web.support
 
org.springframework.security.util - package org.springframework.security.util
General utility classes used throughout the Spring Security framework.
org.springframework.security.web - package org.springframework.security.web
Spring Security's web security module.
org.springframework.security.web.access - package org.springframework.security.web.access
Access-control related classes and packages.
org.springframework.security.web.access.channel - package org.springframework.security.web.access.channel
Classes that ensure web requests are received over required transport channels.
org.springframework.security.web.access.expression - package org.springframework.security.web.access.expression
Implementation of web security expressions.
org.springframework.security.web.access.intercept - package org.springframework.security.web.access.intercept
Enforcement of security for HTTP requests, typically by the URL requested.
org.springframework.security.web.authentication - package org.springframework.security.web.authentication
Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
org.springframework.security.web.authentication.logout - package org.springframework.security.web.authentication.logout
Logout functionality based around a filter which handles a specific logout URL.
org.springframework.security.web.authentication.ott - package org.springframework.security.web.authentication.ott
 
org.springframework.security.web.authentication.password - package org.springframework.security.web.authentication.password
 
org.springframework.security.web.authentication.preauth - package org.springframework.security.web.authentication.preauth
Support for "pre-authenticated" scenarios, where Spring Security assumes the incoming request has already been authenticated by some externally configured system.
org.springframework.security.web.authentication.preauth.j2ee - package org.springframework.security.web.authentication.preauth.j2ee
Pre-authentication support for container-authenticated requests.
org.springframework.security.web.authentication.preauth.websphere - package org.springframework.security.web.authentication.preauth.websphere
Websphere-specific pre-authentication classes.
org.springframework.security.web.authentication.preauth.x509 - package org.springframework.security.web.authentication.preauth.x509
X.509 client certificate authentication support.
org.springframework.security.web.authentication.rememberme - package org.springframework.security.web.authentication.rememberme
Support for remembering a user between different web sessions.
org.springframework.security.web.authentication.session - package org.springframework.security.web.authentication.session
Strategy interface and implementations for handling session-related behaviour for a newly authenticated user.
org.springframework.security.web.authentication.switchuser - package org.springframework.security.web.authentication.switchuser
Provides HTTP-based "switch user" (su) capabilities.
org.springframework.security.web.authentication.ui - package org.springframework.security.web.authentication.ui
Authentication user-interface rendering code.
org.springframework.security.web.authentication.www - package org.springframework.security.web.authentication.www
WWW-Authenticate based authentication mechanism implementations: Basic and Digest authentication.
org.springframework.security.web.bind.annotation - package org.springframework.security.web.bind.annotation
 
org.springframework.security.web.bind.support - package org.springframework.security.web.bind.support
 
org.springframework.security.web.context - package org.springframework.security.web.context
Classes which are responsible for maintaining the security context between HTTP requests.
org.springframework.security.web.context.request.async - package org.springframework.security.web.context.request.async
 
org.springframework.security.web.context.support - package org.springframework.security.web.context.support
 
org.springframework.security.web.csrf - package org.springframework.security.web.csrf
 
org.springframework.security.web.debug - package org.springframework.security.web.debug
 
org.springframework.security.web.firewall - package org.springframework.security.web.firewall
 
org.springframework.security.web.header - package org.springframework.security.web.header
 
org.springframework.security.web.header.writers - package org.springframework.security.web.header.writers
 
org.springframework.security.web.header.writers.frameoptions - package org.springframework.security.web.header.writers.frameoptions
 
org.springframework.security.web.http - package org.springframework.security.web.http
 
org.springframework.security.web.jaasapi - package org.springframework.security.web.jaasapi
Makes a JAAS Subject available as the current Subject.
org.springframework.security.web.jackson2 - package org.springframework.security.web.jackson2
Mix-in classes to provide Jackson serialization support.
org.springframework.security.web.method.annotation - package org.springframework.security.web.method.annotation
 
org.springframework.security.web.reactive.result.method.annotation - package org.springframework.security.web.reactive.result.method.annotation
 
org.springframework.security.web.reactive.result.view - package org.springframework.security.web.reactive.result.view
 
org.springframework.security.web.savedrequest - package org.springframework.security.web.savedrequest
Classes related to the caching of an HttpServletRequest which requires authentication.
org.springframework.security.web.server - package org.springframework.security.web.server
 
org.springframework.security.web.server.authentication - package org.springframework.security.web.server.authentication
 
org.springframework.security.web.server.authentication.logout - package org.springframework.security.web.server.authentication.logout
 
org.springframework.security.web.server.authorization - package org.springframework.security.web.server.authorization
 
org.springframework.security.web.server.context - package org.springframework.security.web.server.context
 
org.springframework.security.web.server.csrf - package org.springframework.security.web.server.csrf
 
org.springframework.security.web.server.header - package org.springframework.security.web.server.header
 
org.springframework.security.web.server.jackson2 - package org.springframework.security.web.server.jackson2
 
org.springframework.security.web.server.savedrequest - package org.springframework.security.web.server.savedrequest
 
org.springframework.security.web.server.transport - package org.springframework.security.web.server.transport
 
org.springframework.security.web.server.ui - package org.springframework.security.web.server.ui
 
org.springframework.security.web.server.util.matcher - package org.springframework.security.web.server.util.matcher
 
org.springframework.security.web.servlet.support.csrf - package org.springframework.security.web.servlet.support.csrf
 
org.springframework.security.web.servlet.util.matcher - package org.springframework.security.web.servlet.util.matcher
 
org.springframework.security.web.servletapi - package org.springframework.security.web.servletapi
Populates a Servlet request with a new Spring Security compliant HttpServletRequestWrapper.
org.springframework.security.web.session - package org.springframework.security.web.session
Session management filters, HttpSession events and publisher classes.
org.springframework.security.web.util - package org.springframework.security.web.util
Web utility classes.
org.springframework.security.web.util.matcher - package org.springframework.security.web.util.matcher
 
ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
OrMessageMatcher<T> - Class in org.springframework.security.messaging.util.matcher
MessageMatcher that will return true if any of the passed in MessageMatcher instances match.
OrMessageMatcher(List<MessageMatcher<T>>) - Constructor for class org.springframework.security.messaging.util.matcher.OrMessageMatcher
Creates a new instance
OrMessageMatcher(MessageMatcher<T>...) - Constructor for class org.springframework.security.messaging.util.matcher.OrMessageMatcher
Creates a new instance
OrRequestMatcher - Class in org.springframework.security.web.util.matcher
RequestMatcher that will return true if any of the passed in RequestMatcher instances match.
OrRequestMatcher(List<RequestMatcher>) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher
Creates a new instance
OrRequestMatcher(RequestMatcher...) - Constructor for class org.springframework.security.web.util.matcher.OrRequestMatcher
Creates a new instance
OrServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Matches if any of the provided ServerWebExchangeMatcher match
OrServerWebExchangeMatcher(List<ServerWebExchangeMatcher>) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
 
OrServerWebExchangeMatcher(ServerWebExchangeMatcher...) - Constructor for class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
 
OwnershipAcl - Interface in org.springframework.security.acls.model
A mutable ACL that provides ownership capabilities.

P

P - Annotation Interface in org.springframework.security.access.method
Deprecated.
use @{code org.springframework.security.core.parameters.P}
P - Annotation Interface in org.springframework.security.core.parameters
An annotation that can be used along with AnnotationParameterNameDiscoverer to specify parameter names.
pageContext - Variable in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
ParameterRequestMatcher - Class in org.springframework.security.web.util.matcher
A RequestMatcher for matching on a request parameter and its value.
ParameterRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.ParameterRequestMatcher
 
ParameterRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.ParameterRequestMatcher
 
parameters(Consumer<Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
A Consumer to be provided access to all the parameters allowing the ability to add, replace, or remove.
parameters(Consumer<Map<String, String>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
Use this Consumer to modify the set of query parameters No parameter should be URL-encoded as this will be done when the request is sent
parameters(Consumer<Map<String, String>>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
Use this Consumer to modify the set of query parameters No parameter should be URL-encoded as this will be done when the response is sent, though any signature specified should be Base64-encoded
parametersQuery(Function<Map<String, String>, String>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
Use this strategy for converting parameters into an encoded query string.
parametersQuery(Function<Map<String, String>, String>) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
Use this strategy for converting parameters into an encoded query string.
parentAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Allows providing a parent AuthenticationManager that will be tried if this AuthenticationManager was unable to attempt to authenticate the provided Authentication.
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AbstractUserDetailsServiceBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.DebugBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CorsBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.CsrfBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterChainBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser
Deprecated.
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.FormLoginBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HeadersBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpFirewallBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser
The aim of this method is to build the list of filters which have been defined by the namespace elements and attributes within the <http> configuration, along with any custom-filter's linked to user-defined filter beans.
parse(Element, ParserContext) - Method in class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapProviderBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.ldap.LdapServerBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser
Deprecated.
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.oauth2.client.ClientRegistrationsBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.SecurityNamespaceHandler
 
parse(Element, ParserContext) - Method in class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
 
parseCache - Static variable in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Parser cache.
parseDate(String, DateFormat[]) - Static method in class org.springframework.security.web.savedrequest.FastHttpDateFormat
Tries to parse the given date as an HTTP date.
parseInternal(Element, ParserContext) - Method in class org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser
Deprecated.
 
parseRootDnFromUrl(String) - Static method in class org.springframework.security.ldap.LdapUtils
Works out the root DN for an LDAP URL.
password() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
password() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
password() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
The password to be used.
password(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the password.
password(String) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the password.
password(String) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the password to use.
password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
The value of the password parameter.
password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
Configures the password to use
password(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Populates the user's password.
password(String, String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
Specify both the password parameter name and the password.
password(Consumer<OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
password(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
PASSWORD - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
PASSWORD - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
password - used in Access Token Request.
PASSWORD_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
The name of the attribute in the context associated to the value for the resource owner's password.
PASSWORD_ENCODER - Static variable in class org.springframework.security.config.Elements
 
PASSWORD_EXPIRED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
PASSWORD_IN_HISTORY - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
PASSWORD_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
 
PASSWORD_MOD_NOT_ALLOWED - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
PASSWORD_TOO_SHORT - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
PASSWORD_TOO_YOUNG - Enum constant in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
 
passwordAttribute(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
The attribute in the directory which contains the user password.
passwordCompare() - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
 
PasswordComparisonAuthenticator - Class in org.springframework.security.ldap.authentication
An LdapAuthenticator which compares the login password with the value stored in the directory using a remote LDAP "compare" operation.
PasswordComparisonAuthenticator(BaseLdapPathContextSource) - Constructor for class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
 
passwordEncoder(Function<String, String>) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Encodes the current password (if non-null) and any future passwords supplied to User.UserBuilder.password(String).
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
Allows specifying the PasswordEncoder to use.
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Specifies the PasswordEncoder to be used when authenticating with password comparison.
passwordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
Allows specifying the PasswordEncoder to use with the DaoAuthenticationProvider.
PasswordEncoder - Interface in org.springframework.security.crypto.password
Service interface for encoding passwords.
PasswordEncoderFactories - Class in org.springframework.security.crypto.factory
Used for creating PasswordEncoder instances
PasswordEncoderParser - Class in org.springframework.security.config.authentication
Stateful parser for the <password-encoder> element.
PasswordEncoderParser(Element, ParserContext) - Constructor for class org.springframework.security.config.authentication.PasswordEncoderParser
 
passwordManagement() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) or passwordManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Adds support for the password management.
passwordManagement(Customizer<ServerHttpSecurity.PasswordManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures password management.
PasswordManagementConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers
Adds password management support.
PasswordManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer
 
PasswordOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
PasswordOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
Deprecated.
 
passwordParam(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
The HTTP parameter to place the password.
passwordParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
The HTTP parameter to look for the password when performing authentication.
PasswordPolicyAwareContextSource - Class in org.springframework.security.ldap.ppolicy
Extended version of the DefaultSpringSecurityContextSource which adds support for the use of PasswordPolicyControl to make use of user account data stored in the directory.
PasswordPolicyAwareContextSource(String) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyAwareContextSource
 
PasswordPolicyControl - Class in org.springframework.security.ldap.ppolicy
A Password Policy request control.
PasswordPolicyControl() - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
Creates a non-critical (request) control.
PasswordPolicyControl(boolean) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControl
Creates a (request) control.
PasswordPolicyControlExtractor - Class in org.springframework.security.ldap.ppolicy
Obtains the PasswordPolicyControl from a context for use by other classes.
PasswordPolicyControlFactory - Class in org.springframework.security.ldap.ppolicy
Transforms a control object to a PasswordPolicyResponseControl object, if appropriate.
PasswordPolicyControlFactory() - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyControlFactory
 
PasswordPolicyData - Interface in org.springframework.security.ldap.ppolicy
 
PasswordPolicyErrorStatus - Enum Class in org.springframework.security.ldap.ppolicy
Defines status codes for use with PasswordPolicyException, with error codes (for message source lookup) and default messages.
PasswordPolicyException - Exception in org.springframework.security.ldap.ppolicy
Generic exception raised by the ppolicy package.
PasswordPolicyException(PasswordPolicyErrorStatus) - Constructor for exception org.springframework.security.ldap.ppolicy.PasswordPolicyException
 
PasswordPolicyResponseControl - Class in org.springframework.security.ldap.ppolicy
Represents the response control received when a PasswordPolicyControl is used when binding to a directory.
PasswordPolicyResponseControl(byte[]) - Constructor for class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Decodes the Ber encoded control data.
PasswordReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
PasswordReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
Deprecated.
 
pathMatchers(String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
Maps a List of PathPatternParserServerWebExchangeMatcher instances that do not care which HttpMethod is used.
pathMatchers(String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Creates a matcher that matches on any of the provided patterns.
pathMatchers(HttpMethod) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
pathMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
pathMatchers(HttpMethod, String...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Creates a matcher that matches on the specific method and any of the provided patterns.
pathMatchers(HttpMethod, PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Creates a matcher that matches on the specific method and any of the provided PathPatterns.
pathMatchers(PathPattern...) - Static method in class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers
Creates a matcher that matches on any of the provided PathPatterns.
PathPatternParserServerWebExchangeMatcher - Class in org.springframework.security.web.server.util.matcher
Matches if the PathPattern matches the path within the application.
PathPatternParserServerWebExchangeMatcher(String) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
 
PathPatternParserServerWebExchangeMatcher(String, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
 
PathPatternParserServerWebExchangeMatcher(PathPattern) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
 
PathPatternParserServerWebExchangeMatcher(PathPattern, HttpMethod) - Constructor for class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
 
pattern(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
Creates an MvcRequestMatcher that uses the provided pattern to match
pattern(HttpMethod, String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
Creates an MvcRequestMatcher that uses the provided pattern and HTTP method to match
PAYLOAD - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
A Payload exchange.
PayloadExchange - Interface in org.springframework.security.rsocket.api
Contract for a Payload interaction.
PayloadExchangeAuthenticationConverter - Interface in org.springframework.security.rsocket.authentication
Converts from a PayloadExchange to an Authentication
PayloadExchangeAuthorizationContext - Class in org.springframework.security.rsocket.util.matcher
 
PayloadExchangeAuthorizationContext(PayloadExchange) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
 
PayloadExchangeAuthorizationContext(PayloadExchange, Map<String, Object>) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext
 
PayloadExchangeMatcher - Interface in org.springframework.security.rsocket.util.matcher
An interface for determining if a PayloadExchangeMatcher matches.
PayloadExchangeMatcher.MatchResult - Class in org.springframework.security.rsocket.util.matcher
The result of matching
PayloadExchangeMatcherEntry<T> - Class in org.springframework.security.rsocket.util.matcher
 
PayloadExchangeMatcherEntry(PayloadExchangeMatcher, T) - Constructor for class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry
 
PayloadExchangeMatcherReactiveAuthorizationManager - Class in org.springframework.security.rsocket.authorization
Maps a @{code List} of PayloadExchangeMatcher instances to
PayloadExchangeMatcherReactiveAuthorizationManager.Builder - Class in org.springframework.security.rsocket.authorization
 
PayloadExchangeMatchers - Class in org.springframework.security.rsocket.util.matcher
 
PayloadExchangeType - Enum Class in org.springframework.security.rsocket.api
PayloadInterceptor - Interface in org.springframework.security.rsocket.api
Contract for interception-style, chained processing of Payloads that may be used to implement cross-cutting, application-agnostic requirements such as security, timeouts, and others.
PayloadInterceptorChain - Interface in org.springframework.security.rsocket.api
Contract to allow a PayloadInterceptor to delegate to the next in the chain.
PayloadInterceptorOrder - Enum Class in org.springframework.security.config.annotation.rsocket
The standard order for PayloadInterceptor to be sorted.
PayloadSocketAcceptorInterceptor - Class in org.springframework.security.rsocket.core
A SocketAcceptorInterceptor that applies the PayloadInterceptors
PayloadSocketAcceptorInterceptor(List<PayloadInterceptor>) - Constructor for class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
 
Pbkdf2PasswordEncoder - Class in org.springframework.security.crypto.password
A PasswordEncoder implementation that uses PBKDF2 with : a configurable random salt value length (default is 16 bytes) a configurable number of iterations (default is 310000) a configurable key derivation function (see Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) a configurable secret appended to the random salt (default is empty) The algorithm is invoked on the concatenated bytes of the salt, secret and password.
Pbkdf2PasswordEncoder(CharSequence, int, int, int) - Constructor for class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
Pbkdf2PasswordEncoder(CharSequence, int, int, Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) - Constructor for class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
Constructs a PBKDF2 password encoder with a secret value as well as salt length, iterations and algorithm.
Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm - Enum Class in org.springframework.security.crypto.password
The Algorithm used for creating the SecretKeyFactory
PBKDF2WithHmacSHA1 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
 
PBKDF2WithHmacSHA256 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
 
PBKDF2WithHmacSHA512 - Enum constant in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
 
performBuild() - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Subclasses must implement this method to build the object that is being returned.
performBuild() - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 
performBuild() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
performBuild() - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
 
Permission - Interface in org.springframework.security.acls.model
Represents a permission granted to a Sid for a given domain object.
PermissionCacheOptimizer - Interface in org.springframework.security.access
Allows permissions to be pre-cached when using pre or post filtering with expressions
PermissionEvaluator - Interface in org.springframework.security.access
Strategy used in expression evaluation to determine whether a user has a permission or permissions for a given domain object.
PermissionFactory - Interface in org.springframework.security.acls.domain
Provides a simple mechanism to retrieve Permission instances from integer masks.
PermissionGrantingStrategy - Interface in org.springframework.security.acls.model
Allow customization of the logic for determining whether a permission or permissions are granted to a particular sid or sids by an Acl.
PERMISSIONS_POLICY - Static variable in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
 
permissionsPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
permissionsPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures Permissions-Policy response header.
permissionsPolicyHeader(Customizer<HeadersConfigurer.PermissionsPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Permissions Policy.
PermissionsPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
Provides support for Permisisons Policy.
PermissionsPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
Create a new instance of PermissionsPolicyHeaderWriter.
PermissionsPolicyHeaderWriter(String) - Constructor for class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
Create a new instance of PermissionsPolicyHeaderWriter with supplied security policy.
PermissionsPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Permissions-Policy response header with configured policy directives.
PermissionsPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
 
PERMIT_ALL_ATTRIBUTE - Static variable in class org.springframework.security.access.annotation.Jsr250SecurityConfig
Deprecated.
 
permitAll - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
Allows "permitAll" expression
permitAll() - Method in interface org.springframework.security.access.expression.SecurityExpressionOperations
Always grants access.
permitAll() - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
permitAll() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec.Access
 
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Equivalent of invoking permitAll(true)
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that URLs are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
A shortcut for LogoutConfigurer.permitAll(boolean) with true as an argument.
permitAll() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Messages are allowed by anyone.
permitAll() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.Access
Allow access for anyone
permitAll() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Messages are allowed by anyone.
permitAll() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specify that URLs are allowed by anyone.
permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
permitAll(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.LogoutConfigurer
PersistentRememberMeToken - Class in org.springframework.security.web.authentication.rememberme
 
PersistentRememberMeToken(String, String, String, Date) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken
 
PersistentTokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
PersistentTokenBasedRememberMeServices(String, UserDetailsService, PersistentTokenRepository) - Constructor for class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
PersistentTokenRepository - Interface in org.springframework.security.web.authentication.rememberme
The abstraction used by PersistentTokenBasedRememberMeServices to store the persistent login tokens for a user.
Person - Class in org.springframework.security.ldap.userdetails
UserDetails implementation whose properties are based on the LDAP schema for Person.
Person() - Constructor for class org.springframework.security.ldap.userdetails.Person
 
PERSON_MAPPER_CLASS - Static variable in class org.springframework.security.config.ldap.LdapUserServiceBeanDefinitionParser
 
Person.Essence - Class in org.springframework.security.ldap.userdetails
 
PersonContextMapper - Class in org.springframework.security.ldap.userdetails
 
PersonContextMapper() - Constructor for class org.springframework.security.ldap.userdetails.PersonContextMapper
 
PHONE - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
The phone scope requests access to the phone_number and phone_number_verified claims.
PHONE_NUMBER - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
phone_number - the user's preferred phone number
PHONE_NUMBER_VERIFIED - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
phone_number_verified - true if the user's phone number has been verified, otherwise false
phoneNumber(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this phone number in the resulting OidcUserInfo
phoneNumberVerified(Boolean) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this verified-phone-number indicator in the resulting OidcUserInfo
picture(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this picture in the resulting OidcUserInfo
PICTURE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
picture - the URL of the user's profile picture
PkceParameterNames - Class in org.springframework.security.oauth2.core.endpoint
Standard parameter names defined in the OAuth Parameters Registry and used by the authorization endpoint and token endpoint.
pkcs8() - Static method in class org.springframework.security.converter.RsaKeyConverters
Construct a Converter for converting a PEM-encoded PKCS#8 RSA Private Key into a RSAPrivateKey.
policy(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig
Sets the policy to be used in the response header.
policy(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
Sets the policy to be used in the response header.
policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig
Sets the policy to be used in the Cross-Origin-Embedder-Policy header
policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig
Sets the policy to be used in the Cross-Origin-Opener-Policy header
policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig
Sets the policy to be used in the Cross-Origin-Resource-Policy header
policy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig
Sets the policy to be used in the response header.
policy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec
Sets the value to be used in the `Cross-Origin-Embedder-Policy` header
policy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec
Sets the value to be used in the `Cross-Origin-Opener-Policy` header
policy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec
Sets the value to be used in the `Cross-Origin-Resource-Policy` header
policy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
Sets the policy to be used in the response header.
policyDirectives(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
Sets the security policy directive(s) to be used in the response header.
policyDirectives(String) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
Sets the security policy directive(s) to be used in the response header.
populateContext(DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson
 
populateContext(DirContextAdapter) - Method in class org.springframework.security.ldap.userdetails.Person
 
port(int) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
PORT_MAPPING - Static variable in class org.springframework.security.config.Elements
 
PORT_MAPPINGS - Static variable in class org.springframework.security.config.Elements
 
portMapper() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.portMapper(Customizer) or portMapper(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
portMapper(Customizer<PortMapperConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring a PortMapper that is available from AbstractConfiguredSecurityBuilder.getSharedObject(Class).
portMapper(PortMapper) - Method in class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
Allows specifying the PortMapper instance.
portMapper(PortMapper) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec
Configures a custom HTTPS port to redirect to
PortMapper - Interface in org.springframework.security.web
PortMapper implementations provide callers with information about which HTTP ports are associated with which HTTPS ports on the system, and vice versa.
PortMapperConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Allows configuring a shared PortMapper instance used to determine the ports when redirecting between HTTP and HTTPS.
PortMapperConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.PortMapperConfigurer
Creates a new instance
PortMapperConfigurer.HttpPortMapping - Class in org.springframework.security.config.annotation.web.configurers
Allows specifying the HTTPS port for a given HTTP port when redirecting between HTTP and HTTPS.
PortMapperImpl - Class in org.springframework.security.web
Concrete implementation of PortMapper that obtains HTTP:HTTPS pairs from the application context.
PortMapperImpl() - Constructor for class org.springframework.security.web.PortMapperImpl
 
PortResolver - Interface in org.springframework.security.web
A PortResolver determines the port a web request was received on.
PortResolverImpl - Class in org.springframework.security.web
Concrete implementation of PortResolver that obtains the port from ServletRequest.getServerPort().
PortResolverImpl() - Constructor for class org.springframework.security.web.PortResolverImpl
 
POST - Enum constant in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
 
POST_AUTHORIZE - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
POST_FILTER - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
POST_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
 
postalCode(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the zip code or postal code.
postAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
Creates an interceptor for the PostAuthorize annotation
postAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
Creates an instance for the PostAuthorize annotation.
postAuthorize(AuthorizationManager<MethodInvocationResult>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
Creates an interceptor for the PostAuthorize annotation
postAuthorize(PostAuthorizeAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
Creates an interceptor for the PostAuthorize annotation
postAuthorize(ReactiveAuthorizationManager<MethodInvocationResult>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
Creates an instance for the PostAuthorize annotation.
PostAuthorize - Annotation Interface in org.springframework.security.access.prepost
Annotation for specifying a method access-control expression which will be evaluated after a method has been invoked.
PostAuthorizeAuthorizationManager - Class in org.springframework.security.authorization.method
An AuthorizationManager which can determine if an Authentication may return the result from an invoked MethodInvocation by evaluating an expression from the PostAuthorize annotation.
PostAuthorizeAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
 
PostAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
 
PostAuthorizeReactiveAuthorizationManager - Class in org.springframework.security.authorization.method
A ReactiveAuthorizationManager which can determine if an Authentication has access to the returned object from the MethodInvocation by evaluating an expression from the PostAuthorize annotation.
PostAuthorizeReactiveAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
 
PostAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
 
postBuildAction(Runnable) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Executes the Runnable immediately after the build takes place
PostFilter - Annotation Interface in org.springframework.security.access.prepost
Annotation for specifying a method filtering expression which will be evaluated after a method has been invoked.
PostFilterAuthorizationMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which filters a returnedObject from the MethodInvocation by evaluating an expression from the PostFilter annotation.
PostFilterAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
Creates a PostFilterAuthorizationMethodInterceptor using the provided parameters
PostFilterAuthorizationReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which filters the returned object from the MethodInvocation by evaluating an expression from the PostFilter annotation.
PostFilterAuthorizationReactiveMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
Creates an instance.
PostFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
Creates an instance.
PostInvocationAdviceProvider - Class in org.springframework.security.access.prepost
PostInvocationAdviceProvider(PostInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PostInvocationAdviceProvider
Deprecated.
 
PostInvocationAttribute - Interface in org.springframework.security.access.prepost
PostInvocationAuthorizationAdvice - Interface in org.springframework.security.access.prepost
postProcess(O) - Method in interface org.springframework.security.config.annotation.ObjectPostProcessor
Initialize the object possibly returning a modified instance that should be used instead.
postProcess(NativeWebRequest, Callable<T>, Object) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
 
postProcess(P) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Performs post processing of an object.
postProcess(T) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Performs post processing of an object.
postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
 
postProcessBeanDefinitionRegistry(BeanDefinitionRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
 
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
 
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
 
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
 
postProcessBeanFactory(ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
 
postProcessRequest(MockHttpServletRequest) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
 
postReceive(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
postReceive(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
 
postSend(Message<?>, MessageChannel, boolean) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
PRAGMA_VALUE - Static variable in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
The value for pragma value
PRE_AUTHORIZE - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
PRE_FILTER - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
PRE_INVOCATION_ADVICE - Static variable in class org.springframework.security.config.Elements
 
PreAuthenticatedAuthenticationProvider - Class in org.springframework.security.web.authentication.preauth
Processes a pre-authenticated authentication request.
PreAuthenticatedAuthenticationProvider() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
 
PreAuthenticatedAuthenticationToken - Class in org.springframework.security.web.authentication.preauth
Authentication implementation for pre-authenticated authentication.
PreAuthenticatedAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
Constructor used for an authentication request.
PreAuthenticatedAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
Constructor used for an authentication response.
PreAuthenticatedCredentialsNotFoundException - Exception in org.springframework.security.web.authentication.preauth
 
PreAuthenticatedCredentialsNotFoundException(String) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
 
PreAuthenticatedCredentialsNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException
 
PreAuthenticatedGrantedAuthoritiesUserDetailsService - Class in org.springframework.security.web.authentication.preauth
This AuthenticationUserDetailsService implementation creates a UserDetails object based solely on the information contained in the given PreAuthenticatedAuthenticationToken.
PreAuthenticatedGrantedAuthoritiesUserDetailsService() - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService
 
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails - Class in org.springframework.security.web.authentication.preauth
This WebAuthenticationDetails implementation allows for storing a list of pre-authenticated Granted Authorities.
PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
 
preAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the PreAuthorize annotation
preAuthorize() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
Creates an instance for the PreAuthorize annotation.
preAuthorize(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the PreAuthorize annotation
preAuthorize(PreAuthorizeAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the PreAuthorize annotation
preAuthorize(ReactiveAuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
Creates an instance for the PreAuthorize annotation.
PreAuthorize - Annotation Interface in org.springframework.security.access.prepost
Annotation for specifying a method access-control expression which will be evaluated to decide whether a method invocation is allowed or not.
PreAuthorizeAuthorizationManager - Class in org.springframework.security.authorization.method
An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating an expression from the PreAuthorize annotation.
PreAuthorizeAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
 
PreAuthorizeAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
 
PreAuthorizeReactiveAuthorizationManager - Class in org.springframework.security.authorization.method
A ReactiveAuthorizationManager which can determine if an Authentication has access to the MethodInvocation by evaluating an expression from the PreAuthorize annotation.
PreAuthorizeReactiveAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
 
PreAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
 
preCommence(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Template method for you to do your own pre-processing before the redirect occurs.
PREFERRED_USERNAME - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
preferred_username - the preferred username that the user wishes to be referred to
preferredUsername(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this preferred username in the resulting OidcUserInfo
prefersShortLivedTasks() - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
 
PreFilter - Annotation Interface in org.springframework.security.access.prepost
Annotation for specifying a method filtering expression which will be evaluated before a method has been invoked.
PreFilterAuthorizationMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which filters a method argument by evaluating an expression from the PreFilter annotation.
PreFilterAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
Creates a PreFilterAuthorizationMethodInterceptor using the provided parameters
PreFilterAuthorizationReactiveMethodInterceptor - Class in org.springframework.security.authorization.method
A MethodInterceptor which filters a reactive method argument by evaluating an expression from the PreFilter annotation.
PreFilterAuthorizationReactiveMethodInterceptor() - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
 
PreFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionHandler) - Constructor for class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
Creates an instance.
PreInvocationAttribute - Interface in org.springframework.security.access.prepost
preInvocationAuthorizationAdvice() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Creates the PreInvocationAuthorizationAdvice to be used.
PreInvocationAuthorizationAdvice - Interface in org.springframework.security.access.prepost
PreInvocationAuthorizationAdviceVoter - Class in org.springframework.security.access.prepost
PreInvocationAuthorizationAdviceVoter(PreInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
Deprecated.
 
preload(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
If true, preload will be included in HSTS Header.
preload(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec
Configures if preload should be included.
prepareTestInstance(TestContext) - Method in class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
PrePostAdviceReactiveMethodInterceptor - Class in org.springframework.security.access.prepost
PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource, PreInvocationAuthorizationAdvice, PostInvocationAuthorizationAdvice) - Constructor for class org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor
Deprecated.
Creates a new instance
PrePostAnnotationSecurityMetadataSource - Class in org.springframework.security.access.prepost
PrePostAnnotationSecurityMetadataSource(PrePostInvocationAttributeFactory) - Constructor for class org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource
Deprecated.
 
PrePostAuthorizeExpressionBeanHintsRegistrar - Class in org.springframework.security.aot.hint
A SecurityHintsRegistrar that scans all provided classes for methods that use PreAuthorize or PostAuthorize and registers hints for the beans used within the security expressions.
PrePostAuthorizeExpressionBeanHintsRegistrar(Class<?>...) - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar
 
PrePostAuthorizeExpressionBeanHintsRegistrar(List<Class<?>>) - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar
 
PrePostAuthorizeHintsRegistrar - Class in org.springframework.security.aot.hint
A SecurityHintsRegistrar that scans all beans for methods that use PreAuthorize or PostAuthorize and registers appropriate hints for the annotations.
PrePostAuthorizeHintsRegistrar() - Constructor for class org.springframework.security.aot.hint.PrePostAuthorizeHintsRegistrar
 
prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
Deprecated.
Determines if Spring Security's pre post annotations should be enabled.
prePostEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
Determines if Spring Security's PreAuthorize, PostAuthorize, PreFilter, and PostFilter annotations should be enabled.
PrePostInvocationAttributeFactory - Interface in org.springframework.security.access.prepost
Deprecated.
Use delegation with AuthorizationManager
PrePostTemplateDefaults - Class in org.springframework.security.authorization.method
Deprecated.
PrePostTemplateDefaults() - Constructor for class org.springframework.security.authorization.method.PrePostTemplateDefaults
Deprecated.
 
preProcess(NativeWebRequest, Callable<T>) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
 
preReceive(MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
 
preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor
Deprecated.
 
preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
 
preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor
 
preSend(Message<?>, MessageChannel) - Method in class org.springframework.security.messaging.web.csrf.XorCsrfChannelInterceptor
 
PreventLoginServerMaximumSessionsExceededHandler - Class in org.springframework.security.web.server.authentication
Returns a Mono that terminates with SessionAuthenticationException when the maximum number of sessions for a user has been reached.
PreventLoginServerMaximumSessionsExceededHandler() - Constructor for class org.springframework.security.web.server.authentication.PreventLoginServerMaximumSessionsExceededHandler
 
principal(Object) - Method in class org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer
Sets the principal for Authentication objects of anonymous users
principal(Object) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec
Sets the principal for Authentication objects of anonymous users
principal(String) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
Sets the name of the Principal (to be) associated to the authorized client.
principal(Authentication) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext.Builder
Sets the Principal (to be) associated to the authorized client.
principal(Authentication) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest.Builder
Sets the Principal (to be) associated to the authorized client.
principal(OAuth2AuthenticatedPrincipal) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OpaqueTokenMutator
Use the provided principal
principal(OAuth2AuthenticatedPrincipal) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor
Use the provided principal
principalChanged(HttpServletRequest, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Determines if the current principal has changed.
principalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec
 
principalName(String) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OAuth2ClientMutator
Use this as the resource owner's principal name
principalName(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor
Use this as the resource owner's principal name
PrincipalSid - Class in org.springframework.security.acls.domain
Represents an Authentication.getPrincipal() as a Sid.
PrincipalSid(String) - Constructor for class org.springframework.security.acls.domain.PrincipalSid
 
PrincipalSid(Authentication) - Constructor for class org.springframework.security.acls.domain.PrincipalSid
 
printBinary(int) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
Returns a representation of the active bits in the presented mask, with each active bit being denoted by character '*'.
printBinary(int, char) - Static method in class org.springframework.security.acls.domain.AclFormattingUtils
Returns a representation of the active bits in the presented mask, with each active bit being denoted by the passed character.
PRIVATE_KEY_JWT - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
privilegeEvaluator() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI
privilegeEvaluator(WebInvocationPrivilegeEvaluator) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
proceed() - Method in class org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter
Deprecated.
 
proceed() - Method in class org.springframework.security.util.SimpleMethodInvocation
 
proceedWithObject() - Method in interface org.springframework.security.access.intercept.aspectj.AspectJCallback
Deprecated.
 
processAction(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
processAction(HttpServletRequest, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
processAction(ServerWebExchange, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
 
processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Called from autoLogin to process the submitted persistent login cookie.
processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
Locates the presented cookie data in the token repository, using the series id.
processAutoLoginCookie(String[], HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
 
processConfigAttribute - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
processDomainObjectClass - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
processFormFieldValue(HttpServletRequest, String, String, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
processFormFieldValue(ServerWebExchange, String, String, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
 
processUrl(HttpServletRequest, String) - Method in class org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor
 
processUrl(ServerWebExchange, String) - Method in class org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor
 
profile(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this profile in the resulting OidcUserInfo
PROFILE - Static variable in class org.springframework.security.oauth2.core.oidc.OidcScopes
The profile scope requests access to the default profile claims, which are: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at.
PROFILE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
profile - the URL of the user's profile page
PROTECT - Static variable in class org.springframework.security.config.Elements
 
PROTECT_POINTCUT - Static variable in class org.springframework.security.config.Elements
 
provider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
provider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
providerConfigurationMetadata(Map<String, Object>) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the metadata describing the provider's configuration.
ProviderManager - Class in org.springframework.security.authentication
Iterates an Authentication request through a list of AuthenticationProviders.
ProviderManager(List<AuthenticationProvider>) - Constructor for class org.springframework.security.authentication.ProviderManager
Construct a ProviderManager using the given AuthenticationProviders
ProviderManager(List<AuthenticationProvider>, AuthenticationManager) - Constructor for class org.springframework.security.authentication.ProviderManager
Construct a ProviderManager using the provided parameters
ProviderManager(AuthenticationProvider...) - Constructor for class org.springframework.security.authentication.ProviderManager
Construct a ProviderManager using the given AuthenticationProviders
ProviderManagerBuilder<B extends ProviderManagerBuilder<B>> - Interface in org.springframework.security.config.annotation.authentication
Interface for operating on a SecurityBuilder that creates a ProviderManager
ProviderNotFoundException - Exception in org.springframework.security.authentication
Thrown by ProviderManager if no AuthenticationProvider could be found that supports the presented Authentication object.
ProviderNotFoundException(String) - Constructor for exception org.springframework.security.authentication.ProviderNotFoundException
Constructs a ProviderNotFoundException with the specified message.
proxy(Object) - Method in interface org.springframework.security.authorization.AuthorizationProxyFactory
Wrap the given object in authorization-related advice.
proxy(Object) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
Proxy an object to enforce authorization advice.
proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
Deprecated.
Indicate whether subclass-based (CGLIB) proxies are to be created (true) as opposed to standard Java interface-based proxies (false).
proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
proxyTargetClass() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
Indicate whether subclass-based (CGLIB) proxies are to be created as opposed to standard Java interface-based proxies.
PS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)
PS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
RSASSA-PSS using SHA-256 and MGF1 with SHA-256 (Optional)
PS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)
PS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
RSASSA-PSS using SHA-384 and MGF1 with SHA-384 (Optional)
PS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)
PS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
RSASSA-PSS using SHA-512 and MGF1 with SHA-512 (Optional)
PublicInvocationEvent - Class in org.springframework.security.access.event
Deprecated.
Only used by now-deprecated classes. Consider EventObject.getSource() to deduce public invocations.
PublicInvocationEvent(Object) - Constructor for class org.springframework.security.access.event.PublicInvocationEvent
Deprecated.
Construct the event, passing in the public secure object.
publicKey(RSAPublicKey) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec
Configures a ReactiveJwtDecoder that leverages the provided RSAPublicKey
publishAuthenticationFailure(AuthenticationException, Authentication) - Method in interface org.springframework.security.authentication.AuthenticationEventPublisher
 
publishAuthenticationFailure(AuthenticationException, Authentication) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
 
publishAuthenticationSuccess(Authentication) - Method in interface org.springframework.security.authentication.AuthenticationEventPublisher
 
publishAuthenticationSuccess(Authentication) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
 
publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationDecision) - Method in interface org.springframework.security.authorization.AuthorizationEventPublisher
Publish the given details in the form of an event, typically AuthorizationGrantedEvent or AuthorizationDeniedEvent.
publishAuthorizationEvent(Supplier<Authentication>, T, AuthorizationDecision) - Method in class org.springframework.security.authorization.SpringAuthorizationEventPublisher
Publish the given details in the form of an event, typically AuthorizationGrantedEvent or AuthorizationDeniedEvent.
publishEvent(Object) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
 
publishEvent(ApplicationEvent) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.NullEventPublisher
 
publishFailureEvent(UsernamePasswordAuthenticationToken, AuthenticationException) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
publishFailureEvent(UsernamePasswordAuthenticationToken, AuthenticationException) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
publishSuccessEvent(UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
putInCache(MutableAcl) - Method in class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
putInCache(MutableAcl) - Method in interface org.springframework.security.acls.model.AclCache
 
putTicketInCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
This is a no-op since we are not storing tickets.
putTicketInCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
 
putTicketInCache(CasAuthenticationToken) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
Adds the specified CasAuthenticationToken to the cache.
putUserInCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache
 
putUserInCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
 
putUserInCache(UserDetails) - Method in interface org.springframework.security.core.userdetails.UserCache
Places a UserDetails in the cache.

Q

QUERY - Static variable in class org.springframework.security.oauth2.core.AuthenticationMethod
 

R

R2dbcReactiveOAuth2AuthorizedClientService - Class in org.springframework.security.oauth2.client
A R2DBC implementation of ReactiveOAuth2AuthorizedClientService that uses a DatabaseClient for OAuth2AuthorizedClient persistence.
R2dbcReactiveOAuth2AuthorizedClientService(DatabaseClient, ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
Constructs a R2dbcReactiveOAuth2AuthorizedClientService using the provided parameters.
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder - Class in org.springframework.security.oauth2.client
A holder for OAuth2AuthorizedClient data and End-User Authentication (Resource Owner).
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientParametersMapper - Class in org.springframework.security.oauth2.client
The default Function that maps R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a Map of String and Parameter.
R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper - Class in org.springframework.security.oauth2.client
The default BiFunction that maps the current io.r2dbc.spi.Row to a R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder.
ReactiveAuthenticationManager - Interface in org.springframework.security.authentication
Determines if the provided Authentication can be authenticated.
ReactiveAuthenticationManagerAdapter - Class in org.springframework.security.authentication
Adapts an AuthenticationManager to the reactive APIs.
ReactiveAuthenticationManagerAdapter(AuthenticationManager) - Constructor for class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
 
ReactiveAuthenticationManagerResolver<C> - Interface in org.springframework.security.authentication
An interface for resolving a ReactiveAuthenticationManager based on the provided context
ReactiveAuthorizationManager<T> - Interface in org.springframework.security.authorization
A reactive authorization manager which can determine if an Authentication has access to a specific object.
ReactiveClientRegistrationRepository - Interface in org.springframework.security.oauth2.client.registration
A reactive repository for OAuth 2.0 / OpenID Connect 1.0 ClientRegistration(s).
ReactiveCompromisedPasswordChecker - Interface in org.springframework.security.authentication.password
A Reactive API for checking if a password has been compromised.
ReactiveJwtAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.authentication
Reactive version of JwtAuthenticationConverter for converting a Jwt to a Mono<AbstractAuthenticationToken>.
ReactiveJwtAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
 
ReactiveJwtAuthenticationConverterAdapter - Class in org.springframework.security.oauth2.server.resource.authentication
A reactive Converter for adapting a non-blocking imperative Converter
ReactiveJwtAuthenticationConverterAdapter(Converter<Jwt, AbstractAuthenticationToken>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter
 
ReactiveJwtDecoder - Interface in org.springframework.security.oauth2.jwt
Implementations of this interface are responsible for "decoding" a JSON Web Token (JWT) from it's compact claims representation format to a Jwt.
ReactiveJwtDecoderFactory<C> - Interface in org.springframework.security.oauth2.jwt
A factory for ReactiveJwtDecoder(s).
ReactiveJwtDecoders - Class in org.springframework.security.oauth2.jwt
Allows creating a ReactiveJwtDecoder from an OpenID Provider Configuration or Authorization Server Metadata Request based on provided issuer and method invoked.
ReactiveJwtGrantedAuthoritiesConverterAdapter - Class in org.springframework.security.oauth2.server.resource.authentication
Adapts a Converter<Jwt, Collection<GrantedAuthority>> to a Converter<Jwt, Flux<GrantedAuthority>>.
ReactiveJwtGrantedAuthoritiesConverterAdapter(Converter<Jwt, Collection<GrantedAuthority>>) - Constructor for class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtGrantedAuthoritiesConverterAdapter
 
ReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> - Interface in org.springframework.security.oauth2.client.endpoint
A reactive strategy for "exchanging" an authorization grant credential (e.g.
ReactiveOAuth2AuthorizationFailureHandler - Interface in org.springframework.security.oauth2.client
Handles when an OAuth 2.0 Client fails to authorize (or re-authorize) via the authorization server or resource server.
ReactiveOAuth2AuthorizationSuccessHandler - Interface in org.springframework.security.oauth2.client
Handles when an OAuth 2.0 Client has been successfully authorized (or re-authorized) via the authorization server.
ReactiveOAuth2AuthorizedClientManager - Interface in org.springframework.security.oauth2.client
Implementations of this interface are responsible for the overall management of Authorized Client(s).
ReactiveOAuth2AuthorizedClientProvider - Interface in org.springframework.security.oauth2.client
A strategy for authorizing (or re-authorizing) an OAuth 2.0 Client.
ReactiveOAuth2AuthorizedClientProviderBuilder - Class in org.springframework.security.oauth2.client
A builder that builds a DelegatingReactiveOAuth2AuthorizedClientProvider composed of one or more ReactiveOAuth2AuthorizedClientProvider(s) that implement specific authorization grants.
ReactiveOAuth2AuthorizedClientProviderBuilder.AuthorizationCodeGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the authorization_code grant.
ReactiveOAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the client_credentials grant.
ReactiveOAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the password grant.
ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder - Class in org.springframework.security.oauth2.client
A builder for the refresh_token grant.
ReactiveOAuth2AuthorizedClientService - Interface in org.springframework.security.oauth2.client
Implementations of this interface are responsible for the management of Authorized Client(s), which provide the purpose of associating an Access Token credential to a Client and Resource Owner, who is the Principal that originally granted the authorization.
ReactiveOAuth2UserService<R extends OAuth2UserRequest,U extends OAuth2User> - Interface in org.springframework.security.oauth2.client.userinfo
Implementations of this interface are responsible for obtaining the user attributes of the End-User (Resource Owner) from the UserInfo Endpoint using the Access Token granted to the Client and returning an AuthenticatedPrincipal in the form of an OAuth2User.
ReactiveOidcIdTokenDecoderFactory - Class in org.springframework.security.oauth2.client.oidc.authentication
A factory that provides a ReactiveJwtDecoder used for OidcIdToken signature verification.
ReactiveOidcIdTokenDecoderFactory() - Constructor for class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
 
ReactiveOidcSessionRegistry - Interface in org.springframework.security.oauth2.client.oidc.server.session
A registry to record the tie between the OIDC Provider session and the Client session.
ReactiveOpaqueTokenAuthenticationConverter - Interface in org.springframework.security.oauth2.server.resource.introspection
Convert a successful introspection result into an authentication result.
ReactiveOpaqueTokenIntrospector - Interface in org.springframework.security.oauth2.server.resource.introspection
A contract for introspecting and verifying an OAuth 2.0 token.
ReactivePreAuthenticatedAuthenticationManager - Class in org.springframework.security.web.server.authentication
Reactive version of PreAuthenticatedAuthenticationProvider This manager receives a PreAuthenticatedAuthenticationToken, checks that associated account is not disabled, expired, or blocked, and returns new authenticated PreAuthenticatedAuthenticationToken.
ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
 
ReactivePreAuthenticatedAuthenticationManager(ReactiveUserDetailsService, UserDetailsChecker) - Constructor for class org.springframework.security.web.server.authentication.ReactivePreAuthenticatedAuthenticationManager
 
ReactiveSecurityContextHolder - Class in org.springframework.security.core.context
Allows getting and setting the Spring SecurityContext into a Context.
ReactiveSessionInformation - Class in org.springframework.security.core.session
 
ReactiveSessionInformation(Object, String, Instant) - Constructor for class org.springframework.security.core.session.ReactiveSessionInformation
 
ReactiveSessionRegistry - Interface in org.springframework.security.core.session
Maintains a registry of ReactiveSessionInformation instances.
ReactiveUserDetailsPasswordService - Interface in org.springframework.security.core.userdetails
An API for changing a UserDetails password.
ReactiveUserDetailsService - Interface in org.springframework.security.core.userdetails
An API for finding the UserDetails by username.
ReactiveUserDetailsServiceResourceFactoryBean - Class in org.springframework.security.config.core.userdetails
ReactiveUserDetailsServiceResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
 
REACTOR_CONTEXT - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
ReactorContextTestExecutionListener - Class in org.springframework.security.test.context.support
Sets up the Reactor Context with the Authentication from the TestSecurityContextHolder and then clears the Reactor Context at the end of the tests.
ReactorContextTestExecutionListener() - Constructor for class org.springframework.security.test.context.support.ReactorContextTestExecutionListener
 
ReactorContextWebFilter - Class in org.springframework.security.web.server.context
ReactorContextWebFilter(ServerSecurityContextRepository) - Constructor for class org.springframework.security.web.server.context.ReactorContextWebFilter
 
read - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
read(Class<? extends RelyingPartyRegistration.Builder>, HttpInputMessage) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
READ - Static variable in class org.springframework.security.acls.domain.BasePermission
 
readAclById(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
readAclById(ObjectIdentity) - Method in interface org.springframework.security.acls.model.AclService
Same as AclService.readAclsById(List) except it returns only a single Acl.
readAclById(ObjectIdentity, List<Sid>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
readAclById(ObjectIdentity, List<Sid>) - Method in interface org.springframework.security.acls.model.AclService
Same as AclService.readAclsById(List, List) except it returns only a single Acl.
readAclsById(List<ObjectIdentity>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
readAclsById(List<ObjectIdentity>) - Method in interface org.springframework.security.acls.model.AclService
Obtains all the Acls that apply for the passed Objects.
readAclsById(List<ObjectIdentity>, List<Sid>) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
The main method.
readAclsById(List<ObjectIdentity>, List<Sid>) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
readAclsById(List<ObjectIdentity>, List<Sid>) - Method in interface org.springframework.security.acls.jdbc.LookupStrategy
Perform database-specific optimized lookup.
readAclsById(List<ObjectIdentity>, List<Sid>) - Method in interface org.springframework.security.acls.model.AclService
Obtains all the Acls that apply for the passed Objects, but only for the security identifies passed.
readInternal(Class<? extends OAuth2AccessTokenResponse>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
 
readInternal(Class<? extends OAuth2DeviceAuthorizationResponse>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
 
readInternal(Class<? extends OAuth2Error>, HttpInputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
 
realm(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor
Configures the realm to use
realmName(String) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
Allows easily changing the realm, but leaving the remaining defaults in place.
REDIRECT - Enum constant in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
 
REDIRECT_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
redirect_uri - used in Authorization Request and Access Token Request.
RedirectGeneratedOneTimeTokenHandler - Class in org.springframework.security.web.authentication.ott
A GeneratedOneTimeTokenHandler that performs a redirect to a specific location
RedirectGeneratedOneTimeTokenHandler(String) - Constructor for class org.springframework.security.web.authentication.ott.RedirectGeneratedOneTimeTokenHandler
Constructs an instance of this class that redirects to the specified URL.
redirectionEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
redirectionEndpoint(Customizer<OAuth2LoginConfigurer.RedirectionEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Configures the Client's Redirection Endpoint.
RedirectServerAuthenticationEntryPoint - Class in org.springframework.security.web.server.authentication
Performs a redirect to a specified location.
RedirectServerAuthenticationEntryPoint(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
Creates an instance
RedirectServerAuthenticationFailureHandler - Class in org.springframework.security.web.server.authentication
Performs a redirect to a specified location.
RedirectServerAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
Creates an instance
RedirectServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
Performs a redirect on authentication success.
RedirectServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
Creates a new instance with location of "/"
RedirectServerAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
Creates a new instance with the specified location
RedirectServerLogoutSuccessHandler - Class in org.springframework.security.web.server.authentication.logout
Performs a redirect on log out success.
RedirectServerLogoutSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
 
redirectStrategy(RedirectStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
RedirectStrategy - Interface in org.springframework.security.web
Encapsulates the redirection logic for all classes in the framework which perform redirects.
redirectToHttps() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.redirectToHttps(Customizer) or redirectToHttps(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
redirectToHttps(Customizer<ServerHttpSecurity.HttpsRedirectSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures HTTPS redirection rules.
redirectUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the uri (or uri template) for the redirection endpoint.
redirectUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the uri for the redirection endpoint.
redirectUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the uri where the response was redirected to.
RedirectUrlBuilder - Class in org.springframework.security.web.util
Internal class for building redirect URLs.
RedirectUrlBuilder() - Constructor for class org.springframework.security.web.util.RedirectUrlBuilder
 
REFERRER_POLICY - Static variable in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
 
referrerPolicy() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
referrerPolicy() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
referrerPolicy(Customizer<HeadersConfigurer.ReferrerPolicyConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Allows configuration for Referrer Policy.
referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures Referrer-Policy response header.
referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
ReferrerPolicyHeaderWriter - Class in org.springframework.security.web.header.writers
Provides support for Referrer Policy.
ReferrerPolicyHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
Creates a new instance.
ReferrerPolicyHeaderWriter(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Constructor for class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
Creates a new instance.
ReferrerPolicyHeaderWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.header.writers
 
ReferrerPolicyServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Referrer-Policy response header.
ReferrerPolicyServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
 
ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy - Enum Class in org.springframework.security.web.server.header
 
refresh() - Method in class org.springframework.security.authentication.jaas.memory.InMemoryConfiguration
Does nothing, but required for JDK5
REFRESH_TOKEN - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
REFRESH_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
refresh_token - used in Access Token Request and Access Token Response.
refreshLastRequest() - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
refreshLastRequest() - Method in class org.springframework.security.core.session.SessionInformation
Refreshes the internal lastRequest to the current date and time.
refreshLastRequest(String) - Method in interface org.springframework.security.core.session.SessionRegistry
Updates the given sessionId so its last request time is equal to the present date and time.
refreshLastRequest(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
refreshToken() - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the refresh_token grant.
refreshToken() - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the refresh_token grant.
refreshToken(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
Sets the refresh token associated to the access token.
refreshToken(Consumer<OAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder>) - Method in class org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder
Configures support for the refresh_token grant.
refreshToken(Consumer<ReactiveOAuth2AuthorizedClientProviderBuilder.RefreshTokenGrantBuilder>) - Method in class org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder
Configures support for the refresh_token grant.
RefreshTokenOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the refresh_token grant.
RefreshTokenOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
 
RefreshTokenReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of a ReactiveOAuth2AuthorizedClientProvider for the refresh_token grant.
RefreshTokenReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
 
regex - Enum constant in enum class org.springframework.security.config.http.MatcherType
 
regexMatcher(String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
Creates a case-sensitive Pattern instance to match against the request.
regexMatcher(HttpMethod) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
Creates an instance that matches to all requests with the same HttpMethod.
regexMatcher(HttpMethod, String) - Static method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
Creates a case-sensitive Pattern instance to match against the request.
RegExpAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
RegExpAllowFromStrategy(String) - Constructor for class org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
Deprecated.
Creates a new instance
RegexRequestMatcher - Class in org.springframework.security.web.util.matcher
Uses a regular expression to decide whether a supplied the URL of a supplied HttpServletRequest.
RegexRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher
Creates a case-sensitive Pattern instance to match against the request.
RegexRequestMatcher(String, String, boolean) - Constructor for class org.springframework.security.web.util.matcher.RegexRequestMatcher
As above, but allows setting of whether case-insensitive matching should be used.
region(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the state, province, prefecture, or region.
registerAuthenticationEntryPoint(B, AuthenticationEntryPoint) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
registerDefaultAuthenticationEntryPoint(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
RegisteredOAuth2AuthorizedClient - Annotation Interface in org.springframework.security.oauth2.client.annotation
This annotation may be used to resolve a method parameter to an argument value of type OAuth2AuthorizedClient.
registerExtractor(Class<? extends Throwable>, ThrowableCauseExtractor) - Method in class org.springframework.security.web.util.ThrowableAnalyzer
Registers a ThrowableCauseExtractor for the specified type.
registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.AuthorizeReturnObjectCoreHintsRegistrar
Register hints after preparing them through Security's infrastructural beans
registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.AuthorizeReturnObjectHintsRegistrar
Register hints after preparing them through Security's infrastructural beans
registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.PrePostAuthorizeExpressionBeanHintsRegistrar
 
registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.aot.hint.PrePostAuthorizeHintsRegistrar
 
registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in interface org.springframework.security.aot.hint.SecurityHintsRegistrar
Register hints after preparing them through Security's infrastructural beans
registerHints(RuntimeHints, ConfigurableListableBeanFactory) - Method in class org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar
 
registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.AbstractServerWebExchangeMatcherRegistry
Subclasses should implement this method for returning the object that is chained to the creation of the ServerWebExchangeMatcher instances.
registerMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec
 
registerNewSession(String, Object) - Method in interface org.springframework.security.core.session.SessionRegistry
Registers a new session for the specified principal.
registerNewSession(String, Object) - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
registerPermission(Permission, String) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
 
registerPublicPermissions(Class<? extends Permission>) - Method in class org.springframework.security.acls.domain.DefaultPermissionFactory
Registers the public static fields of type Permission for a give class.
RegisterSessionAuthenticationStrategy - Class in org.springframework.security.web.authentication.session
Strategy used to register a user with the SessionRegistry after successful Authentication.
RegisterSessionAuthenticationStrategy(SessionRegistry) - Constructor for class org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
 
RegisterSessionServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
An implementation of ServerAuthenticationSuccessHandler that will register a ReactiveSessionInformation with the provided ReactiveSessionRegistry.
RegisterSessionServerAuthenticationSuccessHandler(ReactiveSessionRegistry) - Constructor for class org.springframework.security.web.server.authentication.RegisterSessionServerAuthenticationSuccessHandler
 
registerStompEndpoints(StompEndpointRegistry) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
REGISTRATION_ID - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
Non-standard parameter (used internally).
registrationId() - Element in annotation interface org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient
Sets the client registration identifier.
registrationId(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the registration id.
registrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
registrationId(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Sets the registrationId template.
RELAY_STATE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
RelayState - used to communicate shared state between the relying and asserting party
relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Sets the RelayState parameter that will accompany this AuthNRequest
relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
Use this value for the relay state when sending the Logout Request to the asserting party It should not be URL-encoded as this will be done when the request is sent
relayState(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
Use this value for the relay state when sending the Logout Request to the asserting party It should not be URL-encoded as this will be done when the response is sent
release() - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
RELYING_PARTY_REGISTRATION_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The relying party registration was not found.
RELYING_PARTY_REGISTRATIONS - Static variable in class org.springframework.security.config.Elements
 
RelyingPartyRegistration - Class in org.springframework.security.saml2.provider.service.registration
Represents a configured relying party (aka Service Provider) and asserting party (aka Identity Provider) pair.
RelyingPartyRegistration(String, String, String, Saml2MessageBinding, String, String, Collection<Saml2MessageBinding>, RelyingPartyRegistration.AssertingPartyDetails, String, boolean, Collection<Saml2X509Credential>, Collection<Saml2X509Credential>) - Constructor for class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
 
RelyingPartyRegistration.AssertingPartyDetails - Class in org.springframework.security.saml2.provider.service.registration
The configuration metadata of the Asserting party
RelyingPartyRegistration.AssertingPartyDetails.Builder - Class in org.springframework.security.saml2.provider.service.registration
 
RelyingPartyRegistration.Builder - Class in org.springframework.security.saml2.provider.service.registration
 
RelyingPartyRegistrationPlaceholderResolvers - Class in org.springframework.security.saml2.provider.service.web
A factory for creating placeholder resolvers for RelyingPartyRegistration templates.
RelyingPartyRegistrationPlaceholderResolvers.UriResolver - Class in org.springframework.security.saml2.provider.service.web
A class for resolving RelyingPartyRegistration URIs
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository) - Method in class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Sets the RelyingPartyRegistrationRepository of relying parties, each party representing a service provider, SP and this host, and identity provider, IDP pair that communicate with each other.
RelyingPartyRegistrationRepository - Interface in org.springframework.security.saml2.provider.service.registration
A repository for RelyingPartyRegistrations
RelyingPartyRegistrationResolver - Interface in org.springframework.security.saml2.provider.service.web
A contract for resolving a RelyingPartyRegistration from the HTTP request
RelyingPartyRegistrations - Class in org.springframework.security.saml2.provider.service.registration
A utility class for constructing instances of RelyingPartyRegistration
RelyingPartyRegistrationsBeanDefinitionParser - Class in org.springframework.security.config.saml2
 
RelyingPartyRegistrationsBeanDefinitionParser() - Constructor for class org.springframework.security.config.saml2.RelyingPartyRegistrationsBeanDefinitionParser
 
REMEMBER_ME - Static variable in class org.springframework.security.config.Elements
 
rememberMe() - Static method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Creates an instance of AuthenticatedAuthorizationManager that determines if the Authentication is authenticated using remember me.
rememberMe() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.rememberMe(Customizer) or rememberMe(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizedUrl
Specify that URLs are allowed by users that have been remembered.
rememberMe() - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl
Deprecated.
Specify that URLs are allowed by users that have been remembered.
rememberMe() - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry.Constraint
Deprecated.
Specify that Messages are allowed by users that have been remembered.
rememberMe() - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder.Constraint
Specify that Messages are allowed by users that have been remembered.
rememberMe() - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl
Specify that URLs are allowed by users that have been remembered.
rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring of Remember Me authentication.
RememberMeAuthenticationException - Exception in org.springframework.security.web.authentication.rememberme
This exception is thrown when an Authentication exception occurs while using the remember-me authentication.
RememberMeAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException
Constructs an RememberMeAuthenticationException with the specified message and no root cause.
RememberMeAuthenticationException(String, Throwable) - Constructor for exception org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException
Constructs a RememberMeAuthenticationException with the specified message and root cause.
RememberMeAuthenticationFilter - Class in org.springframework.security.web.authentication.rememberme
Detects if there is no Authentication object in the SecurityContext, and populates the context with a remember-me authentication token if a RememberMeServices implementation so requests.
RememberMeAuthenticationFilter(AuthenticationManager, RememberMeServices) - Constructor for class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
 
RememberMeAuthenticationProvider - Class in org.springframework.security.authentication
An AuthenticationProvider implementation that validates RememberMeAuthenticationTokens.
RememberMeAuthenticationProvider(String) - Constructor for class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
RememberMeAuthenticationToken - Class in org.springframework.security.authentication
Represents a remembered Authentication.
RememberMeAuthenticationToken(String, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.RememberMeAuthenticationToken
Constructor.
RememberMeConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Configures Remember Me authentication.
RememberMeConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Creates a new instance
rememberMeCookieDomain(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
The domain name within which the remember me cookie is visible.
rememberMeCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
The name of cookie which store the token for remember me authentication.
rememberMeParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
The HTTP parameter used to indicate to remember the user at time of login.
rememberMeRequested(HttpServletRequest, String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Allows customization of whether a remember-me login has been requested.
rememberMeServices(RememberMeServices) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Specify the RememberMeServices to use.
RememberMeServices - Interface in org.springframework.security.web.authentication
Implement by a class that is capable of providing a remember-me service.
removeAuthenticationRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
 
removeAuthenticationRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository
Removes the authentication request using the HttpServletRequest and HttpServletResponse
removeAuthorities(LdapName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
removeAuthorities(DistinguishedName, Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Deprecated.
removeAuthorizationRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
Removes and returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest and HttpServletResponse or if not available returns null.
removeAuthorizationRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
 
removeAuthorizationRequest(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository
Removes and returns the OAuth2AuthorizationRequest associated to the provided HttpServletRequest or if not available returns null.
removeAuthorizationRequest(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
 
removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
 
removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
 
removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
removeAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name.
removeAuthorizedClient(String, String) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
removeAuthorizedClient(String, String) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User's Principal name.
removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
 
removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
 
removeAuthorizedClient(String, Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).
removeAuthorizedClient(String, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover
Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).
removeAuthorizedClient(String, Authentication, Map<String, Object>) - Method in interface org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover
Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).
removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 
removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository
Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).
removeAuthorizedClient(String, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
 
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler - Class in org.springframework.security.oauth2.client
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
Constructs a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler using the provided parameters.
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover, Set<String>) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler
Constructs a RemoveAuthorizedClientOAuth2AuthorizationFailureHandler using the provided parameters.
RemoveAuthorizedClientOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover - Interface in org.springframework.security.oauth2.client
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler - Class in org.springframework.security.oauth2.client
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
Constructs a RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler using the provided parameters.
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler(RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover, Set<String>) - Constructor for class org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler
Constructs a RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler using the provided parameters.
RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler.OAuth2AuthorizedClientRemover - Interface in org.springframework.security.oauth2.client
removeConfigurer(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Removes and returns the SecurityConfigurer by its class name or null if not found.
removeConfigurer(Class<C>) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Removes the SecurityConfigurer by its class name or null if not found.
removeConfigurers(Class<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Removes all the SecurityConfigurer instances by its class name or an empty List if not found.
removeGroupAuthority(String, GrantedAuthority) - Method in interface org.springframework.security.provisioning.GroupManager
Deletes an authority from those assigned to a group
removeGroupAuthority(String, GrantedAuthority) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
removeLogoutRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
Removes and returns the Saml2LogoutRequest associated to the provided HttpServletRequest and HttpServletResponse or if not available returns null.
removeLogoutRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
Removes and returns the Saml2LogoutRequest associated to the provided HttpServletRequest and HttpServletResponse or if not available returns null.
removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
 
removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
 
removeMatchingRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
If the provided ServerWebExchange matches the saved ServerHttpRequest gets the saved ServerHttpRequest
removeMatchingRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
 
removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
 
removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
 
removeRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
 
removeRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
Removes the cached request.
removeSessionInformation(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
removeSessionInformation(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
Removes the specified session from the registry.
removeSessionInformation(String) - Method in interface org.springframework.security.core.session.SessionRegistry
Deletes all the session information being maintained for the specified sessionId.
removeSessionInformation(String) - Method in class org.springframework.security.core.session.SessionRegistryImpl
 
removeSessionInformation(String) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
 
removeSessionInformation(String) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry
Deregister the OIDC Provider session tied to the provided client session.
removeSessionInformation(String) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
 
removeSessionInformation(String) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry
Deregister the OIDC Provider session tied to the provided client session.
removeSessionInformation(OidcLogoutToken) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
 
removeSessionInformation(OidcLogoutToken) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry
Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token by its session id or its subject.
removeSessionInformation(OidcLogoutToken) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
 
removeSessionInformation(OidcLogoutToken) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry
Deregister the OIDC Provider sessions referenced by the provided OIDC Logout Token by its session id or its subject.
removeTicketFromCache(String) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
This is a no-op since we are not storing tickets.
removeTicketFromCache(String) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
 
removeTicketFromCache(String) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
Removes the specified ticket from the cache, meaning that future calls will require a new service ticket.
removeTicketFromCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.NullStatelessTicketCache
This is a no-op since we are not storing tickets.
removeTicketFromCache(CasAuthenticationToken) - Method in class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
 
removeTicketFromCache(CasAuthenticationToken) - Method in interface org.springframework.security.cas.authentication.StatelessTicketCache
Removes the specified ticket from the cache, as per StatelessTicketCache.removeTicketFromCache(String).
removeUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.NullUserCache
 
removeUserFromCache(String) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
 
removeUserFromCache(String) - Method in interface org.springframework.security.core.userdetails.UserCache
Removes the specified user from the cache.
removeUserFromCache(UserDetails) - Method in class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
 
removeUserFromGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
Deletes a user's membership of a group.
removeUserFromGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
 
removeUserTokens(String) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
 
removeUserTokens(String) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
 
renameGroup(String, String) - Method in interface org.springframework.security.provisioning.GroupManager
Changes the name of a group without altering the assigned authorities or members.
renameGroup(String, String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
reportOnly() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig
Enables (includes) the Content-Security-Policy-Report-Only header in the response.
reportOnly(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
If true, the browser should not terminate the connection with the server.
reportOnly(boolean) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
Whether to include the Content-Security-Policy-Report-Only header in the response.
reportUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Sets the URI to which the browser should report pin validation failures.
reportUri(URI) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Sets the URI to which the browser should report pin validation failures.
request - Variable in class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
Allows direct access to the request object
REQUEST_CACHE - Static variable in class org.springframework.security.config.Elements
 
REQUEST_CHANNEL - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
A Request Channel exchange.
REQUEST_RESPONSE - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
A Request Response exchange.
REQUEST_SCOPE_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
The name of the attribute in the context associated to the value for the "request scope(s)".
REQUEST_STREAM - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
A Request Stream exchange.
RequestAttributeAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth
A simple pre-authenticated filter which obtains the username from request attributes, for use with SSO systems such as Stanford WebAuth or Shibboleth.
RequestAttributeAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
 
RequestAttributeClientRegistrationIdResolver - Class in org.springframework.security.oauth2.client.web.client
A strategy for resolving a clientRegistrationId from an intercepted request using attributes.
RequestAttributeClientRegistrationIdResolver() - Constructor for class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver
 
RequestAttributeSecurityContextRepository - Class in org.springframework.security.web.context
Stores the SecurityContext on a ServletRequest.setAttribute(String, Object) so that it can be restored when different dispatch types occur.
RequestAttributeSecurityContextRepository() - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
RequestAttributeSecurityContextRepository(String) - Constructor for class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
Creates a new instance with the specified request attribute name.
RequestAuthorizationContext - Class in org.springframework.security.web.access.intercept
An HttpServletRequest authorization context.
RequestAuthorizationContext(HttpServletRequest) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext
Creates an instance.
RequestAuthorizationContext(HttpServletRequest, Map<String, String>) - Constructor for class org.springframework.security.web.access.intercept.RequestAuthorizationContext
Creates an instance.
requestCache() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
requestCache() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring the Request Cache.
requestCache(Customizer<ServerHttpSecurity.RequestCacheSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures the request cache which is used when a flow is interrupted (i.e.
requestCache(RequestCache) - Method in class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
Allows explicit configuration of the RequestCache to be used.
requestCache(ServerRequestCache) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec
Configures the cache used
RequestCache - Interface in org.springframework.security.web.savedrequest
Implements "saved request" logic, allowing a single request to be retrieved and restarted after redirecting to an authentication mechanism.
RequestCacheAwareFilter - Class in org.springframework.security.web.savedrequest
Responsible for reconstituting the saved request if one is cached and it matches the current request.
RequestCacheAwareFilter() - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
 
RequestCacheAwareFilter(RequestCache) - Constructor for class org.springframework.security.web.savedrequest.RequestCacheAwareFilter
 
RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds request cache for Spring Security.
RequestCacheConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer
 
requestDataValueProcessor() - Method in class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
Deprecated.
 
REQUESTED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
requested_token_type - used in Token Exchange Access Token Request.
RequestedUrlRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session
Performs a redirect to the original request URL when an invalid requested session is detected by the SessionManagementFilter.
RequestedUrlRedirectInvalidSessionStrategy() - Constructor for class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
 
RequestHeaderAuthenticationFilter - Class in org.springframework.security.web.authentication.preauth
A simple pre-authenticated filter which obtains the username from a request header, for use with systems such as CA Siteminder.
RequestHeaderAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
 
RequestHeaderRequestMatcher - Class in org.springframework.security.web.util.matcher
A RequestMatcher that can be used to match request that contain a header with an expected header name and an expected value.
RequestHeaderRequestMatcher(String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
Creates a new instance that will match if a header by the name of RequestHeaderRequestMatcher.expectedHeaderName is present.
RequestHeaderRequestMatcher(String, String) - Constructor for class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
Creates a new instance that will match if a header by the name of RequestHeaderRequestMatcher.expectedHeaderName is present and if the RequestHeaderRequestMatcher.expectedHeaderValue is non-null the first value is the same.
RequestKey - Class in org.springframework.security.web.access.intercept
 
RequestKey(String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
 
RequestKey(String, String) - Constructor for class org.springframework.security.web.access.intercept.RequestKey
 
requestMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.
RequestMatcher - Interface in org.springframework.security.web.util.matcher
Simple strategy to match an HttpServletRequest.
RequestMatcher.MatchResult - Class in org.springframework.security.web.util.matcher
The result of matching against an HttpServletRequest Contains the status, true or false, of the match and if present, any variables extracted from the match
RequestMatcherDelegatingAccessDeniedHandler - Class in org.springframework.security.web.access
RequestMatcherDelegatingAccessDeniedHandler(LinkedHashMap<RequestMatcher, AccessDeniedHandler>, AccessDeniedHandler) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingAccessDeniedHandler
Creates a new instance
RequestMatcherDelegatingAuthenticationManagerResolver - Class in org.springframework.security.web.authentication
RequestMatcherDelegatingAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.authentication
RequestMatcherDelegatingAuthorizationManager - Class in org.springframework.security.web.access.intercept
An AuthorizationManager which delegates to a specific AuthorizationManager based on a RequestMatcher evaluation.
RequestMatcherDelegatingAuthorizationManager.Builder - Class in org.springframework.security.web.access.intercept
RequestMatcherDelegatingAuthorizationManager.Builder.AuthorizedUrl - Class in org.springframework.security.web.access.intercept
An object that allows configuring the AuthorizationManager for RequestMatchers.
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator - Class in org.springframework.security.web.access
A WebInvocationPrivilegeEvaluator which delegates to a list of WebInvocationPrivilegeEvaluator based on a RequestMatcher evaluation
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>>) - Constructor for class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
 
RequestMatcherEditor - Class in org.springframework.security.web.util.matcher
PropertyEditor which creates ELRequestMatcher instances from Strings This allows to use a String in a BeanDefinition instead of an (inner) bean if a RequestMatcher is required, e.g.
RequestMatcherEditor() - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEditor
 
RequestMatcherEntry<T> - Class in org.springframework.security.web.util.matcher
A rich object for associating a RequestMatcher to another object.
RequestMatcherEntry(RequestMatcher, T) - Constructor for class org.springframework.security.web.util.matcher.RequestMatcherEntry
 
RequestMatcherMetadataResponseResolver - Class in org.springframework.security.saml2.provider.service.metadata
RequestMatcherMetadataResponseResolver - Class in org.springframework.security.saml2.provider.service.web.metadata
An implementation of Saml2MetadataResponseResolver that identifies which RelyingPartyRegistrations to use with a RequestMatcher
RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.metadata.RequestMatcherMetadataResponseResolver
Deprecated.
RequestMatcherMetadataResponseResolver(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
RequestMatcherRedirectFilter - Class in org.springframework.security.web
Filter that redirects requests that match RequestMatcher to the specified URL.
RequestMatcherRedirectFilter(RequestMatcher, String) - Constructor for class org.springframework.security.web.RequestMatcherRedirectFilter
Create and initialize an instance of the filter.
requestMatchers - Variable in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
 
requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that does not care which HttpMethod is used.
requestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
 
requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that matches on a specific HttpMethod.
requestMatchers(HttpMethod) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
 
requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
If the HandlerMappingIntrospector is available in the classpath, maps to an MvcRequestMatcher that also specifies a specific HttpMethod to match on.
requestMatchers(HttpMethod, String...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
 
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
Associates a list of RequestMatcher instances with the AbstractConfigAttributeRequestMatcherRegistry
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
 
requestMatchers(RequestMatcher...) - Method in class org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager.Builder
RequestMatchers - Class in org.springframework.security.web.util.matcher
A factory class to create RequestMatcher instances.
RequestRejectedException - Exception in org.springframework.security.web.firewall
 
RequestRejectedException(String) - Constructor for exception org.springframework.security.web.firewall.RequestRejectedException
 
requestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
Sets the handler to handle RequestRejectedException
RequestRejectedHandler - Interface in org.springframework.security.web.firewall
Used by FilterChainProxy to handle an RequestRejectedException.
RequestVariablesExtractor - Interface in org.springframework.security.web.util.matcher
REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
 
REQUIRE_CORP - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
 
requireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec
Configures the ServerWebExchangeMatcher used to determine when CSRF protection is enabled.
requireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Specify the RequestMatcher to use for determining when CSRF should be applied.
requireExplicitAuthenticationStrategy(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Setting this means that explicit invocation of SessionAuthenticationStrategy is required.
requireExplicitSave(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
 
requireInitialize(Consumer<XMLObjectProviderRegistry>) - Static method in class org.springframework.security.saml2.core.OpenSamlInitializationService
Ready OpenSAML for use, configure it with reasonable defaults, and modify the XMLObjectProviderRegistry using the provided Consumer.
requirePermission - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
requires(String) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
 
requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
Overridden to provide proxying capabilities.
requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
 
requiresAuthentication(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Indicates whether this filter should attempt to process a login request for the current invocation.
requiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
Configures when authentication is performed.
requiresChannel() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) or requiresChannel(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures channel security.
requiresExitUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Checks the request URI for the presence of exitUserUrl.
requiresInsecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
 
requiresLogout(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
Allow subclasses to modify when a logout should take place.
requiresLogout(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec
Configures when the log out will be triggered.
requiresSecure() - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl
 
requiresSwitchUser(HttpServletRequest) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Checks the request URI for the presence of switchUserUrl.
requireUnique(Class<A>) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners
Create a SecurityAnnotationScanner that requires synthesized annotations to be unique on the given AnnotatedElement.
requireUnique(Class<A>, AnnotationTemplateExpressionDefaults) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners
Create a SecurityAnnotationScanner that requires synthesized annotations to be unique on the given AnnotatedElement.
requireUnique(List<Class<? extends Annotation>>) - Static method in class org.springframework.security.core.annotation.SecurityAnnotationScanners
Create a SecurityAnnotationScanner that requires synthesized annotations to be unique on the given AnnotatedElement.
RESERVED_OFF - Static variable in interface org.springframework.security.acls.model.Permission
 
RESERVED_ON - Static variable in interface org.springframework.security.acls.model.Permission
 
reset() - Method in class org.springframework.security.web.firewall.FirewalledRequest
This method will be called once the request has passed through the security filter chain, when it is about to proceed to the application proper.
resolve(C) - Method in interface org.springframework.security.authentication.AuthenticationManagerResolver
Resolve an AuthenticationManager from a provided context
resolve(C) - Method in interface org.springframework.security.authentication.ReactiveAuthenticationManagerResolver
 
resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
 
resolve(HttpServletRequest) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.
resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerAuthenticationManagerResolver
Return an AuthenticationManager based off of the `iss` claim found in the request's bearer token
resolve(HttpServletRequest) - Method in interface org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
Resolve any Bearer Token value from the request.
resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
 
resolve(HttpServletRequest) - Method in class org.springframework.security.oauth2.server.resource.web.HeaderBearerTokenResolver
 
resolve(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponseResolver
Construct and serialize a relying party's SAML 2.0 metadata based on the given HttpServletRequest
resolve(HttpServletRequest) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver
 
resolve(HttpServletRequest) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
Construct and serialize a relying party's SAML 2.0 metadata based on the given HttpServletRequest.
resolve(HttpServletRequest) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
Resolve an AuthenticationManager from a provided context
resolve(HttpServletRequest, String) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
 
resolve(HttpServletRequest, String) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.
resolve(HttpServletRequest, String) - Method in class org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver
Resolve a RelyingPartyRegistration from the HTTP request, using the relyingPartyRegistrationId, if it is provided
resolve(HttpServletRequest, String) - Method in interface org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver
Resolve a RelyingPartyRegistration from the HTTP request, using the relyingPartyRegistrationId, if it is provided
resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver
Prepare to create, sign, and serialize a SAML 2.0 Logout Request.
resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestValidatorParametersResolver
Resolve any SAML 2.0 Logout Request and associated RelyingPartyRegistration
resolve(HttpServletRequest, Authentication) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver
Prepare to create, sign, and serialize a SAML 2.0 Logout Response.
resolve(Iterable<RelyingPartyRegistration>) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
 
resolve(String) - Method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver
 
resolve(HttpRequest) - Method in interface org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor.ClientRegistrationIdResolver
Resolve the clientRegistrationId from the current request, which is used to obtain an OAuth2AuthorizedClient.
resolve(HttpRequest) - Method in class org.springframework.security.oauth2.client.web.client.RequestAttributeClientRegistrationIdResolver
 
resolve(RelyingPartyRegistration) - Method in interface org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResolver
Resolve the given relying party's metadata
resolve(ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
 
resolve(ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver
Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.
resolve(ServerWebExchange) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtIssuerReactiveAuthenticationManagerResolver
Return an AuthenticationManager based off of the `iss` claim found in the request's bearer token
resolve(ServerWebExchange) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
resolve(ServerWebExchange, String) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
 
resolve(ServerWebExchange, String) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver
Returns the OAuth2AuthorizationRequest resolved from the provided HttpServletRequest or null if not available.
resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
 
resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
 
resolveArgument(MethodParameter, Message<?>) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
 
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
 
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Deprecated.
 
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
 
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
 
resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
 
resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
 
resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
 
resolveArgument(MethodParameter, BindingContext, ServerWebExchange) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
 
resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestHandler
 
resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in interface org.springframework.security.web.csrf.CsrfTokenRequestResolver
Returns the token value resolved from the provided HttpServletRequest and CsrfToken or null if not available.
resolveCsrfTokenValue(HttpServletRequest, CsrfToken) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
 
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
 
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
 
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRequestResolver
Returns the token value resolved from the provided ServerWebExchange and CsrfToken or Mono.empty() if not available.
resolveCsrfTokenValue(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
 
resolveException(LoginException) - Method in class org.springframework.security.authentication.jaas.DefaultLoginExceptionResolver
 
resolveException(LoginException) - Method in interface org.springframework.security.authentication.jaas.LoginExceptionResolver
Translates a Jaas LoginException to an SpringSecurityException.
RESOURCE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
resource - used in Token Exchange Access Token Request.
RESOURCE_POLICY - Static variable in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
 
RESPONSE_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
response_type - used in Authorization Request.
RestClientAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of OAuth2AccessTokenResponseClient that "exchanges" an authorization code for an access token at the Authorization Server's Token Endpoint.
RestClientAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientAuthorizationCodeTokenResponseClient
 
RestClientClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of OAuth2AccessTokenResponseClient that "exchanges" client credentials for an access token at the Authorization Server's Token Endpoint.
RestClientClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientClientCredentialsTokenResponseClient
 
RestClientJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of OAuth2AccessTokenResponseClient that "exchanges" a JWT for an access token at the Authorization Server's Token Endpoint.
RestClientJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientJwtBearerTokenResponseClient
 
RestClientRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of OAuth2AccessTokenResponseClient that "exchanges" a refresh token for an access token at the Authorization Server's Token Endpoint.
RestClientRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient
 
RestClientTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of OAuth2AccessTokenResponseClient that "exchanges" a subject token (and optionally an actor token) for an access token at the Authorization Server's Token Endpoint.
RestClientTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.RestClientTokenExchangeTokenResponseClient
 
restOperations(RestOperations) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder
Use the given RestOperations to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.
retrieveEntry(String, String[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Composes an object from the attributes of the given DN.
retrieveObjectIdentityPrimaryKey(ObjectIdentity) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Retrieves the primary key from the acl_object_identity table for the passed ObjectIdentity.
retrievePassword(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
 
retrieveUser(String) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
Allows subclasses to retrieve the UserDetails from an implementation-specific location.
retrieveUser(String) - Method in class org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager
 
retrieveUser(String, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Allows subclasses to actually retrieve the UserDetails from an implementation-specific location, with the option of throwing an AuthenticationException immediately if the presented credentials are incorrect (this is especially useful if it is necessary to bind to a resource as the user in order to obtain or generate a UserDetails).
retrieveUser(String, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
retrieveUserName(Authentication) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
 
RetryWithHttpEntryPoint - Class in org.springframework.security.web.access.channel
Commences an insecure channel by retrying the original request using HTTP.
RetryWithHttpEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpEntryPoint
 
RetryWithHttpsEntryPoint - Class in org.springframework.security.web.access.channel
Commences a secure channel by retrying the original request using HTTPS.
RetryWithHttpsEntryPoint() - Constructor for class org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint
 
role(String) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl.Builder
Creates a new hierarchy branch to define a role and its child roles.
ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
ROLE_PREVIOUS_ADMINISTRATOR - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
 
RoleHierarchy - Interface in org.springframework.security.access.hierarchicalroles
The simple interface of a role hierarchy.
RoleHierarchyAuthoritiesMapper - Class in org.springframework.security.access.hierarchicalroles
 
RoleHierarchyAuthoritiesMapper(RoleHierarchy) - Constructor for class org.springframework.security.access.hierarchicalroles.RoleHierarchyAuthoritiesMapper
 
roleHierarchyFromMap(Map<String, List<String>>) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyUtils
Converts the supplied Map of role name to implied role name(s) to a string representation understood by RoleHierarchyImpl.setHierarchy(String).
RoleHierarchyImpl - Class in org.springframework.security.access.hierarchicalroles
This class defines a role hierarchy for use with various access checking components.
RoleHierarchyImpl() - Constructor for class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
RoleHierarchyImpl.Builder - Class in org.springframework.security.access.hierarchicalroles
Builder class for constructing a RoleHierarchyImpl based on a hierarchical role structure.
RoleHierarchyImpl.Builder.ImpliedRoles - Class in org.springframework.security.access.hierarchicalroles
Builder class for constructing child roles within a role hierarchy branch.
RoleHierarchyUtils - Class in org.springframework.security.access.hierarchicalroles
Utility methods for RoleHierarchy.
RoleHierarchyVoter - Class in org.springframework.security.access.vote
RoleHierarchyVoter(RoleHierarchy) - Constructor for class org.springframework.security.access.vote.RoleHierarchyVoter
Deprecated.
 
rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
A non-empty string prefix that will be added as a prefix to the existing roles.
rolePrefix(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
A non-empty string prefix that will be added to role strings loaded from persistent storage (default is "").
rolePrefix(String) - Method in class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
 
roles() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
The roles to use.
roles(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer.UserDetailsBuilder
Populates the roles.
roles(String...) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the roles.
roles(String...) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.UserExchangeMutator
Specifies the roles to use.
roles(String...) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor
Specify the roles of the user to authenticate as.
RoleVoter - Class in org.springframework.security.access.vote
Deprecated.
RoleVoter() - Constructor for class org.springframework.security.access.vote.RoleVoter
Deprecated.
 
root(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Optional root suffix for the embedded LDAP server.
route(String) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
RoutePayloadExchangeMatcher - Class in org.springframework.security.rsocket.util.matcher
 
RoutePayloadExchangeMatcher(MetadataExtractor, RouteMatcher, String) - Constructor for class org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher
 
RS256 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)
RS256 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
RSASSA-PKCS1-v1_5 using SHA-256 (Recommended)
RS384 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
RSASSA-PKCS1-v1_5 using SHA-384 (Optional)
RS384 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
RSASSA-PKCS1-v1_5 using SHA-384 (Optional)
RS512 - Enum constant in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
RSASSA-PKCS1-v1_5 using SHA-512 (Optional)
RS512 - Static variable in class org.springframework.security.oauth2.jose.jws.JwsAlgorithms
RSASSA-PKCS1-v1_5 using SHA-512 (Optional)
RsaAlgorithm - Enum Class in org.springframework.security.crypto.encrypt
 
RsaKeyConversionServicePostProcessor - Class in org.springframework.security.config.crypto
Adds RsaKeyConverters to the configured ConversionService or PropertyEditors
RsaKeyConversionServicePostProcessor() - Constructor for class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
 
RsaKeyConverters - Class in org.springframework.security.converter
Used for creating Key converter instances
RsaKeyHolder - Interface in org.springframework.security.crypto.encrypt
 
RsaRawEncryptor - Class in org.springframework.security.crypto.encrypt
 
RsaRawEncryptor() - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(String) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(String, PublicKey, PrivateKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(KeyPair) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(KeyPair, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(PublicKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaRawEncryptor(RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaRawEncryptor
 
RsaSecretEncryptor - Class in org.springframework.security.crypto.encrypt
 
RsaSecretEncryptor() - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(String, PublicKey, PrivateKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(String, PublicKey, PrivateKey, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(String, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(String, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(KeyPair) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(KeyPair, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(KeyPair, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(KeyPair, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(PublicKey) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(PublicKey, RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(PublicKey, RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(PublicKey, RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(RsaAlgorithm) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(RsaAlgorithm, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(RsaAlgorithm, String) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RsaSecretEncryptor(RsaAlgorithm, String, boolean) - Constructor for class org.springframework.security.crypto.encrypt.RsaSecretEncryptor
 
RSocketSecurity - Class in org.springframework.security.config.annotation.rsocket
Allows configuring RSocket based security.
RSocketSecurity() - Constructor for class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
RSocketSecurity.AuthorizePayloadsSpec - Class in org.springframework.security.config.annotation.rsocket
 
RSocketSecurity.AuthorizePayloadsSpec.Access - Class in org.springframework.security.config.annotation.rsocket
 
RSocketSecurity.BasicAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
 
RSocketSecurity.JwtSpec - Class in org.springframework.security.config.annotation.rsocket
 
RSocketSecurity.SimpleAuthenticationSpec - Class in org.springframework.security.config.annotation.rsocket
 
run() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
 
RunAsImplAuthenticationProvider - Class in org.springframework.security.access.intercept
Deprecated.
Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
RunAsImplAuthenticationProvider() - Constructor for class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
runAsManager() - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
RunAsManager - Interface in org.springframework.security.access.intercept
Deprecated.
Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
RunAsManagerImpl - Class in org.springframework.security.access.intercept
Deprecated.
Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
RunAsManagerImpl() - Constructor for class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
RunAsUserToken - Class in org.springframework.security.access.intercept
Deprecated.
Authentication is now separated from authorization in Spring Security. This class is only used by now-deprecated components. There is not yet an equivalent replacement in Spring Security.
RunAsUserToken(String, Object, Object, Collection<? extends GrantedAuthority>, Class<? extends Authentication>) - Constructor for class org.springframework.security.access.intercept.RunAsUserToken
Deprecated.
 

S

SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
 
SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
 
SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
 
SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
 
SAME_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
 
SAME_ORIGIN_ALLOW_POPUPS - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
 
SAME_SITE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
 
SAME_SITE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
 
sameOrigin() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig
Specify to allow any request that comes from the same origin to frame this application.
SAMEORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
 
SAMEORIGIN - Enum constant in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
A browser receiving content with this header field MUST NOT display this content in any frame from a page of different origin than the content itself.
sameOriginDisabled() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
Determines if a CSRF token is required for connecting.
SAML_REQUEST - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
SAMLRequest - used to request authentication or request logout
SAML_RESPONSE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
SAMLResponse - used to respond to an authentication or logout request
SAML2_LOGIN - Static variable in class org.springframework.security.config.Elements
 
SAML2_LOGOUT - Static variable in class org.springframework.security.config.Elements
 
Saml2AuthenticatedPrincipal - Interface in org.springframework.security.saml2.provider.service.authentication
Saml2 representation of an AuthenticatedPrincipal.
Saml2Authentication - Class in org.springframework.security.saml2.provider.service.authentication
An implementation of an AbstractAuthenticationToken that represents an authenticated SAML 2.0 Authentication.
Saml2Authentication(AuthenticatedPrincipal, String, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2Authentication
Construct a Saml2Authentication using the provided parameters
Saml2AuthenticationException - Exception in org.springframework.security.saml2.provider.service.authentication
This exception is thrown for all SAML 2.0 related Authentication errors.
Saml2AuthenticationException(Saml2Error) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
Constructs a Saml2AuthenticationException using the provided parameters.
Saml2AuthenticationException(Saml2Error, String) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
Constructs a Saml2AuthenticationException using the provided parameters.
Saml2AuthenticationException(Saml2Error, String, Throwable) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
Constructs a Saml2AuthenticationException using the provided parameters.
Saml2AuthenticationException(Saml2Error, Throwable) - Constructor for exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
Constructs a Saml2AuthenticationException using the provided parameters.
Saml2AuthenticationRequestRepository<T extends AbstractSaml2AuthenticationRequest> - Interface in org.springframework.security.saml2.provider.service.web
Saml2AuthenticationRequestResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication
A strategy for resolving a SAML 2.0 Authentication Request from the HttpServletRequest.
Saml2AuthenticationToken - Class in org.springframework.security.saml2.provider.service.authentication
Represents an incoming SAML 2.0 response containing an assertion that has not been validated.
Saml2AuthenticationToken(RelyingPartyRegistration, String) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Creates a Saml2AuthenticationToken with the provided parameters Note that the given RelyingPartyRegistration should have all its templates resolved at this point.
Saml2AuthenticationToken(RelyingPartyRegistration, String, AbstractSaml2AuthenticationRequest) - Constructor for class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
Creates a Saml2AuthenticationToken with the provided parameters.
Saml2AuthenticationTokenConverter - Class in org.springframework.security.saml2.provider.service.web
An AuthenticationConverter that generates a Saml2AuthenticationToken appropriate for authenticated a SAML 2.0 Assertion against an AuthenticationManager.
Saml2AuthenticationTokenConverter(RelyingPartyRegistrationResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
Constructs a Saml2AuthenticationTokenConverter given a strategy for resolving RelyingPartyRegistrations
Saml2Error - Class in org.springframework.security.saml2.core
A representation of an SAML 2.0 Error.
Saml2Error(String, String) - Constructor for class org.springframework.security.saml2.core.Saml2Error
Constructs a Saml2Error using the provided parameters.
Saml2ErrorCodes - Class in org.springframework.security.saml2.core
A list of SAML known 2 error codes used during SAML authentication.
Saml2Exception - Exception in org.springframework.security.saml2
 
Saml2Exception(String) - Constructor for exception org.springframework.security.saml2.Saml2Exception
 
Saml2Exception(String, Throwable) - Constructor for exception org.springframework.security.saml2.Saml2Exception
 
Saml2Exception(Throwable) - Constructor for exception org.springframework.security.saml2.Saml2Exception
 
Saml2Jackson2Module - Class in org.springframework.security.saml2.jackson2
Jackson module for saml2-service-provider.
Saml2Jackson2Module() - Constructor for class org.springframework.security.saml2.jackson2.Saml2Jackson2Module
 
saml2Login() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.saml2Login(Customizer) or saml2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
saml2Login(Customizer<Saml2LoginConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures authentication support using an SAML 2.0 Service Provider.
Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> - Class in org.springframework.security.config.annotation.web.configurers.saml2
An AbstractHttpConfigurer for SAML 2.0 Login, which leverages the SAML 2.0 Web Browser Single Sign On (WebSSO) Flow.
Saml2LoginConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer
 
saml2Logout() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.saml2Logout(Customizer) or saml2Logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures logout support for an SAML 2.0 Relying Party.
Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2
Adds SAML 2.0 logout support.
Saml2LogoutConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer
Creates a new instance
Saml2LogoutConfigurer.LogoutRequestConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2
A configurer for SAML 2.0 LogoutRequest components
Saml2LogoutConfigurer.LogoutResponseConfigurer - Class in org.springframework.security.config.annotation.web.configurers.saml2
 
Saml2LogoutRequest - Class in org.springframework.security.saml2.provider.service.authentication.logout
A class that represents a signed and serialized SAML 2.0 Logout Request
Saml2LogoutRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout
 
Saml2LogoutRequestFilter - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
A filter for handling logout requests in the form of a <saml2:LogoutRequest> sent from the asserting party.
Saml2LogoutRequestFilter(Saml2LogoutRequestValidatorParametersResolver, Saml2LogoutRequestValidator, Saml2LogoutResponseResolver, LogoutHandler...) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
 
Saml2LogoutRequestFilter(RelyingPartyRegistrationResolver, Saml2LogoutRequestValidator, Saml2LogoutResponseResolver, LogoutHandler...) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Requests from the asserting party
Saml2LogoutRequestRepository - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
Implementations of this interface are responsible for the persistence of Saml2LogoutRequest between requests.
Saml2LogoutRequestResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
Creates a signed SAML 2.0 Logout Request based on information from the HttpServletRequest and current Authentication.
Saml2LogoutRequestValidator - Interface in org.springframework.security.saml2.provider.service.authentication.logout
Validates SAML 2.0 Logout Requests
Saml2LogoutRequestValidatorParameters - Class in org.springframework.security.saml2.provider.service.authentication.logout
A holder of the parameters needed to invoke Saml2LogoutRequestValidator
Saml2LogoutRequestValidatorParameters(Saml2LogoutRequest, RelyingPartyRegistration, Authentication) - Constructor for class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters
Saml2LogoutRequestValidatorParametersResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
Resolved a SAML 2.0 Logout Request and associated validation parameters from the given HttpServletRequest and current Authentication.
Saml2LogoutResponse - Class in org.springframework.security.saml2.provider.service.authentication.logout
A class that represents a signed and serialized SAML 2.0 Logout Response
Saml2LogoutResponse.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout
 
Saml2LogoutResponseFilter - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
A filter for handling a <saml2:LogoutResponse> sent from the asserting party.
Saml2LogoutResponseFilter(RelyingPartyRegistrationRepository, Saml2LogoutResponseValidator, LogoutSuccessHandler) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
 
Saml2LogoutResponseFilter(RelyingPartyRegistrationResolver, Saml2LogoutResponseValidator, LogoutSuccessHandler) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
Constructs a Saml2LogoutResponseFilter for accepting SAML 2.0 Logout Responses from the asserting party
Saml2LogoutResponseResolver - Interface in org.springframework.security.saml2.provider.service.web.authentication.logout
Creates a signed SAML 2.0 Logout Response based on information from the HttpServletRequest and current Authentication.
Saml2LogoutResponseValidator - Interface in org.springframework.security.saml2.provider.service.authentication.logout
Validates SAML 2.0 Logout Responses
Saml2LogoutResponseValidatorParameters - Class in org.springframework.security.saml2.provider.service.authentication.logout
A holder of the parameters needed to invoke Saml2LogoutResponseValidator
Saml2LogoutResponseValidatorParameters(Saml2LogoutResponse, Saml2LogoutRequest, RelyingPartyRegistration) - Constructor for class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters
Saml2LogoutValidatorResult - Class in org.springframework.security.saml2.provider.service.authentication.logout
A result emitted from a SAML 2.0 Logout validation attempt
Saml2LogoutValidatorResult.Builder - Class in org.springframework.security.saml2.provider.service.authentication.logout
 
Saml2MessageBinding - Enum Class in org.springframework.security.saml2.provider.service.registration
The type of bindings that messages are exchanged using Supported bindings are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.
saml2Metadata() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.saml2Metadata(Customizer) or saml2Metadata(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
saml2Metadata(Customizer<Saml2MetadataConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures a SAML 2.0 metadata endpoint that presents relying party configurations in an <md:EntityDescriptor> payload.
Saml2MetadataConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers.saml2
An AbstractHttpConfigurer for SAML 2.0 Metadata.
Saml2MetadataConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.saml2.Saml2MetadataConfigurer
 
Saml2MetadataFilter - Class in org.springframework.security.saml2.provider.service.web
A Filter that returns the metadata for a Relying Party
Saml2MetadataFilter(Saml2MetadataResponseResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
Constructs an instance of Saml2MetadataFilter
Saml2MetadataFilter(RelyingPartyRegistrationRepository, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
Constructs an instance of Saml2MetadataFilter using the provided parameters.
Saml2MetadataFilter(RelyingPartyRegistrationResolver, Saml2MetadataResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
 
Saml2MetadataResolver - Interface in org.springframework.security.saml2.provider.service.metadata
Resolves the SAML 2.0 Relying Party Metadata for a given RelyingPartyRegistration
Saml2MetadataResponse - Class in org.springframework.security.saml2.provider.service.metadata
 
Saml2MetadataResponse(String, String) - Constructor for class org.springframework.security.saml2.provider.service.metadata.Saml2MetadataResponse
 
Saml2MetadataResponseResolver - Interface in org.springframework.security.saml2.provider.service.metadata
Resolves Relying Party SAML 2.0 Metadata given details from the HttpServletRequest.
Saml2ParameterNames - Class in org.springframework.security.saml2.core
Standard parameter names defined in the SAML 2.0 Specification and used by the Authentication Request, Assertion Consumer Response, Logout Request, and Logout Response endpoints.
Saml2PostAuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
Data holder for information required to send an AuthNRequest over a POST binding from the service provider to the identity provider https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)
Saml2PostAuthenticationRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication
Builder class for a Saml2PostAuthenticationRequest object.
Saml2RedirectAuthenticationRequest - Class in org.springframework.security.saml2.provider.service.authentication
Data holder for information required to send an AuthNRequest over a REDIRECT binding from the service provider to the identity provider https://www.oasis-open.org/committees/download.php/35711/sstc-saml-core-errata-2.0-wd-06-diff.pdf (line 2031)
Saml2RedirectAuthenticationRequest.Builder - Class in org.springframework.security.saml2.provider.service.authentication
Builder class for a Saml2RedirectAuthenticationRequest object.
Saml2RelyingPartyInitiatedLogoutSuccessHandler - Class in org.springframework.security.saml2.provider.service.web.authentication.logout
A success handler for issuing a SAML 2.0 Logout Request to the SAML 2.0 Asserting Party
Saml2RelyingPartyInitiatedLogoutSuccessHandler(Saml2LogoutRequestResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler
Constructs a Saml2RelyingPartyInitiatedLogoutSuccessHandler using the provided parameters
Saml2ResponseValidatorResult - Class in org.springframework.security.saml2.core
A result emitted from a SAML 2.0 Response validation attempt
Saml2WebSsoAuthenticationFilter - Class in org.springframework.security.saml2.provider.service.web.authentication
 
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
Creates a Saml2WebSsoAuthenticationFilter authentication filter that is configured to use the Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI processing URL
Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository, String) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
Creates a Saml2WebSsoAuthenticationFilter authentication filter
Saml2WebSsoAuthenticationFilter(AuthenticationConverter) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
Saml2WebSsoAuthenticationFilter(AuthenticationConverter, String) - Constructor for class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
Creates a Saml2WebSsoAuthenticationFilter given the provided parameters
Saml2WebSsoAuthenticationRequestFilter - Class in org.springframework.security.saml2.provider.service.web
This Filter formulates a SAML 2.0 AuthnRequest (line 1968) and redirects to a configured asserting party.
Saml2WebSsoAuthenticationRequestFilter(Saml2AuthenticationRequestResolver) - Constructor for class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter
Construct a Saml2WebSsoAuthenticationRequestFilter with the strategy for resolving the AuthnRequest
Saml2X509Credential - Class in org.springframework.security.saml2.core
An object for holding a public certificate, any associated private key, and its intended usages (Line 584, Section 4.3 Credentials).
Saml2X509Credential(X509Certificate, Saml2X509Credential.Saml2X509CredentialType...) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential
Creates a Saml2X509Credential using the provided parameters
Saml2X509Credential(PrivateKey, X509Certificate, Set<Saml2X509Credential.Saml2X509CredentialType>) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential
Creates a Saml2X509Credential using the provided parameters
Saml2X509Credential(PrivateKey, X509Certificate, Saml2X509Credential.Saml2X509CredentialType...) - Constructor for class org.springframework.security.saml2.core.Saml2X509Credential
Creates a Saml2X509Credential using the provided parameters
Saml2X509Credential.Saml2X509CredentialType - Enum Class in org.springframework.security.saml2.core
 
samlRequest(String) - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Sets the SAMLRequest parameter that will accompany this AuthNRequest
samlRequest(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.Builder
Use this signed and serialized and Base64-encoded <saml2:LogoutRequest> Note that if using the Redirect binding, the value should be deflated and then Base64-encoded.
samlResponse(String) - Method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse.Builder
Use this signed and serialized and Base64-encoded <saml2:LogoutResponse> Note that if using the Redirect binding, the value should be deflated and then Base64-encoded.
SamlServiceProperties - Class in org.springframework.security.cas
Sets the appropriate parameters for CAS's implementation of SAML (which is not guaranteed to be actually SAML compliant).
SamlServiceProperties() - Constructor for class org.springframework.security.cas.SamlServiceProperties
 
save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.NoOpServerSecurityContextRepository
 
save(ServerWebExchange, SecurityContext) - Method in interface org.springframework.security.web.server.context.ServerSecurityContextRepository
Saves the SecurityContext
save(ServerWebExchange, SecurityContext) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
 
saveAuthenticationRequest(AbstractSaml2AuthenticationRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.HttpSessionSaml2AuthenticationRequestRepository
 
saveAuthenticationRequest(T, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository
Saves the current authentication request using the HttpServletRequest and HttpServletResponse
saveAuthorizationRequest(OAuth2AuthorizationRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
 
saveAuthorizationRequest(OAuth2AuthorizationRequest, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
 
saveAuthorizationRequest(T, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
Persists the OAuth2AuthorizationRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.
saveAuthorizationRequest(T, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository
Persists the OAuth2AuthorizationRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in interface org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication) - Method in interface org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository
Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
 
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in interface org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository
Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).
saveAuthorizedClient(OAuth2AuthorizedClient, Authentication, ServerWebExchange) - Method in class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
 
saveContext(SecurityContext) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
Implements the logic for storing the security context.
saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.DelegatingSecurityContextRepository
 
saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
 
saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
 
saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
 
saveContext(SecurityContext, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.context.SecurityContextRepository
Stores the security context on completion of a request.
SaveContextOnUpdateOrErrorResponseWrapper - Class in org.springframework.security.web.context
SaveContextOnUpdateOrErrorResponseWrapper(HttpServletResponse, boolean) - Constructor for class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
 
SavedCookie - Class in org.springframework.security.web.savedrequest
Stores off the values of a cookie in a serializable holder
SavedCookie(Cookie) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
 
SavedCookie(String, String, String, int, String, boolean) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
 
SavedCookie(String, String, String, String, int, String, boolean, int) - Constructor for class org.springframework.security.web.savedrequest.SavedCookie
Deprecated, for removal: This API element is subject to removal in a future version.
SavedRequest - Interface in org.springframework.security.web.savedrequest
Encapsulates the functionality required of a cached request for both an authentication mechanism (typically form-based login) to redirect to the original URL and for a RequestCache to build a wrapped request, reproducing the original request data.
SavedRequestAwareAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
An authentication success strategy which can make use of the DefaultSavedRequest which may have been stored in the session by the ExceptionTranslationFilter.
SavedRequestAwareAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
 
saveException(HttpServletRequest, AuthenticationException) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
Caches the AuthenticationException for use in view rendering.
saveLogoutRequest(Saml2LogoutRequest, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository
Persists the Saml2LogoutRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.
saveLogoutRequest(Saml2LogoutRequest, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository
Persists the Saml2LogoutRequest associating it to the provided HttpServletRequest and/or HttpServletResponse.
saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
 
saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
Stores the current request, provided the configuration properties allow it.
saveRequest(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.savedrequest.NullRequestCache
 
saveRequest(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.savedrequest.RequestCache
Caches the current request for later retrieval, once authentication has taken place.
saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
 
saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.NoOpServerRequestCache
 
saveRequest(ServerWebExchange) - Method in interface org.springframework.security.web.server.savedrequest.ServerRequestCache
Save the ServerHttpRequest
saveRequest(ServerWebExchange) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
 
saveSessionInformation(ReactiveSessionInformation) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
saveSessionInformation(ReactiveSessionInformation) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
saveSessionInformation(OidcSessionInformation) - Method in class org.springframework.security.oauth2.client.oidc.server.session.InMemoryReactiveOidcSessionRegistry
 
saveSessionInformation(OidcSessionInformation) - Method in interface org.springframework.security.oauth2.client.oidc.server.session.ReactiveOidcSessionRegistry
Register a OIDC Provider session with the provided client session.
saveSessionInformation(OidcSessionInformation) - Method in class org.springframework.security.oauth2.client.oidc.session.InMemoryOidcSessionRegistry
 
saveSessionInformation(OidcSessionInformation) - Method in interface org.springframework.security.oauth2.client.oidc.session.OidcSessionRegistry
Register a OIDC Provider session with the provided client session.
saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
 
saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.csrf.CsrfTokenRepository
Saves the CsrfToken using the HttpServletRequest and HttpServletResponse.
saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
 
saveToken(CsrfToken, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
Deprecated.
Does nothing if the CsrfToken is not null.
saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
 
saveToken(ServerWebExchange, CsrfToken) - Method in interface org.springframework.security.web.server.csrf.ServerCsrfTokenRepository
Saves the CsrfToken using the ServerWebExchange.
saveToken(ServerWebExchange, CsrfToken) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
 
scan(Method, Class<?>) - Method in interface org.springframework.security.core.annotation.SecurityAnnotationScanner
Scan for an annotation of type A, starting from the given method.
scan(Parameter) - Method in interface org.springframework.security.core.annotation.SecurityAnnotationScanner
Scan for an annotation of type A, starting from the given method parameter.
schedule(Runnable, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
 
schedule(Runnable, Instant) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
schedule(Runnable, Date) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
schedule(Runnable, Trigger) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
schedule(Callable<V>, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
 
scheduleAtFixedRate(Runnable, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleAtFixedRate(Runnable, long, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
 
scheduleAtFixedRate(Runnable, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleAtFixedRate(Runnable, Instant, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleAtFixedRate(Runnable, Date, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleWithFixedDelay(Runnable, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleWithFixedDelay(Runnable, long, long, TimeUnit) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextScheduledExecutorService
 
scheduleWithFixedDelay(Runnable, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleWithFixedDelay(Runnable, Instant, Duration) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scheduleWithFixedDelay(Runnable, Date, long) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextTaskScheduler
 
scope(String...) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the scope(s) used for the client.
scope(String...) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the scope(s).
scope(Collection<String>) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the scope(s) used for the client.
SCOPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
scope - used in Authorization Request, Authorization Response, Access Token Request and Access Token Response.
SCOPE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
scope - The scopes for the token
scopes(Set<String>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
Sets the scope(s) associated to the access token.
scopes(Set<String>) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the scope(s).
SCryptPasswordEncoder - Class in org.springframework.security.crypto.scrypt
Implementation of PasswordEncoder that uses the SCrypt hashing function.
SCryptPasswordEncoder(int, int, int, int, int) - Constructor for class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
Constructs a SCrypt password encoder with the provided parameters.
searchForMultipleAttributeValues(String, String, Object[], String[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Performs a search using the supplied filter and returns the values of each named attribute found in all entries matched by the search.
searchForSingleAttributeValues(String, String, Object[], String) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Performs a search using the supplied filter and returns the union of the values of the named attribute found in all entries matched by the search.
searchForSingleEntry(String, String, Object[]) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Performs a search, with the requirement that the search shall return a single directory entry, and uses the supplied mapper to create the object from that entry.
searchForSingleEntryInternal(DirContext, SearchControls, String, String, Object[]) - Static method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Internal method extracted to avoid code duplication in AD search.
searchForUser(String) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
Return the LdapUserDetails containing the user's information
searchForUser(String) - Method in interface org.springframework.security.ldap.search.LdapUserSearch
Locates a single user in the directory and returns the LDAP information for that user.
SECURE_RESULT - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
SecureChannelProcessor - Class in org.springframework.security.web.access.channel
Ensures channel security is active by review of HttpServletRequest.isSecure() responses.
SecureChannelProcessor() - Constructor for class org.springframework.security.web.access.channel.SecureChannelProcessor
 
secured() - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the Secured annotation
secured(AuthorizationManager<MethodInvocation>) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the Secured annotation
secured(SecuredAuthorizationManager) - Static method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Creates an interceptor for the Secured annotation
Secured - Annotation Interface in org.springframework.security.access.annotation
Java 5 annotation for describing service layer security attributes.
SECURED - Enum constant in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
 
SecuredAnnotationSecurityMetadataSource - Class in org.springframework.security.access.annotation
SecuredAnnotationSecurityMetadataSource() - Constructor for class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
Deprecated.
 
SecuredAnnotationSecurityMetadataSource(AnnotationMetadataExtractor) - Constructor for class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource
Deprecated.
 
SecuredAuthorizationManager - Class in org.springframework.security.authorization.method
An AuthorizationManager which can determine if an Authentication may invoke the MethodInvocation by evaluating if the Authentication contains a specified authority from the Spring Security's Secured annotation.
SecuredAuthorizationManager() - Constructor for class org.springframework.security.authorization.method.SecuredAuthorizationManager
 
SecuredAuthorizationMethodInterceptor() - Constructor for class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
 
securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
Deprecated.
Determines if Spring Security's Secured annotations should be enabled.
securedEnabled() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
Determines if Spring Security's Secured annotation should be enabled.
secureRandom() - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
Create a BytesKeyGenerator that uses a SecureRandom to generate keys of 8 bytes in length.
secureRandom(int) - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
Create a BytesKeyGenerator that uses a SecureRandom to generate keys of a custom length.
SecureRandomFactoryBean - Class in org.springframework.security.core.token
Creates a SecureRandom instance.
SecureRandomFactoryBean() - Constructor for class org.springframework.security.core.token.SecureRandomFactoryBean
 
SECURITY_CONTEXT_SERVER_WEB_EXCHANGE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
SecurityAnnotationScanner<A extends Annotation> - Interface in org.springframework.security.core.annotation
An interface to scan for and synthesize an annotation on a type, method, or method parameter into an annotation of type <A>.
SecurityAnnotationScanners - Class in org.springframework.security.core.annotation
Factory for creating SecurityAnnotationScanner instances.
SecurityBuilder<O> - Interface in org.springframework.security.config.annotation
Interface for building an Object
securityCheck(Acl, int) - Method in interface org.springframework.security.acls.domain.AclAuthorizationStrategy
 
securityCheck(Acl, int) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
 
SecurityConfig - Class in org.springframework.security.access
Stores a ConfigAttribute as a String.
SecurityConfig(String) - Constructor for class org.springframework.security.access.SecurityConfig
 
SecurityConfigurer<O,B extends SecurityBuilder<O>> - Interface in org.springframework.security.config.annotation
Allows for configuring a SecurityBuilder.
SecurityConfigurerAdapter<O,B extends SecurityBuilder<O>> - Class in org.springframework.security.config.annotation
A base class for SecurityConfigurer that allows subclasses to only implement the methods they are interested in.
SecurityConfigurerAdapter() - Constructor for class org.springframework.security.config.annotation.SecurityConfigurerAdapter
 
securityContext() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.securityContext(Customizer) or securityContext(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
securityContext(Customizer<SecurityContextConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Sets up management of the SecurityContext on the SecurityContextHolder between HttpServletRequest's.
securityContext(SecurityContext) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Establish the specified SecurityContext to be used.
SecurityContext - Interface in org.springframework.security.core.context
Interface defining the minimum security information associated with the current thread of execution.
SecurityContextCallableProcessingInterceptor - Class in org.springframework.security.web.context.request.async
Allows for integration with Spring MVC's Callable support.
SecurityContextCallableProcessingInterceptor() - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
SecurityContextCallableProcessingInterceptor(SecurityContext) - Constructor for class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
securityContextChanged(SecurityContextChangedEvent) - Method in class org.springframework.security.core.context.ObservationSecurityContextChangedListener
securityContextChanged(SecurityContextChangedEvent) - Method in interface org.springframework.security.core.context.SecurityContextChangedListener
 
SecurityContextChangedEvent - Class in org.springframework.security.core.context
An event that represents a change in SecurityContext
SecurityContextChangedEvent(Supplier<SecurityContext>, Supplier<SecurityContext>) - Constructor for class org.springframework.security.core.context.SecurityContextChangedEvent
Construct an event
SecurityContextChangedEvent(SecurityContext, SecurityContext) - Constructor for class org.springframework.security.core.context.SecurityContextChangedEvent
Construct an event
SecurityContextChangedListener - Interface in org.springframework.security.core.context
securityContextChannelInterceptor() - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
SecurityContextChannelInterceptor - Class in org.springframework.security.messaging.context
Creates a ExecutorChannelInterceptor that will obtain the Authentication from the specified Message.getHeaders().
SecurityContextChannelInterceptor() - Constructor for class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
Creates a new instance using the header of the name SimpMessageHeaderAccessor.USER_HEADER.
SecurityContextChannelInterceptor(String) - Constructor for class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
Creates a new instance that uses the specified header to obtain the Authentication.
SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Allows persisting and restoring of the SecurityContext found on the SecurityContextHolder for each request by configuring the SecurityContextPersistenceFilter.
SecurityContextConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
Creates a new instance
SecurityContextHolder - Class in org.springframework.security.core.context
Associates a given SecurityContext with the current execution thread.
SecurityContextHolder() - Constructor for class org.springframework.security.core.context.SecurityContextHolder
 
SecurityContextHolderAwareRequestFilter - Class in org.springframework.security.web.servletapi
A Filter which populates the ServletRequest with a request wrapper which implements the servlet API security methods.
SecurityContextHolderAwareRequestFilter() - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
 
SecurityContextHolderAwareRequestWrapper - Class in org.springframework.security.web.servletapi
A Spring Security-aware HttpServletRequestWrapper, which uses the SecurityContext-defined Authentication object to implement the servlet API security methods: SecurityContextHolderAwareRequestWrapper.getUserPrincipal() SecurityContextHolderAwareRequestWrapper.isUserInRole(String) HttpServletRequestWrapper.getRemoteUser().
SecurityContextHolderAwareRequestWrapper(HttpServletRequest, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
Creates a new instance with AuthenticationTrustResolverImpl.
SecurityContextHolderAwareRequestWrapper(HttpServletRequest, AuthenticationTrustResolver, String) - Constructor for class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
Creates a new instance
SecurityContextHolderFilter - Class in org.springframework.security.web.context
A Filter that uses the SecurityContextRepository to obtain the SecurityContext and set it on the SecurityContextHolder.
SecurityContextHolderFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextHolderFilter
Creates a new instance.
SecurityContextHolderStrategy - Interface in org.springframework.security.core.context
A strategy for storing security context information against a thread.
SecurityContextImpl - Class in org.springframework.security.core.context
Base implementation of SecurityContext.
SecurityContextImpl() - Constructor for class org.springframework.security.core.context.SecurityContextImpl
 
SecurityContextImpl(Authentication) - Constructor for class org.springframework.security.core.context.SecurityContextImpl
 
SecurityContextLoginModule - Class in org.springframework.security.authentication.jaas
An implementation of LoginModule that uses a Spring Security SecurityContext to provide authentication.
SecurityContextLoginModule() - Constructor for class org.springframework.security.authentication.jaas.SecurityContextLoginModule
 
SecurityContextLogoutHandler - Class in org.springframework.security.web.authentication.logout
Performs a logout by modifying the SecurityContextHolder.
SecurityContextLogoutHandler() - Constructor for class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
 
SecurityContextPersistenceFilter - Class in org.springframework.security.web.context
SecurityContextPersistenceFilter() - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter
Deprecated.
 
SecurityContextPersistenceFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.context.SecurityContextPersistenceFilter
Deprecated.
 
SecurityContextPropagationChannelInterceptor - Class in org.springframework.security.messaging.context
An ExecutorChannelInterceptor that takes an Authentication from the current SecurityContext (if any) in the SecurityContextPropagationChannelInterceptor.preSend(Message, MessageChannel) callback and stores it into an SecurityContextPropagationChannelInterceptor.authenticationHeaderName message header.
SecurityContextPropagationChannelInterceptor() - Constructor for class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
Create a new instance using the header of the name SimpMessageHeaderAccessor.USER_HEADER.
SecurityContextPropagationChannelInterceptor(String) - Constructor for class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
Create a new instance that uses the specified header to populate the Authentication.
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
 
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer
Specifies a custom SecurityContextRepository to use for basic authentication.
securityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer
Specifies the shared SecurityContextRepository that is to be used
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec
The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec
The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec
The ServerSecurityContextRepository used to save the Authentication.
securityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
The strategy used with ReactorContextWebFilter.
SecurityContextRepository - Interface in org.springframework.security.web.context
Strategy used for persisting a SecurityContext between requests.
SecurityContextServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
A ServerLogoutHandler which removes the SecurityContext using the provided ServerSecurityContextRepository
SecurityContextServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
 
SecurityContextServerWebExchange - Class in org.springframework.security.web.server.context
Overrides the ServerWebExchange.getPrincipal() with the provided SecurityContext
SecurityContextServerWebExchange(ServerWebExchange, Mono<SecurityContext>) - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchange
 
SecurityContextServerWebExchangeWebFilter - Class in org.springframework.security.web.server.context
Override the ServerWebExchange.getPrincipal() to be looked up using ReactiveSecurityContextHolder.
SecurityContextServerWebExchangeWebFilter() - Constructor for class org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter
 
SecurityDebugBeanFactoryPostProcessor - Class in org.springframework.security.config.debug
 
SecurityDebugBeanFactoryPostProcessor() - Constructor for class org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor
 
SecurityEvaluationContextExtension - Class in org.springframework.security.data.repository.query
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.
SecurityEvaluationContextExtension() - Constructor for class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
Creates a new instance that uses the current Authentication found on the SecurityContextHolder.
SecurityEvaluationContextExtension(Authentication) - Constructor for class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
Creates a new instance that always uses the same Authentication object.
SecurityExpressionHandler<T> - Interface in org.springframework.security.access.expression
Facade which isolates Spring Security's requirements for evaluating security expressions from the implementation of the underlying expression objects
SecurityExpressionOperations - Interface in org.springframework.security.access.expression
Standard interface for expression root objects used with expression-based security.
SecurityExpressionRoot - Class in org.springframework.security.access.expression
Base root object for use in Spring Security expression evaluations.
SecurityExpressionRoot(Supplier<Authentication>) - Constructor for class org.springframework.security.access.expression.SecurityExpressionRoot
Creates a new instance that uses lazy initialization of the Authentication object.
SecurityExpressionRoot(Authentication) - Constructor for class org.springframework.security.access.expression.SecurityExpressionRoot
Creates a new instance
SecurityFilterChain - Interface in org.springframework.security.web
Defines a filter chain which is capable of being matched against an HttpServletRequest.
SecurityHeaders - Class in org.springframework.security.web.http
Utilities for interacting with HttpHeaders
SecurityHintsRegistrar - Interface in org.springframework.security.aot.hint
An interface for registering AOT hints.
SecurityJackson2Modules - Class in org.springframework.security.jackson2
This utility class will find all the SecurityModules in classpath.
securityMatcher(String...) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring the HttpSecurity to only be invoked when matching the provided pattern.
securityMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
The ServerExchangeMatcher that determines which requests apply to this HttpSecurity instance.
securityMatcher(RequestMatcher) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring the HttpSecurity to only be invoked when matching the provided RequestMatcher.
securityMatchers() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.securityMatchers(Customizer) or securityMatchers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
securityMatchers(Customizer<HttpSecurity.RequestMatcherConfigurer>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.
SecurityMetadataSource - Interface in org.springframework.security.access
Implemented by classes that store and can identify the ConfigAttributes that applies to a given secure object invocation.
SecurityMockMvcConfigurers - Class in org.springframework.security.test.web.servlet.setup
Provides Security related MockMvcConfigurer implementations.
SecurityMockMvcRequestBuilders - Class in org.springframework.security.test.web.servlet.request
Contains Spring Security related MockMvc RequestBuilders.
SecurityMockMvcRequestBuilders.FormLoginRequestBuilder - Class in org.springframework.security.test.web.servlet.request
Creates a form based login request including any necessary CsrfToken.
SecurityMockMvcRequestBuilders.LogoutRequestBuilder - Class in org.springframework.security.test.web.servlet.request
Creates a logout request (including any necessary CsrfToken)
SecurityMockMvcRequestPostProcessors - Class in org.springframework.security.test.web.servlet.request
Contains MockMvc RequestPostProcessor implementations for Spring Security.
SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
Populates a valid CsrfToken into the request.
SecurityMockMvcRequestPostProcessors.DigestRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
 
SecurityMockMvcRequestPostProcessors.JwtRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
 
SecurityMockMvcRequestPostProcessors.OAuth2ClientRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
 
SecurityMockMvcRequestPostProcessors.OAuth2LoginRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
 
SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
 
SecurityMockMvcRequestPostProcessors.OpaqueTokenRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
 
SecurityMockMvcRequestPostProcessors.UserRequestPostProcessor - Class in org.springframework.security.test.web.servlet.request
Creates a UsernamePasswordAuthenticationToken and sets the principal to be a User and associates it to the MockHttpServletRequest.
SecurityMockMvcResultHandlers - Class in org.springframework.security.test.web.servlet.response
Security related MockMvc ResultHandlers
SecurityMockMvcResultMatchers - Class in org.springframework.security.test.web.servlet.response
Security related MockMvc ResultMatchers.
SecurityMockMvcResultMatchers.AuthenticatedMatcher - Class in org.springframework.security.test.web.servlet.response
A MockMvc ResultMatcher that verifies a specific user is associated to the MvcResult.
SecurityMockServerConfigurers - Class in org.springframework.security.test.web.reactive.server
Test utilities for working with Spring Security and WebTestClient.Builder.apply(WebTestClientConfigurer).
SecurityMockServerConfigurers.CsrfMutator - Class in org.springframework.security.test.web.reactive.server
 
SecurityMockServerConfigurers.JwtMutator - Class in org.springframework.security.test.web.reactive.server
Updates the WebServerExchange using {@link SecurityMockServerConfigurers#mockAuthentication(Authentication)}.
SecurityMockServerConfigurers.OAuth2ClientMutator - Class in org.springframework.security.test.web.reactive.server
 
SecurityMockServerConfigurers.OAuth2LoginMutator - Class in org.springframework.security.test.web.reactive.server
 
SecurityMockServerConfigurers.OidcLoginMutator - Class in org.springframework.security.test.web.reactive.server
 
SecurityMockServerConfigurers.OpaqueTokenMutator - Class in org.springframework.security.test.web.reactive.server
 
SecurityMockServerConfigurers.UserExchangeMutator - Class in org.springframework.security.test.web.reactive.server
Updates the WebServerExchange using {@link SecurityMockServerConfigurers#mockUser(UserDetails)}.
SecurityNamespaceHandler - Class in org.springframework.security.config
Parses elements from the "security" namespace (http://www.springframework.org/schema/security).
SecurityNamespaceHandler() - Constructor for class org.springframework.security.config.SecurityNamespaceHandler
 
SecuritySocketAcceptorInterceptor - Class in org.springframework.security.rsocket.core
A SocketAcceptorInterceptor that applies Security through a delegate SocketAcceptorInterceptor.
SecuritySocketAcceptorInterceptor(SocketAcceptorInterceptor) - Constructor for class org.springframework.security.rsocket.core.SecuritySocketAcceptorInterceptor
 
SecurityTestExecutionListeners - Annotation Interface in org.springframework.security.test.context.annotation
There are many times a user may want to use Spring Security's test support (i.e.
SecurityWebApplicationContextUtils - Class in org.springframework.security.web.context.support
Spring Security extension to Spring's WebApplicationContextUtils.
SecurityWebApplicationContextUtils() - Constructor for class org.springframework.security.web.context.support.SecurityWebApplicationContextUtils
 
SecurityWebFilterChain - Interface in org.springframework.security.web.server
Defines a filter chain which is capable of being matched against a ServerWebExchange in order to decide whether it applies to that request.
SecurityWebFiltersOrder - Enum Class in org.springframework.security.config.web.server
 
SELF_SIGNED_TLS_CLIENT_AUTH - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
sendError(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendError()
sendError(int, String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendError()
sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in class org.springframework.security.web.DefaultRedirectStrategy
Redirects the response to the supplied URL.
sendRedirect(HttpServletRequest, HttpServletResponse, String) - Method in interface org.springframework.security.web.RedirectStrategy
Performs a redirect to the supplied URL
sendRedirect(String) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
Makes sure OnCommittedResponseWrapper.onResponseCommitted() is invoked before calling the superclass sendRedirect()
sendRedirect(ServerWebExchange, URI) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
 
sendRedirect(ServerWebExchange, URI) - Method in interface org.springframework.security.web.server.ServerRedirectStrategy
Performs a redirect based upon the provided ServerWebExchange and URI
sendStartAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, AuthenticationException) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
SERIAL_VERSION_UID - Static variable in class org.springframework.security.core.SpringSecurityCoreVersion
Global Serialization value for Spring Security classes.
SERVER_ERROR - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
server_error - The authorization server encountered an unexpected condition that prevented it from fulfilling the request.
SERVER_REQUEST_CACHE - Enum constant in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
ServerAccessDeniedHandler - Interface in org.springframework.security.web.server.authorization
 
ServerAuthenticationConverter - Interface in org.springframework.security.web.server.authentication
A strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with a provided ReactiveAuthenticationManager.
ServerAuthenticationEntryPoint - Interface in org.springframework.security.web.server
Used to request authentication
ServerAuthenticationEntryPointFailureHandler - Class in org.springframework.security.web.server.authentication
ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint) - Constructor for class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
 
ServerAuthenticationFailureHandler - Interface in org.springframework.security.web.server.authentication
Handles authentication failure
ServerAuthenticationSuccessHandler - Interface in org.springframework.security.web.server.authentication
Handles authentication success
ServerAuthorizationRequestRepository<T extends OAuth2AuthorizationRequest> - Interface in org.springframework.security.oauth2.client.web.server
Implementations of this interface are responsible for the persistence of OAuth2AuthorizationRequest between requests.
ServerBearerExchangeFilterFunction - Class in org.springframework.security.oauth2.server.resource.web.reactive.function.client
An ExchangeFilterFunction that adds the Bearer Token from an existing OAuth2Token tied to the current Authentication.
ServerBearerExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServerBearerExchangeFilterFunction
 
ServerBearerTokenAuthenticationConverter - Class in org.springframework.security.oauth2.server.resource.web.server.authentication
A strategy for resolving Bearer Tokens from the ServerWebExchange.
ServerBearerTokenAuthenticationConverter() - Constructor for class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
 
ServerCsrfTokenRepository - Interface in org.springframework.security.web.server.csrf
An API to allow changing the method in which the expected CsrfToken is associated to the ServerWebExchange.
ServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf
An implementation of the ServerCsrfTokenRequestHandler interface that is capable of making the CsrfToken available as an exchange attribute and resolving the token value as either a form data value or header of the request.
ServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
 
ServerCsrfTokenRequestHandler - Interface in org.springframework.security.web.server.csrf
A callback interface that is used to make the CsrfToken created by the ServerCsrfTokenRepository available as an exchange attribute.
ServerCsrfTokenRequestResolver - Interface in org.springframework.security.web.server.csrf
Implementations of this interface are capable of resolving the token value of a CsrfToken from the provided ServerWebExchange.
ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server.authentication
Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form data HTTP parameters.
ServerFormLoginAuthenticationConverter - Class in org.springframework.security.web.server
Deprecated.
ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter
 
ServerFormLoginAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
Deprecated.
 
ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server.authentication
Converts from a ServerWebExchange to an Authentication that can be authenticated.
ServerHttpBasicAuthenticationConverter - Class in org.springframework.security.web.server
Deprecated.
ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter
 
ServerHttpBasicAuthenticationConverter() - Constructor for class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Deprecated.
 
ServerHttpHeadersWriter - Interface in org.springframework.security.web.server.header
Interface for writing headers just before the response is committed.
ServerHttpSecurity - Class in org.springframework.security.config.web.server
A ServerHttpSecurity is similar to Spring Security's HttpSecurity but for WebFlux.
ServerHttpSecurity() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity
 
ServerHttpSecurity.AnonymousSpec - Class in org.springframework.security.config.web.server
Configures anonymous authentication
ServerHttpSecurity.AuthorizeExchangeSpec - Class in org.springframework.security.config.web.server
Configures authorization
ServerHttpSecurity.AuthorizeExchangeSpec.Access - Class in org.springframework.security.config.web.server
Configures the access for a particular set of exchanges.
ServerHttpSecurity.CorsSpec - Class in org.springframework.security.config.web.server
Configures CORS support within Spring Security.
ServerHttpSecurity.CsrfSpec - Class in org.springframework.security.config.web.server
Configures CSRF Protection
ServerHttpSecurity.ExceptionHandlingSpec - Class in org.springframework.security.config.web.server
Configures exception handling
ServerHttpSecurity.FormLoginSpec - Class in org.springframework.security.config.web.server
Configures Form Based authentication
ServerHttpSecurity.HeaderSpec - Class in org.springframework.security.config.web.server
Configures HTTP Response Headers.
ServerHttpSecurity.HeaderSpec.CacheSpec - Class in org.springframework.security.config.web.server
Configures cache control headers
ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec - Class in org.springframework.security.config.web.server
Configures Content-Security-Policy response header.
ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec - Class in org.springframework.security.config.web.server
The content type headers
ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec - Class in org.springframework.security.config.web.server
Configures the Cross-Origin-Embedder-Policy header
ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec - Class in org.springframework.security.config.web.server
Configures the Cross-Origin-Opener-Policy header
ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec - Class in org.springframework.security.config.web.server
Configures the Cross-Origin-Resource-Policy header
ServerHttpSecurity.HeaderSpec.FeaturePolicySpec - Class in org.springframework.security.config.web.server
Configures Feature-Policy response header.
ServerHttpSecurity.HeaderSpec.FrameOptionsSpec - Class in org.springframework.security.config.web.server
Configures frame options response header
ServerHttpSecurity.HeaderSpec.HstsSpec - Class in org.springframework.security.config.web.server
Configures Strict Transport Security response header
ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec - Class in org.springframework.security.config.web.server
Configures Permissions-Policy response header.
ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec - Class in org.springframework.security.config.web.server
Configures Referrer-Policy response header.
ServerHttpSecurity.HeaderSpec.XssProtectionSpec - Class in org.springframework.security.config.web.server
Configures x-xss-protection response header
ServerHttpSecurity.HttpBasicSpec - Class in org.springframework.security.config.web.server
Configures HTTP Basic Authentication
ServerHttpSecurity.HttpsRedirectSpec - Class in org.springframework.security.config.web.server
Configures HTTPS redirection rules
ServerHttpSecurity.LogoutSpec - Class in org.springframework.security.config.web.server
Configures log out
ServerHttpSecurity.OAuth2ClientSpec - Class in org.springframework.security.config.web.server
 
ServerHttpSecurity.OAuth2LoginSpec - Class in org.springframework.security.config.web.server
 
ServerHttpSecurity.OAuth2ResourceServerSpec - Class in org.springframework.security.config.web.server
Configures OAuth2 Resource Server Support
ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec - Class in org.springframework.security.config.web.server
Configures JWT Resource Server Support
ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec - Class in org.springframework.security.config.web.server
Configures Opaque Token Resource Server support
ServerHttpSecurity.OidcLogoutSpec - Class in org.springframework.security.config.web.server
Configures OIDC 1.0 Logout support
ServerHttpSecurity.OidcLogoutSpec.BackChannelLogoutConfigurer - Class in org.springframework.security.config.web.server
A configurer for configuring OIDC Back-Channel Logout
ServerHttpSecurity.PasswordManagementSpec - Class in org.springframework.security.config.web.server
Configures password management.
ServerHttpSecurity.RequestCacheSpec - Class in org.springframework.security.config.web.server
Configures the request cache which is used when a flow is interrupted (i.e.
ServerHttpSecurity.SessionManagementSpec - Class in org.springframework.security.config.web.server
Configures how sessions are managed.
ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec - Class in org.springframework.security.config.web.server
Configures how many sessions are allowed for a given user.
ServerHttpSecurity.X509Spec - Class in org.springframework.security.config.web.server
Configures X509 authentication
ServerLogoutHandler - Interface in org.springframework.security.web.server.authentication.logout
Handles log out
ServerLogoutSuccessHandler - Interface in org.springframework.security.web.server.authentication.logout
Strategy for when log out was successfully performed (typically after ServerLogoutHandler is invoked).
ServerMaximumSessionsExceededHandler - Interface in org.springframework.security.web.server.authentication
Strategy for handling the scenario when the maximum number of sessions for a user has been reached.
ServerOAuth2AuthorizationCodeAuthenticationTokenConverter - Class in org.springframework.security.oauth2.client.web.server
Converts from a ServerWebExchange to an OAuth2AuthorizationCodeAuthenticationToken that can be authenticated.
ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(ReactiveClientRegistrationRepository) - Constructor for class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
 
ServerOAuth2AuthorizationRequestResolver - Interface in org.springframework.security.oauth2.client.web.server
Implementations of this interface are capable of resolving an OAuth2AuthorizationRequest from the provided ServerWebExchange.
ServerOAuth2AuthorizedClientExchangeFilterFunction - Class in org.springframework.security.oauth2.client.web.reactive.function.client
Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth2 requests by including the token as a Bearer Token.
ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Constructs a ServerOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.
ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Constructs a ServerOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.
ServerOAuth2AuthorizedClientRepository - Interface in org.springframework.security.oauth2.client.web.server
Implementations of this interface are responsible for the persistence of Authorized Client(s) between requests.
ServerRedirectStrategy - Interface in org.springframework.security.web.server
A strategy for performing redirects.
ServerRequestCache - Interface in org.springframework.security.web.server.savedrequest
Saves a ServerHttpRequest so it can be "replayed" later.
ServerRequestCacheWebFilter - Class in org.springframework.security.web.server.savedrequest
A WebFilter that replays any matching request in ServerRequestCache
ServerRequestCacheWebFilter() - Constructor for class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
 
ServerSecurityContextRepository - Interface in org.springframework.security.web.server.context
Strategy used for persisting a SecurityContext between requests.
serverWebExchange(ServerWebExchange) - Static method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Modifies the ClientRequest.attributes() to include the ServerWebExchange to be used for providing the Bearer Token.
ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver - Class in org.springframework.security.web.server.authentication
ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder - Class in org.springframework.security.web.server.authentication
ServerWebExchangeDelegatingServerAccessDeniedHandler - Class in org.springframework.security.web.server.authorization
ServerWebExchangeDelegatingServerAccessDeniedHandler(List<ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry>) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
Creates a new instance
ServerWebExchangeDelegatingServerAccessDeniedHandler(ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry...) - Constructor for class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
Creates a new instance
ServerWebExchangeDelegatingServerAccessDeniedHandler.DelegateEntry - Class in org.springframework.security.web.server.authorization
 
ServerWebExchangeDelegatingServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcherEntry<ServerHttpHeadersWriter>) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter
Creates a new instance
ServerWebExchangeDelegatingServerHttpHeadersWriter(ServerWebExchangeMatcher, ServerHttpHeadersWriter) - Constructor for class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter
Creates a new instance
ServerWebExchangeMatcher - Interface in org.springframework.security.web.server.util.matcher
An interface for determining if a ServerWebExchangeMatcher matches.
ServerWebExchangeMatcher.MatchResult - Class in org.springframework.security.web.server.util.matcher
The result of matching
ServerWebExchangeMatcherEntry<T> - Class in org.springframework.security.web.server.util.matcher
A rich object for associating a ServerWebExchangeMatcher to another object.
ServerWebExchangeMatcherEntry(ServerWebExchangeMatcher, T) - Constructor for class org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcherEntry
 
ServerWebExchangeMatchers - Class in org.springframework.security.web.server.util.matcher
Provides factory methods for creating common ServerWebExchangeMatcher
ServerX509AuthenticationConverter - Class in org.springframework.security.web.server.authentication
Converts from a SslInfo provided by a request to an PreAuthenticatedAuthenticationToken that can be authenticated.
ServerX509AuthenticationConverter(X509PrincipalExtractor) - Constructor for class org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter
 
ServiceAuthenticationDetails - Interface in org.springframework.security.cas.authentication
In order for the CasAuthenticationProvider to provide the correct service url to authenticate the ticket, the returned value of Authentication.getDetails() should implement this interface when tickets can be sent to any URL rather than only ServiceProperties.getService().
ServiceAuthenticationDetails - Interface in org.springframework.security.cas.web.authentication
Deprecated.
Please use org.springframework.security.cas.authentication.ServiceAuthenticationDetails
ServiceAuthenticationDetailsSource - Class in org.springframework.security.cas.web.authentication
The AuthenticationDetailsSource that is set on the CasAuthenticationFilter should return a value that implements ServiceAuthenticationDetails if the application needs to authenticate dynamic service urls.
ServiceAuthenticationDetailsSource(ServiceProperties) - Constructor for class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
Creates an implementation that uses the specified ServiceProperties and the default CAS artifactParameterName.
ServiceAuthenticationDetailsSource(ServiceProperties, String) - Constructor for class org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource
Creates an implementation that uses the specified artifactParameterName
ServiceProperties - Class in org.springframework.security.cas
Stores properties related to this CAS service.
ServiceProperties() - Constructor for class org.springframework.security.cas.ServiceProperties
 
servletApi() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.servletApi(Customizer) or servletApi(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
servletApi(Customizer<ServletApiConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Integrates the HttpServletRequest methods with the values found on the SecurityContext.
ServletApiConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Implements select methods from the HttpServletRequest using the SecurityContext from the SecurityContextHolder.
ServletApiConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.ServletApiConfigurer
Creates a new instance
ServletBearerExchangeFilterFunction - Class in org.springframework.security.oauth2.server.resource.web.reactive.function.client
An ExchangeFilterFunction that adds the Bearer Token from an existing OAuth2Token tied to the current Authentication.
ServletBearerExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.server.resource.web.reactive.function.client.ServletBearerExchangeFilterFunction
 
ServletOAuth2AuthorizedClientExchangeFilterFunction - Class in org.springframework.security.oauth2.client.web.reactive.function.client
Provides an easy mechanism for using an OAuth2AuthorizedClient to make OAuth 2.0 requests by including the access token as a bearer token.
ServletOAuth2AuthorizedClientExchangeFilterFunction() - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
 
ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.
ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository) - Constructor for class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Constructs a ServletOAuth2AuthorizedClientExchangeFilterFunction using the provided parameters.
servletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.Builder
Sets the servlet path to be used by the MvcRequestMatcher generated by this builder
SESSION_MANAGEMENT - Static variable in class org.springframework.security.config.Elements
 
sessionAuthenticationErrorUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Defines the URL of the error page which should be shown when the SessionAuthenticationStrategy raises an exception.
SessionAuthenticationException - Exception in org.springframework.security.web.authentication.session
Thrown by an SessionAuthenticationStrategy or ServerSessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.
SessionAuthenticationException(String) - Constructor for exception org.springframework.security.web.authentication.session.SessionAuthenticationException
 
sessionAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Defines the AuthenticationFailureHandler which will be used when the SessionAuthenticationStrategy raises an exception.
sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.CsrfConfigurer
Specify the SessionAuthenticationStrategy to use.
sessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Allows explicitly specifying the SessionAuthenticationStrategy.
SessionAuthenticationStrategy - Interface in org.springframework.security.web.authentication.session
Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
sessionConcurrency(Customizer<SessionManagementConfigurer.ConcurrencyControlConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Controls the maximum number of sessions for a user.
sessionCreated(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
Handles the HttpSessionEvent by publishing a HttpSessionCreatedEvent to the application appContext.
SessionCreationEvent - Class in org.springframework.security.core.session
Generic session creation event which indicates that a session (potentially represented by a security context) has begun.
SessionCreationEvent(Object) - Constructor for class org.springframework.security.core.session.SessionCreationEvent
 
sessionCreationPolicy(SessionCreationPolicy) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Allows specifying the SessionCreationPolicy
SessionCreationPolicy - Enum Class in org.springframework.security.config.http
Specifies the various session creation policies for Spring Security.
sessionDestroyed(HttpSessionEvent) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
Handles the HttpSessionEvent by publishing a HttpSessionDestroyedEvent to the application appContext.
SessionDestroyedEvent - Class in org.springframework.security.core.session
Generic "session termination" event which indicates that a session (potentially represented by a security context) has ended.
SessionDestroyedEvent(Object) - Constructor for class org.springframework.security.core.session.SessionDestroyedEvent
 
sessionFixation() - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Allows changing the default SessionFixationProtectionStrategy.
sessionFixation(Customizer<SessionManagementConfigurer.SessionFixationConfigurer>) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Allows configuring session fixation protection.
SessionFixationConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.SessionFixationConfigurer
 
SessionFixationProtectionEvent - Class in org.springframework.security.web.authentication.session
Indicates a session ID was changed for the purposes of session fixation protection.
SessionFixationProtectionEvent(Authentication, String, String) - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
Constructs a new session fixation protection event.
SessionFixationProtectionStrategy - Class in org.springframework.security.web.authentication.session
Uses HttpServletRequest.invalidate() to protect against session fixation attacks.
SessionFixationProtectionStrategy() - Constructor for class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
 
sessionId(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this session id to correlate the OIDC Provider session
sessionIdChanged(HttpSessionEvent, String) - Method in class org.springframework.security.web.session.HttpSessionEventPublisher
 
SessionIdChangedEvent - Class in org.springframework.security.core.session
Generic "session ID changed" event which indicates that a session identifier (potentially represented by a security context) has changed.
SessionIdChangedEvent(Object) - Constructor for class org.springframework.security.core.session.SessionIdChangedEvent
 
SessionInformation - Class in org.springframework.security.core.session
Represents a record of a session within the Spring Security framework.
SessionInformation(Object, String, Date) - Constructor for class org.springframework.security.core.session.SessionInformation
 
SessionInformationExpiredEvent - Class in org.springframework.security.web.session
An event for when a SessionInformation is expired.
SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent
Creates a new instance
SessionInformationExpiredEvent(SessionInformation, HttpServletRequest, HttpServletResponse, FilterChain) - Constructor for class org.springframework.security.web.session.SessionInformationExpiredEvent
Creates a new instance
SessionInformationExpiredStrategy - Interface in org.springframework.security.web.session
Determines the behaviour of the ConcurrentSessionFilter when an expired session is detected in the ConcurrentSessionFilter.
SessionLimit - Interface in org.springframework.security.web.server.authentication
Represents the maximum number of sessions allowed.
sessionManagement() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.sessionManagement(Customizer) or sessionManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
sessionManagement(Customizer<SessionManagementConfigurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Allows configuring of Session Management.
sessionManagement(Customizer<ServerHttpSecurity.SessionManagementSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures Session Management.
SessionManagementConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Allows configuring session management.
SessionManagementConfigurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
Creates a new instance
SessionManagementConfigurer.ConcurrencyControlConfigurer - Class in org.springframework.security.config.annotation.web.configurers
Allows configuring controlling of multiple sessions.
SessionManagementConfigurer.SessionFixationConfigurer - Class in org.springframework.security.config.annotation.web.configurers
Allows configuring SessionFixation protection
SessionManagementFilter - Class in org.springframework.security.web.session
Detects that a user has been authenticated since the start of the request and, if they have, calls the configured SessionAuthenticationStrategy to perform any session-related activity such as activating session-fixation protection mechanisms or checking for multiple concurrent logins.
SessionManagementFilter(SecurityContextRepository) - Constructor for class org.springframework.security.web.session.SessionManagementFilter
 
SessionManagementFilter(SecurityContextRepository, SessionAuthenticationStrategy) - Constructor for class org.springframework.security.web.session.SessionManagementFilter
 
SessionManagementSpec() - Constructor for class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec
 
sessionRegistry(ReactiveSessionRegistry) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.SessionManagementSpec.ConcurrentSessionsSpec
Sets the ReactiveSessionRegistry to use.
sessionRegistry(SessionRegistry) - Method in class org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer
Controls the SessionRegistry implementation used.
SessionRegistry - Interface in org.springframework.security.core.session
Maintains a registry of SessionInformation instances.
SessionRegistryImpl - Class in org.springframework.security.core.session
Default implementation of SessionRegistry which listens for SessionDestroyedEvents published in the Spring application context.
SessionRegistryImpl() - Constructor for class org.springframework.security.core.session.SessionRegistryImpl
 
SessionRegistryImpl(ConcurrentMap<Object, Set<String>>, Map<String, SessionInformation>) - Constructor for class org.springframework.security.core.session.SessionRegistryImpl
 
set(Permission) - Method in class org.springframework.security.acls.domain.CumulativePermission
 
setAccess(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
setAccessDecisionManager(AccessDecisionManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
setAccessDeniedHandler(AccessDeniedHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter
Specifies a AccessDeniedHandler that should be used when CSRF protection fails.
setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
Sets the access denied handler.
setAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
 
setAccessibleScopes(Set<String>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Deprecated, for removal: This API element is subject to removal in a future version.
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<JwtBearerGrantRequest>) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the jwt-bearer grant.
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the client_credentials grant.
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
Deprecated.
Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the refresh_token grant.
setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the token-exchange grant.
setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<JwtBearerGrantRequest>) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the jwt-bearer grant.
setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the client_credentials grant.
setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest>) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
Deprecated.
Sets the client used when requesting an access token credential at the Token Endpoint for the password grant.
setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest>) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the refresh_token grant.
setAccessTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<TokenExchangeGrantRequest>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
Sets the client used when requesting an access token credential at the Token Endpoint for the token-exchange grant.
setAccessTokenResponseConverter(Converter<Map<String, Object>, OAuth2AccessTokenResponse>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
Sets the Converter used for converting the OAuth 2.0 Access Token Response parameters to an OAuth2AccessTokenResponse.
setAccessTokenResponseParametersConverter(Converter<OAuth2AccessTokenResponse, Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
Sets the Converter used for converting the OAuth2AccessTokenResponse to a Map representation of the OAuth 2.0 Access Token Response parameters.
setAccountNonExpired(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setAccountNonLocked(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
setAclClassIdSupported(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setActorTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
Sets the resolver used for resolving the actor token.
setActorTokenResolver(Function<OAuth2AuthorizationContext, Mono<OAuth2Token>>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
Sets the resolver used for resolving the actor token.
setAdapterRegistry(ReactiveAdapterRegistry) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
Sets the ReactiveAdapterRegistry to be used.
setAdapterRegistry(ReactiveAdapterRegistry) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
Sets the ReactiveAdapterRegistry to be used.
setAdditionalExceptionMappings(Map<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>>) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
Sets additional exception to event mappings.
setAdditionalExceptionMappings(Properties) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
setAddPrefixIfAlreadyExisting(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
 
setAdvisors(Collection<AuthorizationAdvisor>) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
setAdvisors(AuthorizationAdvisor...) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
setAfterInvocationManager(AfterInvocationManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setAlgorithm(String) - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
Allows the Pseudo Random Number Generator (PRNG) algorithm to be nominated.
setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
Sets the algorithm to use.
setAllowBackSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a backslash "\" or a URL encoded backslash "%5C" should be allowed in the path or not.
setAllowedHeaderNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines which header names should be allowed.
setAllowedHeaderValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines which header values should be allowed.
setAllowedHostnames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines which hostnames should be allowed.
setAllowedHttpMethods(Collection<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines which HTTP methods should be allowed.
setAllowedParameterNames(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines which parameter names should be allowed.
setAllowedParameterValues(Predicate<String>) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines which parameter values should be allowed.
setAllowFormEncodedBodyParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
Set if transport of access token using form-encoded body parameter is supported.
setAllowFromParameterName(String) - Method in class org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy
Deprecated.
Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.
setAllowIfAllAbstainDecisions(boolean) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
setAllowIfEqualGrantedDeniedDecisions(boolean) - Method in class org.springframework.security.access.vote.ConsensusBased
Deprecated.
 
setAllowNull(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a null "\0" or a URL encoded nul "%00" should be allowed in the path or not.
setAllowSemicolon(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if semicolon is allowed in the URL (i.e.
setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
setAllowSessionCreation(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
If set to true (the default), a session will be created (if required) to store the security context if it is determined that its contents are different from the default empty context value.
setAllowUriQueryParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
Set if transport of access token using URI query parameter is supported.
setAllowUriQueryParameter(boolean) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
Set if transport of access token using URI query parameter is supported.
setAllowUrlEncodedCarriageReturn(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a URL encoded Carriage Return is allowed in the path or not.
setAllowUrlEncodedDoubleSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if double slash "//" that is URL encoded "%2F%2F" should be allowed in the path or not.
setAllowUrlEncodedLineFeed(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a URL encoded Line Feed is allowed in the path or not.
setAllowUrlEncodedLineSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a URL encoded line separator is allowed in the path or not.
setAllowUrlEncodedParagraphSeparator(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a URL encoded paragraph separator is allowed in the path or not.
setAllowUrlEncodedPercent(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a percent "%" that is URL encoded "%25" should be allowed in the path or not.
setAllowUrlEncodedPeriod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a period "." that is URL encoded "%2E" should be allowed in the path or not.
setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.DefaultHttpFirewall
Sets if the application should allow a URL encoded slash character.
setAllowUrlEncodedSlash(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Determines if a slash "/" that is URL encoded "%2F" should be allowed in the path or not.
setAlsoHandleJavaxNamingBindExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.BindAuthenticator
Set whether javax-based bind exceptions should also be delegated to #handleBindException (only Spring-based bind exceptions are handled by default)
setAlwaysCreateSession(boolean) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
 
setAlwaysReauthenticate(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
Indicates whether the AbstractSecurityInterceptor should ignore the Authentication.isAuthenticated() property.
setAlwaysRemember(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setAlwaysUseDefaultTargetUrl(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
If true, will always redirect to the value of defaultTargetUrl (defaults to false).
setAnonymousAuthentication(Authentication) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
Allows setting the Authentication used for anonymous authentication.
setAnonymousAuthentication(Authentication) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
Configure an Authentication used for anonymous authentication.
setAnonymousAuthorizedClientRepository(OAuth2AuthorizedClientRepository) - Method in class org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository
Sets the OAuth2AuthorizedClientRepository used for requests that are unauthenticated (or anonymous).
setAnonymousAuthorizedClientRepository(ServerOAuth2AuthorizedClientRepository) - Method in class org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository
Sets the ServerOAuth2AuthorizedClientRepository used for requests that are unauthenticated (or anonymous).
setAnonymousClass(Class<? extends Authentication>) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
Invokes PostAuthorizeExpressionAttributeRegistry.setApplicationContext(ApplicationContext) with the provided ApplicationContext.
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.http.UserDetailsServiceFactoryBean
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.MethodSecurityExpressionHandlerBean
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
setApplicationContext(ApplicationContext) - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.logout.LogoutSuccessEventPublishingLogoutHandler
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
 
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
Sets the ApplicationEventPublisher to use for submitting SessionFixationProtectionEvent.
setApplicationEventPublisher(ApplicationEventPublisher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
setArtifactParameter(String) - Method in class org.springframework.security.cas.ServiceProperties
Configures the Request Parameter to look for when attempting to see if a CAS ticket was sent from the server.
setAsText(String) - Method in class org.springframework.security.core.userdetails.memory.UserAttributeEditor
 
setAsText(String) - Method in class org.springframework.security.web.util.matcher.RequestMatcherEditor
 
setAttributeNames(Set<String>) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
Sets the attribute names to retrieve for each ldap groups.
setAttributePrefix(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
 
setAttributes2grantedAuthoritiesMap(Map<?, ?>) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
Use this strategy to adapt user attributes into a format understood by Spring Security; by default, the original attributes are preserved.
setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
Use this strategy to adapt user attributes into a format understood by Spring Security; by default, the original attributes are preserved.
setAttributesToRetrieve(String[]) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setAuthenticateAllArtifacts(boolean) - Method in class org.springframework.security.cas.ServiceProperties
If true, then any non-null artifact (ticket) should be authenticated.
setAuthenticated(boolean) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
setAuthenticated(boolean) - Method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 
setAuthenticated(boolean) - Method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
setAuthenticated(boolean) - Method in interface org.springframework.security.core.Authentication
See Authentication.isAuthenticated() for a full description.
setAuthenticated(boolean) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken
The state of this object cannot be changed.
setAuthentication(Authentication) - Method in class org.springframework.security.authorization.AuthorizationObservationContext
Set the observed Authentication for this authorization
setAuthentication(Authentication) - Method in interface org.springframework.security.core.context.SecurityContext
Changes the currently authenticated principal, or removes the authentication information.
setAuthentication(Authentication) - Method in class org.springframework.security.core.context.SecurityContextImpl
 
setAuthentication(Authentication) - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
Creates a new SecurityContext with the given Authentication.
setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
setAuthenticationConverter(Converter<OAuth2TokenIntrospectionClaimAccessor, ? extends OAuth2AuthenticatedPrincipal>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
Sets the Converter<OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal> to use.
setAuthenticationConverter(Converter<OAuth2TokenIntrospectionClaimAccessor, Mono<? extends OAuth2AuthenticatedPrincipal>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
Sets the Converter<OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal> to use.
setAuthenticationConverter(OpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice.
setAuthenticationConverter(ReactiveOpaqueTokenAuthenticationConverter) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager
Provide with a custom bean to turn successful introspection result into an Authentication instance of your choice.
setAuthenticationConverter(PayloadExchangeAuthenticationConverter) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
Sets the convert to be used
setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
setAuthenticationConverter(AuthenticationConverter) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Sets the AuthenticationConverter to use.
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
 
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?>) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
setAuthenticationEntryPoint(DigestAuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
Set the AuthenticationEntryPoint to use.
setAuthenticationEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
Sets the AuthenticationEntryPoint used when integrating HttpServletRequest with Servlet 3 APIs.
setAuthenticationEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
Sets the authentication entry point used when authentication is required
setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.authentication.ProviderManager
 
setAuthenticationEventPublisher(AuthenticationEventPublisher) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
 
setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
Wraps the AuthenticationFailureHandler to distinguish between handling proxy ticket authentication failures and service ticket failures.
setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Sets the AuthenticationFailureHandler used to handle errors redirecting to the Authorization Server's Authorization Endpoint.
setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Sets the strategy used to handle a failed authentication.
setAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.session.SessionManagementFilter
The handler which will be invoked if the AuthenticatedSessionStrategy raises a SessionAuthenticationException, indicating that the user is not allowed to be authenticated for this session (typically because they already have too many sessions open).
setAuthenticationFailureHandler(ServerAuthenticationFailureHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Sets the failure handler used when authentication fails.
setAuthenticationFilter(F) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Sets the Authentication Filter
setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
 
setAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
Sets the AuthenticationManager used when integrating HttpServletRequest with Servlet 3 APIs.
setAuthenticationManagerClass(Class<?>) - Method in class org.springframework.security.authentication.AuthenticationObservationContext
Set the AuthenticationManager class that processed the authentication
setAuthenticationManagerResolver(AuthenticationManagerResolver<HttpServletRequest>) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
setAuthenticationRequest(Authentication) - Method in class org.springframework.security.authentication.AuthenticationObservationContext
Set the Authentication request that was observed
setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter
Use the given Saml2AuthenticationRequestRepository to remove the saved authentication request.
setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter
Use the given Saml2AuthenticationRequestRepository to load authentication request.
setAuthenticationRequestRepository(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest>) - Method in class org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter
Use the given Saml2AuthenticationRequestRepository to save the authentication request
setAuthenticationResult(Authentication) - Method in class org.springframework.security.authentication.AuthenticationObservationContext
Set the Authentication result that was observed
setAuthenticationResultConverter(Converter<OAuth2LoginAuthenticationToken, OAuth2AuthenticationToken>) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
Sets the converter responsible for converting from OAuth2LoginAuthenticationToken to OAuth2AuthenticationToken authentication result.
setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Sets the strategy used to handle a successful authentication.
setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Sets the strategy used to handle a successful authentication.
setAuthenticationSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
Allows control over the destination a remembered user is sent to when they are successfully authenticated.
setAuthenticationSuccessHandler(ServerAuthenticationSuccessHandler) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Sets the authentication success handler.
setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
setAuthenticationTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter
Sets the authentication trust resolver.
setAuthenticationUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setAuthenticationUserDetailsService(AuthenticationUserDetailsService<CasAssertionAuthenticationToken>) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setAuthorities(List<GrantedAuthority>) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
Set all authorities for this user.
setAuthoritiesAsString(List<String>) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
Set all authorities for this user from String values.
setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>>) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
Sets an AuthorizationManager that accepts a collection of authority strings.
setAuthoritiesAuthorizationManager(AuthorizationManager<Collection<String>>) - Method in class org.springframework.security.authorization.method.SecuredAuthorizationManager
Sets an AuthorizationManager that accepts a collection of authority strings.
setAuthoritiesByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Allows the default query string used to retrieve authorities based on username to be overridden, if default table or column names need to be changed.
setAuthoritiesClaimDelimiter(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
Sets the regex to use for splitting the value of the authorities claim into authorities.
setAuthoritiesClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
Sets the name of token claim to use for mapping authorities by this converter.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Sets the GrantedAuthoritiesMapper used for converting the authorities loaded from storage to a new set of authorities which will be associated to the UsernamePasswordAuthenticationToken.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginReactiveAuthenticationManager
Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities()} to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
Sets the GrantedAuthoritiesMapper used for mapping OAuth2AuthenticatedPrincipal.getAuthorities() to a new set of authorities which will be associated to the OAuth2LoginAuthenticationToken.
setAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
Set the strategy for obtaining the authorities for a given user after they've been authenticated.
setAuthorityGranters(AuthorityGranter[]) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Set the AuthorityGranters that should be consulted for role names to be granted to the Authentication.
setAuthorityMapper(Function<Map<String, List<String>>, GrantedAuthority>) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Sets the mapping function which will be used to create instances of GrantedAuthority given the context record.
setAuthorityPrefix(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter
Sets the prefix to use for authorities mapped by this converter.
setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
Use this AuthorizationEventPublisher to publish the AuthorizationManager result.
setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
Use this AuthorizationEventPublisher to publish the AuthorizationManager result.
setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
Use this AuthorizationEventPublisher to publish the AuthorizationManager result.
setAuthorizationEventPublisher(AuthorizationEventPublisher) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.
setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
Sets the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.
setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
Sets the OAuth2AuthorizationFailureHandler that handles authorization failures.
setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
Sets the OAuth2AuthorizationFailureHandler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.
setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
Sets the handler that handles authorization failures.
setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
Sets the handler that handles authorization failures.
setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
Sets the handler that handles authentication and authorization failures when communicating to the OAuth 2.0 Resource Server.
setAuthorizationRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Sets the redirect strategy for Authorization Endpoint redirect URI.
setAuthorizationRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
Sets the redirect strategy for Authorization Endpoint redirect URI.
setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder>) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
Sets the Consumer to be provided the OAuth2AuthorizationRequest.Builder allowing for further customizations.
setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder>) - Method in class org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver
Sets the Consumer to be provided the OAuth2AuthorizationRequest.Builder allowing for further customizations.
setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
Sets the repository for stored OAuth2AuthorizationRequest's.
setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Sets the repository used for storing OAuth2AuthorizationRequest's.
setAuthorizationRequestRepository(AuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
Sets the repository for stored OAuth2AuthorizationRequest's.
setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
Sets the repository used for storing OAuth2AuthorizationRequest's.
setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
Sets the repository used for storing OAuth2AuthorizationRequest's.
setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest>) - Method in class org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter
setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.
setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
Sets the OAuth2AuthorizationSuccessHandler that handles successful authorizations.
setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
Sets the handler that handles successful authorizations.
setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
Sets the handler that handles successful authorizations.
setAuthorizedClientParametersMapper(Function<JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder, List<SqlParameterValue>>) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
Sets the Function used for mapping JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a List of SqlParameterValue.
setAuthorizedClientParametersMapper(Function<R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder, Map<String, Parameter>>) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
Sets the Function used for mapping R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder to a Map of String and Parameter.
setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
setAuthorizedClientProvider(OAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
Sets the OAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
Sets the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
Sets the ReactiveOAuth2AuthorizedClientProvider used for authorizing (or re-authorizing) an OAuth 2.0 Client.
setAuthorizedClientRowMapper(BiFunction<Row, RowMetadata, R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder>) - Method in class org.springframework.security.oauth2.client.R2dbcReactiveOAuth2AuthorizedClientService
Sets the BiFunction used for mapping the current io.r2dbc.spi.Row to R2dbcReactiveOAuth2AuthorizedClientService.OAuth2AuthorizedClientHolder.
setAuthorizedClientRowMapper(RowMapper<OAuth2AuthorizedClient>) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService
Sets the RowMapper used for mapping the current row in java.sql.ResultSet to OAuth2AuthorizedClient.
setBatchSize(int) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource
Deprecated.
 
setBeanClassLoader(ClassLoader) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
setBeanFactory(BeanFactory) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor
Deprecated.
 
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
 
setBeanFactory(BeanFactory) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
setBeanResolver(BeanResolver) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
Sets the BeanResolver to be used on the expressions
setBeanResolver(BeanResolver) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
Sets the BeanResolver to be used on the expressions
setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
Sets the BeanResolver to be used on the expressions
setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
Set the BeanResolver to be used on the expressions
setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
Sets the BeanResolver to be used on the expressions
setBeanResolver(BeanResolver) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
Sets the BeanResolver to be used on the expressions
setBearerTokenHeaderName(String) - Method in class org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
Set this value to configure what header is checked when resolving a Bearer Token.
setBearerTokenHeaderName(String) - Method in class org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter
Set this value to configure what header is checked when resolving a Bearer Token.
setBearerTokenResolver(BearerTokenResolver) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
Set the BearerTokenResolver to use.
setBodyExtractor(BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
Sets the BodyExtractor that will be used to decode the OAuth2AccessTokenResponse
setBuilder(B) - Method in class org.springframework.security.config.annotation.SecurityConfigurerAdapter
Sets the SecurityBuilder to be used.
setCache(Cache) - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
Use this cache for the completed RelyingPartyRegistration instances.
setCacheSecurityContext(boolean) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
If set to true the result of WebSessionServerSecurityContextRepository.load(ServerWebExchange) will use Mono.cache() to prevent multiple lookups.
setCallbackHandlers(JaasAuthenticationCallbackHandler[]) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Set the JAASAuthenticationCallbackHandler array to handle callback objects generated by the LoginContext.login method.
setCarLicense(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setCertificatePassord(String) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
Will set the certificate password on the underlying LdapServer.
setChangePasswordSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setChannelDecisionManager(ChannelDecisionManager) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
setChannelProcessors(List<?>) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
setCheckForPrincipalChanges(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
If set, the pre-authenticated principal will be checked on each request and compared against the name of the current Authentication object.
setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Use the following Converter for manipulating the JWT's claim set
setClaimSetConverter(Converter<Map<String, Object>, Map<String, Object>>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the following Converter for manipulating the JWT's claim set
setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
Sets the factory that provides a Converter used for type conversion of claim values for an OidcIdToken.
setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
Sets the factory that provides a Converter used for type conversion of claim values for an OidcIdToken.
setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
Sets the factory that provides a Converter used for type conversion of claim values for an OidcUserInfo.
setClaimTypeConverterFactory(Function<ClientRegistration, Converter<Map<String, Object>, Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Sets the factory that provides a Converter used for type conversion of claim values for an OidcUserInfo.
setClassIdentityQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Sets the query that will be used to retrieve the identity of a newly created row in the acl_class table.
setClassPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setClearAuthentication(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
If true, removes the Authentication from the SecurityContext to prevent issues with concurrent requests.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
Sets the Clock used in Instant.now(Clock) when validating the exp and iat claims.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
Deprecated.
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
Deprecated.
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
Sets the Clock used in Instant.now(Clock) when checking the access token expiry.
setClock(Clock) - Method in class org.springframework.security.oauth2.jwt.JwtTimestampValidator
Use this Clock with Instant.now() for assessing timestamp validity
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
Sets the maximum acceptable clock skew.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider
Deprecated.
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider
Deprecated.
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setClockSkew(Duration) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
Sets the maximum acceptable clock skew, which is used when checking the access token expiry.
setCn(String[]) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
setCompromisedPasswordChecker(CompromisedPasswordChecker) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
Sets the CompromisedPasswordChecker to be used before creating a successful authentication.
setCompromisedPasswordChecker(ReactiveCompromisedPasswordChecker) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
Sets the ReactiveCompromisedPasswordChecker to be used before creating a successful authentication.
setConfiguration(Configuration) - Method in class org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider
Sets the Configuration to use for Authentication.
setContentLength(int) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
 
setContentLengthLong(long) - Method in class org.springframework.security.web.util.OnCommittedResponseWrapper
 
setContext(SecurityContext) - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Sets the current context.
setContext(SecurityContext) - Static method in class org.springframework.security.core.context.SecurityContextHolder
Associates a new SecurityContext with the current thread of execution.
setContext(SecurityContext) - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Sets the current context.
setContext(SecurityContext) - Static method in class org.springframework.security.test.context.TestSecurityContextHolder
setContext(SecurityContext) - Method in class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
 
setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager
Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.
setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>>) - Method in class org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager
Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.
setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager
Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.
setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>>) - Method in class org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager
Sets the Function used for mapping attribute(s) from the OAuth2AuthorizeRequest to a Map of attributes to be associated to the authorization context.
setContextEnvironmentProperties(Map<String, Object>) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
Allows a custom environment properties to be used to create initial LDAP context.
setContextHolderStrategy(SecurityContextHolderStrategy) - Static method in class org.springframework.security.core.context.SecurityContextHolder
setContextPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setContextPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setContextRelative(boolean) - Method in class org.springframework.security.web.DefaultRedirectStrategy
If true, causes any redirection URLs to be calculated minus the protocol and context path (defaults to false).
setContextRelative(boolean) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
Sets if the location is relative to the context.
setContextSource(BaseLdapPathContextSource) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Sets the BaseLdapPathContextSource used to perform LDAP authentication.
setContinueChainBeforeSuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Indicates if the filter chain should be continued prior to delegation to AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) , which may be useful in certain environment (such as Tapestry applications).
setContinueFilterChainOnUnsuccessfulAuthentication(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
If set to true (the default), any AuthenticationException raised by the AuthenticationManager will be swallowed, and the request will be allowed to proceed, potentially using alternative authentication mechanisms.
setContinueOnError(boolean) - Method in class org.springframework.security.authentication.DelegatingReactiveAuthenticationManager
Continue iterating when a delegate errors, defaults to false
setContinueOnError(boolean) - Method in class org.springframework.security.web.server.authentication.DelegatingServerAuthenticationConverter
Continue iterating when a delegate errors, defaults to false
setConversionService(ConversionService) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
setConversionService(ConversionService) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
setConvertAttributeToLowerCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
 
setConvertAttributeToUpperCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
 
setConvertSubErrorCodesToExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
By default, a failed authentication (LDAP error 49) will result in a BadCredentialsException.
setConvertToLowerCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
Whether to convert the authority value to lower case in the mapping.
setConvertToUpperCase(boolean) - Method in class org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService
Converts the returned attribute values to uppercase values.
setConvertToUpperCase(boolean) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
Whether to convert the authority value to upper case in the mapping.
setConvertToUpperCase(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Convert the role to uppercase
setConvertToUpperCase(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
Determines whether role field values will be converted to upper case when loaded.
setCookie(String[], int, HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Sets the cookie on the response.
setCookieCustomizer(Consumer<Cookie>) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Sets the Consumer, allowing customization of cookie.
setCookieCustomizer(Consumer<Cookie>) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
Sets the Consumer, allowing customization of cookie.
setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().
setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
Add a Consumer for a ResponseCookieBuilder that will be invoked for each cookie being built, just before the call to build().
setCookieCustomizer(Consumer<ResponseCookie.ResponseCookieBuilder>) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
Sets the Consumer, allowing customization of cookie.
setCookieDomain(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setCookieDomain(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
setCookieDomain(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
setCookieHttpOnly(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
setCookieMaxAge(int) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
setCookieMaxAge(int) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
setCookieName(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setCookieName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Sets the name of the cookie that the expected CSRF token is saved to and read from.
setCookieName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
Sets the cookie name
setCookiePath(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Set the path that the Cookie will be created with.
setCookiePath(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
Sets the cookie path
setCookies(List<Cookie>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
setCookies(List<SavedCookie>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setCreateAuthenticatedToken(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
If you set this property, the Authentication object, which is created after the successful digest authentication will be marked as authenticated and filled with the authorities loaded by the UserDetailsService.
setCreateAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setCreateEmptySubject(boolean) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
Sets createEmptySubject.
setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).
setCreateNewSession(boolean) - Method in class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
Determines whether a new session should be created before redirecting (to avoid possible looping issues where the same session ID is sent with the redirected request).
setCreateSessionAllowed(boolean) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
If true, indicates that it is permitted to store the target URL and exception information in a new HttpSession (the default).
setCreateTableOnStartup(boolean) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
Intended for convenience in debugging.
setCreateUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setCredentialsCharset(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Sets the charset to use when decoding credentials to Strings.
setCredentialsCharset(Charset) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationConverter
 
setCredentialsCharset(Charset) - Method in class org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Deprecated.
Sets the Charset used to decode the Base64-encoded bytes of the basic authentication credentials.
setCredentialsEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
 
setCredentialsNonExpired(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setCredentialsRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
 
setCsrfRequestAttributeName(String) - Method in class org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler
The CsrfToken is available as a request attribute named CsrfToken.class.getName().
setCsrfTokenRepository(HttpServletRequest, CsrfTokenRepository) - Static method in class org.springframework.security.test.web.support.WebTestUtils
Sets the CsrfTokenRepository for the specified HttpServletRequest.
setCsrfTokenRepository(ServerCsrfTokenRepository) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
 
setDecision(AuthorizationDecision) - Method in class org.springframework.security.authorization.AuthorizationObservationContext
Set the observed AuthorizationDecision
setDefaultAccessDeniedHandler(ServerAccessDeniedHandler) - Method in class org.springframework.security.web.server.authorization.ServerWebExchangeDelegatingServerAccessDeniedHandler
setDefaultAuthenticationFailureEvent(Class<? extends AbstractAuthenticationFailureEvent>) - Method in class org.springframework.security.authentication.DefaultAuthenticationEventPublisher
Sets a default authentication failure event as a fallback event for any unmapped exceptions not mapped in the exception mappings.
setDefaultAuthenticationManager(AuthenticationManager) - Method in class org.springframework.security.web.authentication.RequestMatcherDelegatingAuthenticationManagerResolver
Set the default AuthenticationManager to use when a request does not match
setDefaultAuthenticationManager(ReactiveAuthenticationManager) - Method in class org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver
Set the default ReactiveAuthenticationManager to use when a request does not match
setDefaultAuthority(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
Sets a default authority to be assigned to all users
setDefaultClientRegistrationId(String) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
If set, will be used as the default ClientRegistration.getRegistrationId().
setDefaultClientRegistrationId(String) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
If set, will be used as the default ClientRegistration.getRegistrationId().
setDefaultDataMimeType(MimeType) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
 
setDefaultEntryPoint(AuthenticationEntryPoint) - Method in class org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint
EntryPoint which is used when no RequestMatcher returned true
setDefaultEntryPoint(ServerAuthenticationEntryPoint) - Method in class org.springframework.security.web.server.DelegatingServerAuthenticationEntryPoint
EntryPoint which is used when no RequestMatcher returned true
setDefaultFailureUrl(String) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
The URL which will be used as the failure destination.
setDefaultLogoutSuccessHandler(LogoutSuccessHandler) - Method in class org.springframework.security.web.authentication.logout.DelegatingLogoutSuccessHandler
Sets the default LogoutSuccessHandler if no other handlers available
setDefaultMetadataMimeType(MimeType) - Method in class org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor
 
setDefaultNameRequired(boolean) - Method in class org.springframework.security.config.ldap.ContextSourceSettingPostProcessor
 
setDefaultOAuth2AuthorizedClient(boolean) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction
If true, a default OAuth2AuthorizedClient can be discovered from the current Authentication.
setDefaultOAuth2AuthorizedClient(boolean) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
If true, a default OAuth2AuthorizedClient can be discovered from the current Authentication.
setDefaultPasswordEncoderForMatches(PasswordEncoder) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
Sets the PasswordEncoder to delegate to for DelegatingPasswordEncoder.matches(CharSequence, String) if the id is not mapped to a PasswordEncoder.
setDefaultRole(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
The default role which will be assigned to all users.
setDefaultRolePrefix(String) - Method in class org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource
Deprecated.
Sets the default prefix to be added to RolesAllowed.
setDefaultRolePrefix(String) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
setDefaultRolePrefix(String) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
setDefaultRolePrefix(String) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
setDefaultRolePrefix(String) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
setDefaultTargetUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
Supplies the default target Url that will be used if no saved request is found in the session, or the alwaysUseDefaultTargetUrl property is set to true.
setDeferLoadToken(boolean) - Method in class org.springframework.security.web.csrf.LazyCsrfTokenRepository
Deprecated.
Determines if LazyCsrfTokenRepository.loadToken(HttpServletRequest) should be lazily loaded.
setDeferredContext(Supplier<SecurityContext>) - Method in class org.springframework.security.core.context.ListeningSecurityContextHolderStrategy
Sets a Supplier that will return the current context.
setDeferredContext(Supplier<SecurityContext>) - Static method in class org.springframework.security.core.context.SecurityContextHolder
Sets a Supplier that will return the current context.
setDeferredContext(Supplier<SecurityContext>) - Method in interface org.springframework.security.core.context.SecurityContextHolderStrategy
Sets a Supplier that will return the current context.
setDeleteEntryByObjectIdentityForeignKeySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setDeleteGroupAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDeleteGroupAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDeleteGroupMemberSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDeleteGroupMembersSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDeleteGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDeleteObjectIdentityByPrimaryKeySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setDeleteUserAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDeleteUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setDepartmentNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setDerefLinkFlag(boolean) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
Sets the corresponding property on the SearchControls instance used in the search.
setDescription(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
setDestinationIndicator(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setDetails(HttpServletRequest, UsernamePasswordAuthenticationToken) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Provided so that subclasses may configure what is put into the authentication request's details property.
setDetails(Object) - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
setDeviceAuthorizationResponseConverter(Converter<Map<String, Object>, OAuth2DeviceAuthorizationResponse>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
Sets the Converter used for converting the OAuth 2.0 Device Authorization Response parameters to an OAuth2DeviceAuthorizationResponse.
setDeviceAuthorizationResponseParametersConverter(Converter<OAuth2DeviceAuthorizationResponse, Map<String, Object>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
Sets the Converter used for converting the OAuth2DeviceAuthorizationResponse to a Map representation of the OAuth 2.0 Device Authorization Response parameters.
setDisableUrlRewriting(boolean) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
Allows the use of session identifiers in URLs to be disabled.
setDisplayName(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setDn(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setDn(Name) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setDomainObject(Object) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
 
setEmployeeNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setEnableAuthorities(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Enables loading of authorities (roles) from the authorities table.
setEnabled(boolean) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
setEnabled(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setEnableGroups(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Enables support for group authorities.
setEncodeClientCredentials(boolean) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultOAuth2TokenRequestHeadersConverter
Sets whether the client credentials of the Authorization header will be encoded using the application/x-www-form-urlencoded encoding algorithm according to RFC 6749.
setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.Md4PasswordEncoder
Deprecated.
 
setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Deprecated.
 
setEncodeHashAsBase64(boolean) - Method in class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder
Sets if the resulting hash should be encoded as Base64.
setEncodeServiceUrlWithSessionId(boolean) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Sets whether to encode the service url with the session id or not.
setEntriesInheriting(boolean) - Method in class org.springframework.security.acls.domain.AclImpl
 
setEntriesInheriting(boolean) - Method in interface org.springframework.security.acls.model.MutableAcl
Change the value returned by Acl.isEntriesInheriting().
setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
setEntryPoint(ChannelEntryPoint) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.authentication.ProviderManager
If set to, a resulting Authentication which implements the CredentialsContainer interface will have its eraseCredentials method called before it is returned from the authenticate() method.
setEraseCredentialsAfterAuthentication(boolean) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
 
setErrorConverter(Converter<Map<String, String>, OAuth2Error>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
Sets the Converter used for converting the OAuth 2.0 Error parameters to an OAuth2Error.
setErrorConverter(HttpMessageConverter<OAuth2Error>) - Method in class org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler
Sets the HttpMessageConverter for an OAuth 2.0 Error.
setErrorPage(String) - Method in class org.springframework.security.web.access.AccessDeniedHandlerImpl
The error page to use.
setErrorParametersConverter(Converter<OAuth2Error, Map<String, String>>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
Sets the Converter used for converting the OAuth2Error to a Map representation of the OAuth 2.0 Error parameters.
setExceptionIfHeaderMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
Defines whether an exception should be raised if the principal header is missing.
setExceptionIfMaximumExceeded(boolean) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
Sets the exceptionIfMaximumExceeded property, which determines whether the user should be prevented from opening more sessions than allowed.
setExceptionIfVariableMissing(boolean) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
Defines whether an exception should be raised if the principal variable is missing.
setExceptionMappings(Map<?, ?>) - Method in class org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler
Sets the map of exception types (by name) to URLs.
setExitUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Set the matcher to respond to exit user processing.
setExitUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Set the matcher to respond to exit user processing.
setExitUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Set the URL to respond to exit user processing.
setExitUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Set the URL to respond to exit user processing.
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice
Deprecated.
 
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
 
setExpressionHandler(MethodSecurityExpressionHandler) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
 
setExpressionHandler(SecurityExpressionHandler<MethodInvocation>) - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
Sets the SecurityExpressionHandler to be used.
setExpressionHandler(SecurityExpressionHandler<Message<T>>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
Deprecated.
 
setExpressionHandler(SecurityExpressionHandler<RequestAuthorizationContext>) - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
Sets the SecurityExpressionHandler to be used.
setExpressionHandler(SecurityExpressionHandler<FilterInvocation>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
Deprecated.
 
setExpressionParser(ExpressionParser) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
setFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Used to define custom behaviour when a switch fails.
setFailureUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setFilterAsyncDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
If set to true, the filter will be applied to the async dispatcher.
setFilterChainDecorator(FilterChainProxy.FilterChainDecorator) - Method in class org.springframework.security.web.FilterChainProxy
Used to decorate the original FilterChain for each request
setFilterChainDecorator(WebFilterChainProxy.WebFilterChainDecorator) - Method in class org.springframework.security.web.server.WebFilterChainProxy
Used to decorate the original FilterChain for each request
setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object>, ConfigurableListableBeanFactory) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.
setFilterChainValidator(FilterChainProxy.FilterChainValidator) - Method in class org.springframework.security.web.FilterChainProxy
Used (internally) to specify a validation strategy for the filters in each configured chain.
setFilterErrorDispatch(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
If set to true, the filter will be applied to error dispatcher.
setFilterObject(Object) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
 
setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Sets the URL that determines if authentication is required
setFilterProcessesUrl(String) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
 
setFindAllGroupsSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setFindChildrenQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
Allows customization of the SQL query used to find child object identities.
setFindGroupIdSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setFindUsersInGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setFirewall(HttpFirewall) - Method in class org.springframework.security.web.FilterChainProxy
Sets the "firewall" implementation which will be used to validate and wrap (or potentially reject) the incoming requests.
setForceEagerSessionCreation(boolean) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
Deprecated.
 
setForceHttps(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Set to true to force login form access to be via https.
setForceLowerCasePrefix(boolean) - Method in class org.springframework.security.crypto.password.LdapShaPasswordEncoder
Deprecated.
 
setForcePrincipalAsString(boolean) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
setForeignKeysInDatabase(boolean) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setFormLoginEnabled(boolean) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
 
setGatewayStorage(GatewayResolver) - Method in class org.springframework.security.cas.web.CasGatewayResolverRequestMatcher
Sets the GatewayResolver to check if the request was already gatewayed.
setGeneratedOneTimeTokenHandler(GeneratedOneTimeTokenHandler) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
Specifies GeneratedOneTimeTokenHandler to be used to handle generated one-time tokens
setGenerateOneTimeTokenUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setGivenName(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
setGlobalAuthenticationConfigurers(List<GlobalAuthenticationConfigurerAdapter>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
setGraceLoginsRemaining(int) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setGroupAuthoritiesByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Allows the default query string used to retrieve group authorities based on username to be overridden, if default table or column names need to be changed.
setGroupAuthoritiesSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setGroupMemberAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
setGroupRoleAttribute(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
 
setGroupRoleAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setGroupSearchBase(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setGroupSearchFilter(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
 
setHasPermission(String) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
 
setHeaderName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Sets the name of the HTTP header that should be used to provide the token.
setHeaderName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.
setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
Sets the header name
setHeaderName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
Sets the header name that the CsrfToken is expected to appear on and the header that the response will contain the CsrfToken.
setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setHeaders(Map<String, List<String>>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
setHeadersConverter(Converter<OAuth2AuthorizationCodeGrantRequest, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.
setHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.
setHeadersConverter(Converter<T, HttpHeaders>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a HttpHeaders used in the OAuth 2.0 Access Token Request headers.
setHeaderValue(XXssProtectionHeaderWriter.HeaderValue) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
Sets the value of the X-XSS-PROTECTION header.
setHeaderValue(XXssProtectionServerHttpHeadersWriter.HeaderValue) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
Sets the value of the X-XSS-PROTECTION header.
setHideUserNotFoundExceptions(boolean) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
By default the AbstractUserDetailsAuthenticationProvider throws a BadCredentialsException if a username is not found or the password is incorrect.
setHideUserNotFoundExceptions(boolean) - Method in class org.springframework.security.ldap.authentication.LdapAuthenticationProvider
 
setHierarchy(String) - Method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
setHomePhone(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setHomePostalAddress(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setHtmlEscape(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
Set HTML escaping for this tag, as boolean value.
setHttpStatus(HttpStatus) - Method in class org.springframework.security.web.server.DefaultServerRedirectStrategy
The HttpStatus to use for the redirect.
setId(String) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
Set the MediaType to ignore from the ContentNegotiationStrategy.
setIgnoredMediaTypes(Set<MediaType>) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
Set the MediaType to ignore from the ContentNegotiationStrategy.
setIgnorePartialResultException(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Sets the corresponding property on the underlying template, avoiding specific issues with Active Directory.
setIgnoreUnknown(boolean) - Method in class org.springframework.security.authorization.method.PrePostTemplateDefaults
Deprecated.
Configure template resolution to ignore unknown placeholders.
setIgnoreUnknown(boolean) - Method in class org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults
Configure template resolution to ignore unknown placeholders.
setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
Obtains the attributes from EnableGlobalMethodSecurity if this class was imported using the EnableGlobalMethodSecurity annotation.
setImportMetadata(AnnotationMetadata) - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.
setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
If true, subdomains should be considered HSTS Hosts too.
setIncludeSubDomains(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
Sets if subdomains should be included.
setInitials(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setInsecureKeyword(String) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
setInsertClassSql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setInsertEntrySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setInsertGroupAuthoritySql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setInsertGroupMemberSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setInsertGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setInsertObjectIdentitySql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setInsertSidSql(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setInternalMethod(String) - Method in class org.springframework.security.acls.AclEntryVoter
 
setInvalidateHttpSession(boolean) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
Causes the HttpSession to be invalidated when this LogoutHandler is invoked.
setInvalidateSessionOnPrincipalChange(boolean) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
If checkForPrincipalChanges is set, and a change of principal is detected, determines whether any existing session should be invalidated before proceeding to authenticate the new principal.
setInvalidSessionStrategy(InvalidSessionStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter
Sets the strategy which will be invoked instead of allowing the filter chain to proceed, if the user agent requests an invalid session ID.
setIterations(int) - Method in class org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Deprecated.
Sets the number of iterations for which the calculated hash value should be "stretched".
setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
Sets the resolver that provides the expected JWS algorithm used for the signature or MAC on the ID Token.
setJwsAlgorithmResolver(Function<ClientRegistration, JwsAlgorithm>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
Sets the resolver that provides the expected JWS algorithm used for the signature or MAC on the ID Token.
setJwtAssertionResolver(Function<OAuth2AuthorizationContext, Jwt>) - Method in class org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider
Sets the resolver used for resolving the Jwt assertion.
setJwtAssertionResolver(Function<OAuth2AuthorizationContext, Mono<Jwt>>) - Method in class org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider
Sets the resolver used for resolving the Jwt assertion.
setJwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
 
setJwtAuthenticationConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager
Use the given Converter for converting a Jwt into an AbstractAuthenticationToken.
setJwtClientAssertionCustomizer(Consumer<NimbusJwtClientAuthenticationParametersConverter.JwtClientAuthenticationContext<T>>) - Method in class org.springframework.security.oauth2.client.endpoint.NimbusJwtClientAuthenticationParametersConverter
setJwtDecoderFactory(JwtDecoderFactory<ClientRegistration>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
Sets the JwtDecoderFactory used for OidcIdToken signature verification.
setJwtDecoderFactory(ReactiveJwtDecoderFactory<ClientRegistration>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager
Sets the ReactiveJwtDecoderFactory used for OidcIdToken signature verification.
setJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
Sets the Converter<Jwt, Collection<GrantedAuthority>> to use.
setJwtGrantedAuthoritiesConverter(Converter<Jwt, Flux<GrantedAuthority>>) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
Sets the Converter<Jwt, Flux<GrantedAuthority>> to use.
setJwtValidator(OAuth2TokenValidator<Jwt>) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Use this Jwt Validator
setJwtValidator(OAuth2TokenValidator<Jwt>) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the provided OAuth2TokenValidator to validate incoming Jwts.
setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenDecoderFactory
Sets the factory that provides an OAuth2TokenValidator, which is used by the JwtDecoder.
setJwtValidatorFactory(Function<ClientRegistration, OAuth2TokenValidator<Jwt>>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.ReactiveOidcIdTokenDecoderFactory
Sets the factory that provides an OAuth2TokenValidator, which is used by the ReactiveJwtDecoder.
setKey(String) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
setKey(String) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
setKey(String) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setKey(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
setKeyStoreFile(File) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
The keyStore must not be null and must be a valid file.
setLastAccessTime(Instant) - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
setLdapAuthoritiesPopulator(LdapAuthoritiesPopulator) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Sets the LdapAuthoritiesPopulator used to obtain a list of granted authorities for an LDAP user.
setLdapOverSslEnabled(boolean) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
If set to true will enable LDAP over SSL (LDAPs).
setLdif(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
Specifies an LDIF to load at startup for an embedded LDAP server.
setLobHandler(LobHandler) - Method in class org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService.OAuth2AuthorizedClientRowMapper
 
setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setLocales(List<Locale>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
setLocation(URI) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
Where the user is redirected to upon authentication success
setLoginConfig(Resource) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
Set the JAAS login configuration file.
setLoginContextName(String) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
Set the loginContextName, this name is used as the index to the configuration specified in the loginConfig property.
setLoginExceptionResolver(LoginExceptionResolver) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
setLoginPageUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setLoginProcessingUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
Specifies the URL that the submit form should POST to.
setLogInteractiveAuthenticationSuccessEvents(boolean) - Method in class org.springframework.security.authentication.event.LoggerListener
 
setLoginUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
setLogoutHandler(ServerLogoutHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
Sets the LogoutHandlers used when integrating with HttpServletRequest with Servlet 3 APIs.
setLogoutHandlers(List<LogoutHandler>) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
Set list of LogoutHandler
setLogoutHandlers(LogoutHandler[]) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
 
setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
 
setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
 
setLogoutRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
 
setLogoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter
Use this Saml2LogoutRequestRepository for retrieving the SAML 2.0 Logout Request associated with the request's RelayState
setLogoutRequestRepository(Saml2LogoutRequestRepository) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler
Use this Saml2LogoutRequestRepository for saving the SAML 2.0 Logout Request
setLogoutSuccessHandler(ServerLogoutSuccessHandler) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
setLogoutSuccessUrl(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setLogoutSuccessUrl(URI) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
The URL to redirect to after successfully logging out when not originally an OIDC login
setLogoutSuccessUrl(URI) - Method in class org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler
The URL to redirect to after successfully logging out.
setLogoutUri(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
Use this logout URI for performing per-session logout.
setLogoutUri(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
Use this logout URI for performing per-session logout.
setLookupObjectIdentitiesWhereClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
The SQL for the where clause used in the lookupObjectIdentities method.
setLookupPrimaryKeysWhereClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
The SQL for the where clause used in the lookupPrimaryKey method.
setMail(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setManagerDn(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
Username (DN) of the "manager" user identity (i.e.
setManagerPassword(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
The password for the manager DN.
setMappableAttributes(Set<String>) - Method in class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever
 
setMappableRolesRetriever(MappableAttributesRetriever) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 
setMatchingAlgorithm(TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Method in class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
Sets the algorithm to be used to match the token signature
setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
Specify the name of a query parameter that is added to the URL that specifies the request cache should be checked in HttpSessionRequestCache.getMatchingRequest(HttpServletRequest, HttpServletResponse)
setMatchingRequestParameterName(String) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
Specify the name of a query parameter that is added to the URL in WebSessionServerRequestCache.getRedirectUri(ServerWebExchange) and is required for WebSessionServerRequestCache.removeMatchingRequest(ServerWebExchange) to look up the ServerHttpRequest.
setMaxAge(Duration) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
Sets the max age of the header.
setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.
setMaxAgeInSeconds(long) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
setMaximumSessions(int) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
Sets the maxSessions property.
setMaxSearchDepth(int) - Method in class org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
How far should a nested search go.
setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
setMessageExpressionHandler(List<SecurityExpressionHandler<Message<Object>>>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
setMessageSource(MessageSource) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setMessageSource(MessageSource) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
setMessageSource(MessageSource) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
setMessageSource(MessageSource) - Method in class org.springframework.security.acls.afterinvocation.AclEntryAfterInvocationProvider
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AccountStatusUserDetailsChecker
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.ProviderManager
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
setMessageSource(MessageSource) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
Set the MessageSource that this object runs in.
setMessageSource(MessageSource) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setMessageSource(MessageSource) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
 
setMessageSource(MessageSource) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
setMessageSource(MessageSource) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
setMessageSource(MessageSource) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
 
setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
Sets the MessageSource used for reporting errors back to the user when the user has exceeded the maximum number of authentications.
setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
setMessageSource(MessageSource) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
setMetadataFilename(String) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
Sets the metadata filename template.
setMetadataFilename(String) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
Sets the metadata filename template containing the {registrationId} template variable.
setMethod(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
setMethod(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setMethod(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
setMethod(HttpMethod) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
 
setMigrateSessionAttributes(boolean) - Method in class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy
Defines whether attributes should be migrated to a new session or not.
setMobile(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setMode(XFrameOptionsServerHttpHeadersWriter.Mode) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
Sets the X-Frame-Options mode.
setNonceValiditySeconds(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
setO(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setOauth2AuthenticationUrlToClientName(Map<String, String>) - Method in class org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter
 
setOauth2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setOauth2UserService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Sets the OAuth2UserService used when requesting the user info resource.
setOauth2UserService(ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
 
setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.AclPermissionEvaluator
 
setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
 
setObjectIdentityGenerator(ObjectIdentityGenerator) - Method in class org.springframework.security.acls.jdbc.JdbcAclService
 
setObjectIdentityPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclEntryVoter
 
setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
 
setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionEvaluator
 
setObjectIdentityRetrievalStrategy(ObjectIdentityRetrievalStrategy) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
 
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration
Deprecated.
 
setObjectPostProcessor(ObjectPostProcessor<Object>) - Method in class org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
Deprecated.
 
setObservationConvention(ObservationConvention<AuthenticationObservationContext>) - Method in class org.springframework.security.authentication.ObservationAuthenticationManager
Use the provided convention for reporting observation data
setObservationConvention(ObservationConvention<AuthenticationObservationContext>) - Method in class org.springframework.security.authentication.ObservationReactiveAuthenticationManager
Use the provided convention for reporting observation data
setObservationConvention(ObservationConvention<AuthorizationObservationContext<?>>) - Method in class org.springframework.security.authorization.ObservationAuthorizationManager
Use the provided convention for reporting observation data
setObservationConvention(ObservationConvention<AuthorizationObservationContext<?>>) - Method in class org.springframework.security.authorization.ObservationReactiveAuthorizationManager
Use the provided convention for reporting observation data
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.authentication.AuthenticationManagerFactoryBean
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.ChildAuthenticationManagerFactoryBean
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.FilterChainDecoratorFactory
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.RequestRejectedHandlerPostProcessor
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
 
setObservationRegistry(ObservationRegistry) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
 
setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
Sets whether this filter apply only once per request.
setObserveOncePerRequest(boolean) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
setOidcUserMapper(BiFunction<OidcUserRequest, OidcUserInfo, OidcUser>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Sets the BiFunction used to map the user from the user request and user info.
setOidcUserMapper(BiFunction<OidcUserRequest, OidcUserInfo, Mono<OidcUser>>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
Sets the BiFunction used to map the user from the user request and user info.
setOneTimeTokenEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterReactiveMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
 
setOrder(int) - Method in class org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor
 
setOrder(int) - Method in class org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor
 
setOrder(int) - Method in class org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor
 
setOrder(int) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
 
setOrder(int) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
setOrderByClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
The SQL for the "order by" clause used in both queries.
setOu(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setOwner(Sid) - Method in class org.springframework.security.acls.domain.AclImpl
 
setOwner(Sid) - Method in interface org.springframework.security.acls.model.MutableAcl
Changes the present owner to a different owner.
setOwner(Sid) - Method in interface org.springframework.security.acls.model.OwnershipAcl
 
setPageContext(PageContext) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
setPageContext(PageContext) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
setParameter(String) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Sets the name of the parameter which should be checked for to see if a remember-me has been requested during a login request.
setParameterName(String) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Sets the name of the HTTP request parameter that should be used to provide a token.
setParameterName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on
setParameterName(String) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
Sets the parameter name
setParameterName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
Sets the HttpServletRequest parameter name that the CsrfToken is expected to appear on
setParameterNameDiscoverer(ParameterNameDiscoverer) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Sets the ParameterNameDiscoverer to use.
setParameterNameDiscoverer(ParameterNameDiscoverer) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
Sets the ParameterNameDiscoverer.
setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setParameters(Map<String, String[]>) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
setParametersConverter(Converter<OAuth2AuthorizationCodeGrantRequest, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequestEntityConverter
Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap of the parameters used in the OAuth 2.0 Access Token Request body.
setParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.
setParametersConverter(Converter<T, MultiValueMap<String, String>>) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
Sets the Converter used for converting the AbstractOAuth2AuthorizationGrantRequest instance to a MultiValueMap used in the OAuth 2.0 Access Token Request body.
setParent(Tag) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
setParent(Acl) - Method in class org.springframework.security.acls.domain.AclImpl
 
setParent(Acl) - Method in interface org.springframework.security.acls.model.MutableAcl
Changes the parent of this ACL.
setPassword(String) - Method in class org.springframework.security.core.userdetails.memory.UserAttribute
 
setPassword(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setPasswordAlreadyEncoded(boolean) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
setPasswordAttribute(String) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
The attribute in the directory which contains the user password.
setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
 
setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setPasswordAttributeName(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
The name of the attribute which contains the user's password.
setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
The PasswordEncoder that is used for validating the password.
setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
Sets the PasswordEncoder instance to be used to encode and validate passwords.
setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.config.ldap.LdapPasswordComparisonAuthenticationManagerFactory
Specifies the PasswordEncoder to be used when authenticating with password comparison.
setPasswordEncoder(PasswordEncoder) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
 
setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setPasswordParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Sets the parameter name which will be used to obtain the password from the login request..
setPasswordParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
Deprecated.
The parameter name of the form data to extract the password
setPathInfo(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setPathInfo(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setPermissionCacheOptimizer(PermissionCacheOptimizer) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
setPermissionEvaluator(PermissionEvaluator) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
Sets the PermissionEvaluator to be used.
setPermissionFactory(PermissionFactory) - Method in class org.springframework.security.acls.AclPermissionEvaluator
 
setPermissionFactory(PermissionFactory) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
Sets the PermissionFactory instance which will be used to convert loaded permission data values to Permissions.
setPins(Map<String, String>) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Sets the value for the pin- directive of the Public-Key-Pins header.
setPointcut(Pointcut) - Method in class org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor
 
setPolicy(String) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
Sets the policy to be used in the response header.
setPolicy(String) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
Set the policy to be used in the response header.
setPolicy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
Sets the CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy value to be used in the Cross-Origin-Embedder-Policy header
setPolicy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
Sets the CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy value to be used in the Cross-Origin-Opener-Policy header
setPolicy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
Sets the CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy value to be used in the Cross-Origin-Resource-Policy header
setPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
Sets the policy to be used in the response header.
setPolicy(CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
Sets the CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy value to be used in the Cross-Origin-Embedder-Policy header
setPolicy(CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
Sets the CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy value to be used in the Cross-Origin-Opener-Policy header
setPolicy(CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
Sets the CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy value to be used in the Cross-Origin-Embedder-Policy header
setPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
Set the policy to be used in the response header.
setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
Sets the security policy directive(s) to be used in the response header.
setPolicyDirectives(String) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
Set the security policy directive(s) to be used in the response header.
setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
Set the policy directive(s) to be used in the response header.
setPolicyDirectives(String) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
Set the policy directive(s) to be used in the response header.
setPort(int) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
The port to connect to LDAP to (the default is 33389 or random available port if unavailable).
setPort(int) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
setPort(int) - Method in interface org.springframework.security.ldap.server.EmbeddedLdapServerContainer
The embedded LDAP server port to connect to.
setPort(int) - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
setPort(int) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setPortMapper(PortMapper) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
setPortMapper(PortMapper) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
setPortMapper(PortMapper) - Method in class org.springframework.security.web.PortResolverImpl
 
setPortMapper(PortMapper) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
Use this PortMapper for mapping custom ports
setPortMappings(Map<String, String>) - Method in class org.springframework.security.web.PortMapperImpl
Set to override the default HTTP port to HTTPS port mappings of 80:443, and 8080:8443.
setPortResolver(PortResolver) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
 
setPortResolver(PortResolver) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 
setPortResolver(PortResolver) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
 
setPostalAddress(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setPostalCode(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setPostAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
Sets the strategy which will be used to validate the loaded UserDetails object after authentication occurs.
setPostAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
setPostLogoutRedirectUri(String) - Method in class org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler
Set the post logout redirect uri template.
setPostLogoutRedirectUri(String) - Method in class org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler
Set the post logout redirect uri template.
setPostOnly(boolean) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Defines whether only HTTP POST requests will be allowed by this filter.
setPreAuthenticatedUserDetailsService(AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Set the AuthenticatedUserDetailsService to be used to load the UserDetails for the authenticated user.
setPreAuthenticationChecks(UserDetailsChecker) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
Sets the policy will be used to verify the status of the loaded UserDetails before validation of the credentials takes place.
setPrefix(String) - Method in class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
Sets the prefix which should be added to the authority name (if it doesn't already exist)
setPreload(boolean) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
If true, preload will be included in HSTS Header.
setPreload(boolean) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
Sets if preload should be included.
setPrincipalClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter
Sets the principal claim name.
setPrincipalClaimName(String) - Method in class org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverter
Sets the principal claim name.
setPrincipalEnvironmentVariable(String) - Method in class org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter
 
setPrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
 
setPrincipalRequestHeader(String) - Method in class org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter
 
setProcessConfigAttribute(String) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
setProcessDomainObjectClass(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAclVoter
Deprecated.
 
setProcessDomainObjectClass(Class<?>) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
setProperty(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
setProtectedFieldValue(String, Object, Object) - Static method in class org.springframework.security.util.FieldUtils
 
setProviders(List<?>) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
setProxyAuthenticationFailureHandler(AuthenticationFailureHandler) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
Sets the AuthenticationFailureHandler for proxy requests.
setProxyGrantingTicketStorage(ProxyGrantingTicketStorage) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
setProxyReceptorUrl(String) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
setPseudoRandomNumberBytes(int) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
setPublishAuthorizationSuccess(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
Only AuthorizationFailureEvent will be published.
setQuery(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setQueryString(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setRealm(String) - Method in class org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint
Sets the realm to be used
setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.access.BearerTokenAccessDeniedHandler
Set the default realm name to use in the bearer token error response
setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.access.server.BearerTokenServerAccessDeniedHandler
Set the default realm name to use in the bearer token error response
setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint
Set the default realm name to use in the bearer token error response
setRealmName(String) - Method in class org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint
 
setRealmName(String) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
 
setRealmName(String) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint
 
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
Sets the RedirectStrategy to use
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
Set the RedirectStrategy used to redirect to the saved request if there is one saved.
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.access.channel.AbstractRetryEntryPoint
Sets the strategy to be used for redirecting to the required channel URL.
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
Allows overriding of the behaviour when redirecting to a target URL.
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
Allows overriding of the behaviour when redirecting to a target URL.
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
setRedirectStrategy(RedirectStrategy) - Method in class org.springframework.security.web.session.RequestedUrlRedirectInvalidSessionStrategy
Sets the redirect strategy to use.
setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
Sets the RedirectStrategy to use.
setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler
Sets the RedirectStrategy to use.
setRedirectStrategy(ServerRedirectStrategy) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
The RedirectStrategy to use.
setRedirectUrl(String) - Method in class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
setRefreshConfigurationOnStartup(boolean) - Method in class org.springframework.security.authentication.jaas.JaasAuthenticationProvider
If set, a call to Configuration#refresh() will be made by #configureJaas(Resource) method.
setRejectPublicInvocations(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
By rejecting public invocations (and setting this property to true), essentially you are ensuring that every secure object invocation advised by AbstractSecurityInterceptor has a configuration attribute defined.
setRelyingPartyRegistrationId(String) - Method in class org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal
 
setRememberMeClass(Class<? extends Authentication>) - Method in class org.springframework.security.authentication.AuthenticationTrustResolverImpl
 
setRememberMeParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setRememberMeServices(RememberMeServices) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 
setRenameGroupSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
If true, includes the Content-Security-Policy-Report-Only header in the response, otherwise, defaults to the Content-Security-Policy header.
setReportOnly(boolean) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
To get a Public-Key-Pins header you should set this to false, otherwise the header will be Public-Key-Pins-Report-Only.
setReportOnly(boolean) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
Set whether to include the Content-Security-Policy-Report-Only header in the response.
setReportUri(String) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Sets the URI to which the browser should report pin validation failures.
setReportUri(URI) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
Sets the URI to which the browser should report pin validation failures.
setRequest(HttpServletRequest) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
Deprecated.
 
setRequestCache(RequestCache) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
The RequestCache used to retrieve the saved request in failed gateway authentication scenarios.
setRequestCache(RequestCache) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
Sets the RequestCache used to store the current request to be replayed after redirect from the CAS server.
setRequestCache(RequestCache) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
Sets the RequestCache used for loading a previously saved request (if available) and replaying it after completing the processing of the OAuth 2.0 Authorization Response.
setRequestCache(RequestCache) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter
Sets the RequestCache used for storing the current request before redirecting the OAuth 2.0 Authorization Request.
setRequestCache(RequestCache) - Method in class org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
 
setRequestCache(ServerRequestCache) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter
Sets the ServerRequestCache used for loading a previously saved request (if available) and replaying it after completing the processing of the OAuth 2.0 Authorization Response.
setRequestCache(ServerRequestCache) - Method in class org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter
The request cache to use to save the request before sending a redirect.
setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint
The request cache to use to save the request before sending a redirect.
setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler
Sets the ServerRequestCache used to redirect to.
setRequestCache(ServerRequestCache) - Method in class org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter
 
setRequestEntityConverter(Converter<String, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
Sets the Converter used for converting the OAuth 2.0 access token to a RequestEntity representation of the OAuth 2.0 token introspection request.
setRequestEntityConverter(Converter<String, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
Sets the Converter used for converting the OAuth 2.0 access token to a RequestEntity representation of the OAuth 2.0 token introspection request.
setRequestEntityConverter(Converter<JwtBearerGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
Deprecated.
Sets the Converter used for converting the JwtBearerGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.
setRequestEntityConverter(Converter<OAuth2AuthorizationCodeGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
Deprecated.
Sets the Converter used for converting the OAuth2AuthorizationCodeGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.
setRequestEntityConverter(Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
Deprecated.
Sets the Converter used for converting the OAuth2ClientCredentialsGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.
setRequestEntityConverter(Converter<OAuth2PasswordGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
Deprecated.
Sets the Converter used for converting the OAuth2PasswordGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.
setRequestEntityConverter(Converter<OAuth2RefreshTokenGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
Deprecated.
Sets the Converter used for converting the OAuth2RefreshTokenGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.
setRequestEntityConverter(Converter<TokenExchangeGrantRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
Deprecated.
Sets the Converter used for converting the TokenExchangeGrantRequest to a RequestEntity representation of the OAuth 2.0 Access Token Request.
setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>>) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
Sets the Converter used for converting the OAuth2UserRequest to a RequestEntity representation of the UserInfo Request.
setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfAuthenticationStrategy
Specify a CsrfTokenRequestHandler to use for making the CsrfToken available as a request attribute.
setRequestHandler(CsrfTokenRequestHandler) - Method in class org.springframework.security.web.csrf.CsrfFilter
Specifies a CsrfTokenRequestHandler that is used to make the CsrfToken available as a request attribute.
setRequestHandler(ServerCsrfTokenRequestHandler) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
Specifies a ServerCsrfTokenRequestHandler that is used to make the CsrfToken available as an exchange attribute.
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter
Sets the RequestMatcher used to trigger this filter.
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.metadata.RequestMatcherMetadataResponseResolver
Use this RequestMatcher to identity which requests to generate metadata for.
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter
Set the RequestMatcher that determines whether this filter should handle the incoming HttpServletRequest
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.ott.GenerateOneTimeTokenFilter
Use the given RequestMatcher to match the request.
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
 
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.CookieRequestCache
Allows selective use of saved requests for a subset of requests.
setRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
Allows selective use of saved requests for a subset of requests.
setRequestRejectedHandler(RequestRejectedHandler) - Method in class org.springframework.security.web.FilterChainProxy
Sets the RequestRejectedHandler to be used for requests rejected by the firewall.
setRequestTransformer(AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
setRequestURI(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setRequestURL(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setRequireCsrfProtectionMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.csrf.CsrfWebFilter
 
setRequireCsrfProtectionMatcher(RequestMatcher) - Method in class org.springframework.security.web.csrf.CsrfFilter
Specifies a RequestMatcher that is used to determine if CSRF protection should be applied.
setRequiresAuthenticationMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Sets the matcher used to determine when creating an Authentication from AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter) to be authentication.
setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 
setRequiresAuthenticationRequestMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Sets the request matcher to check whether to proceed the request further.
setRequiresHttpsRedirectMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.transport.HttpsRedirectWebFilter
Use this ServerWebExchangeMatcher to narrow which requests are redirected to HTTPS.
setRequiresLogoutMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.logout.LogoutWebFilter
 
setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
Sets a Function used to resolve a Map of the hidden inputs where the key is the name of the input and the value is the value of the input.
setResolveHiddenInputs(Function<HttpServletRequest, Map<String, String>>) - Method in class org.springframework.security.web.authentication.ui.DefaultOneTimeTokenSubmitPageGeneratingFilter
 
setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResource(Resource) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResource(Resource) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
Sets a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
 
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
 
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.crypto.RsaKeyConversionServicePostProcessor
 
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
 
setResourceLoader(ResourceLoader) - Method in class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
 
setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.ReactiveUserDetailsServiceResourceFactoryBean
Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLocation(String) - Method in class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResourceLocation(String) - Method in class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
Sets the location of a Resource that is a Properties file in the format defined in UserDetailsResourceFactoryBean.
setResponse(HttpServletResponse) - Method in class org.springframework.security.web.context.HttpRequestResponseHolder
Deprecated.
 
setRestClient(RestClient) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractRestClientOAuth2AccessTokenResponseClient
Sets the RestClient used when requesting the OAuth 2.0 Access Token Response.
setRestClient(RestClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiPasswordChecker
Sets the RestClient to use when making requests to Have I Been Pwned REST API.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient
Deprecated.
Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient
Deprecated.
Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient
Deprecated.
Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient
Deprecated.
Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient
Deprecated.
Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.endpoint.DefaultTokenExchangeTokenResponseClient
Deprecated.
Sets the RestOperations used when requesting the OAuth 2.0 Access Token Response.
setRestOperations(RestOperations) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService
Sets the RestOperations used when requesting the UserInfo resource.
setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler
Set whether to rethrow AuthenticationServiceExceptions (defaults to true)
setRethrowAuthenticationServiceException(boolean) - Method in class org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler
Set whether to rethrow AuthenticationServiceExceptions (defaults to true)
setRetrieveUserInfo(Predicate<OidcUserRequest>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService
Sets the Predicate used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner).
setRetrieveUserInfo(Predicate<OidcUserRequest>) - Method in class org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService
Sets the Predicate used to determine if the UserInfo Endpoint should be called to retrieve information about the End-User (Resource Owner).
setReturningAttributes(String[]) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
Specifies the attributes that will be returned as part of the search.
setReturnObject(Object) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionOperations
 
setReturnObject(Object, EvaluationContext) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
 
setReturnObject(Object, EvaluationContext) - Method in interface org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
Used to inform the expression system of the return object for the given evaluation context.
setRoleAttributes(String[]) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
The names of any attributes in the user's entry which represent application roles.
setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.access.expression.AbstractSecurityExpressionHandler
 
setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
Sets the RoleHierarchy to use.
setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.authorization.AuthoritiesAuthorizationManager
Sets the RoleHierarchy to be used.
setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
Sets the RoleHierarchy to be used.
setRoleHierarchy(RoleHierarchy) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
Sets the RoleHierarchy to be used.
setRoleMapper(AttributesMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setRolePrefix(String) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
Allows the default role prefix of ROLE_ to be overridden.
setRolePrefix(String) - Method in class org.springframework.security.access.vote.RoleVoter
Deprecated.
Allows the default role prefix of ROLE_ to be overridden.
setRolePrefix(String) - Method in class org.springframework.security.authorization.method.Jsr250AuthorizationManager
Sets the role prefix.
setRolePrefix(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Allows a default role prefix to be specified.
setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
Sets the prefix which will be prepended to the values loaded from the directory.
setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Sets the role prefix used when converting authorities.
setRolePrefix(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
The prefix that should be applied to the role names
setRolePrefix(String) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
 
setRoomNumber(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setRoot(String) - Method in class org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean
Optional root suffix for the embedded LDAP server.
setRunAsManager(RunAsManager) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setSaml2AuthenticationUrlToProviderName(Map<String, String>) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setSaml2LoginEnabled(boolean) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.CookieServerRequestCache
Sets the matcher to determine if the request should be saved.
setSaveRequestMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
Sets the matcher to determine if the request should be saved.
setScheduler(Scheduler) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
setScheduler(Scheduler) - Method in class org.springframework.security.authentication.ReactiveAuthenticationManagerAdapter
Set a scheduler that will be published on to perform the authentication logic.
setScheme(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setScheme(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setScope(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
setSearchControls(SearchControls) - Method in class org.springframework.security.ldap.SpringSecurityLdapTemplate
Sets the search controls which will be used for search operations by the template.
setSearchFilter(String) - Method in class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
The LDAP filter string to search for the user being authenticated.
setSearchSubtree(boolean) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
If true then searches the entire subtree as identified by context, if false (the default) then only searches the level identified by the context.
setSearchSubtree(boolean) - Method in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
If set to true, a subtree scope search will be performed.
setSearchTimeLimit(int) - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
The time to wait before the search fails; the default is zero, meaning forever.
setSecure(boolean) - Method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
setSecure(Boolean) - Method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
setSecureKeyword(String) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
setSecureRandom(SecureRandom) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.
setSecureRandom(SecureRandom) - Method in class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
Specifies the SecureRandom used to generate random bytes that are used to mask the value of the CsrfToken on each request.
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authentication.jaas.SecurityContextLoginModule
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.Jsr250AuthorizationMethodInterceptor
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PostAuthorizeAuthorizationMethodInterceptor
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.PreAuthorizeAuthorizationMethodInterceptor
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.config.method.MethodSecurityBeanDefinitionParser.SecuredAuthorizationMethodInterceptor
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.SecurityContextChannelInterceptor
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor
 
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.client.OAuth2ClientHttpRequestInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AnonymousAuthenticationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.logout.LogoutFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.NullSecurityContextRepository
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.request.async.SecurityContextCallableProcessingInterceptor
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.RequestAttributeSecurityContextRepository
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
Deprecated.
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SecurityContextHolderFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.context.SecurityContextPersistenceFilter
Deprecated.
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.FilterChainProxy
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.session.ConcurrentSessionFilter
setSecurityContextHolderStrategy(SecurityContextHolderStrategy) - Method in class org.springframework.security.web.session.SessionManagementFilter
setSecurityContextRepository(HttpServletRequest, SecurityContextRepository) - Static method in class org.springframework.security.test.web.support.WebTestUtils
Sets the SecurityContextRepository for the specified HttpServletRequest.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
Sets the SecurityContextRepository to use.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Sets the SecurityContextRepository to save the SecurityContext on switch user success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.www.BasicAuthenticationFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
Sets the SecurityContextRepository to save the SecurityContext on authentication success.
setSecurityContextRepository(SecurityContextRepository) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
Sets the SecurityContextRepository to use.
setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Sets the repository for persisting the SecurityContext.
setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler
Sets the ServerSecurityContextRepository that should be used for logging out.
setSecurityContextRepository(ServerSecurityContextRepository) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Sets the repository for persisting the SecurityContext.
setSecurityInterceptor(AbstractSecurityInterceptor) - Method in class org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator
Deprecated.
 
setSecurityMetadataSource(MethodSecurityMetadataSource) - Method in class org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
Deprecated.
 
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.channel.ChannelProcessingFilter
 
setSecurityMetadataSource(FilterInvocationSecurityMetadataSource) - Method in class org.springframework.security.web.access.intercept.FilterSecurityInterceptor
Deprecated.
 
setSeed(Resource) - Method in class org.springframework.security.core.token.SecureRandomFactoryBean
Allows the user to specify a resource which will act as a seed for the SecureRandom instance.
setSelectClause(String) - Method in class org.springframework.security.acls.jdbc.BasicLookupStrategy
The SQL for the select clause.
setSendRenew(boolean) - Method in class org.springframework.security.cas.ServiceProperties
 
setSeriesLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
setServerAuthenticationConverter(ServerAuthenticationConverter) - Method in class org.springframework.security.web.server.authentication.AuthenticationWebFilter
Sets the strategy used for converting from a ServerWebExchange to an Authentication used for authenticating with the provided ReactiveAuthenticationManager.
setServerInteger(Integer) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
setServerName(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setServerName(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setServerPort(int) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setServerSecret(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
setService(String) - Method in class org.springframework.security.cas.ServiceProperties
 
setServiceParameter(String) - Method in class org.springframework.security.cas.ServiceProperties
 
setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.web.CasAuthenticationEntryPoint
 
setServiceProperties(ServiceProperties) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
setServletContext(ServletContext) - Method in class org.springframework.security.config.annotation.web.builders.WebSecurity
 
setServletContext(ServletContext) - Method in class org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator
 
setServletContext(ServletContext) - Method in class org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
Deprecated.
 
setServletContext(ServletContext) - Method in class org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
 
setServletPath(String) - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder
 
setServletPath(String) - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
The servlet path to match on.
setServletPath(String) - Method in class org.springframework.security.web.util.RedirectUrlBuilder
 
setSessionAttributeName(String) - Method in class org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository
Sets the HttpSession attribute name that the CsrfToken is stored in
setSessionAttributeName(String) - Method in class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
Sets the HttpSession attribute name that the CsrfToken is stored in
setSessionAttrName(String) - Method in class org.springframework.security.web.savedrequest.HttpSessionRequestCache
If the sessionAttrName property is set, the request is stored in the session using this attribute name.
setSessionAuthenticationStrategy(SessionAuthenticationStrategy) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
The session handling strategy which will be invoked immediately after an authentication request is successfully processed by the AuthenticationManager.
setSessionCookieName(String) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcBackChannelLogoutHandler
Use this cookie name for the session identifier.
setSessionCookieName(String) - Method in class org.springframework.security.config.web.server.OidcBackChannelServerLogoutHandler
Use this cookie name for the session identifier.
setSessionLimit(SessionLimit) - Method in class org.springframework.security.web.server.authentication.ConcurrentSessionControlServerAuthenticationSuccessHandler
Sets the strategy used to resolve the maximum number of sessions that are allowed for a specific Authentication.
setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
Sets an object that is shared by multiple SecurityConfigurer.
setSharedObject(Class<C>, C) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
setSharedObject(Class<C>, C) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Sets an object that is shared by multiple SecurityConfigurer.
setShouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.web.access.intercept.AuthorizationFilter
Deprecated, for removal: This API element is subject to removal in a future version.
Permit access to the DispatcherType instead.
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

        @Bean
        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorize) -> authorize
                                .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
                                // ...
                        );
                return http.build();
        }
 }
 
setShouldWriteHeadersEagerly(boolean) - Method in class org.springframework.security.web.header.HeaderWriterFilter
Allow writing headers at the beginning of the request.
setSidIdentityQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Sets the query that will be used to retrieve the identity of a newly created row in the acl_sid table.
setSidPrimaryKeyQuery(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclEntryVoter
 
setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionCacheOptimizer
 
setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.AclPermissionEvaluator
 
setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
setSidRetrievalStrategy(SidRetrievalStrategy) - Method in class org.springframework.security.acls.domain.AclAuthorizationStrategyImpl
 
setSn(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
setSpringSecurityContextAttrName(String) - Method in class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
Sets the session attribute name used to save and load the SecurityContext
setSpringSecurityContextKey(String) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
Allows the session attribute name to be customized for this repository instance.
setStatelessTicketCache(StatelessTicketCache) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setStatusCode(HttpStatus) - Method in class org.springframework.security.web.DefaultRedirectStrategy
Sets the HTTP status code to use.
setStrategyName(String) - Static method in class org.springframework.security.core.context.SecurityContextHolder
Changes the preferred strategy.
setStreet(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setStringSeparator(String) - Method in class org.springframework.security.core.authority.mapping.MapBasedAttributes2GrantedAuthoritiesMapper
 
setSubjectDnRegex(String) - Method in class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
Sets the regular expression which will by used to extract the user name from the certificate's Subject DN.
setSubjectTokenResolver(Function<OAuth2AuthorizationContext, OAuth2Token>) - Method in class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
Sets the resolver used for resolving the subject token.
setSubjectTokenResolver(Function<OAuth2AuthorizationContext, Mono<OAuth2Token>>) - Method in class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
Sets the resolver used for resolving the subject token.
setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.AuthenticationFilter
 
setSuccessHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Used to define custom behaviour on a successful switch or exit user.
setSwitchAuthorityRole(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Allows the role of the switchAuthority to be customized.
setSwitchFailureUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Sets the URL to which a user should be redirected if the switch fails.
setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
setSwitchUserMatcher(ServerWebExchangeMatcher) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Set the matcher to respond to switch user processing.
setSwitchUserMatcher(RequestMatcher) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Set the matcher to respond to switch user processing.
setSwitchUserUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Set the URL to respond to switch user processing.
setSwitchUserUrl(String) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Set the URL to respond to switch user processing.
setTargetUrl(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Sets the URL to go to after a successful switch / exit user request.
setTargetUrlParameter(String) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
If this property is set, the current request will be checked for this a parameter with this name and the value used as the target URL if present.
setTargetVisitor(AuthorizationAdvisorProxyFactory.TargetVisitor) - Method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
Use this visitor to navigate the proxy target's hierarchy.
setTelephoneNumber(String) - Method in class org.springframework.security.ldap.userdetails.Person.Essence
 
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
Configure pre/post-authorization template resolution
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
Deprecated.
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
Configure pre/post-authorization template resolution
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
Configure pre/post-authorization template resolution
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
setTemplateDefaults(PrePostTemplateDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostAuthorizeReactiveAuthorizationManager
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationMethodInterceptor
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PostFilterAuthorizationReactiveMethodInterceptor
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreAuthorizeReactiveAuthorizationManager
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationMethodInterceptor
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.authorization.method.PreFilterAuthorizationReactiveMethodInterceptor
Configure pre/post-authorization template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
Configure AuthenticationPrincipal template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
Configure AuthenticationPrincipal template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
Configure CurrentSecurityContext template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
Configure AuthenticationPrincipal template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
Configure CurrentSecurityContext template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
Configure AuthenticationPrincipal template resolution
setTemplateDefaults(AnnotationTemplateExpressionDefaults) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
Configure CurrentSecurityContext template resolution
setThrowableAnalyzer(ThrowableAnalyzer) - Method in class org.springframework.security.web.access.ExceptionTranslationFilter
 
setThrowExceptionWhenTokenRejected(boolean) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
If true, causes the provider to throw a BadCredentialsException if the presented authentication request is invalid (contains a null principal or credentials).
setTicketValidator(TicketValidator) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setTimeBeforeExpiration(int) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setTitle(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setTokenFromMultipartDataEnabled(boolean) - Method in class org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler
Specifies if the ServerCsrfTokenRequestResolver should try to resolve the actual CSRF token from the body of multipart data requests.
setTokenLength(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
setTokenValiditySeconds(int) - Method in class org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices
 
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.access.expression.SecurityExpressionRoot
 
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.authorization.AuthenticatedAuthorizationManager
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler
 
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultHttpSecurityExpressionHandler
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
Sets the AuthenticationTrustResolver to be used.
setTrustResolver(AuthenticationTrustResolver) - Method in class org.springframework.security.web.session.SessionManagementFilter
Sets the AuthenticationTrustResolver to be used.
setUid(String) - Method in class org.springframework.security.ldap.userdetails.InetOrgPerson.Essence
 
setUnsafeAllowAnyHttpMethod(boolean) - Method in class org.springframework.security.web.firewall.StrictHttpFirewall
Sets if any HTTP method is allowed.
setup() - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity.AuthorizePayloadsSpec
 
setup() - Static method in class org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers
 
SETUP - Enum constant in enum class org.springframework.security.rsocket.api.PayloadExchangeType
The Setup.
setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithAnonymousUser
Determines when the SecurityContext is setup.
setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
Determines when the SecurityContext is setup.
setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithSecurityContext
Determines when the SecurityContext is setup.
setupBefore() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails
Determines when the SecurityContext is setup.
setUpdateObjectIdentity(String) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
 
setUpdateUserSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.cas.jackson2.CasJackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.jackson2.CoreJackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.ldap.jackson2.LdapJackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.saml2.jackson2.Saml2Jackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebJackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.web.jackson2.WebServletJackson2Module
 
setupModule(Module.SetupContext) - Method in class org.springframework.security.web.server.jackson2.WebServerJackson2Module
 
setUrl(String) - Method in class org.springframework.security.taglibs.authz.AbstractAuthorizeTag
 
setUseAuthenticationRequestCredentials(boolean) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Determines whether the supplied password will be used as the credentials in the successful authentication token.
setUseEquals(boolean) - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
If set to true, matches on exact MediaType, else uses MediaType.isCompatibleWith(MediaType).
setUseEquals(boolean) - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
If set to true, matches on exact MediaType, else uses MediaType.isCompatibleWith(MediaType).
setUseForward(boolean) - Method in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Tells if we are to do a forward to the loginFormUrl using the RequestDispatcher, instead of a 302 redirect.
setUseForward(boolean) - Method in class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
If set to true, performs a forward to the failure destination URL instead of a redirect.
setUsePasswordAttrCompare(boolean) - Method in class org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator
 
setUsePasswordModifyExtensionOperation(boolean) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
Sets the method by which a user's password gets modified.
setUserAttributes(String[]) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
Sets the user attributes which will be retrieved from the directory.
setUserCache(UserCache) - Method in class org.springframework.security.authentication.CachingUserDetailsService
 
setUserCache(UserCache) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
setUserCache(UserCache) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
Optionally sets the UserCache if one is in use in the application.
setUserCache(UserCache) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
Sets the UserDetailsChecker to be used for checking the status of retrieved user details.
setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Sets the strategy which will be used to validate the loaded UserDetails object for the user.
setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Sets the strategy to be used to validate the UserDetails object obtained for the user when processing a remember-me cookie to automatically log in a user.
setUserDetailsChecker(UserDetailsChecker) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Sets the UserDetailsChecker that is called on the target user whenever the user is switched.
setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Sets a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication.
setUserDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
Allows a custom strategy to be used for creating the UserDetails which will be stored as the principal in the Authentication returned by the AbstractLdapAuthenticationProvider.createSuccessfulAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken, org.springframework.security.core.userdetails.UserDetails) method.
setUserDetailsMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setUserDetailsMapper(UserDetailsContextMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsService
 
setUserDetailsPasswordService(ReactiveUserDetailsPasswordService) - Method in class org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager
Sets the service to use for upgrading passwords on successful authentication.
setUserDetailsPasswordService(UserDetailsPasswordService) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.authentication.dao.DaoAuthenticationProvider
 
setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
Set the wrapped UserDetailsService implementation
setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Sets the authentication data access object.
setUserDetailsService(UserDetailsService) - Method in class org.springframework.security.web.authentication.www.DigestAuthenticationFilter
 
setUserDnPatterns(String...) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
If your users are at a fixed location in the directory (i.e.
setUserDnPatterns(String[]) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
Sets the pattern which will be used to supply a DN for the user.
setUseReferer(boolean) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler
If set to true the Referer header will be used (if available).
setUserExistsSql(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
setUsername(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.Essence
 
setUsernameBasedPrimaryKey(boolean) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
If true (the default), indicates the JdbcDaoImpl.getUsersByUsernameQuery() returns a username in response to a query.
setUsernameMapper(LdapUsernameToDnMapper) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
Allows the parameter containing the username to be customized.
setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
 
setUsernameParameter(String) - Method in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
Sets the parameter name which will be used to obtain the username from the login request.
setUsernameParameter(String) - Method in class org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
Deprecated.
The parameter name of the form data to extract the username
setUserRoles2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
 
setUsersByUsernameQuery(String) - Method in class org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl
Allows the default query string used to retrieve users based on username to be overridden, if default table or column names need to be changed.
setUserSearch(LdapUserSearch) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticator
 
setUserSearchBase(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
Search base for user searches.
setUserSearchFilter(String) - Method in class org.springframework.security.config.ldap.AbstractLdapAuthenticationManagerFactory
The LDAP filter used to search for users (optional).
setUseSecureCookie(boolean) - Method in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
Whether the cookie should be flagged as secure or not.
setValidateConfigAttributes(boolean) - Method in class org.springframework.security.access.intercept.AbstractSecurityInterceptor
Deprecated.
 
setVar(String) - Method in class org.springframework.security.taglibs.authz.AccessControlListTag
 
setVar(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
setVar(String) - Method in class org.springframework.security.taglibs.authz.JspAuthorizeTag
 
setWebClient(WebClient) - Method in class org.springframework.security.oauth2.client.endpoint.AbstractWebClientReactiveOAuth2AccessTokenResponseClient
Sets the WebClient used when requesting the OAuth 2.0 Access Token Response.
setWebClient(WebClient) - Method in class org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService
Sets the WebClient used for retrieving the user endpoint
setWebClient(WebClient) - Method in class org.springframework.security.web.authentication.password.HaveIBeenPwnedRestApiReactivePasswordChecker
Sets the WebClient to use when making requests to Have I Been Pwned REST API.
setWebSphereGroups2GrantedAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper) - Method in class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 
setWorkingDirectory(File) - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
sha(byte[]) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
Calculates the SHA digest and returns the value as a byte[].
sha(String) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
Calculates the SHA digest and returns the value as a byte[].
SHA256 - Enum constant in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
 
Sha512DigestUtils - Class in org.springframework.security.core.token
Provides SHA512 digest methods.
Sha512DigestUtils() - Constructor for class org.springframework.security.core.token.Sha512DigestUtils
 
shaHex(byte[]) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
Calculates the SHA digest and returns the value as a hex string.
shaHex(String) - Static method in class org.springframework.security.core.token.Sha512DigestUtils
Calculates the SHA digest and returns the value as a hex string.
shared(int) - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
Create a BytesKeyGenerator that returns a single, shared SecureRandom key of a custom length.
shouldFilterAllDispatcherTypes(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
Deprecated, for removal: This API element is subject to removal in a future version.
Permit access to the DispatcherType instead.
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {

        @Bean
        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authorize) -> authorize
                                .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
                                // ...
                        );
                return http.build();
        }
 }
 
shouldNotFilter(HttpServletRequest) - Method in class org.springframework.security.web.csrf.CsrfFilter
 
showDefaultSubmitPage(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer
Configures whether the default one-time token submit page should be shown.
shutdown() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
shutdownNow() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
Sid - Interface in org.springframework.security.acls.model
A security identity recognised by the ACL system.
SID - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
sid - the session id for the OIDC provider
sidRetrievalStrategy - Variable in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
SidRetrievalStrategy - Interface in org.springframework.security.acls.model
Strategy interface that provides an ability to determine the Sid instances applicable for an Authentication.
SidRetrievalStrategyImpl - Class in org.springframework.security.acls.domain
Basic implementation of SidRetrievalStrategy that creates a Sid for the principal, as well as every granted authority the principal holds.
SidRetrievalStrategyImpl() - Constructor for class org.springframework.security.acls.domain.SidRetrievalStrategyImpl
 
SidRetrievalStrategyImpl(RoleHierarchy) - Constructor for class org.springframework.security.acls.domain.SidRetrievalStrategyImpl
 
SIG_ALG - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
SigAlg - used to communicate which signature algorithm to use to verify signature
sigAlg(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
Sets the SigAlg parameter that will accompany this AuthNRequest
signature(String) - Method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.Builder
Sets the Signature parameter that will accompany this AuthNRequest
SIGNATURE - Static variable in class org.springframework.security.saml2.core.Saml2ParameterNames
Signature - used to supply cryptographic signature on any SAML 2.0 payload
signatureAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder.PublicKeyJwtDecoderBuilder
Use the given signing algorithm.
signatureAlgorithm(SignatureAlgorithm) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.PublicKeyReactiveJwtDecoderBuilder
Use the given signing algorithm.
SignatureAlgorithm - Enum Class in org.springframework.security.oauth2.jose.jws
An enumeration of the cryptographic algorithms defined by the JSON Web Algorithms (JWA) specification and used by JSON Web Signature (JWS) to digitally sign the contents of the JWS Protected Header and JWS Payload.
signing(PrivateKey, X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
Create a Saml2X509Credential that can be used for signing.
SIGNING - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
 
signingAlgorithms(Consumer<List<String>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Apply this Consumer to the list of SigningMethod Algorithms
signingAlgorithms(Consumer<List<String>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Apply this Consumer to the list of SigningMethod Algorithms
signingAlgorithms(Consumer<List<String>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Apply this Consumer to the list of SigningMethod Algorithms
signingX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
signingX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Apply this Consumer to the Collection of Saml2X509Credentials for the purposes of modifying the Collection
SimpDestinationMessageMatcher - Class in org.springframework.security.messaging.util.matcher
MessageMatcher which compares a pre-defined pattern against the destination of a Message.
SimpDestinationMessageMatcher(String) - Constructor for class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
Creates a new instance with the specified pattern, null SimpMessageType (matches any type), and a AntPathMatcher created from the default constructor.
SimpDestinationMessageMatcher(String, PathMatcher) - Constructor for class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
Creates a new instance with the specified pattern and PathMatcher.
simpDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps a List of SimpDestinationMessageMatcher instances without regard to the SimpMessageType.
simpDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps a List of SimpDestinationMessageMatcher instances without regard to the SimpMessageType.
simpDestPathMatcher(Supplier<PathMatcher>) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
simpDestPathMatcher(PathMatcher) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
SimpleAttributes2GrantedAuthoritiesMapper - Class in org.springframework.security.core.authority.mapping
This class implements the Attributes2GrantedAuthoritiesMapper interface by doing a one-to-one mapping from roles to Spring Security GrantedAuthorities.
SimpleAttributes2GrantedAuthoritiesMapper() - Constructor for class org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper
 
simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec>) - Method in class org.springframework.security.config.annotation.rsocket.RSocketSecurity
Adds support for validating a username and password using Simple Authentication
SimpleAuthenticationEncoder - Class in org.springframework.security.rsocket.metadata
Encodes Simple Authentication.
SimpleAuthenticationEncoder() - Constructor for class org.springframework.security.rsocket.metadata.SimpleAuthenticationEncoder
 
SimpleAuthorityMapper - Class in org.springframework.security.core.authority.mapping
Simple one-to-one GrantedAuthoritiesMapper which allows for case conversion of the authority name and the addition of a string prefix (which defaults to ROLE_ ).
SimpleAuthorityMapper() - Constructor for class org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
 
SimpleGrantedAuthority - Class in org.springframework.security.core.authority
Basic concrete implementation of a GrantedAuthority.
SimpleGrantedAuthority(String) - Constructor for class org.springframework.security.core.authority.SimpleGrantedAuthority
 
SimpleGrantedAuthorityMixin - Class in org.springframework.security.jackson2
Jackson Mixin class helps in serialize/deserialize SimpleGrantedAuthority.
SimpleGrantedAuthorityMixin(String) - Constructor for class org.springframework.security.jackson2.SimpleGrantedAuthorityMixin
Mixin Constructor.
SimpleMappableAttributesRetriever - Class in org.springframework.security.core.authority.mapping
This class implements the MappableAttributesRetriever interface by just returning a list of mappable attributes as previously set using the corresponding setter method.
SimpleMappableAttributesRetriever() - Constructor for class org.springframework.security.core.authority.mapping.SimpleMappableAttributesRetriever
 
SimpleMethodInvocation - Class in org.springframework.security.util
Represents the AOP Alliance MethodInvocation.
SimpleMethodInvocation() - Constructor for class org.springframework.security.util.SimpleMethodInvocation
 
SimpleMethodInvocation(Object, Method, Object...) - Constructor for class org.springframework.security.util.SimpleMethodInvocation
 
SimpleRedirectInvalidSessionStrategy - Class in org.springframework.security.web.session
Performs a redirect to a fixed URL when an invalid requested session is detected by the SessionManagementFilter.
SimpleRedirectInvalidSessionStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy
 
SimpleRedirectSessionInformationExpiredStrategy - Class in org.springframework.security.web.session
Performs a redirect to a fixed URL when an expired session is detected by the ConcurrentSessionFilter.
SimpleRedirectSessionInformationExpiredStrategy(String) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
 
SimpleRedirectSessionInformationExpiredStrategy(String, RedirectStrategy) - Constructor for class org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
 
SimpleSavedRequest - Class in org.springframework.security.web.savedrequest
A Bean implementation of SavedRequest
SimpleSavedRequest() - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
SimpleSavedRequest(String) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
SimpleSavedRequest(SavedRequest) - Constructor for class org.springframework.security.web.savedrequest.SimpleSavedRequest
 
SimpleUrlAuthenticationFailureHandler - Class in org.springframework.security.web.authentication
AuthenticationFailureHandler which performs a redirect to the value of the defaultFailureUrl property when the onAuthenticationFailure method is called.
SimpleUrlAuthenticationFailureHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
SimpleUrlAuthenticationFailureHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 
SimpleUrlAuthenticationSuccessHandler - Class in org.springframework.security.web.authentication
AuthenticationSuccessHandler which can be configured with a default URL which users should be sent to upon successful authentication.
SimpleUrlAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
 
SimpleUrlAuthenticationSuccessHandler(String) - Constructor for class org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
Constructor which sets the defaultTargetUrl property of the base class.
SimpleUrlLogoutSuccessHandler - Class in org.springframework.security.web.authentication.logout
Handles the navigation on logout by delegating to the AbstractAuthenticationTargetUrlRequestHandler base class logic.
SimpleUrlLogoutSuccessHandler() - Constructor for class org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
 
simpMessageDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.MESSAGE.
simpMessageDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.MESSAGE.
SimpMessageTypeMatcher - Class in org.springframework.security.messaging.util.matcher
A MessageMatcher that matches if the provided Message has a type that is the same as the SimpMessageType that was specified in the constructor.
SimpMessageTypeMatcher(SimpMessageType) - Constructor for class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
Creates a new instance
simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.SUBSCRIBE.
simpSubscribeDestMatchers(String...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps a List of SimpDestinationMessageMatcher instances that match on SimpMessageType.SUBSCRIBE.
simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry
Deprecated.
Maps a List of SimpDestinationMessageMatcher instances.
simpTypeMatchers(SimpMessageType...) - Method in class org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager.Builder
Maps a List of SimpDestinationMessageMatcher instances.
singleLogoutServiceBinding(Saml2MessageBinding) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
singleLogoutServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
singleLogoutServiceBindings(Consumer<Collection<Saml2MessageBinding>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
singleLogoutServiceBindings(Consumer<Collection<Saml2MessageBinding>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
Apply this Consumer to the Collection of Saml2MessageBindings for the purposes of modifying the SingleLogoutService Binding Collection.
singleLogoutServiceLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
singleLogoutServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
singleLogoutServiceResponseLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration.Builder
Deprecated.
 
singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
singleLogoutServiceResponseLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder
singleSignOnServiceBinding(Saml2MessageBinding) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Set the SingleSignOnService Binding.
singleSignOnServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Set the SingleSignOnService Binding.
singleSignOnServiceBinding(Saml2MessageBinding) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Set the SingleSignOnService Binding.
singleSignOnServiceLocation(String) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Set the SingleSignOnService Location.
singleSignOnServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Set the SingleSignOnService Location.
singleSignOnServiceLocation(String) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Set the SingleSignOnService Location.
skipExchange(ServerWebExchange) - Static method in class org.springframework.security.web.server.csrf.CsrfWebFilter
 
skipRequest(HttpServletRequest) - Static method in class org.springframework.security.web.csrf.CsrfFilter
 
spliterator() - Method in class org.springframework.security.saml2.provider.service.registration.CachingRelyingPartyRegistrationRepository
 
SPRING_SECURITY_CONTEXT_KEY - Static variable in class org.springframework.security.web.context.HttpSessionSecurityContextRepository
The default key under which the security context will be stored in the session.
SPRING_SECURITY_FILTER_CHAIN - Static variable in class org.springframework.security.config.BeanIds
External alias for FilterChainProxy bean, for use in web.xml files
SPRING_SECURITY_FORM_PASSWORD_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
SPRING_SECURITY_FORM_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
SPRING_SECURITY_SWITCH_USERNAME_KEY - Static variable in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
 
SpringAuthorizationEventPublisher - Class in org.springframework.security.authorization
An implementation of AuthorizationEventPublisher that uses Spring's event publishing support.
SpringAuthorizationEventPublisher(ApplicationEventPublisher) - Constructor for class org.springframework.security.authorization.SpringAuthorizationEventPublisher
Construct this publisher using Spring's ApplicationEventPublisher
SpringCacheBasedAclCache - Class in org.springframework.security.acls.domain
Simple implementation of AclCache that delegates to Cache implementation.
SpringCacheBasedAclCache(Cache, PermissionGrantingStrategy, AclAuthorizationStrategy) - Constructor for class org.springframework.security.acls.domain.SpringCacheBasedAclCache
 
SpringCacheBasedTicketCache - Class in org.springframework.security.cas.authentication
Caches tickets using a Spring IoC defined Cache.
SpringCacheBasedTicketCache(Cache) - Constructor for class org.springframework.security.cas.authentication.SpringCacheBasedTicketCache
 
SpringCacheBasedUserCache - Class in org.springframework.security.core.userdetails.cache
Caches UserDetails instances in a Spring defined Cache.
SpringCacheBasedUserCache(Cache) - Constructor for class org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache
 
SpringOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
A Spring implementation of OpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.
SpringOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
Creates a OpaqueTokenAuthenticationProvider with the provided parameters
SpringOpaqueTokenIntrospector(String, RestOperations) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
Creates a OpaqueTokenAuthenticationProvider with the provided parameters The given RestOperations should perform its own client authentication against the introspection endpoint.
SpringReactiveOpaqueTokenIntrospector - Class in org.springframework.security.oauth2.server.resource.introspection
A Spring implementation of ReactiveOpaqueTokenIntrospector that verifies and introspects a token using the configured OAuth 2.0 Introspection Endpoint.
SpringReactiveOpaqueTokenIntrospector(String, String, String) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
SpringReactiveOpaqueTokenIntrospector(String, WebClient) - Constructor for class org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector
Creates a OpaqueTokenReactiveAuthenticationManager with the provided parameters
springSecurity() - Static method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers
Sets up Spring Security's WebTestClient test support
springSecurity() - Static method in class org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
Configures the MockMvcBuilder for use with Spring Security.
springSecurity(Filter) - Static method in class org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers
Configures the MockMvcBuilder for use with Spring Security.
SpringSecurityAuthenticationSource - Class in org.springframework.security.ldap.authentication
An AuthenticationSource to retrieve authentication information stored in Spring Security's SecurityContextHolder.
SpringSecurityAuthenticationSource() - Constructor for class org.springframework.security.ldap.authentication.SpringSecurityAuthenticationSource
 
SpringSecurityCoreVersion - Class in org.springframework.security.core
Internal class used for checking version compatibility in a deployed application.
springSecurityFilterChain() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
Creates the Spring Security Filter Chain
SpringSecurityLdapTemplate - Class in org.springframework.security.ldap
Extension of Spring LDAP's LdapTemplate class which adds extra functionality required by Spring Security.
SpringSecurityLdapTemplate(ContextSource) - Constructor for class org.springframework.security.ldap.SpringSecurityLdapTemplate
 
SpringSecurityMessageSource - Class in org.springframework.security.core
The default MessageSource used by Spring Security.
SpringSecurityMessageSource() - Constructor for class org.springframework.security.core.SpringSecurityMessageSource
 
standard(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
Creates a standard password-based bytes encryptor using 256 bit AES encryption.
StandardClaimAccessor - Interface in org.springframework.security.oauth2.core.oidc
A ClaimAccessor for the "Standard Claims" that can be returned either in the UserInfo Response or the ID Token.
StandardClaimNames - Class in org.springframework.security.oauth2.core.oidc
The names of the "Standard Claims" defined by the OpenID Connect Core 1.0 specification that can be returned either in the UserInfo Response or the ID Token.
StandardPasswordEncoder - Class in org.springframework.security.crypto.password
Deprecated.
Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use DelegatingPasswordEncoder which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
StandardPasswordEncoder() - Constructor for class org.springframework.security.crypto.password.StandardPasswordEncoder
Deprecated.
Constructs a standard password encoder with no additional secret value.
StandardPasswordEncoder(CharSequence) - Constructor for class org.springframework.security.crypto.password.StandardPasswordEncoder
Deprecated.
Constructs a standard password encoder with a secret value which is also included in the password hash.
start() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
start() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
state(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.Builder
Sets the state.
state(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse.Builder
Sets the state.
STATE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
state - used in Authorization Request and Authorization Response.
stateful(Object) - Static method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
stateless(Object) - Static method in class org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken
 
STATELESS - Enum constant in enum class org.springframework.security.config.http.SessionCreationPolicy
Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext
StatelessTicketCache - Interface in org.springframework.security.cas.authentication
Caches CAS service tickets and CAS proxy tickets for stateless connections.
StaticAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
StaticAllowFromStrategy(URI) - Constructor for class org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy
Deprecated.
 
StaticHeadersWriter - Class in org.springframework.security.web.header.writers
HeaderWriter implementation which writes the same Header instance.
StaticHeadersWriter(String, String...) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter
Creates a new instance with a single header
StaticHeadersWriter(List<Header>) - Constructor for class org.springframework.security.web.header.writers.StaticHeadersWriter
Creates a new instance
StaticServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Allows specifying HttpHeaders that should be written to the response.
StaticServerHttpHeadersWriter(HttpHeaders) - Constructor for class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
 
StaticServerHttpHeadersWriter.Builder - Class in org.springframework.security.web.server.header
 
statusError() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns true if the Authorization Request failed, otherwise false.
statusOk() - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns true if the Authorization Request succeeded, otherwise false.
stop() - Method in class org.springframework.security.ldap.server.ApacheDSContainer
Deprecated.
 
stop() - Method in class org.springframework.security.ldap.server.UnboundIdContainer
 
STORAGE - Enum constant in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
 
STORAGE - Enum constant in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
 
streetAddress(String) - Method in class org.springframework.security.oauth2.core.oidc.DefaultAddressStandardClaim.Builder
Sets the full street address, which may include house number, street name, P.O.
STRICT_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
STRICT_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
STRICT_ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
STRICT_ORIGIN_WHEN_CROSS_ORIGIN - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
STRICT_TRANSPORT_SECURITY - Static variable in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
 
StrictHttpFirewall - Class in org.springframework.security.web.firewall
A strict implementation of HttpFirewall that rejects any suspicious requests with a RequestRejectedException.
StrictHttpFirewall() - Constructor for class org.springframework.security.web.firewall.StrictHttpFirewall
 
StrictTransportSecurityServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Writes the Strict-Transport-Security if the request is secure.
StrictTransportSecurityServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
 
string() - Static method in class org.springframework.security.crypto.keygen.KeyGenerators
Creates a StringKeyGenerator that hex-encodes SecureRandom keys of 8 bytes in length.
StringKeyGenerator - Interface in org.springframework.security.crypto.keygen
A generator for unique string keys.
stronger(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
Creates a standard password-based bytes encryptor using 256 bit AES encryption with Galois Counter Mode (GCM).
SUB - Static variable in class org.springframework.security.oauth2.client.oidc.authentication.logout.LogoutTokenClaimNames
sub - the Subject identifier
SUB - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
sub - Usually a machine-readable identifier of the resource owner who authorized the token
SUB - Static variable in class org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
sub - the Subject identifier
SUB - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
sub - the Subject identifier
SUB - Static variable in class org.springframework.security.oauth2.jwt.JwtClaimNames
sub - the Subject claim identifies the principal that is the subject of the JWT
subArray(byte[], int, int) - Static method in class org.springframework.security.crypto.util.EncodingUtils
Extract a sub array of bytes out of the byte array.
subject(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this subject in the resulting OidcLogoutToken
subject(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this subject in the resulting OidcIdToken
subject(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this subject in the resulting OidcUserInfo
subject(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this subject in the resulting Jwt
subject(String) - Method in class org.springframework.security.oauth2.jwt.JwtClaimsSet.Builder
Sets the subject (sub) claim, which identifies the principal that is the subject of the JWT.
SUBJECT_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The assertion did not contain a subject element.
SUBJECT_TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
subject_token - used in Token Exchange Access Token Request.
SUBJECT_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
subject_token_type - used in Token Exchange Access Token Request.
SubjectDnX509PrincipalExtractor - Class in org.springframework.security.web.authentication.preauth.x509
Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call to X509Certificate.getSubjectDN()).
SubjectDnX509PrincipalExtractor() - Constructor for class org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
 
subjectPrincipalRegex(String) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
Specifies the regex to extract the principal from the certificate.
submit(Runnable) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
submit(Runnable) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
 
submit(Runnable, T) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
submit(Callable<T>) - Method in class org.springframework.security.concurrent.DelegatingSecurityContextExecutorService
 
submit(Callable<T>) - Method in class org.springframework.security.task.DelegatingSecurityContextAsyncTaskExecutor
 
success() - Static method in class org.springframework.security.oauth2.core.OAuth2TokenValidatorResult
Construct a successful OAuth2TokenValidatorResult
success() - Static method in class org.springframework.security.saml2.core.Saml2ResponseValidatorResult
Construct a successful Saml2ResponseValidatorResult
success() - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
Construct a successful Saml2LogoutValidatorResult
success(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse
Returns a new OAuth2AuthorizationResponse.Builder, initialized with the authorization code.
successForwardUrl(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
Forward Authentication Success Handler
successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.cas.web.CasAuthenticationFilter
 
successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Default behaviour for successful authentication.
successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Puts the Authentication instance returned by the authentication manager into the secure context.
successHandler(AuthenticationSuccessHandler) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Specifies the AuthenticationSuccessHandler to be used.
SupplierClientRegistrationRepository - Class in org.springframework.security.oauth2.client.registration
A ClientRegistrationRepository that lazily calls to retrieve ClientRegistration(s) when requested.
SupplierClientRegistrationRepository(Supplier<T>) - Constructor for class org.springframework.security.oauth2.client.registration.SupplierClientRegistrationRepository
Constructs an SupplierClientRegistrationRepository using the provided parameters.
SupplierJwtDecoder - Class in org.springframework.security.oauth2.jwt
A JwtDecoder that lazily initializes another JwtDecoder
SupplierJwtDecoder(Supplier<JwtDecoder>) - Constructor for class org.springframework.security.oauth2.jwt.SupplierJwtDecoder
 
SupplierReactiveJwtDecoder - Class in org.springframework.security.oauth2.jwt
A ReactiveJwtDecoder that lazily initializes another ReactiveJwtDecoder
SupplierReactiveJwtDecoder(Supplier<ReactiveJwtDecoder>) - Constructor for class org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder
 
supports(Class<?>) - Method in interface org.springframework.security.access.AccessDecisionManager
Deprecated.
Indicates whether the AccessDecisionManager implementation is able to provide access control decisions for the indicated secured object type.
supports(Class<?>) - Method in interface org.springframework.security.access.AccessDecisionVoter
Deprecated.
Indicates whether the AccessDecisionVoter implementation is able to provide access control votes for the indicated secured object type.
supports(Class<?>) - Method in interface org.springframework.security.access.AfterInvocationProvider
Deprecated.
Indicates whether the AfterInvocationProvider is able to provide "after invocation" processing for the indicated secured object type.
supports(Class<?>) - Method in class org.springframework.security.access.annotation.Jsr250Voter
Deprecated.
All classes are supported.
supports(Class<?>) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
Deprecated.
Indicates whether the AfterInvocationManager implementation is able to provide access control decisions for the indicated secured object type.
supports(Class<?>) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
Iterates through all AfterInvocationProviders and ensures each can support the presented class.
supports(Class<?>) - Method in class org.springframework.security.access.intercept.RunAsImplAuthenticationProvider
Deprecated.
 
supports(Class<?>) - Method in interface org.springframework.security.access.intercept.RunAsManager
Deprecated.
Indicates whether the RunAsManager implementation is able to provide run-as replacement for the indicated secure object type.
supports(Class<?>) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
This implementation supports any type of class, because it does not query the presented secure object.
supports(Class<?>) - Method in class org.springframework.security.access.method.AbstractMethodSecurityMetadataSource
Deprecated.
 
supports(Class<?>) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
Deprecated.
 
supports(Class<?>) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
Deprecated.
 
supports(Class<?>) - Method in interface org.springframework.security.access.SecurityMetadataSource
Indicates whether the SecurityMetadataSource implementation is able to provide ConfigAttributes for the indicated secure object type.
supports(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
Iterates through all AccessDecisionVoters and ensures each can support the presented class.
supports(Class<?>) - Method in class org.springframework.security.access.vote.AbstractAclVoter
Deprecated.
This implementation supports only MethodSecurityInterceptor, because it queries the presented MethodInvocation.
supports(Class<?>) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
This implementation supports any type of class, because it does not query the presented secure object.
supports(Class<?>) - Method in class org.springframework.security.access.vote.RoleVoter
Deprecated.
This implementation supports any type of class, because it does not query the presented secure object.
supports(Class<?>) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
This implementation supports any type of class, because it does not query the presented secure object.
supports(Class<?>) - Method in class org.springframework.security.authentication.AnonymousAuthenticationProvider
 
supports(Class<?>) - Method in interface org.springframework.security.authentication.AuthenticationProvider
Returns true if this AuthenticationProvider supports the indicated Authentication object.
supports(Class<?>) - Method in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.authentication.jaas.AbstractJaasAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.authentication.RememberMeAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.authentication.TestingAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.cas.authentication.CasAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.config.authentication.AuthenticationManagerBeanDefinitionParser.NullAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
Deprecated.
 
supports(Class<?>) - Method in class org.springframework.security.messaging.access.intercept.DefaultMessageSecurityMetadataSource
Deprecated.
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider
 
supports(Class<?>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
Deprecated.
 
supports(Class<?>) - Method in class org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource
 
supports(Class<?>) - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider
Indicate that this provider only supports PreAuthenticatedAuthenticationToken (sub)classes.
supports(ConfigAttribute) - Method in interface org.springframework.security.access.AccessDecisionManager
Deprecated.
Indicates whether this AccessDecisionManager is able to process authorization requests presented with the passed ConfigAttribute.
supports(ConfigAttribute) - Method in interface org.springframework.security.access.AccessDecisionVoter
Deprecated.
Indicates whether this AccessDecisionVoter is able to vote on the passed ConfigAttribute.
supports(ConfigAttribute) - Method in interface org.springframework.security.access.AfterInvocationProvider
Deprecated.
Indicates whether this AfterInvocationProvider is able to participate in a decision involving the passed ConfigAttribute.
supports(ConfigAttribute) - Method in class org.springframework.security.access.annotation.Jsr250Voter
Deprecated.
The specified config attribute is supported if its an instance of a Jsr250SecurityConfig.
supports(ConfigAttribute) - Method in interface org.springframework.security.access.intercept.AfterInvocationManager
Deprecated.
Indicates whether this AfterInvocationManager is able to process "after invocation" requests presented with the passed ConfigAttribute.
supports(ConfigAttribute) - Method in class org.springframework.security.access.intercept.AfterInvocationProviderManager
Deprecated.
 
supports(ConfigAttribute) - Method in interface org.springframework.security.access.intercept.RunAsManager
Deprecated.
Indicates whether this RunAsManager is able to process the passed ConfigAttribute.
supports(ConfigAttribute) - Method in class org.springframework.security.access.intercept.RunAsManagerImpl
Deprecated.
 
supports(ConfigAttribute) - Method in class org.springframework.security.access.prepost.PostInvocationAdviceProvider
Deprecated.
 
supports(ConfigAttribute) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
Deprecated.
 
supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
supports(ConfigAttribute) - Method in class org.springframework.security.access.vote.RoleVoter
Deprecated.
 
supports(ConfigAttribute) - Method in class org.springframework.security.acls.AclEntryVoter
 
supports(ConfigAttribute) - Method in class org.springframework.security.acls.afterinvocation.AbstractAclProvider
 
supports(ConfigAttribute) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
Deprecated.
 
supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelDecisionManager
Indicates whether this ChannelDecisionManager is able to process the passed ConfigAttribute.
supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.ChannelDecisionManagerImpl
 
supports(ConfigAttribute) - Method in interface org.springframework.security.web.access.channel.ChannelProcessor
Indicates whether this ChannelProcessor is able to process the passed ConfigAttribute.
supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.InsecureChannelProcessor
 
supports(ConfigAttribute) - Method in class org.springframework.security.web.access.channel.SecureChannelProcessor
 
supports(ConfigAttribute) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
Deprecated.
 
supportsContext(Observation.Context) - Method in class org.springframework.security.authentication.AuthenticationObservationConvention
supportsContext(Observation.Context) - Method in class org.springframework.security.authorization.AuthorizationObservationConvention
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.handler.invocation.reactive.AuthenticationPrincipalArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.messaging.handler.invocation.reactive.CurrentSecurityContextArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Deprecated.
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver
 
supportsParameter(MethodParameter) - Method in class org.springframework.security.web.reactive.result.method.annotation.CurrentSecurityContextArgumentResolver
 
switchUser(WebFilterExchange) - Method in class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Attempt to switch to another user.
SwitchUserAuthorityChanger - Interface in org.springframework.security.web.authentication.switchuser
Allows subclasses to modify the GrantedAuthority list that will be assigned to the principal when they assume the identity of a different principal.
SwitchUserFilter - Class in org.springframework.security.web.authentication.switchuser
Switch User processing filter responsible for user context switching.
SwitchUserFilter() - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserFilter
 
SwitchUserGrantedAuthority - Class in org.springframework.security.web.authentication.switchuser
Custom GrantedAuthority used by SwitchUserFilter
SwitchUserGrantedAuthority(String, Authentication) - Constructor for class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
 
SwitchUserWebFilter - Class in org.springframework.security.web.server.authentication
Switch User processing filter responsible for user context switching.
SwitchUserWebFilter(ReactiveUserDetailsService, String, String) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Creates a filter for the user context switching
SwitchUserWebFilter(ReactiveUserDetailsService, ServerAuthenticationSuccessHandler, ServerAuthenticationFailureHandler) - Constructor for class org.springframework.security.web.server.authentication.SwitchUserWebFilter
Creates a filter for the user context switching
SYSTEM_PROPERTY - Static variable in class org.springframework.security.core.context.SecurityContextHolder
 

T

TagLibConfig - Class in org.springframework.security.taglibs
internal configuration class for taglibs.
TEMPORARILY_UNAVAILABLE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
temporarily_unavailable - The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
TEST_EXECUTION - Enum constant in enum class org.springframework.security.test.context.support.TestExecutionEvent
Associated to TestExecutionListener.beforeTestExecution(TestContext) event.
TEST_METHOD - Enum constant in enum class org.springframework.security.test.context.support.TestExecutionEvent
Associated to TestExecutionListener.beforeTestMethod(TestContext) event.
TestExecutionEvent - Enum Class in org.springframework.security.test.context.support
Represents the events on the methods of TestExecutionListener
TestingAuthenticationProvider - Class in org.springframework.security.authentication
TestingAuthenticationProvider() - Constructor for class org.springframework.security.authentication.TestingAuthenticationProvider
 
TestingAuthenticationToken - Class in org.springframework.security.authentication
An Authentication implementation that is designed for use whilst unit testing.
TestingAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
 
TestingAuthenticationToken(Object, Object, String...) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
 
TestingAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
 
TestingAuthenticationToken(Object, Object, List<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.TestingAuthenticationToken
 
testSecurityContext() - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the user in the TestSecurityContextHolder.
TestSecurityContextHolder - Class in org.springframework.security.test.context
The TestSecurityContextHolder is very similar to SecurityContextHolder, but is necessary for testing.
TestSecurityContextHolderStrategyAdapter - Class in org.springframework.security.test.context
 
TestSecurityContextHolderStrategyAdapter() - Constructor for class org.springframework.security.test.context.TestSecurityContextHolderStrategyAdapter
 
text(CharSequence, CharSequence) - Static method in class org.springframework.security.crypto.encrypt.Encryptors
Creates a text encryptor that uses "standard" password-based encryption.
TextEncryptor - Interface in org.springframework.security.crypto.encrypt
Service interface for symmetric encryption of text strings.
TextEscapeUtils - Class in org.springframework.security.web.util
Internal utility for escaping characters in HTML strings.
TextEscapeUtils() - Constructor for class org.springframework.security.web.util.TextEscapeUtils
 
THIRTY_TWO_RESERVED_OFF - Static variable in interface org.springframework.security.acls.model.Permission
 
ThrowableAnalyzer - Class in org.springframework.security.web.util
Handler for analyzing Throwable instances.
ThrowableAnalyzer() - Constructor for class org.springframework.security.web.util.ThrowableAnalyzer
Creates a new ThrowableAnalyzer instance.
ThrowableCauseExtractor - Interface in org.springframework.security.web.util
Interface for handlers extracting the cause out of a specific Throwable type.
ThrowingMethodAuthorizationDeniedHandler - Class in org.springframework.security.authorization.method
ThrowingMethodAuthorizationDeniedHandler() - Constructor for class org.springframework.security.authorization.method.ThrowingMethodAuthorizationDeniedHandler
 
TLS_CLIENT_AUTH - Static variable in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
toAuthorizedTarget() - Method in interface org.springframework.security.authorization.method.AuthorizationProxy
Access underlying target object
Token - Interface in org.springframework.security.core.token
A token issued by TokenService.
TOKEN - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
token - used in Token Revocation Request.
TOKEN_EXCHANGE - Static variable in class org.springframework.security.oauth2.core.AuthorizationGrantType
 
TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
token_type - used in Authorization Response and Access Token Response.
TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
token_type - The type of the token, for example bearer.
TOKEN_TYPE_HINT - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
token_type_hint - used in Token Revocation Request.
TokenBasedRememberMeServices - Class in org.springframework.security.web.authentication.rememberme
Identifies previously remembered users by a Base-64 encoded cookie.
TokenBasedRememberMeServices(String, UserDetailsService) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
 
TokenBasedRememberMeServices(String, UserDetailsService, TokenBasedRememberMeServices.RememberMeTokenAlgorithm) - Constructor for class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices
Construct the instance with the parameters provided
TokenBasedRememberMeServices.RememberMeTokenAlgorithm - Enum Class in org.springframework.security.web.authentication.rememberme
 
tokenEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
tokenEndpoint(Customizer<OAuth2LoginConfigurer.TokenEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Configures the Authorization Server's Token Endpoint.
TokenExchangeGrantRequest - Class in org.springframework.security.oauth2.client.endpoint
A Token Exchange Grant request that holds the subject token and optional actor token.
TokenExchangeGrantRequest(ClientRegistration, OAuth2Token, OAuth2Token) - Constructor for class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest
Constructs a TokenExchangeGrantRequest using the provided parameters.
TokenExchangeGrantRequestEntityConverter - Class in org.springframework.security.oauth2.client.endpoint
An implementation of an AbstractOAuth2AuthorizationGrantRequestEntityConverter that converts the provided TokenExchangeGrantRequest to a RequestEntity representation of an OAuth 2.0 Access Token Request for the Token Exchange Grant.
TokenExchangeGrantRequestEntityConverter() - Constructor for class org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequestEntityConverter
 
TokenExchangeOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an OAuth2AuthorizedClientProvider for the token-exchange grant.
TokenExchangeOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider
 
TokenExchangeReactiveOAuth2AuthorizedClientProvider - Class in org.springframework.security.oauth2.client
An implementation of an ReactiveOAuth2AuthorizedClientProvider for the token-exchange grant.
TokenExchangeReactiveOAuth2AuthorizedClientProvider() - Constructor for class org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider
 
tokenRepository(PersistentTokenRepository) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Specifies the PersistentTokenRepository to use.
TokenService - Interface in org.springframework.security.core.token
Provides a mechanism to allocate and rebuild secure, randomised tokens.
tokenType(OAuth2AccessToken.TokenType) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse.Builder
Sets the token type.
tokenUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the uri for the token endpoint.
tokenValiditySeconds(int) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Allows specifying how long (in seconds) a token is valid for
tokenValue(String) - Method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.Builder
Use this token value in the resulting OidcLogoutToken
tokenValue(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcIdToken.Builder
Use this token value in the resulting OidcIdToken
tokenValue(String) - Method in class org.springframework.security.oauth2.jwt.Jwt.Builder
Use this token value in the resulting Jwt
toString() - Method in class org.springframework.security.access.intercept.RunAsUserToken
Deprecated.
 
toString() - Method in class org.springframework.security.access.SecurityConfig
 
toString() - Method in class org.springframework.security.access.vote.AbstractAccessDecisionManager
Deprecated.
 
toString() - Method in class org.springframework.security.acls.domain.AbstractPermission
 
toString() - Method in class org.springframework.security.acls.domain.AccessControlEntryImpl
 
toString() - Method in class org.springframework.security.acls.domain.AclImpl
 
toString() - Method in class org.springframework.security.acls.domain.GrantedAuthoritySid
 
toString() - Method in class org.springframework.security.acls.domain.ObjectIdentityImpl
 
toString() - Method in class org.springframework.security.acls.domain.PrincipalSid
 
toString() - Method in class org.springframework.security.authentication.AbstractAuthenticationToken
 
toString() - Method in class org.springframework.security.authentication.jaas.JaasGrantedAuthority
 
toString() - Method in class org.springframework.security.authorization.AuthorityAuthorizationDecision
 
toString() - Method in class org.springframework.security.authorization.AuthorityAuthorizationManager
 
toString() - Method in class org.springframework.security.authorization.AuthorizationDecision
 
toString() - Method in class org.springframework.security.authorization.ExpressionAuthorizationDecision
 
toString() - Method in class org.springframework.security.authorization.method.ExpressionAttributeAuthorizationDecision
Deprecated.
 
toString() - Method in class org.springframework.security.authorization.method.MethodExpressionAuthorizationManager
 
toString() - Method in class org.springframework.security.cas.authentication.CasAuthenticationToken
 
toString() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextCallable
 
toString() - Method in class org.springframework.security.concurrent.DelegatingSecurityContextRunnable
 
toString() - Method in class org.springframework.security.core.authority.SimpleGrantedAuthority
 
toString() - Method in class org.springframework.security.core.context.SecurityContextHolder
 
toString() - Method in class org.springframework.security.core.context.SecurityContextImpl
 
toString() - Method in class org.springframework.security.core.token.DefaultToken
 
toString() - Method in class org.springframework.security.core.userdetails.User
 
toString() - Method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
 
toString() - Method in class org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl
Create a textual representation containing error and warning messages, if any are present.
toString() - Method in class org.springframework.security.ldap.search.FilterBasedLdapUserSearch
 
toString() - Method in class org.springframework.security.ldap.userdetails.LdapAuthority
 
toString() - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
 
toString() - Method in class org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite
 
toString() - Method in class org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher
 
toString() - Method in class org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher
 
toString() - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration
 
toString() - Method in class org.springframework.security.oauth2.core.ClientAuthenticationMethod
 
toString() - Method in class org.springframework.security.oauth2.core.OAuth2Error
 
toString() - Method in class org.springframework.security.oauth2.core.user.DefaultOAuth2User
 
toString() - Method in class org.springframework.security.oauth2.core.user.OAuth2UserAuthority
 
toString() - Method in class org.springframework.security.saml2.core.Saml2Error
 
toString() - Method in exception org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException
 
toString() - Method in class org.springframework.security.util.SimpleMethodInvocation
 
toString() - Method in class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
 
toString() - Method in class org.springframework.security.web.access.intercept.RequestKey
 
toString() - Method in class org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
 
toString() - Method in class org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 
toString() - Method in class org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority
 
toString() - Method in class org.springframework.security.web.authentication.ui.DefaultResourcesFilter
 
toString() - Method in class org.springframework.security.web.authentication.WebAuthenticationDetails
 
toString() - Method in class org.springframework.security.web.DefaultSecurityFilterChain
 
toString() - Method in class org.springframework.security.web.FilterChainProxy
 
toString() - Method in class org.springframework.security.web.FilterInvocation
 
toString() - Method in class org.springframework.security.web.firewall.FirewalledRequest
 
toString() - Method in class org.springframework.security.web.header.Header
 
toString() - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
 
toString() - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
 
toString() - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
 
toString() - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
 
toString() - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
 
toString() - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter
 
toString() - Method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
 
toString() - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
 
toString() - Method in class org.springframework.security.web.savedrequest.DefaultSavedRequest
 
toString() - Method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
 
toString() - Method in class org.springframework.security.web.server.ui.DefaultResourcesWebFilter
 
toString() - Method in class org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher
 
toString() - Method in class org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher
 
toString() - Method in class org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher
 
toString() - Method in class org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher
 
toString() - Method in class org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher
 
toString() - Method in class org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher
 
toString() - Method in class org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher
 
toString() - Method in class org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
 
toString() - Method in class org.springframework.security.web.util.matcher.AndRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.AntPathRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.AnyRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.ELRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.MediaTypeRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.NegatedRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.OrRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.RegexRequestMatcher
 
toString() - Method in class org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher
 
transform(HttpServletRequest) - Method in interface org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator.HttpServletRequestTransformer
Return the HttpServletRequest that is passed into the AuthorizationManager
transform(HttpServletRequest) - Method in class org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer
 
Transient - Annotation Interface in org.springframework.security.core
A marker for Authentications that should never be stored across requests, for example a bearer token authentication
TransientSecurityContext - Class in org.springframework.security.core.context
A SecurityContext that is annotated with @Transient and thus should never be stored across requests.
TransientSecurityContext() - Constructor for class org.springframework.security.core.context.TransientSecurityContext
 
TransientSecurityContext(Authentication) - Constructor for class org.springframework.security.core.context.TransientSecurityContext
 
TWO_WEEKS_S - Static variable in class org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices
 
TYP - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
typ - the type header is used by JWS/JWE applications to declare the media type of a JWS/JWE
type(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the type header that declares the media type of the JWS/JWE.

U

UnanimousBased - Class in org.springframework.security.access.vote
Deprecated.
UnanimousBased(List<AccessDecisionVoter<?>>) - Constructor for class org.springframework.security.access.vote.UnanimousBased
Deprecated.
 
unauthenticated() - Static method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
ResultMatcher that verifies that no user is authenticated.
unauthenticated(Object, Object) - Static method in class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
This factory method can be safely used by any code that wishes to create a unauthenticated UsernamePasswordAuthenticationToken.
unauthenticated(Object, String) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
Creates an unauthenticated token
unauthenticated(String) - Static method in class org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken
Creates an unauthenticated token
UNAUTHORIZED_CLIENT - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
unauthorized_client - The client is not authorized to request an authorization code or access token using this method.
UnboundIdContainer - Class in org.springframework.security.ldap.server
 
UnboundIdContainer(String, String) - Constructor for class org.springframework.security.ldap.server.UnboundIdContainer
 
UNKNOWN_RESPONSE_CLASS - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
SAML Data does not represent a SAML 2 Response object.
UNLIMITED - Static variable in interface org.springframework.security.web.server.authentication.SessionLimit
Represents unlimited sessions.
UnloadedSidException - Exception in org.springframework.security.acls.model
Thrown if an Acl cannot perform an operation because it only loaded a subset of Sids and the caller has requested details for an unloaded Sid .
UnloadedSidException(String) - Constructor for exception org.springframework.security.acls.model.UnloadedSidException
Constructs an NotFoundException with the specified message.
UnloadedSidException(String, Throwable) - Constructor for exception org.springframework.security.acls.model.UnloadedSidException
Constructs an NotFoundException with the specified message and root cause.
UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
 
UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
 
UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
 
UNSAFE_NONE - Enum constant in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
 
UNSAFE_URL - Enum constant in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
 
UNSAFE_URL - Enum constant in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
 
unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Default behaviour for unsuccessful authentication.
unsuccessfulAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationException) - Method in class org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
Ensures the authentication object in the secure context is set to null when authentication fails.
UNSUPPORTED_GRANT_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
unsupported_grant_type - The authorization grant type is not supported by the authorization server.
UNSUPPORTED_RESPONSE_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
unsupported_response_type - The authorization server does not support obtaining an authorization code or access token using this method.
UNSUPPORTED_TOKEN_TYPE - Static variable in class org.springframework.security.oauth2.core.OAuth2ErrorCodes
unsupported_token_type - The authorization server does not support the revocation of the presented token type.
updateAccessDefaults(B) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Updates the default values for access.
updateAce(int, Permission) - Method in class org.springframework.security.acls.domain.AclImpl
 
updateAce(int, Permission) - Method in interface org.springframework.security.acls.model.MutableAcl
 
updateAcl(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
This implementation will simply delete all ACEs in the database and recreate them on each invocation of this method.
updateAcl(MutableAcl) - Method in interface org.springframework.security.acls.model.MutableAclService
Changes an existing Acl in the database.
updateAuditing(int, boolean, boolean) - Method in class org.springframework.security.acls.domain.AclImpl
 
updateAuditing(int, boolean, boolean) - Method in interface org.springframework.security.acls.model.AuditableAcl
 
updateAuthenticationDefaults() - Method in class org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
Updates the default values for authentication.
UPDATED_AT - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
updated_at - the time the user's information was last updated
updatedAt(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this updated-at Instant in the resulting OidcUserInfo
updateLastAccessTime(String) - Method in class org.springframework.security.core.session.InMemoryReactiveSessionRegistry
 
updateLastAccessTime(String) - Method in interface org.springframework.security.core.session.ReactiveSessionRegistry
Updates the last accessed time of the ReactiveSessionInformation
updateObjectIdentity(MutableAcl) - Method in class org.springframework.security.acls.jdbc.JdbcMutableAclService
Updates an existing acl_object_identity row, with new information presented in the passed MutableAcl object.
updatePassword(UserDetails, String) - Method in class org.springframework.security.core.userdetails.MapReactiveUserDetailsService
 
updatePassword(UserDetails, String) - Method in interface org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService
Modify the specified user's password.
updatePassword(UserDetails, String) - Method in interface org.springframework.security.core.userdetails.UserDetailsPasswordService
Modify the specified user's password.
updatePassword(UserDetails, String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl
 
updateToken(String, String, Date) - Method in class org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl
 
updateToken(String, String, Date) - Method in interface org.springframework.security.web.authentication.rememberme.PersistentTokenRepository
 
updateUser(UserDetails) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
updateUser(UserDetails) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
updateUser(UserDetails) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
updateUser(UserDetails) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Update the specified user.
upgradeEncoding(String) - Method in class org.springframework.security.crypto.argon2.Argon2PasswordEncoder
 
upgradeEncoding(String) - Method in class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 
upgradeEncoding(String) - Method in class org.springframework.security.crypto.password.DelegatingPasswordEncoder
 
upgradeEncoding(String) - Method in interface org.springframework.security.crypto.password.PasswordEncoder
Returns true if the encoded password should be encoded again for better security, else false.
upgradeEncoding(String) - Method in class org.springframework.security.crypto.scrypt.SCryptPasswordEncoder
 
uriResolver(HttpServletRequest) - Static method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers
Create a resolver based on the given HttpServletRequest.
uriResolver(HttpServletRequest, RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers
Create a resolver based on the given HttpServletRequest.
url(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Specifies the ldap server URL when not using the embedded LDAP server.
URL_SAFE - Static variable in class org.springframework.security.crypto.codec.Base64
Deprecated.
Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: https://tools.ietf.org/html/rfc3548.
UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
UrlAuthorizationConfigurer(ApplicationContext) - Constructor for class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
Deprecated.
 
UrlAuthorizationConfigurer.AuthorizedUrl - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
Maps the specified RequestMatcher instances to ConfigAttribute instances.
UrlAuthorizationConfigurer.StandardInterceptUrlRegistry - Class in org.springframework.security.config.annotation.web.configurers
Deprecated.
 
UrlUtils - Class in org.springframework.security.web.util
Provides static methods for composing URLs.
useAuthorizationManager() - Element in annotation interface org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
Indicate whether ReactiveAuthorizationManager based Method Security to be used.
useInvalidToken() - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor
Populates an invalid token value on the request.
user(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
The value of the username parameter.
user(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
user(String, String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
Specify both the password parameter name and the password.
user(UserDetails) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
User - Class in org.springframework.security.core.userdetails
Models core user information retrieved by a UserDetailsService.
User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.core.userdetails.User
Construct the User with the details required by DaoAuthenticationProvider.
User(String, String, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.core.userdetails.User
Calls the more complex constructor with all boolean arguments set to true.
USER_CODE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
user_code - used in Device Authorization Response.
USER_DETAILS_SERVICE - Static variable in class org.springframework.security.config.BeanIds
 
USER_DETAILS_SERVICE_FACTORY - Static variable in class org.springframework.security.config.BeanIds
 
USER_SERVICE - Static variable in class org.springframework.security.config.Elements
 
User.UserBuilder - Class in org.springframework.security.core.userdetails
Builds the user to be added.
UserAttribute - Class in org.springframework.security.core.userdetails.memory
Used by InMemoryUserDetailsManager to temporarily store the attributes associated with a user.
UserAttribute() - Constructor for class org.springframework.security.core.userdetails.memory.UserAttribute
 
UserAttributeEditor - Class in org.springframework.security.core.userdetails.memory
Property editor that creates a UserAttribute from a comma separated list of values.
UserAttributeEditor() - Constructor for class org.springframework.security.core.userdetails.memory.UserAttributeEditor
 
userAuthoritiesMapper(GrantedAuthoritiesMapper) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
userCache(UserCache) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Defines the UserCache to use
UserCache - Interface in org.springframework.security.core.userdetails
Provides a cache of UserDetails objects.
UserDetails - Interface in org.springframework.security.core.userdetails
Provides core user information.
UserDetailsAwareConfigurer<B extends ProviderManagerBuilder<B>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails
Base class that allows access to the UserDetailsService for using as a default value with AuthenticationManagerBuilder.
UserDetailsAwareConfigurer() - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer
 
UserDetailsByNameServiceWrapper<T extends Authentication> - Class in org.springframework.security.core.userdetails
This implementation for AuthenticationUserDetailsService wraps a regular Spring Security UserDetailsService implementation, to retrieve a UserDetails object based on the user name contained in an Authentication object.
UserDetailsByNameServiceWrapper() - Constructor for class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
Constructs an empty wrapper for compatibility with Spring Security 2.0.x's method of using a setter.
UserDetailsByNameServiceWrapper(UserDetailsService) - Constructor for class org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper
Constructs a new wrapper using the supplied UserDetailsService as the service to delegate to.
UserDetailsChecker - Interface in org.springframework.security.core.userdetails
Called by classes which make use of a UserDetailsService to check the status of the loaded UserDetails object.
userDetailsContextMapper - Variable in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
 
userDetailsContextMapper(UserDetailsContextMapper) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.
UserDetailsContextMapper - Interface in org.springframework.security.ldap.userdetails
Operations to map a UserDetails object to and from a Spring LDAP DirContextOperations implementation.
UserDetailsManager - Interface in org.springframework.security.provisioning
An extension of the UserDetailsService which provides the ability to create new users and update existing ones.
UserDetailsManagerConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsManagerConfigurer<B,C>> - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
Base class for populating an AuthenticationManagerBuilder with a UserDetailsManager.
UserDetailsManagerConfigurer(UserDetailsManager) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
 
UserDetailsManagerConfigurer.UserDetailsBuilder - Class in org.springframework.security.config.annotation.authentication.configurers.provisioning
Builds the user to be added.
UserDetailsManagerResourceFactoryBean - Class in org.springframework.security.config.provisioning
Constructs an InMemoryUserDetailsManager from a resource using UserDetailsResourceFactoryBean.
UserDetailsManagerResourceFactoryBean() - Constructor for class org.springframework.security.config.provisioning.UserDetailsManagerResourceFactoryBean
 
UserDetailsMapFactoryBean - Class in org.springframework.security.config.core.userdetails
Creates a Collection<UserDetails> from a @{code Map} in the format of
UserDetailsMapFactoryBean(Map<String, String>) - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsMapFactoryBean
 
userDetailsPasswordManager(UserDetailsPasswordService) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
 
UserDetailsPasswordService - Interface in org.springframework.security.core.userdetails
An API for changing a UserDetails password.
UserDetailsRepositoryReactiveAuthenticationManager - Class in org.springframework.security.authentication
A ReactiveAuthenticationManager that uses a ReactiveUserDetailsService to validate the provided username and password.
UserDetailsRepositoryReactiveAuthenticationManager(ReactiveUserDetailsService) - Constructor for class org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager
 
UserDetailsResourceFactoryBean - Class in org.springframework.security.config.core.userdetails
Parses a Resource that is a Properties file in the format of: username=password[,enabled|disabled],roles...
UserDetailsResourceFactoryBean() - Constructor for class org.springframework.security.config.core.userdetails.UserDetailsResourceFactoryBean
 
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
 
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Specifies the UserDetailsService used to look up the UserDetails when a remember me token is valid.
userDetailsService(UserDetailsService) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
userDetailsService(UserDetailsService) - Method in interface org.springframework.security.config.annotation.web.HttpSecurityBuilder
Allows adding an additional UserDetailsService to be used
userDetailsService(T) - Method in class org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
Add authentication based upon the custom UserDetailsService that is passed in.
UserDetailsService - Interface in org.springframework.security.core.userdetails
Core interface which loads user-specific data.
userDetailsServiceBeanName() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails
The bean name for the UserDetailsService to use.
UserDetailsServiceConfigurer<B extends ProviderManagerBuilder<B>,C extends UserDetailsServiceConfigurer<B,C,U>,U extends UserDetailsService> - Class in org.springframework.security.config.annotation.authentication.configurers.userdetails
Allows configuring a UserDetailsService within a AuthenticationManagerBuilder.
UserDetailsServiceConfigurer(U) - Constructor for class org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsServiceConfigurer
Creates a new instance
UserDetailsServiceFactoryBean - Class in org.springframework.security.config.http
Bean used to lookup a named UserDetailsService or AuthenticationUserDetailsService.
UserDetailsServiceFactoryBean() - Constructor for class org.springframework.security.config.http.UserDetailsServiceFactoryBean
 
UserDetailsServiceLdapAuthoritiesPopulator - Class in org.springframework.security.ldap.authentication
Simple LdapAuthoritiesPopulator which delegates to a UserDetailsService, using the name which was supplied at login as the username.
UserDetailsServiceLdapAuthoritiesPopulator(UserDetailsService) - Constructor for class org.springframework.security.ldap.authentication.UserDetailsServiceLdapAuthoritiesPopulator
 
userDnPatterns(String...) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
If your users are at a fixed location in the directory (i.e.
userExists(String) - Method in class org.springframework.security.ldap.userdetails.LdapUserDetailsManager
 
userExists(String) - Method in class org.springframework.security.provisioning.InMemoryUserDetailsManager
 
userExists(String) - Method in class org.springframework.security.provisioning.JdbcUserDetailsManager
 
userExists(String) - Method in interface org.springframework.security.provisioning.UserDetailsManager
Check if a user with the supplied login name exists in the system.
userInfoAuthenticationMethod(AuthenticationMethod) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the authentication method for the user info endpoint.
userInfoEndpoint() - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) or userInfoEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
userInfoEndpoint(Customizer<OAuth2LoginConfigurer.UserInfoEndpointConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
Configures the Authorization Server's UserInfo Endpoint.
userInfoToken(Consumer<OidcUserInfo.Builder>) - Method in class org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.OidcLoginMutator
Use the provided OidcUserInfo when constructing the authenticated user
userInfoToken(Consumer<OidcUserInfo.Builder>) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.OidcLoginRequestPostProcessor
Use the provided OidcUserInfo when constructing the authenticated user
userInfoUri(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the uri for the user info endpoint.
username() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
The username to be used.
username(String) - Method in class org.springframework.security.core.userdetails.User.UserBuilder
Populates the username.
USERNAME - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
username - used in Access Token Request.
USERNAME - Static variable in class org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames
username - A human-readable identifier for the resource owner that authorized the token
USERNAME_ATTRIBUTE_NAME - Static variable in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
The name of the attribute in the context associated to the value for the resource owner's username.
USERNAME_NOT_FOUND - Static variable in class org.springframework.security.saml2.core.Saml2ErrorCodes
The subject did not contain a user identifier The assertion contained a subject element, but the subject element did not have a NameID or EncryptedID element https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18
userNameAttributeName(String) - Method in class org.springframework.security.oauth2.client.registration.ClientRegistration.Builder
Sets the attribute name used to access the user's name from the user info response.
UsernameNotFoundException - Exception in org.springframework.security.core.userdetails
Thrown if an UserDetailsService implementation cannot locate a User by its username.
UsernameNotFoundException(String) - Constructor for exception org.springframework.security.core.userdetails.UsernameNotFoundException
Constructs a UsernameNotFoundException with the specified message.
UsernameNotFoundException(String, Throwable) - Constructor for exception org.springframework.security.core.userdetails.UsernameNotFoundException
Constructs a UsernameNotFoundException with the specified message and root cause.
usernameParameter(String) - Method in class org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer
The HTTP parameter to look for the username when performing authentication.
UsernamePasswordAuthenticationFilter - Class in org.springframework.security.web.authentication
Processes an authentication form submission.
UsernamePasswordAuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
UsernamePasswordAuthenticationFilter(AuthenticationManager) - Constructor for class org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
UsernamePasswordAuthenticationToken - Class in org.springframework.security.authentication
An Authentication implementation that is designed for simple presentation of a username and password.
UsernamePasswordAuthenticationToken(Object, Object) - Constructor for class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
This constructor can be safely used by any code that wishes to create a UsernamePasswordAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.
UsernamePasswordAuthenticationToken(Object, Object, Collection<? extends GrantedAuthority>) - Constructor for class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e.
UsernamePasswordMetadata - Class in org.springframework.security.rsocket.metadata
Represents a username and password that have been encoded into a Payload.metadata().
UsernamePasswordMetadata(String, String) - Constructor for class org.springframework.security.rsocket.metadata.UsernamePasswordMetadata
 
userParameter(String) - Method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder
The HTTP parameter to place the username.
usersByUsernameQuery(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Sets the query to be used for finding a user by their username.
userSearchBase(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Search base for user searches.
userSearchFilter(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
The LDAP filter used to search for users (optional).
userService(OAuth2UserService<OAuth2UserRequest, OAuth2User>) - Method in class org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig
Sets the OAuth 2.0 service used for obtaining the user attributes of the End-User from the UserInfo Endpoint.
UserServiceBeanDefinitionParser - Class in org.springframework.security.config.authentication
 
UserServiceBeanDefinitionParser() - Constructor for class org.springframework.security.config.authentication.UserServiceBeanDefinitionParser
 
useSecureCookie(boolean) - Method in class org.springframework.security.config.annotation.web.configurers.RememberMeConfigurer
Whether the cookie should be flagged as secure or not.
Utf8 - Class in org.springframework.security.crypto.codec
UTF-8 Charset encoder/decoder.

V

validate(Jwt) - Method in class org.springframework.security.oauth2.client.oidc.authentication.OidcIdTokenValidator
 
validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtClaimValidator
 
validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtIssuerValidator
 
validate(Jwt) - Method in class org.springframework.security.oauth2.jwt.JwtTimestampValidator
 
validate(Saml2LogoutRequestValidatorParameters) - Method in interface org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator
Authenticates the SAML 2.0 Logout Request received from the SAML 2.0 Asserting Party.
validate(Saml2LogoutResponseValidatorParameters) - Method in interface org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator
Authenticates the SAML 2.0 Logout Response received from the SAML 2.0 Asserting Party.
validate(FilterChainProxy) - Method in class org.springframework.security.config.http.DefaultFilterChainValidator
 
validate(FilterChainProxy) - Method in interface org.springframework.security.web.FilterChainProxy.FilterChainValidator
 
validate(T) - Method in class org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator
 
validate(T) - Method in interface org.springframework.security.oauth2.core.OAuth2TokenValidator
Verify the validity and/or constraints of the provided OAuth 2.0 Token.
value() - Element in annotation interface org.springframework.security.access.annotation.Secured
Returns the list of security configuration attributes (e.g. ROLE_USER, ROLE_ADMIN).
value() - Element in annotation interface org.springframework.security.access.method.P
Deprecated.
The parameter name
value() - Element in annotation interface org.springframework.security.access.prepost.PostAuthorize
 
value() - Element in annotation interface org.springframework.security.access.prepost.PostFilter
 
value() - Element in annotation interface org.springframework.security.access.prepost.PreAuthorize
 
value() - Element in annotation interface org.springframework.security.access.prepost.PreFilter
 
value() - Element in annotation interface org.springframework.security.core.parameters.P
The parameter name
value() - Element in annotation interface org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient
The default attribute for this annotation.
value() - Element in annotation interface org.springframework.security.test.context.support.WithMockUser
Convenience mechanism for specifying the username.
value() - Element in annotation interface org.springframework.security.test.context.support.WithUserDetails
The username to look up in the UserDetailsService
valueOf(String) - Static method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.http.MatcherType
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.rsocket.api.PayloadExchangeType
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.test.context.support.TestExecutionEvent
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
Returns the enum constant of this class with the specified name.
valueOf(String) - Static method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
Returns the enum constant of this class with the specified name.
values() - Static method in enum class org.springframework.security.authorization.method.AuthorizationInterceptorsOrder
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.http.MatcherType
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.http.SessionCreationPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.oauth2.client.CommonOAuth2Provider
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.config.web.server.SecurityWebFiltersOrder
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.BCryptVersion
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.crypto.encrypt.AesBytesEncryptor.CipherAlgorithm
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.crypto.encrypt.RsaAlgorithm
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.oauth2.jose.jws.MacAlgorithm
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.oauth2.jose.jws.SignatureAlgorithm
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.rsocket.api.PayloadExchangeType
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.test.context.support.TestExecutionEvent
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices.RememberMeTokenAlgorithm
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter.Directive
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter.CrossOriginEmbedderPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter.CrossOriginOpenerPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter.CrossOriginResourcePolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter.Mode
Returns an array containing the constants of this enum class, in the order they are declared.
values() - Static method in enum class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter.HeaderValue
Returns an array containing the constants of this enum class, in the order they are declared.
verification(X509Certificate) - Static method in class org.springframework.security.saml2.core.Saml2X509Credential
Create a Saml2X509Credential that can be used for verification.
VERIFICATION - Enum constant in enum class org.springframework.security.saml2.core.Saml2X509Credential.Saml2X509CredentialType
 
VERIFICATION_URI - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
verification_uri - used in Device Authorization Response.
VERIFICATION_URI_COMPLETE - Static variable in class org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
verification_uri_complete - used in Device Authorization Response.
verificationUri(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
Sets the end-user verification URI.
verificationUriComplete(String) - Method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse.Builder
Sets the end-user verification URI that includes the user code.
verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Apply this Consumer to the list of Saml2X509Credentials
verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Apply this Consumer to the list of Saml2X509Credentials
verificationX509Credentials(Consumer<Collection<Saml2X509Credential>>) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Apply this Consumer to the list of Saml2X509Credentials
verify(Supplier<Authentication>, T) - Method in interface org.springframework.security.authorization.AuthorizationManager
Determines if access should be granted for a specific authentication and object.
verify(Mono<Authentication>, T) - Method in interface org.springframework.security.authorization.ReactiveAuthorizationManager
Determines if access should be granted for a specific authentication and object
verifyThrowableHierarchy(Throwable, Class<? extends Throwable>) - Static method in class org.springframework.security.web.util.ThrowableAnalyzer
Verifies that the provided throwable is a valid subclass of the provided type (or of the type itself).
verifyToken(String) - Method in class org.springframework.security.core.token.KeyBasedPersistenceTokenService
 
verifyToken(String) - Method in interface org.springframework.security.core.token.TokenService
Permits verification the Token.getKey() was issued by this TokenService and reconstructs the corresponding Token.
VirtualFilterChainDecorator() - Constructor for class org.springframework.security.web.FilterChainProxy.VirtualFilterChainDecorator
 
visit(AuthorizationAdvisorProxyFactory, Object) - Method in interface org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor
Visit and possibly proxy this object.
vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.annotation.Jsr250Voter
Deprecated.
Votes according to JSR 250.
vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.AuthenticatedVoter
Deprecated.
 
vote(Authentication, Object, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.vote.RoleVoter
Deprecated.
 
vote(Authentication, MethodInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter
Deprecated.
 
vote(Authentication, MethodInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.acls.AclEntryVoter
 
vote(Authentication, Message<T>, Collection<ConfigAttribute>) - Method in class org.springframework.security.messaging.access.expression.MessageExpressionVoter
Deprecated.
 
vote(Authentication, FilterInvocation, Collection<ConfigAttribute>) - Method in class org.springframework.security.web.access.expression.WebExpressionVoter
Deprecated.
 
vote(Authentication, S, Collection<ConfigAttribute>) - Method in interface org.springframework.security.access.AccessDecisionVoter
Deprecated.
Indicates whether or not access is granted.

W

wantAuthnRequestsSigned(boolean) - Method in interface org.springframework.security.saml2.provider.service.registration.AssertingPartyMetadata.Builder
Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
wantAuthnRequestsSigned(boolean) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.Builder
Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
wantAuthnRequestsSigned(boolean) - Method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder
Set the WantAuthnRequestsSigned setting, indicating the asserting party's preference that relying parties should sign the AuthnRequest before sending.
WEB_INVOCATION_PRIVILEGE_EVALUATOR_ATTRIBUTE - Static variable in class org.springframework.security.web.WebAttributes
Set as a request attribute to override the default WebInvocationPrivilegeEvaluator
WebAsyncManagerIntegrationFilter - Class in org.springframework.security.web.context.request.async
WebAsyncManagerIntegrationFilter() - Constructor for class org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
 
WebAttributes - Class in org.springframework.security.web
Well-known keys which are used to store Spring Security information in request or session scope.
WebAuthenticationDetails - Class in org.springframework.security.web.authentication
A holder of selected HTTP details related to a web authentication request.
WebAuthenticationDetails(HttpServletRequest) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails
Records the remote address and will also set the session Id if a session already exists (it won't create one).
WebAuthenticationDetails(String, String) - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetails
Constructor to add Jackson2 serialize/deserialize support
WebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication
Implementation of AuthenticationDetailsSource which builds the details object from an HttpServletRequest object, creating a WebAuthenticationDetails .
WebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 
webClient(WebClient) - Method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.JwkSetUriReactiveJwtDecoderBuilder
Use the given WebClient to coordinate with the authorization servers indicated in the JWK Set uri as well as the Issuer.
WebClientReactiveAuthorizationCodeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of a ReactiveOAuth2AccessTokenResponseClient that "exchanges" an authorization code credential for an access token credential at the Authorization Server's Token Endpoint.
WebClientReactiveAuthorizationCodeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveAuthorizationCodeTokenResponseClient
 
WebClientReactiveClientCredentialsTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of a ReactiveOAuth2AccessTokenResponseClient that "exchanges" a client credential for an access token credential at the Authorization Server's Token Endpoint.
WebClientReactiveClientCredentialsTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient
 
WebClientReactiveJwtBearerTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
The default implementation of an ReactiveOAuth2AccessTokenResponseClient for the jwt-bearer grant.
WebClientReactiveJwtBearerTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveJwtBearerTokenResponseClient
 
WebClientReactivePasswordTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
Deprecated.
The latest OAuth 2.0 Security Best Current Practice disallows the use of the Resource Owner Password Credentials grant. See reference OAuth 2.0 Security Best Current Practice.
WebClientReactivePasswordTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactivePasswordTokenResponseClient
Deprecated.
 
WebClientReactiveRefreshTokenTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
An implementation of a ReactiveOAuth2AccessTokenResponseClient for the refresh_token grant.
WebClientReactiveRefreshTokenTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient
 
WebClientReactiveTokenExchangeTokenResponseClient - Class in org.springframework.security.oauth2.client.endpoint
The default implementation of an ReactiveOAuth2AccessTokenResponseClient for the token-exchange grant.
WebClientReactiveTokenExchangeTokenResponseClient() - Constructor for class org.springframework.security.oauth2.client.endpoint.WebClientReactiveTokenExchangeTokenResponseClient
 
WebExpressionAuthorizationManager - Class in org.springframework.security.web.access.expression
An expression-based AuthorizationManager that determines the access by evaluating the provided expression.
WebExpressionAuthorizationManager(String) - Constructor for class org.springframework.security.web.access.expression.WebExpressionAuthorizationManager
Creates an instance.
WebExpressionVoter - Class in org.springframework.security.web.access.expression
Deprecated.
WebExpressionVoter() - Constructor for class org.springframework.security.web.access.expression.WebExpressionVoter
Deprecated.
 
WebFilterChainProxy - Class in org.springframework.security.web.server
Used to delegate to a List of SecurityWebFilterChain instances.
WebFilterChainProxy(List<SecurityWebFilterChain>) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy
 
WebFilterChainProxy(SecurityWebFilterChain...) - Constructor for class org.springframework.security.web.server.WebFilterChainProxy
 
WebFilterChainProxy.DefaultWebFilterChainDecorator - Class in org.springframework.security.web.server
A WebFilterChainProxy.WebFilterChainDecorator that uses the DefaultWebFilterChain
WebFilterChainProxy.WebFilterChainDecorator - Interface in org.springframework.security.web.server
A strategy for decorating the provided filter chain with one that accounts for the SecurityFilterChain for a given request.
WebFilterChainServerAuthenticationSuccessHandler - Class in org.springframework.security.web.server.authentication
Success handler that continues the filter chain after authentication success.
WebFilterChainServerAuthenticationSuccessHandler() - Constructor for class org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler
 
WebFilterExchange - Class in org.springframework.security.web.server
A composite of the ServerWebExchange and the WebFilterChain.
WebFilterExchange(ServerWebExchange, WebFilterChain) - Constructor for class org.springframework.security.web.server.WebFilterExchange
 
WebInvocationPrivilegeEvaluator - Interface in org.springframework.security.web.access
Allows users to determine whether they have privileges for a given web URI.
WebJackson2Module - Class in org.springframework.security.web.jackson2
Jackson module for spring-security-web.
WebJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebJackson2Module
 
WebMvcSecurityConfiguration - Class in org.springframework.security.config.annotation.web.servlet.configuration
Deprecated.
This is applied internally using SpringWebMvcImportSelector
WebMvcSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
Deprecated.
 
WebSecurity - Class in org.springframework.security.config.annotation.web.builders
The WebSecurity is created by WebSecurityConfiguration to create the FilterChainProxy known as the Spring Security Filter Chain (springSecurityFilterChain).
WebSecurity(ObjectPostProcessor<Object>) - Constructor for class org.springframework.security.config.annotation.web.builders.WebSecurity
Creates a new instance
WebSecurity.IgnoredRequestConfigurer - Class in org.springframework.security.config.annotation.web.builders
Allows registering RequestMatcher instances that should be ignored by Spring Security.
WebSecurityConfiguration - Class in org.springframework.security.config.annotation.web.configuration
Uses a WebSecurity to create the FilterChainProxy that performs the web based security for Spring Security.
WebSecurityConfiguration() - Constructor for class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
WebSecurityConfigurer<T extends SecurityBuilder<jakarta.servlet.Filter>> - Interface in org.springframework.security.config.annotation.web
Allows customization to the WebSecurity.
WebSecurityCustomizer - Interface in org.springframework.security.config.annotation.web.configuration
Callback interface for customizing WebSecurity.
webSecurityExpressionHandler() - Method in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration
 
WebSecurityExpressionRoot - Class in org.springframework.security.web.access.expression
 
WebSecurityExpressionRoot(Supplier<Authentication>, HttpServletRequest) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
Creates an instance for the given Supplier of the Authentication and HttpServletRequest.
WebSecurityExpressionRoot(Authentication, FilterInvocation) - Constructor for class org.springframework.security.web.access.expression.WebSecurityExpressionRoot
 
WebServerJackson2Module - Class in org.springframework.security.web.server.jackson2
Jackson module for spring-security-web-flux.
WebServerJackson2Module() - Constructor for class org.springframework.security.web.server.jackson2.WebServerJackson2Module
 
WebServletJackson2Module - Class in org.springframework.security.web.jackson2
Jackson module for spring-security-web related to servlet.
WebServletJackson2Module() - Constructor for class org.springframework.security.web.jackson2.WebServletJackson2Module
 
WebSessionOAuth2ServerAuthorizationRequestRepository - Class in org.springframework.security.oauth2.client.web.server
An implementation of an ServerAuthorizationRequestRepository that stores OAuth2AuthorizationRequest in the WebSession.
WebSessionOAuth2ServerAuthorizationRequestRepository() - Constructor for class org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository
 
WebSessionServerCsrfTokenRepository - Class in org.springframework.security.web.server.csrf
A ServerCsrfTokenRepository that stores the CsrfToken in the HttpSession.
WebSessionServerCsrfTokenRepository() - Constructor for class org.springframework.security.web.server.csrf.WebSessionServerCsrfTokenRepository
 
WebSessionServerLogoutHandler - Class in org.springframework.security.web.server.authentication.logout
A ServerLogoutHandler which invalidates the active WebSession.
WebSessionServerLogoutHandler() - Constructor for class org.springframework.security.web.server.authentication.logout.WebSessionServerLogoutHandler
 
WebSessionServerOAuth2AuthorizedClientRepository - Class in org.springframework.security.oauth2.client.web.server
An implementation of an OAuth2AuthorizedClientRepository that stores OAuth2AuthorizedClient's in the HttpSession.
WebSessionServerOAuth2AuthorizedClientRepository() - Constructor for class org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository
 
WebSessionServerRequestCache - Class in org.springframework.security.web.server.savedrequest
An implementation of ServerRequestCache that saves the ServerHttpRequest in the WebSession.
WebSessionServerRequestCache() - Constructor for class org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache
 
WebSessionServerSecurityContextRepository - Class in org.springframework.security.web.server.context
Stores the SecurityContext in the WebSession.
WebSessionServerSecurityContextRepository() - Constructor for class org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository
 
website(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this website in the resulting OidcUserInfo
WEBSITE - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
website - the URL of the user's web page or blog
WEBSOCKET_MESSAGE_BROKER - Static variable in class org.springframework.security.config.Elements
 
WebSocketMessageBrokerSecurityBeanDefinitionParser - Class in org.springframework.security.config.websocket
Parses Spring Security's websocket namespace support.
WebSocketMessageBrokerSecurityBeanDefinitionParser() - Constructor for class org.springframework.security.config.websocket.WebSocketMessageBrokerSecurityBeanDefinitionParser
 
WebSpherePreAuthenticatedProcessingFilter - Class in org.springframework.security.web.authentication.preauth.websphere
This AbstractPreAuthenticatedProcessingFilter implementation is based on WebSphere authentication.
WebSpherePreAuthenticatedProcessingFilter() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedProcessingFilter
Public constructor which overrides the default AuthenticationDetails class to be used.
WebSpherePreAuthenticatedWebAuthenticationDetailsSource - Class in org.springframework.security.web.authentication.preauth.websphere
This AuthenticationDetailsSource implementation will set the pre-authenticated granted authorities based on the WebSphere groups for the current WebSphere user, mapped using the configured Attributes2GrantedAuthoritiesMapper.
WebSpherePreAuthenticatedWebAuthenticationDetailsSource() - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 
WebSpherePreAuthenticatedWebAuthenticationDetailsSource(WASUsernameAndGroupsExtractor) - Constructor for class org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedWebAuthenticationDetailsSource
 
WebTestUtils - Class in org.springframework.security.test.web.support
A utility class for testing spring security
WebXmlMappableAttributesRetriever - Class in org.springframework.security.web.authentication.preauth.j2ee
This MappableAttributesRetriever implementation reads the list of defined J2EE roles from a web.xml file and returns these from { WebXmlMappableAttributesRetriever.getMappableAttributes().
WebXmlMappableAttributesRetriever() - Constructor for class org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever
 
WellKnownChangePasswordBeanDefinitionParser - Class in org.springframework.security.config.http
The bean definition parser for a Well-Known URL for Changing Passwords.
WellKnownChangePasswordBeanDefinitionParser() - Constructor for class org.springframework.security.config.http.WellKnownChangePasswordBeanDefinitionParser
 
WhiteListedAllowFromStrategy - Class in org.springframework.security.web.header.writers.frameoptions
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
WhiteListedAllowFromStrategy(Collection<String>) - Constructor for class org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy
Deprecated.
Creates a new instance
with(C, Customizer<C>) - Method in class org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder
with(String, String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns a new OAuth2DeviceAuthorizationResponse.Builder, initialized with the provided device code and user code values.
with(OAuth2DeviceCode, OAuth2UserCode) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2DeviceAuthorizationResponse
Returns a new OAuth2DeviceAuthorizationResponse.Builder, initialized with the provided device code and user code.
with(JwsAlgorithm) - Static method in class org.springframework.security.oauth2.jwt.JwsHeader
Returns a new JwsHeader.Builder, initialized with the provided JwsAlgorithm.
WithAnonymousUser - Annotation Interface in org.springframework.security.test.context.support
When used with WithSecurityContextTestExecutionListener this annotation can be added to a test method to emulate running with an anonymous user.
withAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Deprecated, for removal: This API element is subject to removal in a future version.
withAssertingPartyEntityDescriptor(EntityDescriptor) - Static method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistration
Deprecated.
Create a OpenSamlRelyingPartyRegistration.Builder from an entity descriptor
withAssertingPartyMetadata(AssertingPartyMetadata) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a registrationId equivalent to the asserting party entity id.
withAuthentication(Consumer<Authentication>) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
Allows for any validating the authentication with arbitrary assertions
withAuthentication(Authentication) - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
withAuthentication(Authentication) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
Specifies the expected Authentication
withAuthenticationName(String) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
Specifies the expected Principal.getName()
withAuthenticationPrincipal(Object) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
Specifies the expected principal
withAuthorities(Collection<? extends GrantedAuthority>) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
withAuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
withAuthorizedClient(OAuth2AuthorizedClient) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns a new OAuth2AuthorizeRequest.Builder initialized with the authorized client.
withClientRegistration(ClientRegistration) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizationContext
Returns a new OAuth2AuthorizationContext.Builder initialized with the ClientRegistration.
withClientRegistration(ClientRegistration) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns a new ClientRegistration.Builder, initialized with the provided ClientRegistration.
withClientRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.OAuth2AuthorizeRequest
Returns a new OAuth2AuthorizeRequest.Builder initialized with the identifier for the client registration.
withDefaultPasswordEncoder() - Static method in class org.springframework.security.core.userdetails.User
Deprecated.
Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.
withDefaultRolePrefix() - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
Factory method that creates a RoleHierarchyImpl.Builder instance with the default role prefix "ROLE_"
withDefaults() - Static method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
Construct an AuthorizationAdvisorProxyFactory with the defaults needed for wrapping objects in Spring Security's pre-post method security support.
withDefaults() - Static method in interface org.springframework.security.config.Customizer
Returns a Customizer that does not alter the input argument.
withDefaults(Map<String, Converter<Object, ?>>) - Static method in class org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter
Construct a MappedJwtClaimSetConverter, overriding individual claim converters with the provided Map of Converters.
withDefaultSchema() - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.JdbcUserDetailsManagerConfigurer
Populates the default schema that allows users and authorities to be stored.
withEntityDescriptor(EntityDescriptor) - Static method in class org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails
Use this EntityDescriptor to begin building an RelyingPartyRegistration.AssertingPartyDetails
withErrors(Saml2Error...) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult
Construct a Saml2LogoutValidatorResult.Builder, starting with the given errors.
withHttpOnlyFalse() - Static method in class org.springframework.security.web.csrf.CookieCsrfTokenRepository
Factory method to conveniently create an instance that creates cookies where Cookie.isHttpOnly() is set to false.
withHttpOnlyFalse() - Static method in class org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository
Factory method to conveniently create an instance that has creates cookies with ResponseCookie.isHttpOnly() set to false.
withIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.
withIssuerLocation(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the given Issuer by making an OpenID Provider Configuration Request and using the values in the OpenID Provider Configuration Response to derive the needed JWK Set uri.
withJwkSetUri(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Use the given JWK Set uri.
withJwkSetUri(String) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the given JWK Set uri to validate JWTs.
withJwkSource(Function<SignedJWT, Flux<JWK>>) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the given Function to validate JWTs
WithMockUser - Annotation Interface in org.springframework.security.test.context.support
When used with WithSecurityContextTestExecutionListener this annotation can be added to a test method to emulate running with a mocked user.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer
Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer
Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
 
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry
Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry
Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
Deprecated.
Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
Deprecated.
Adds an ObjectPostProcessor for this class.
withObjectPostProcessor(ObjectPostProcessor<?>) - Method in class org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer
Deprecated.
Adds an ObjectPostProcessor for this class.
withPins(Map<String, String>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
Deprecated.
Sets the value for the pin- directive of the Public-Key-Pins header.
withPkce() - Static method in class org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers
Returns a Consumer to be provided the OAuth2AuthorizationRequest.Builder that adds the code_challenge and, usually, code_challenge_method parameters to the OAuth 2.0 Authorization Request.
withPublicKey(RSAPublicKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Use the given public key to validate JWTs
withPublicKey(RSAPublicKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the given public key to validate JWTs
withReactiveDefaults() - Static method in class org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
Construct an AuthorizationAdvisorProxyFactory with the defaults needed for wrapping objects in Spring Security's pre-post reactive method security support.
withRegistrationId(String) - Static method in class org.springframework.security.oauth2.client.registration.ClientRegistration
Returns a new ClientRegistration.Builder, initialized with the provided registration identifier.
withRegistrationId(String) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Creates a RelyingPartyRegistration RelyingPartyRegistration.Builder with a known registrationId
withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest
Create a Saml2LogoutRequest.Builder instance from this RelyingPartyRegistration Specifically, this will pull the SingleLogoutService location and binding from the RelyingPartyRegistration
withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse
Create a Saml2LogoutResponse.Builder instance from this RelyingPartyRegistration Specifically, this will pull the SingleLogoutService response location and binding from the RelyingPartyRegistration
withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest
withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest
withRelyingPartyRegistration(RelyingPartyRegistration) - Static method in class org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration
Deprecated, for removal: This API element is subject to removal in a future version.
withResponse(OAuth2AccessTokenResponse) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
Returns a new OAuth2AccessTokenResponse.Builder, initialized with the provided response.
withRolePrefix(String) - Static method in class org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
Factory method that creates a RoleHierarchyImpl.Builder instance with the specified role prefix.
withRoles(String...) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
withSecretKey(SecretKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusJwtDecoder
Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).
withSecretKey(SecretKey) - Static method in class org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
Use the given SecretKey to validate the MAC on a JSON Web Signature (JWS).
withSecurityContext(SecurityContext) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
Specifies the expected SecurityContext
withSecurityContext(Mono<? extends SecurityContext>) - Static method in class org.springframework.security.core.context.ReactiveSecurityContextHolder
Creates a Reactor Context that contains the Mono<SecurityContext> that can be merged into another Context
WithSecurityContext - Annotation Interface in org.springframework.security.test.context.support
An annotation to determine what SecurityContext to use.
WithSecurityContextFactory<A extends Annotation> - Interface in org.springframework.security.test.context.support
An API that works with WithUserTestExcecutionListener for creating a SecurityContext that is populated in the TestSecurityContextHolder.
WithSecurityContextTestExecutionListener - Class in org.springframework.security.test.context.support
A TestExecutionListener that will find annotations that are annotated with WithSecurityContext on a test method or at the class level.
WithSecurityContextTestExecutionListener() - Constructor for class org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
 
withSessionId(String) - Method in class org.springframework.security.core.session.ReactiveSessionInformation
 
withSessionId(String) - Method in class org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation
Copy this OidcSessionInformation, using a new session identifier
withToken(String) - Static method in class org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
Returns a new OAuth2AccessTokenResponse.Builder, initialized with the provided access token value.
withTokenValue(String) - Static method in class org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken
Create a OidcLogoutToken.Builder based on the given token value
withTokenValue(String) - Static method in class org.springframework.security.oauth2.core.oidc.OidcIdToken
Create a OidcIdToken.Builder based on the given token value
withTokenValue(String) - Static method in class org.springframework.security.oauth2.jwt.Jwt
Return a Jwt.Builder
withUser(String) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
Allows adding a user to the UserDetailsManager that is being created.
withUser(User.UserBuilder) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
Allows adding a user to the UserDetailsManager that is being created.
withUser(UserDetails) - Method in class org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer
Allows adding a user to the UserDetailsManager that is being created.
withUserDetails(UserDetails) - Static method in class org.springframework.security.core.userdetails.User
 
WithUserDetails - Annotation Interface in org.springframework.security.test.context.support
When used with WithSecurityContextTestExecutionListener this annotation can be added to a test method to emulate running with a UserDetails returned from the UserDetailsService.
withUsername(String) - Static method in class org.springframework.security.core.userdetails.User
Creates a UserBuilder with a specified username
withUsername(String) - Method in class org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.AuthenticatedMatcher
Specifies the expected username
wrap(Runnable) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
 
wrap(Callable<T>) - Method in class org.springframework.security.scheduling.DelegatingSecurityContextSchedulingTaskExecutor
 
write - Variable in class org.springframework.security.access.expression.SecurityExpressionRoot
 
write(RelyingPartyRegistration.Builder, MediaType, HttpOutputMessage) - Method in class org.springframework.security.saml2.provider.service.registration.OpenSamlRelyingPartyRegistrationBuilderHttpMessageConverter
 
WRITE - Static variable in class org.springframework.security.acls.domain.BasePermission
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in interface org.springframework.security.web.header.HeaderWriter
Create a Header instance.
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CacheControlHeadersWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CompositeHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ContentSecurityPolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginEmbedderPolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginOpenerPolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.CrossOriginResourcePolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.FeaturePolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
Writes the X-Frame-Options header value, overwritting any previous value.
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HpkpHeaderWriter
Deprecated.
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.HstsHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.PermissionsPolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.StaticHeadersWriter
 
writeHeaders(HttpServletRequest, HttpServletResponse) - Method in class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ClearSiteDataServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginEmbedderPolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginOpenerPolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.CrossOriginResourcePolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.FeaturePolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.PermissionsPolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in interface org.springframework.security.web.server.header.ServerHttpHeadersWriter
Write the headers to the response.
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.ServerWebExchangeDelegatingServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StaticServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
 
writeHttpHeaders(ServerWebExchange) - Method in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
 
writeInternal(OAuth2AccessTokenResponse, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter
 
writeInternal(OAuth2DeviceAuthorizationResponse, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2DeviceAuthorizationResponseHttpMessageConverter
 
writeInternal(OAuth2Error, HttpOutputMessage) - Method in class org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter
 
writeMessage(String) - Method in class org.springframework.security.taglibs.authz.AuthenticationTag
 
writer(ServerHttpHeadersWriter) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures custom headers writer

X

X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
 
X_CONTENT_OPTIONS - Static variable in class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
 
X_FRAME_OPTIONS - Static variable in class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
 
X_XSS_PROTECTION - Static variable in class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
 
x509() - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
x509() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
x509() - Static method in class org.springframework.security.converter.RsaKeyConverters
Construct a Converter for converting a PEM-encoded X.509 RSA Public Key or X.509 Certificate into a RSAPublicKey.
x509(String) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Finds an X509Cetificate using a resoureName and populates it on the request.
x509(X509Certificate...) - Static method in class org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
Populates the provided X509Certificate instances on the request.
x509(Customizer<X509Configurer<HttpSecurity>>) - Method in class org.springframework.security.config.annotation.web.builders.HttpSecurity
Configures X509 based pre authentication.
x509(Customizer<ServerHttpSecurity.X509Spec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity
Configures x509 authentication using a certificate provided by a client.
X509 - Static variable in class org.springframework.security.config.Elements
 
x509AuthenticationFilter(X509AuthenticationFilter) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
Allows specifying the entire X509AuthenticationFilter.
X509AuthenticationFilter - Class in org.springframework.security.web.authentication.preauth.x509
 
X509AuthenticationFilter() - Constructor for class org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
 
x509CertificateChain(List<String>) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the X.509 certificate chain that contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
X509Configurer<H extends HttpSecurityBuilder<H>> - Class in org.springframework.security.config.annotation.web.configurers
Adds X509 based pre authentication to an application.
X509Configurer() - Constructor for class org.springframework.security.config.annotation.web.configurers.X509Configurer
Creates a new instance
x509PrincipalExtractor(X509PrincipalExtractor) - Method in class org.springframework.security.config.annotation.web.configurers.X509Configurer
X509PrincipalExtractor - Interface in org.springframework.security.web.authentication.preauth.x509
Obtains the principal from an X509Certificate for use within the framework.
x509SHA1Thumbprint(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the X.509 certificate SHA-1 thumbprint that is a base64url-encoded SHA-1 thumbprint (a.k.a.
x509SHA256Thumbprint(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the X.509 certificate SHA-256 thumbprint that is a base64url-encoded SHA-256 thumbprint (a.k.a.
x509Url(String) - Method in class org.springframework.security.oauth2.jwt.JwsHeader.Builder
Sets the X.509 URL that refers to the resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign the JWS or encrypt the JWE.
X5C - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
x5c - the X.509 certificate chain header contains the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign a JWS or encrypt a JWE
X5T - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
x5t - the X.509 certificate SHA-1 thumbprint header is a base64url-encoded SHA-1 thumbprint (a.k.a.
X5T_S256 - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
x5t#S256 - the X.509 certificate SHA-256 thumbprint header is a base64url-encoded SHA-256 thumbprint (a.k.a.
X5U - Static variable in class org.springframework.security.oauth2.jwt.JoseHeaderNames
x5u - the X.509 URL header is a URI that refers to a resource for the X.509 public key certificate or certificate chain corresponding to the key used to digitally sign a JWS or encrypt a JWE
XContentTypeOptionsHeaderWriter - Class in org.springframework.security.web.header.writers
A StaticHeadersWriter that inserts headers to prevent content sniffing.
XContentTypeOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter
Creates a new instance
XContentTypeOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Adds X-Content-Type-Options: nosniff
XContentTypeOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XContentTypeOptionsServerHttpHeadersWriter
 
XFRAME_OPTIONS_HEADER - Static variable in class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
 
XFrameOptionsHeaderWriter - Class in org.springframework.security.web.header.writers.frameoptions
HeaderWriter implementation for the X-Frame-Options headers.
XFrameOptionsHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
XFrameOptionsHeaderWriter(AllowFromStrategy) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode) - Constructor for class org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
Creates a new instance
XFrameOptionsHeaderWriter.XFrameOptionsMode - Enum Class in org.springframework.security.web.header.writers.frameoptions
The possible values for the X-Frame-Options header.
XFrameOptionsServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
ServerHttpHeadersWriter implementation for the X-Frame-Options headers.
XFrameOptionsServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
 
XFrameOptionsServerHttpHeadersWriter.Mode - Enum Class in org.springframework.security.web.server.header
The X-Frame-Options values.
XorCsrfChannelInterceptor - Class in org.springframework.security.messaging.web.csrf
ChannelInterceptor that validates a CSRF token masked by the XorCsrfTokenRequestAttributeHandler in the header of any SimpMessageType.CONNECT message.
XorCsrfChannelInterceptor() - Constructor for class org.springframework.security.messaging.web.csrf.XorCsrfChannelInterceptor
 
XorCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.csrf
An implementation of the CsrfTokenRequestHandler interface that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a header or parameter value of the request.
XorCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler
 
XorServerCsrfTokenRequestAttributeHandler - Class in org.springframework.security.web.server.csrf
An implementation of the ServerCsrfTokenRequestAttributeHandler and ServerCsrfTokenRequestResolver interfaces that is capable of masking the value of the CsrfToken on each request and resolving the raw token value from the masked value as either a form data value or header of the request.
XorServerCsrfTokenRequestAttributeHandler() - Constructor for class org.springframework.security.web.server.csrf.XorServerCsrfTokenRequestAttributeHandler
 
xssProtection() - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
xssProtection() - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Deprecated, for removal: This API element is subject to removal in a future version.
For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
xssProtection(Customizer<HeadersConfigurer.XXssConfig>) - Method in class org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
Note this is not comprehensive XSS protection!
xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec>) - Method in class org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec
Configures x-xss-protection response header.
XXssProtectionHeaderWriter - Class in org.springframework.security.web.header.writers
XXssProtectionHeaderWriter() - Constructor for class org.springframework.security.web.header.writers.XXssProtectionHeaderWriter
Create a new instance
XXssProtectionHeaderWriter.HeaderValue - Enum Class in org.springframework.security.web.header.writers
The value of the x-xss-protection header.
XXssProtectionServerHttpHeadersWriter - Class in org.springframework.security.web.server.header
Add the x-xss-protection header.
XXssProtectionServerHttpHeadersWriter() - Constructor for class org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
Creates a new instance
XXssProtectionServerHttpHeadersWriter.HeaderValue - Enum Class in org.springframework.security.web.server.header
The value of the x-xss-protection header.

Z

zoneinfo(String) - Method in class org.springframework.security.oauth2.core.oidc.OidcUserInfo.Builder
Use this zoneinfo in the resulting OidcUserInfo
ZONEINFO - Static variable in class org.springframework.security.oauth2.core.oidc.StandardClaimNames
zoneinfo - the user's time zone

_

_this() - Method in class org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest.Builder
Casting the return as the generic subtype, when returning itself
$ A B C D E F G H I J K L M N O P Q R S T U V W X Z _ 
All Classes and Interfaces|All Packages|Constant Field Values|Serialized Form